What are Security Issues with Blockchain?
In this article, you will learn what are the major security issues in blockchain technology and is blockchain really that safe?
- Eclipse attack
- 51% attack
- Exchange Hack
- Software Flaws
- Social Engineering
The main purpose to use blockchain is to let people be able to share data in a secure, tamperproof way, with people they don't trust.
Blockchain secures information by means of distributing data, or in most cases ledger, over many computers called nodes. It uses cryptography and consensus mechanism in order to make a blockchain immutable and secure. However, even the best-designed blockchain systems can not be protected where advanced mathematics and software laws come into touch with people, who are competent cheaters, where things get chaotic.
Blockchain builds up a secure environment for us, but it too comes with its own security issues as well. These might not look as risky as common systems are but in the long term, they can cause issues. So let's start with discussing security issues in blockchain technology.
Eclipse attack mainly focuses on isolating and taking command over a specific node in a decentralized network rather than attacking the complete network. If the attacker succeeds, he is able to isolate the host machine from receiving any true picture of data from a real network.
As we know, nodes in a blockchain are in constant communication with one another. In this network, Nodes compare and validate data to implement consensus mechanism. If an attacker manages to take control of one of the node's communication, it can fool that node into accepting false information and wasting system resources. He can even pretend that data is coming from rest of the network to confirm fake transactions.
How Eclipse Attack works?
In a decentralized network, nodes are not allowed to connect to all other nodes in a network simultaneously. Rather, they are connected in a group. A malicious actor would seek to hide these links. The effort needed to accomplish this is different depending on the design, size and nature of a network, but in general, a botnet of host nodes (each having their own IP address), and the nearby nodes of a planned victim, mainly through trial and error, should be monitored by an attacker. The attacker has a great opportunity of controlling all contacts with the victim the next time the victim node logs away and then joins the network (resetting their contacts and forcing them to discover a fresh set of nodes to connect).
51% Attack- Probable Issue with Blockchain:
51 per cent attack refers to the attack by miners who own more than 50 percent of control over network's mining or computing power–generally bitcoin, for which such attack is still hypothetical. Although, it is extremely difficult to own such a huge portion of the network, theoretically, there is a possibility. If this does happen in future, where blockchain-based applications will be ruling each industry, It will be a disaster and will affect a lot of people and businesses.
If someday some single company or entity does own 50% of the network then it will be able to do the following:
- The attacker will have the authority to stop, exclude or even modify transactions, effecting all the future transaction.
- They would also be able to reverse finished transactions while controlling the network so that they could spend double coins.
Social Engineering Attacks:
Let's understand what social engineering is, in simple words:
Social engineering is a vector for attacks that rely highly on human interaction and often requires individuals to break ordinary safety processes and good practices in order to obtain access. So simply, you are getting tricked into doing something attacker wants you to do in order to provide him access.
In the year 2018, $3 million were lost by social engineering attacks.
Blockchain security also comes with social engineering issues as well. You might get tricked into giving away your wallet details or private keys which are required to control your money. Phishing is the most common approach used by attackers in social engineering. They'll approach you pretending to be a legitimate website or even through email and ask you for your credentials somehow with their cheesy lines.
Exchange Hack - Stealing Cryptocurrencies:
Not blockchain itself but currencies based on blockchain are very vulnerable to these hacks. Exchange websites fall prey to these attackers due to their poor security practices. Many exchange websites, who are offering coin trading services, are hacked each year.
Just in 2014 approximately 850,000 BTC (~$473 million) from Mt. Gox hack
It's best for a business to go for decentralized exchange websites (DEX) rather than centralized platforms. DEX allows you to directly trade your coins from your wallet.
Malware - Victim Computer Miners:
Blockchain security is effected by malware too. A node connected with blockchain network can be affected by malicious crypto mining software. Start this by understanding Cryptojacking.
Cryptojacking is mainly associated with blockchain and cryptocurrency. When Bitcoin was on a hype, cryptojacking was also a good source of income for hackers. In Cryptojacking, hackers install a script or software which utilizes victim's computer resources to mine cryptocurrency. You will experience a great blow to your computer performance if your effected bu cryptojacking. Hacker here is not directly stealing any money from you but he sure is taking away your computer performance.