DevTeam.Space Product Development Blog

Explore our in-depth product development tutorials and new technology announcements published by our software development experts

All articles

Can Blockchain Technology Be Hacked?

Blockchain is increasingly taking the world by storm, both in terms of enabling safe forms of electronic currency transfer and also providing a solution to many existing technology problems.

A key advantage of the technology is the protection it offers against hackers.

However, many people don’t know whether blockchain can be hacked or not?

If you are an entrepreneur planning to use blockchain in a strategic project, you obviously want to know the answer to this question. To find out, read on!

Contents

The growing popularity of blockchain
How does blockchain dissuade hackers?
Blockchain and hacking: Public vs private blockchains
Crypto exchange hacks: Not blockchain hacks
Can blockchain be hacked, and how?
Wondering how to prevent hacking of your blockchain network?

The growing popularity of blockchain

Security features, along with transparency, decentralization, and efficiency are the factors driving the growing popularity of blockchain. The following statistics illustrate how the world is waking up to this technology:

  • At the time of writing, CoinMarketCap reports that the global cryptocurrency market is worth $180 billion. There are currently over 2,000 cryptocurrencies.
  • The global market for blockchain technology will likely reach $23.3 billion in 2023, as this Statista report

Experts are increasingly identifying key use cases where blockchain can make a massive difference. Examples include supply chain management, digital identity management, etc. Read “21 promising blockchain use cases” to learn about notable blockchain use cases.

How does blockchain dissuade hackers?

Before analyzing blockchain and hacking in detail, let’s understand how this technology keeps hackers at bay. Blockchain guards against hacking as follows:

1. Digital signature:

Digital signatures protect users as follows:

  • Users need to use their digital signatures for transactions, which use public-key/private-key data encryption techniques.
  • They can share their public key, however, they must guard the private key.
  • This technique uses “Integer factorization” to link public and private keys.
  • Hackers can’t extrapolate the private key from the public key since currently available computing technology will need billions of years to crack it. I have explained this topic in detail in “Quantum computing: will it kill blockchain?”.

2. Decentralization

Decentralization secures blockchain as follows:

  • Each node, i.e., computer in a public blockchain network, hosts the entire transaction data in the network.
  • Every one of these nodes effectively acts as a complete ledger of all transactions, therefore, we call it “Distributed Ledger Technology” (DLT). Read “Distributed ledgers definition” for more insights.
  • Hackers can’t shut the network down by taking over just one or two computers since the other computers will still maintain the network and resist any changes.

3. Transaction validation

No transaction in blockchain goes through without validation. Public blockchains like Bitcoin validate transactions as follows:

  • All nodes participate in transaction validation.
  • “Crypto miners”, i.e., nodes with specialized hardware and software solve a computing-intensive cryptographic puzzle in a competitive environment. The first miner solving this puzzle can create a new block with new transactions.
  • This is a transparent process, and malpractice is possible only if hackers capture the majority of the computing power in the network. That’s hard to do in a decentralized network. I have explained this process in “Proof of work vs proof of stake comparison”.
  • Crypto mining is energy intensive and, these days, requires large investment. Hackers hardly have economic incentives in this environment.

4. Preventing “double-spending”

Cryptocurrencies are mathematical money. “Double-spending” is a risk here, which involves spending the same cryptocurrency more than once. Hackers can change the destination address of a cryptocurrency transaction and cause double-spending. Public blockchains prevent this as follows:

  • Each block has the cryptographic hash of the earlier block. Read “Cryptographic hash function” to learn more about cryptographic hash functions.
  • Hackers trying to cause double-spending need to change the transaction data in a block. When they do so, the cryptographic hash changes, therefore, they need to change the next block to incorporate the new hash. As soon as they do that, they must change the subsequent block, and this must go on till the last block!
  • In a transparent network, everyone will soon notice such activities.
  • Moreover, hackers must find a small enough hash, i.e., with enough-leading zeroes, before anyone else accepts the new hash value. That’s very hard to do.

 

Blockchain and hacking: Public vs private blockchains

Most discussions around hacking a blockchain revolve around public blockchain networks. Private blockchain networks hardly figure in these discussions since these networks are fundamentally different. The reasons are as follows:

  • Public blockchains like Bitcoin and Ethereum are open to all, including anonymous and pseudonymous users. On the other hand, enterprises use private blockchains, and they only allow trusted entities to join these networks.
  • Transaction records on a public blockchain are transparent, and every user can view them. Private blockchains differ here since they provide separate security measures for sensitive data including implementing access control.

