One of the biggest selling points of the blockchain is that it’s unhackable. The security of the blockchain is near impenetrable, and it’s quite unlike centralized systems that can always be broken into by criminal elements.
However, is that completely true? The answer depends on how dedicated you think criminals can be. For one, theoretically speaking, blockchains can be hacked. Not just blockchains — every system can be hacked. The only real difference between a secure and insecure system is how difficult the hacking itself can be.
While blockchains are certainly difficult to hack, hacking one is not outside the realms of possibility.
The Bitcoin network is the most secure blockchain in the world, and as such, there’s a lot to learn from it when it comes to blockchain security.
Blockchains are distributed ledgers, and as the number of ledgers in the network grows, the security of the network grows as well. That’s because the bigger the network, the harder it gets for nefarious actors to get hold of the majority of the network’s nodes.
The Bitcoin infrastructure is constantly reviewed by the entire network because the Bitcoin network is very large, This means that an attack on the network will be snuffed out almost immediately after it begins. A good analogy would be to think of the network as a bank vault that’s guarded 24/7 by thousands of guards.
Such a bank vault cannot be attacked through sneak offensives. The only way to attack such a vault would be to use brute force by having more attackers than the vault has defenders. In blockchain security, this is a concept known as the 51% attack.
The 51% Attack
The best way to overwhelm the blockchain is by controlling more than half of its computational power. That attack is called the 51% attack.
The 51% attack is an attack on a blockchain by a group of validators who have managed to control 51% percent of the network’s mining hash rate. This means the group has gained control over more than half of the computational power dedicated to processing transactions.
Any group or individual who can control this percentage of the network’s computational power essentially owns the network. They can rewrite certain transactions and approve faulty transaction blocks. Since they own most of the computational power on the network, it’s very impossible to stop them.
The reason they become unstoppable is simple. The Bitcoin network sustains itself through a network of nodes, which are the participants in the network. The miners who create new blocks of transactions do so by competing amongst themselves to generate a code that is the same as the target code. This target code is set by the network’s algorithm, and the miner that gets this code has the right to fill the new block with transactions and gets paid in the network’s native coin.
And here’s where it gets interesting. The competition to generate the next code on the blockchain is very fierce, and miners with multiple mining rigs have a higher chance of getting the code. It’s the same way someone who has a hundred free throws has a higher chance of scoring a basket than someone who has maybe one or two.
The 51% attack happens when someone or a group of people figure out a way to control 50+1% of the computational power generating these codes (hash). This means that they have a higher chance of repeatedly getting the right hash, and getting the right to manipulate each block of transactions as they will.
In theory, people who get control of the blockchain in this manner can double-spend their Bitcoin, rewrite parts of the blockchain, and reverse their transactions.
The 51% Catch
The question now is how can someone get hold of the hash power of a network. The answer is simple: rent power. Groups that can rent enough computational power to overwhelm the system can block new transactions, and change their order. However, this is the same reason why a 51% attack is unlikely.
The bigger a blockchain network is, the higher the computational power needed to run it. And the higher that power, the lower the likelihood that anyone would be able to rent enough power to control 50+1% of the hash power on the network.
Another reason why this attack is unlikely is that there are theoretical limits to what an attacker can do by owning 50+1% of the blockchain’s power. For example, they cannot reverse the transactions of others on the chain, and or even stop the ledger from writing other transactions. In essence, even if the blockchain network were to be hacked in that manner, your bitcoins would most likely not be affected.
Unlike centralized banking hacks where extraordinary amounts of money can be transferred anywhere, someone who hacks the Bitcoin network still has very limited access to bitcoins.
This attack can be used on Proof-of-Stake (PoS) networks as well. The only difference is that the attacker would have to gain control of 51% of the staked tokens in the network.
The unlikelihood of this attack on big networks is one of the reasons why people often argue that the blockchain is impervious to attacks.
But is that true? What if a particular nefarious actor found a way to mislead the computational power of the miners on the network? What if they found a way to “rent” the computational power of legal miners without these miners knowing? Is that even possible?
The Misleading Attack
In January 2022, researchers from Charles Darwin University (CDU) and the University of Tehran in Iran published an interesting paper on blockchain security.
The joint study outlined a novel kind of attack on blockchains and named it the misleading attack. The attack was named that because it worked by misleading miners and stealing their computational power.
The misleading attack is often carried out by stealing the computational power of miners and redirecting that power to a different chain or using it to create a different fork, according to the paper,
The genius behind this attack is that it’s a way to steal computational power from miners. Once that power is stolen, the thief can use it for anything they want. They could use it to take over other chains or could even use it to create a fork in a blockchain and make the attacker’s fork the more dominant one.
If this sort of attack becomes mainstream, attackers will simply never have to worry about the cost of launching a 51% attack. All they would have to worry about is how to steal enough power from miners to overwhelm the network.
This attack significantly lowers the cost of these sort of attacks and suddenly makes them extremely attractive to criminals. The authors of the study said these sorts of attacks pose a real threat to the future of blockchain technology because they have a high success rate.
The paper went on to claim that the group carrying out the hack only needs to have 24% of the blockchain’s computational power for the attack to be successful.
Professor Alazab, one of the authors of the study, argues that the existence of this sort of attack is a worrying trend for a lot of reasons. The first reason is that blockchains like Bitcoin are vulnerable because of the false assumption that they are impervious to attacks.
Another reason is that there’s now more institutional support for blockchain technology than ever. If the tech ever forms a cornerstone of financial systems or infrastructure, attacks like this could undermine that system and cause inestimable losses.
Interestingly, attacks like this can only realistically work on Proof-of-Work (PoW) blockchains. Chains like Ethereum don’t require computational power to run; hence hackers have nothing to redirect.
The Future Of Blockchain Security
But all hope isn’t lost. The paper argues that some features could be put in place to decrease the likelihood of these misleading attacks. One way would be to remove the concept of the block reward on the Bitcoin chain and pay miners entirely through transaction commissions. This further removes the incentives that hackers might have to hack the chain.
On the Flipside
- It’s still really difficult to carry out these misleading attacks since the attack group would have to hack the miners themselves first. Hence, it’s still really unlikely for any group to successfully carry out a 51% attack.
Why You Should Care
The entire crypto ecosystem is built on a few primary assumptions. The security of the blockchain is one of those assumptions. That’s why you should care about any development that may make that assumption false.