BlockchainCyber SafetyDaily NewsIdentity & Access

The Digital Security of Blockchain Technology: The Uncovering of The Decentralised Flaws Part 1

You have probably heard about blockchain technology’s advantages but you should know that it’s not all roses and unicorns. Blockchain’s security flaws in the cyber realm have received a lot of attention in recent years. This article delves into some of the fundamental concerns, technical details, and predicted weak spots within blockchain technology itself.

Blockchain technology uses decentralised peer-to-peer networks and blockchain registers to keep transactions, as opposed to the centralised frameworks used by most current systems. It is organised like a digital log file, with data saved in a chain of connected units called blocks. The security of the network relies on cryptographic locks on each block. As soon as a block is placed, it cannot be removed. The intrinsic cryptographic structure of the blockchain system has led many security experts to assume that it is secure enough to survive ongoing hacking and security threats. Previous research on the privacy and security of blockchain technology has demonstrated, however, that many blockchain-based apps have been breached.

Exploring the Vulnerabilities of Blockchain Tech

From the perspective of accessibility and organisation, Blockchain tech-related operations may be broken down into three specific forms: (a) The first-generation public blockchain (blockchain 1.0), (b) the second-generation public blockchain (blockchain 2.0), (c) the third-generation private blockchain (blockchain 3.0) and (d) the fourth-generation industrial blockchain (blockchain 4.0).

In Blockchain 1.0, cryptocurrencies are used for cash-related tasks including money transfers, currency settlements, and electronic payments. Smart contracts are a part of Blockchain 2.0, which is designed to be used in financial and commercial sectors. To put it simply, this section deals with more than just currency. All forms of stock, bonds, loans, mortgages, titles, smart properties, and smart contracts are part of this. The third category extends beyond traditional financial markets and currency exchanges. It encompasses fields such as administration, medicine, science, education, literacy, culture, and the arts. As a result, blockchains that fall inside this category are off-limits to the general public. Blockchain 4.0 provides methods and solutions for several sectors, making the technology useful for modern commercial needs.

The three main tenets of Industry 4.0 are ERP (Enterprise Resource Planning), automation, and integrated execution frameworks. The increased levels of privacy and security assurance provided by blockchain technology contribute to this new industrial revolution.

Blockchain is an exciting new technology that has the potential to reduce the danger of a debilitating cyber attack on a single node. On the other hand, the security of the system might be compromised even further by an intrusion that uses codes. It’s possible for even more damage to be done to the system’s security if an enciphered incursion or weakness allows it. If a breach were to occur, the attacker would be able to access not only the data at the location of the breach but all data in the ledger.

To be quite honest, there have been very few studies or analyses done on the security flaws of blockchain technology. What makes it so frightening? For the development of web 3.0 and the advent of the industrial revolution 4.0, this technology is crucial. And the fact that we understand so little about its flaws is terrifying.

Below, we describe the vulnerabilities that currently endanger cryptocurrency utilisation and Blockchain tech with a special emphasis on PoW, PoS, DPoS, and Smart Contracts consensus architectures.

A Hole in Your Crypto Wallet

Every cryptocurrency user has their own unique set of private and public keys that allow them access to their cryptocurrency wallet. The main problem with wallets is that they are susceptible to being manipulated, pinched, and moved like any other kind of merchandise. Users frequently forget their secret PIN or password, or worse, misplace the hard drives with the private key. Because of this, a customer may not always be able to access their business. With this in mind, it’s clear that ransomware may lead to the same problem. To steal from a wallet, criminals employ time-tested methods like phishing, which can involve anything from hacking a computer system to installing malicious software to making careless use of a wallet.

It is evident that any programming flaw or the insecure private key might be the basis for a massive security breach in a blockchain system, and that this flaw can be exploited through any weakness that might contribute to a cryptographic solution. The encrypted plain text is theoretically unintelligible to a crypto attacker. A good cryptographer however may turn normal text into something like random gibberish, yet the placement of particular letters or numbers in each block of the blockchain remains consistent. Since every cryptographically protected block is a function of the one before it, an attacker can use this to try to reconstruct the plain text in some of the blocks.

Courtesy of Statista

Nothing-at-Stake

When a stake changes hands, the current majority of stakeholders maintain the integrity by allowing for the negotiation of old account keys in which they no longer have a share. Because it is so easy to establish a blockchain, this is a significant flaw with PoS-based blockchains, as a group of malicious shareholders could easily create a new blockchain by forking the existing one. Due to the little computing power needed to establish a PoS-based blockchain, shareholders can facilitate a “nothing at stake” assault by running many blockchains at once.

By protecting the worth of their interest, stakeholders in the longest chain have the incentive to act ethically. Yet there are a number of issues that this solution overlooks. There is just a 1% chance that a stakeholder will play a crucial role in an attack that will succeed without them. Because of this, a bribe of just 1% of a stakeholder’s deposit is needed to convince them to participate in an assault. As a result, the needed joint bribe might be as little as 0.5% to 1% of the overall deposit.

