The distributed nature of blockchain technology makes it secure and trustworthy; it’s nearly impossible to directly hack a blockchain because the attacker would need to gain control of at least 51% of nodes in the network. But security risks to blockchain-based applications can still arise from various factors, like bad code or sometimes even human error or criminal intent. Where there’s a will there’s a way, and hackers will find a means to strike blockchain-based systems such as cryptocurrency, often targeting blockchain storage areas or the cryptocurrency owners themselves.
In August 2021, a hacker managed to pull off the largest cryptocurrency heist in history. More than $610 million was stolen from the blockchain exchange platform Poly Network. Abusing a vulnerability in Poly Network’s code allowed the hacker to transfer tokens to their own cryptocurrency wallets. The hacker later returned the stolen assets.
In January 2018, the Japanese exchange Coincheck suffered an attack valued at about $534 million, another of history’s largest crypto heists. Coincheck revealed that its security lapse in allowing customer’s tokens exchanged on the platform to be stored in a single, internet-connected wallet, which undermines security and creates a single point of failure. Even so, Coincheck survived the hack, being bought by Japanese financial services company Monex Group a few months after the attack, and continues to operate.
Challenges in blockchain technology
No technology is 100% secure, including blockchain. Still, some of the technology’s outstanding features introduce a certain degree of unexpected risk, opening the door to negative, unintended consequences when misused, intentionally or unintentionally, by bad actors or by careless users.
Distributed system: This efficient technique, which allows other systems to continue functioning despite the failure of one, can also mean that blockchain technology is unstoppable. In 2017, a flaw in the smart contract of the multi-signature wallet code paved the way for hackers to drain millions of dollars (about 150,000 ETH) from the three largest wallets they could find. After the watchdogs realized this, they couldn’t shut down or disconnect the system. The white-hat hackers ended up using the same coding flaw to steal the remaining money faster than the hackers could.
Anonymity: Accessing a blockchain account requires a private key, an impossible-to-guess combination of letters and numbers. This key is anonymized, i.e., the identity of the key holder becomes anonymous. If a user lost their key along with their backup phrase, it would be impossible for them to gain access to their account.
Immutability: The inability to expunge a record off the network is an unexpected negative consequence of this trustworthy technology. In 2019, someone added illegal pictures to the Bitcoin Satoshi Vision ledger. These images were initially caught on bitcoinfiles.org, which allows users to view messages posted by the ledger. As the removal of content would require agreement from all blockchain servers, the website could only shut down their browsing services and put a filter in place. Users must be cautious about their activity because it can’t simply be erased.
There are still a few other challenges for blockchain in terms of compliance, regulations, and enforcement that will need to be addressed. While these points may look significant, they do not diminish the advantages of blockchain. Also, users can better protect themselves by choosing the right blockchain platform.
Factors for comparing blockchains
When considering which blockchain to go with, there are four key features to look into, says Chris Georgen, co-founder and chief architect at Topl, a blockchain ecosystem built with ethics and sustainability in mind.
1. Platform privacy
It is essential to check if the blockchain network is open, or public, which makes it easier for small businesses to set up. An open network is more secure than a private network because of the 51% control that’s required for someone to hack a blockchain network. The bigger the blockchain network, the more difficult it is to hack, and open networks are generally larger than private ones. Here, the true nature of blockchain, anonymity, and decentralization, is at its best. However, public networks can be difficult for internal sharing, and they compromise speed and efficiency. It’s worth noting that the transaction fees depend on how long it takes to process users’ transactions. Not to forget the high volatility of cryptocurrencies in public networks, for example, 1 Ether was around $200 in May 2020 and nearly $4,000 in May 2021. Then, it dipped lower than $2,000 in July 2021. This makes it difficult for users to manage pricing and plan ahead of time.
2. Consensus mechanism
Blockchain networks use a consensus mechanism to verify transactions before they are added to the network. Consensus algorithms involve nodes in the decentralized network as part of this validation process to attain agreement, trust, and security. Proof of Work (PoW) and Proof of Stake (PoS) are two popular consensus mechanisms. PoW is the ancient, trusted approach adopted by Bitcoin, Ethereum, Monero, etc. It is based on solving intricate cryptographic puzzles and is known for its simplicity and resistance to a variety of attacks. The only concern with PoW is its extreme electricity consumption, which is solved by the newer and more energy-efficient PoS, yet to be adopted by major networks although Ethereum is moving toward PoS.
3. Workings of the ledger technology
Blockchain platforms have various ways of storing transactions. The most popular approaches are based on accounts or the unspent transaction output model (UTXO for short; essentially the balance of cryptocurrency left in the wallet). The account-based model, used by Ethereum, records the balance of each user. The UTXO model, used by Bitcoin, keeps track of assets by scanning transactions with the user’s address(es). The UTXO model is simple and preserves users’ privacy, and the account-based model generates smaller transactions—good for efficiency and storage—but offers less privacy. Both mechanisms have equal pros and cons, so it’s reasonable to consider adopting a hybrid model like Tron.
4. Smart contract
A smart contract is a set of protocols used to verify or simplify the negotiation process digitally to avoid middlemen. Smart contracts have to be completely free of flaws or security loopholes because if they’re not, the entire blockchain will take a hit. Smart contracts reside at a particular address on the blockchain network, have a balance, and can send transactions over the network. One of the most popular choices for developing smart contracts is Ethereum Solidity, which has a clear set of rules for developers to follow that make it simple and low-risk.
Blockchain is acceptable—for now
Like any technology, blockchain poses its share of risks. There are ways to circumvent those challenges, but it is likely they exist because of blockchain’s best features. As a consequence, alternate technologies for virtual currencies are being created for various purposes, such as to make a 51% attack impossible.
IOTA, a cryptocurrency named after the organization behind it, is on the rise. It uses a new type of distributed ledger technology devised for the Internet of Things (IoT). With an aim to enable fee-less transactions and the promise of high scalability and instant transfers, IOTA was created for the growing IoT ecosystem, and it satisfies GDPR protocols and other privacy requirements, too.
IOTA has also been spotted with some serious vulnerabilities in its hash function and runs the risk of one-point failure due to its centralized approach. It appears that IOTA has a long, rocky road ahead. While blockchain has its own challenges, the technology is still expanding into various industries and being fine-tuned to resolve security concerns.
Finally, since there isn’t much that can be done to recover stolen tokens due to the decentralized nature of cryptocurrency public ledgers, storing tokens offline looks like the best way to protect them. Keep the private keys offline on hardware wallets, USB flash drives, or paper.