Proponents of blockchain technology say that it will greatly improve security, but can it be hacked? This is an important question because “improving security” does not necessarily imply that the system cannot be hacked. Recent attacks on blockchain based tools have led some commentators to conclude that there is nothing like flawless security. However, the success of the attackers has nothing to do with the vulnerability of the blockchain technology itself. The problem results from poor implementation by a particular organization. It would be unfair to attribute the weaknesses introduced by external developers to blockchain’s technical protocol.
The Bitfinex case is an example of how poor implementation can result in successful cyber-attacks on a blockchain based system. The exchange’s specific encryption strategy failed. The exchange used multi-signature wallets for its user accounts where it distributed private keys among different parties to minimize the risk of centralizing private key storage. Unfortunately, one of the keys was given to a bad actor who drained Bitfinex’s accounts. The attack did not reveal any weakness in the blockchain protocol as it had everything to do with the storage of private keys.
Similarly, the DAO hack had nothing to do with the Ethereum blockchain protocol. The problem was with the smart contract. Ethereum supports third party applications whose developers make mistakes particularly when they are not backed up by well-established teams. The mistakes of these developers should not be taken to mean that the Ethereum blockchain protocol is insecure.
We could go on and on and you will realize that all the attacks on blockchains have resulted from other vulnerabilities and not the blockchain protocol. The following are the ways in which blockchain systems may be compromised.
Theft of Private Keys
As a participant in a blockchain network, you are issued with a private key which you use to sign transactions relating to your account. Once you have signed, the rest of the people in the network verify the transaction using their public keys. If a fraudster gets access to your private key, the fraudster would transact in your name and transfer all your digital assets to a different account.
Acquiring Computing Power in Proof of Work
In proof of work networks like bitcoin, if more than half the participants approve a transaction, it is considered to be genuine. This presents some challenges. If more than half the participants agree to fraudulently approve a transaction, it must go through as a genuine one. Similarly, if a participant hacks into machines of other participants and diverts more than half of the network’s computing power to his machine, he can approve fraudulent transactions.
There may be errors in a software which could compromise the security of a blockchain platform. The errors occur during the development of the implementation software and have nothing to do with the blockchain protocol.
Can blockchain technology be hacked? The blockchain protocol as originally designed should not be hacked but blockchain systems are as vulnerable as any other systems.