Once considered virtually impervious to attack, blockchains are increasingly revealing vulnerabilities that are being exploited by hackers. As security breaches become more common within cryptocurrency platforms and smart contracts, the industry faces significant challenges that could affect its future viability.
Recent Security Breaches
In a notable incident earlier this year, the security team at Coinbase detected unusual activity on Ethereum Classic, one of the cryptocurrencies traded on its platform. An attacker managed to seize control of over 50% of the network’s processing power, allowing for the manipulation of transaction history. This enabled a form of deceit known as “double spending,” where the same cryptocurrency was spent multiple times. The hacker reportedly siphoned off around $1.1 million before the attack was contained. While Coinbase claimed that its accounts were not compromised, competitor Gate.io confirmed it lost about $200,000 in the incident, with the hacker returning half of that amount shortly afterward.
This incident is a stark reminder that the threat of hacking is no longer a mere hypothetical concern. Since 2017, hackers have stolen nearly $2 billion worth of cryptocurrency, primarily targeting exchanges. These attacks are not just the work of solitary criminals; organized cybercrime groups are also involved. Analytics firm Chainalysis reported that just two groups may have collectively stolen up to $1 billion.
Why Are Blockchains Vulnerable?
Blockchains attract cybercriminals for a variety of reasons. Unlike traditional financial systems, fraudulent transactions on blockchains cannot be easily reversed. While this characteristic is often touted as a security feature, it also presents unique vulnerabilities. The once-popular mantra that blockchains are “unhackable” has proven misleading.
The vulnerabilities of blockchains have been understood in theory since the advent of Bitcoin a decade ago. However, as new cryptocurrencies and projects have emerged, the practical implications of these weaknesses are becoming all too real.
The Mechanics of a Blockchain
To understand the risks, it’s essential to clarify some terminology. A blockchain is a cryptographic database maintained by a network of computers, each holding an updated copy of the database. The protocol outlines the rules for how these computers, known as nodes, verify new transactions. This decentralized system is intended to make it costly and challenging to insert fraudulent information while simplifying the verification of legitimate transactions.
Complex blockchain systems can introduce new vulnerabilities during their setup. For example, Zcash recently disclosed that it had fixed a cryptographic flaw that could have allowed attackers to create unlimited counterfeit Zcash. Although no one appears to have exploited this bug, it highlights the risks inherent in sophisticated blockchain infrastructures.
The 51% Attack
One significant vulnerability is the susceptibility to 51% attacks. Most cryptocurrencies, particularly those using a proof-of-work protocol, are prone to these attacks. In a 51% attack, a malicious entity controls a majority of the network’s mining power, enabling them to reverse transactions and create alternate versions of the blockchain. This manipulation allows the attacker to essentially double-spend their cryptocurrency.
While attacking a well-established blockchain like Bitcoin may be prohibitively expensive—estimated at over $260,000 per hour—smaller cryptocurrencies are often much easier targets, especially when prices drop and miners leave the network, reducing its overall security. Recent attacks on lesser-known cryptocurrencies such as Verge and Vertcoin have highlighted this trend, with cumulative losses in the millions.
Smart Contract Vulnerabilities
Beyond 51% attacks, another avenue of risk lies in smart contracts. These self-executing contracts, which run on blockchain networks, can automate cryptocurrency transactions based on predetermined rules. However, vulnerabilities within these contracts can lead to significant losses, as evidenced by the infamous attack on the Decentralized Autonomous Organization (DAO) in 2016, where over $60 million was stolen due to a flaw in the smart contract’s code.
Unlike traditional software, bugs in smart contracts cannot be simply patched once they are deployed. When a vulnerability is discovered, the only recourse may be to create a new version of the blockchain, effectively rewriting history. This was the approach taken by Ethereum’s developers following the DAO hack.
Addressing the Threat
Several startups are emerging to combat these security challenges. Companies like AnChain.ai are utilizing artificial intelligence to monitor transactions and identify suspicious activity. Others, such as ChainSecurity, are focusing on formal verification methods to mathematically prove that smart contracts function as intended. These auditing processes can be time-consuming and costly, but they are essential for minimizing vulnerabilities.
Despite these advancements, the unpredictable nature of human behavior complicates the security landscape. Hackers continue to find ways to exploit smart contracts, as demonstrated by a recent theft of $4 million from a popular Ethereum-based gambling game. As the industry matures, the ongoing battle between security measures and hacking attempts will undoubtedly shape the future of blockchain technology.