Read “Public vs private (permissioned) blockchain comparison” for more information.

Take, for e.g., Hyperledger Fabric, a popular enterprise blockchain framework. It offers the following security features:

  • Organizations can implement the framework in their on-premises secure infrastructure. Alternatively, they can use highly secure “Blockchain as a Service” (BaaS) offerings like IBM Blockchain Platform.
  • Hyperledger Fabric, or Fabric as it’s commonly called, offers access control.
  • Fabric has channel technology for sensitive data, which uses data-partitioning for added security.
  • There is also an additional “Hardware Security Model” (HSM) for digital signatures.

Read “Pros and cons of Hyperledger Fabric for blockchain networks” to learn more about the security features of Fabric.

In this article, I focus on public blockchains while analyzing whether blockchain can indeed be hacked.

Crypto exchange hacks: Not blockchain hacks

Newcomers in the blockchain/crypto space often confuse crypto exchange hacks with blockchain hacks, however, these are quite different. The following facts help us in understanding why:

  • Different public blockchains use different technology stacks. They are not interoperable, therefore, you can’t transact on the Ethereum network using Bitcoins.
  • To this backdrop, crypto exchanges emerged to facilitate crypto trading for users. For e.g., you can buy Ether in exchange for your Bitcoin in such exchanges. Read “What are centralized cryptocurrency exchanges?” to learn about them.
  • Popular crypto exchanges are mostly centralized 3rd party services. While they make crypto trading easier, their central servers are vulnerable to hackers just like any other central server elsewhere!
  • When hackers attack such crypto exchanges, which they often do, it’s not an attack on a blockchain network. It’s simply an attack on a central server.

Can blockchain be hacked, and how?

I will now take you through the key question of whether blockchain can be hacked, and how this could be possible. There are the following possibilities in this regard:

1. “51% attack”

This is one of the highly-discussed modes of attacking a blockchain network. A 51% attack would work as follows:

  • Assume a public blockchain network has quite a few nodes, and it uses the “Proof of Work” (POW) consensus algorithm.
  • Each node uses specialized hardware and software for crypto-mining, which is the transaction validation method for POW algorithm.
  • The network is decentralized, and users operating nodes are not in any cartel. They operate according to the established rules of the network and validate transactions.
  • None of the node operators can overpower the computing power of other nodes combined, therefore, none can get any undue advantage.
  • Now, suppose hackers procure enough computing power to control more than half of the total computing power in this network.
  • They now have a higher hash rate than the other nodes, which increases their mining success rate. Read about the hash rate in “What is hash rate?”.
  • These hackers can now solve the cryptographic puzzle required in POW faster than the other nodes.
  • They can then manipulate transactions and cause double-spends.

Read more about this in this article on the “51% attack”.

What are the chances of hackers successfully pulling off a 51% attack? Let’s consider the following aspects:

  • Public blockchain networks like Bitcoin and Ethereum have many nodes. With their popularity increasing, ever more nodes are joining these networks.
  • The higher the number of nodes in a blockchain network, the higher the cumulative computing power in the network.
  • This makes it harder for hackers to control 51% of the total computing power in such networks. Essentially, a higher number of nodes add more security against 51% attacks.
  • However, less popular blockchains have lesser number of nodes, therefore, hackers can launch 51% attacks more easily. In 2018, hackers targeted a few relatively new cryptocurrency networks with a lower number of nodes. Verge, Monacoin, and Bitcoin Gold had fallen victim to these 51% attack, as this “MIT Technology Review” report shows.

Let’s also understand how market economics provides natural protection against 51% attacks:

  • A cryptocurrency blockchain with limited popularity would naturally mean that the coin has a low price in the crypto market. Hackers staging a 51% attack might gain coins, however, their profit will be low.
  • On the contrary, staging a 51% attack on the blockchain of a popular cryptocurrency like Bitcoin will require very high computing power. The investment, including the electricity bill, will be very high. The network is transparent. Users will soon know if hackers stage a 51% attack, and the Bitcoin price will plummet. Once again, hackers will be left with almost no profit.

Read about this economic aspect in “Bitcoin’s attack vectors: 51% attacks”.

2. Exploiting bugs in the blockchain protocol code

Blockchain uses modern cryptography, which is founded on complex mathematics and programming. Complex programs can have bugs, and hackers can exploit them.

