Is the blockchain secure?
Contrary to what you may have read, the blockchain is not infallible. Wherever there is a will to corrupt, a way can be found. Contrary to what you may have heard, being fallible does not mean fanciful. Quite the opposite in this case. Blockchain technologies are fermenting into society’s next big inflection point. But in order for us to get it right in the long term, it is important we observe and adapt the shortcomings as they surface.
Anything on a computer network is ultimately hackable. Security comes in ensuring the unlikelihood of that ever happening. People new to the blockchain are understandably won over by qualities such as decentralized control, anonymity, smart contracts, and permanence of record. Each a brilliant cause for enthusiasm. The Blockchain is revolutionary in both promise and reality. It is a Kool-aid easily quaffed without fear of harm (until the sugar redlines). Just as there is no such thing as an unhackable network, The Blockchain stands as a wall to be breached
Systems become trustless once any threat of fraud is negated. The decentralized nature of the public blockchain means that no central party controls the verification process for the transactions that pass through it. Centralized parties in positions of trust are inherently susceptible to lapses in ethics, credibility, and competence. Banks are prime examples of this. In so far as we trust our banks and the officers charged to run them, we willingly consign to them our wealth for safekeeping. Regulatory bodies are there to backstop our trust in the event of malice or malpractice, but even they operate with the same human susceptibilities. We trust that the regulators are comprehensive, competent and beyond reproach in their observance of the banks in whom we trust. We also trust that they and the governments behind them are incorruptible in safeguarding our wealth. That is a lot of trust to place in the hands of humans. No, blockchain technology is not fraudulent, but there is a crack in the Blockchain armour. However, before you run for the door screaming, understand what it is and how it can be avoided. Before we do that, while your feathers are still ruffled, let’s talk about relative security for a moment.
The Crypto51 Project addresses the issue head-on with a view to illuminating investors and developers in the potential risks while engaging kindred spirits in devising solutions. To that end, a security researcher going by the handle, “geocold51” launched a white hat demonstration of the damage to be wrought by a 51% attack. In broad terms the big established crypto leaders have a built-in resistance (I hesitate calling it an immunity) to a 51% attack by virtue of their size. The perilous waters are navigated by the smaller cryptos en route to the safer, deeper zones of their aspirations. In the hacker spirit of “just because I can, and you say I can’t” there are many trawling (or trolling) the shallow waters looking to make a point (if not a buck). Put into context, it has been said that a 51% hack on Bitcoin itself would require an investment of $1.4B (5 million ASIC miners) and an energy expenditure greater than the entire state of Morocco (29 Terrawatt hours). Given this, the improbable ROI would undo any notion to proceed. Compare that with geocold51’s contention that he was able to execute a double spend on a crypto with a market cap of $45m for only $200 – this in large part due to the proliferation of readily available cloud computing resources.
Mining pools, by their nature, run the risk of reaching the 51% threshold to launch attacks. It should be noted that just because they can does not mean they would. Still the threat is there. In order to block (pardon the pun) that potentiality, popular mining pool ghash.io has voluntarily pledged never to exceed 40%. Further to this, they have rallied a consortium of like-minded pools to do the same. While this is good news, it won’t remove the possibility of an unaligned pool from doing the nasty. It may also be worth noting that ghash’s motivation may have been more self-serving than philanthropic. On the day in 2014 when their computing share exceeded 50%, fear of an attack caused conscientious miners to flee, reducing ghash’s compute share to 31%. In fairness, their instinct veered toward safeguarding the technology rather than undermining it. So, any suggestion of self-service would be disingenuous. But that was 2014, and much has changed in the market (and the technology). It is helpful to note that public displays of white-hattedness, while superficially valuable, can be a misleading injection of trust into a system aspiring to trustlessness. Remember, the notion of good will is by its nature human, an organic injection into a supposedly trustless digital system.
For now, buyer beware. Just note the unlikelihood and factor that into your risk profile. More on this as it develops. As always, your comments, experiences and recommendations are welcome.