Blockchain networks are widely considered ‘decentralised’ because no one person or organisation can control them – but a new report could finally change that.
Trail of Bits, a cybersecurity firm based in New York, has investigated the fundamental properties of blockchains and their associated cybersecurity risks.
Researchers at the firm found that there are ‘unintended centralities’ in blockchains that can make them vulnerable to corruption and potentially stolen funds.
The risks inherent in blockchains and cryptocurrencies have been poorly described and are often ignored – or even mocked – by those seeking to ‘cash in’, the firm says.
All cryptocurrencies use what is known as blockchain technology – an open ledger that records transactions in code. A blockchain allows all records of transactions to be recorded and checked, making it not susceptible to change, or ‘immutable’
All cryptocurrencies, including Bitcoin and Ethereum, use a blockchain – an open ledger that records transactions in code.
A blockchain allows all records of transactions to be recorded and checked, making them ‘immutable’ (not susceptible to change).
A blockchain also keeps track of all cryptocurrency transactions on a decentralised public ledger in a series of blocks, allowing users to maintain a record of payments without the need for a central bank to record it.
But the new report from Trail of Bits – which was commissioned by the Defense Advanced Research Projects Agency – claims that blockchains aren’t truly decentralised at all.
According to the firm, a lack of true decentralisation could lead to manipulation of digital currencies by people, corporations or even governments.
‘Other people can make it impossible for you to transfer your cryptocurrency, and they can make it impossible for you to spend it at all,’ said Trail of Bits CEO Dan Guido.
‘This has really practical, real-world impacts; if Russia wanted to stop people from donating to Ukraine, they could do it.’
As each transaction between two people occurs on a blockchain, it is recorded as a ‘block’ of data, including information such as the sender, the receiver and the number of coins.
Computers in the network, called ‘nodes’, check the details of the trade to make sure it is valid and authenticate transactions.
This allows users to maintain a record of payments without the need for a central bank or other primary authority, to record it.
This process of taking away the power and control from a ‘centralised’ entity (such as a bank) is known as ‘decentralisation’.
Decentralisation, by definition, means that ‘everyone controls it, so no-one controls it’, but Trail of Bits’ findings suggest this is not strictly true for blockchain.
Cryptocurrencies such as Bitcoin are the internet’s version of money – unique pieces of digital property that can be transferred from one person to another
Trail of Bits researchers performed analyses and meta-analyses of prior academic work and of real-world findings that had never before been aggregated.
None of the issues listed by Trail of Bits have anything to do with blockchain’s fundamental cryptographic principle, which dictates how a transaction takes place between two nodes.
Instead, ‘unintended centralities’ can subvert how a blockchain is implemented, giving power to individuals or groups, it claims.
One of their findings was that 60 per cent of Bitcoin traffic in the past five years has been handled by just three internet service providers (ISPs).
This is a problem because ISPs – and the governments that control them – could prevent the transfer and sale of certain cryptocurrency.
This begs the question of would happen if a malicious employee at an ISP decided to block or filter cryptocurrency traffic.
‘Let’s say somebody with great top-down control of the internet in their country starts to interfere with that network,’ Guido told NPR.
‘They can rewrite history. They can censor transactions. They can make it so that you can’t spend your Bitcoin.’
Secondly, 21 per cent of Bitcoin nodes are running outdated versions of the Bitcoin Core client – a type of software that’s known to be vulnerable to cyber attacks.
‘While software bugs can lead to consensus errors, we demonstrated that overt software changes can also modify the state of the blockchain,’ the firm says.
‘Therefore, the core developers and maintainers of blockchain software are a centralized point of trust in the system, susceptible to targeted attack.’
Also, as of March 2022, about 55 per cent of Bitcoin nodes were addressable only via open-source software called Tor.
This is a problem because a malicious Tor exit node – the last node that traffic passes through in the Tor network before exiting onto the internet – can modify or drop traffic, similar to the issue with ISPs.
In a podcast describing its findings, Trail of Bits says some blockchains are more protected than others, but that they are ‘all vulnerable’.
‘Another government, an ISP, somebody running on Tor exit node, can tell you how to spend your cryptocurrency,’ said Guido.
‘Much more research is needed so that we can find out when people are censoring transactions, when the network operates in ways its not supposed to – because right now it’s way too difficult.’
Trail of Bits also states that it thinks blockchain technologies are ‘innovative’ and that the firm is not ‘by any stretch of the imagination anti-blockchain’.
***
Read more at DailyMail.co.uk