Blockchains Are Not as Unhackable as Once Thought

Once lauded as unhackable, blockchains have now been subject to scrutiny after a series of hacking incidents were reported early this year. In January, the security teams at Coinbase noticed that someone had compromised the ledgers at Ethereum classic, a cryptocurrency that people can buy and sell through Coinbase’s platform.

The initial report released by the popular exchange platform said that a total of US$460,000 was spent after hackers rewrote the transaction history of past transactions that enabled the cryptocurrency to be used more than once. However, this quickly rose to a total of more than US$1 million through the course of a few days. All these were recorded and spread over 15 different transactions.

While no currency being managed by Coinbase or its clients were actually stolen from any of its accounts, a second popular exchange platform,, has reported that US$200,000 was lost through the same method.

Cryptocurrency wallets have always been vulnerable to hacking, however, its backbone, the blockchain, has been widely known to be very secure.


The History of Blockchain and its vulnerabilities

In the previous years, blockchain was heavily praised by many to be a secure method of doing transactions. Maintained by a network of computers, the cryptographic database stores a copy of the most up-to-date “block” into the network and links them together to create the “chain”. This block contains information about the transaction. Within the network, a protocol is set up to verify new transactions that could be added to the database.

When new blocks are added, the entire system of computers, known as nodes, update their information as well and verify the new addition. This decentralizes the storage of information and makes it hard for hackers to attack as it requires them to tamper with all blocks in the system to gain a majority at 51%. In theory, this seems foolproof. However, it is not impossible and this could be exploited.

A hacker with enough computing power can completely overwhelm the rest of the miners and start introducing new blocks with fraudulent information to existing blocks that do not have them. The Ethereum Attack in January used this method of double spending. Attackers made a block with fraudulent data and incorporated it into the entire system.

The 51% majority has been known to be an inherent weakness of most cryptocurrencies and many have employed measures to protect their systems against this. However, smaller cryptocurrencies have been attacked regularly with an estimated $20 million lost in these heists. The attack on Ethereum Classic is a first for a top-20 currency. This does not bode well for all the others.

Complex blockchain systems made to protect against fraud is possible but it also increases the likelihood of making mistakes while it is being set up. This could then be exploited if discovered. The company handling Zcash, another cryptocurrency that uses complicated algorithms to secure transactions, has revealed that it has secretly fixed a flaw in the verification protocol. If this was exploited, the attacker would be able to make unlimited counterfeit Zcash. While there were no reported cases within the company, this vulnerability brings a lot of questions to the table.

Other vulnerabilities that could potentially affect the security of the chain is the software client itself. To be able to trade cryptocurrencies or run a node, a client must be downloaded. This client can contain vulnerabilities that could be exploited. Some known issues include attackers being able to make more coins than the system would normally allow. In September 2018, Bitcoin Core, Bitcoin’s main client had to fix a bug that exploited this vulnerability.

While most hacks aren’t attacks on the blockchains themselves, a majority of those reported were attacks on the exchange platforms. Attackers exploit security vulnerabilities and do fraudulent activities. While the severity and frequency of the attacks are expected to grow in the next few years, there is still time to improve on securing existing cryptocurrencies to prevent attacks similar to those made on Ethereum Classic.

Add comment

Security code