An example was a 2010 incident of hacking the Bitcoin protocol, which played out as follows:

  • A piece of code in the Bitcoin protocol checked Bitcoin transactions.
  • This piece of code wouldn’t work if the output was too large, causing an overflow when summed up.
  • An unknown hacker took advantage of this bug and created 184.467 billion Bitcoins, whereas the maximum supply of Bitcoins is predefined as 21 million!
  • Satoshi Nakamoto, the pseudonymous creator of Bitcoin and Gavin Andersen, another Bitcoin developer worked together and fixed the bug within a few hours.
  • They forked the Bitcoin blockchain to create a good chain, monitored the chain created by the hacker, and persuaded the other miners to avoid it.

Read more about this hack in “Bitcoin’s biggest hack in history: 184.4 billion Bitcoin from thin air; Satoshi hard forks, saves Bitcoin”.

The likelihood and impact of such attacks are unpredictable, due to the following reasons:

  • Hackers must have highly advanced knowledge to identify and exploit bugs like the above in blockchain protocol programs.
  • Blockchain developers that created the network also need robust programming skills to prevent such bugs and to recover from such attacks quickly enough.

3. Exploiting bugs in smart contracts

This is essentially exploiting bugs in programs running on a blockchain network, rather than hacking the network itself. This kind of hacking incidents can have a serious impact.

Smart contracts are programs that run on blockchain networks like Ethereum, NEO, etc. They have the following characteristics:

  • Smart contracts are open-source pieces of code that transfer cryptographic assets based on predefined conditions.
  • They are stored in a blockchain, therefore, one can’t modify them after deploying them.
  • They execute automatically, and the execution results are also recorded in a blockchain. This means that their execution is irreversible.

Read more about smart contracts in “How to deploy smart contract on Ethereum?”.

Hackers can exploit bugs in smart contracts and make off with crypto tokens. An example was the 2016 Ethereum “Decentralized Autonomous Organization” (DAO) hack, which panned out as follows:

  • The Ethereum community set up an investment fund in 2016 to manage improvement proposals, and a DAO to govern it.
  • They used smart contracts for managing the DAO.
  • While the Ethereum network protocol program was fine, the smart contract running on this network had a bug. One could keep requesting money from the DAO account, while the system didn’t record that the money is already withdrawn.
  • Hackers used this bug and made off with $60 million worth of Ether.
  • After much deliberations and controversies, the Ethereum community executed a hard fork. Today’s Ethereum network is the result of this hard fork, however, some community members continued with the old chain. The old chain is called “Ethereum Classic”.

Read “Understanding the DAO attack” for more information about this hack.

More and more developers are creating smart contracts, and some of them will have bugs. This potentially raises the likelihood of such attacks. Hackers need the required skills to exploit such bugs. At the same time, blockchain programmers need sufficient expertise to write new smart contracts that can help recovery from such attacks.

4. Lunching Sybil attacks

A Sybil attack on a blockchain network involves one malicious user owning a large number of nodes. The user can then swamp the network with fake transactions, or prevent validation of good transactions.

The probability and impact of such attacks vary depending on the design of the blockchain, as follows:

  • Blockchain networks using the POW algorithm will require each node to spend significant computing power. These nodes also run up high electricity bills, therefore, the incentives are less.
  • On the other hand, blockchain networks using the “Proof of Stake” (PoS) algorithm will require transaction validators to stake their coins. This can reduce the incentives to launch such attacks.

Read “What’s a Sybil attack & how do blockchains mitigate them?” to learn more about such attacks.

5. Staging “Direct Denial of Service” (DDoS) attacks

A “Direct Denial of Service” (DDoS) attack involves sending an exceptionally large volume of traffic to a server. In case of a blockchain network, this amounts to sending too many spam transactions.

DDoS attacks on blockchain networks are common since many hackers and malicious organizations sell such attacks. However, these attacks have limited impact, due to the following reasons:

  • Most blockchain networks included best practices to manage situations arising from DDoS attacks.
  • Miners in cryptocurrency networks like Bitcoin have sufficient experience with these attacks. They can easily identify such sudden bursts of spam transactions, and prevent them from being validated. As a result, no funds are stolen, however, the network activities may be halted for some time.

Read “Yes, the blockchain can be hacked” for more insights into DDoS attacks.

Wondering how to prevent hacking of your blockchain network?

If you are planning to start a strategic blockchain project involving a new network, you need to prevent hackers from attacking it. That’s not an easy task.

You need software architects with sufficient blockchain expertise to design such a network and undertake development.

Consider engaging a reputed software development company for such projects. Read “What to plan for when undertaking blockchain software development?” before you engage a partner.