It follows from this that a scenario with zero possibility of failure cannot be in a state of continual equilibrium, as if it were, then everyone would have a 0% chance of being critical. An attacker controlling 1% of the total supply may launch a fork off the main chain without the most recent blocks, making the PoS design susceptible to a long-range attack. The attacker’s goal is to initiate a fork immediately following the genesis block in order to rapidly generate additional blocks and produce the longest chain possible. A novice user would be at a loss to determine which chain is the longest if many blocks were invalid. Including a timestamp in each block would be one approach to resolving this issue, since it would allow users to reject chains whose timestamps are too distant in the future. Due to its infrequency and eventual demise, this poses a low-intensity, short-range threat. The attacker can then expose the best chain and run it more frequently, after which the created blocks can be considered a local maximum. 

Proof-of-NOT-Working

Within the domain of digital currencies, the PoW-based blockchain accounts for a sizable portion of the overall market value due to its widespread adoption and extensive use. Whether or not an attacker can gain more than half of the network’s computational control is crucial to the security of a PoW design, which relies on the integrity of the blockchain system. In addition, Eyal and Sirer presented a selfish mining attack, also known as a blocked discarding attack, which demonstrated that the conventional wisdom is inconsistent and that certain attacks allow a selfish miner equipped with 25% to up to 33% (hard theoretical boundary) of the extracting power to earn 50% of mining power.

In this case, the attacker will not function as a typical miner if it is subject to heavy supervision. Instead, they can instantly start publishing blocks on the network, or evaluate the system so that they can start publishing the blocks selectively. The attacker, meanwhile, may forego profit. On the other hand, if too many blocks are released at once, this might result in a rejection of blocks and, ultimately, a decrease in revenue. The attacker suffers a short-term and insignificant drop in income while the victims’ incomes are significantly impacted. The attacker then provides incentives for neutral nodes to join forces with them in order to boost their earnings. If enough members of the network joined this alliance, the attacker’s alliance would double in size, giving them more sway over the network as a whole. In order to successfully attack, the attacker would need to generate a private chain that is distinguishable from a public string in some way. Both the private and public chains start at the same time, but the attacker will keep looking for ways to mine the private ones and obtain a hold of the private blocks. In this way, the attacker may determine when it is most advantageous to release a block.

The Blockchain Network Dilemma

Currently, challenges with blockchain networks’ security are the most sought-after topics of study in the field of network security research. However, many questions remain concerning its long-term viability, scalability, security, and availability. As the market for digital currency expands, so are the number of cyber attacks aimed at disrupting marketing and other services catering to businesses.

Distributed Denial of Service (DDoS) assaults are among the most popular attacks that use network bandwidth and disrupt services. DDoS attacks on blockchain-based platforms are unique. In a decentralised and peer-to-peer technology, an attempt to subjugate the network using a huge volume of little transactions is more difficult and costlier than in traditionally distributed application design. Yet blockchain-based platforms like Ethereum and Bitcoin are still susceptible to DDoS attacks. The requirement for both network- and application-level safeguards becomes clear in light of this. As an illustration, similar DDoS assaults were launched against the Ethereum and Bitcoin networks in 2016.

Courtesy of Kaspersky

As a result, blockchain systems that are both robust and decentralised can provide excellent accessibility but DDoS attacks will continue to pose a serious threat to data safety. Currency exchanges play a crucial part in the cryptocurrency ecosystem, yet they are often the target of DDoS attacks. DDoS assaults occasionally caused the shutdown of currency exchanges. More than 70% of all Bitcoin transactions are processed through Mt. Gox, one of the largest exchanges. It is the largest Bitcoin exchange and a major Bitcoin middleman. Vasek and Moore conducted a comprehensive empirical study of DDoS assaults in the Bitcoin ecosystem and documented 58 attacks against exchanges and Bitcoin services.

To be more specific, there have been 142 separate DDoS assaults on 40 different Bitcoin services or around 7% of all known operators. The authors also state that monetary services, like exchanges, mining pools, casino operators, wallets, and banking services, are extremely susceptible to DDoS assaults. According to further data, DDoS assaults have hit 17.1% of small mining pools and 62.5% of large pools.

To be Continued

With the advent of blockchain technology, businesses dependent on transactions have undergone dramatic shifts. However, various risks and security issues preclude this technology from being utilised as a broad platform in other implementations throughout the world. After almost 2000 words of in-depth examination, we have just scratched the surface of the current vulnerabilities.

Admittedly, the depicted points of weakness presented were just a subset of the blockchain 1.0 and 2.0 concerns. We’ll continue our investigation into the security flaws in blockchain technology in the next instalment.

Khairul Haqeem

Khairul is proficient in writing tech-related pieces for the Asia-Pacific region. Some of his most notable work is focused on emerging technologies, data storage, and cybersecurity. His prior experience includes stints as a writer for two iSaham sites: Crepetoast.com and Solanakit.com. Before beginning his writing career, he worked in the field of education. Aside from studying engineering at the International Islamic University Malaysia, he has also worked as a subtitler for Iyuno Global, serving clients like Netflix. His specialities are: • Disruptive Tech. • Data Storage. • Cybersecurity. • Decentralised Tech. • Blockchains.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Adblock Detected

Please Turnoff your adblocker to access to the site
© Asia Online Publishing Group 2023Asia Online Publishing Group Sdn Bhd, FR 03M-04, Tamarind Suites, Persiaran Multimedia, Cyber 10, 63000 Cyberjaya, Selangor, Malaysia