Blockchain, the underlying technology of cryptocurrencies, has enormous promise but also has been found to have major vulnerabilities that could lead to billions of dollars in losses by users. A study by MIT has analyzed 72 cases of publicly-reported blockchain system security breaches from 2011 to 2018 totaling $1 billion, and amounting to losses of as much as $600 million for some companies.
"The bottom line is that while the blockchain system represents advances in encryption and security, it is vulnerable in some of the same ways as other technology, as well as having new vulnerabilities unique to blockchain," wrote Stuart Madnick, a professor at MIT and founding director of the Cybersecurity at MIT Sloan research consortium, in a column for The Wall Street Journal.
Distributed Ledger Technology Far from ‘Unbreakable’
The addition of blockchain has been fruitful for many companies, some which have seen their shares skyrocket just by adding the word to its startup name. Proponents of the distributed ledger technology tout its transparency, distributed control and anonymity, and improved security. That being said, while the blockchain system offers certain advances in encryption and security, there remain many issues with the technology, which is far from “unbreakable,” according to a handful of recent reports.
While the recent MIT study looked at the 72 publicly reported security breaches, the Madnick notes that there may have been many more, considering that some cyberattacks are not publicly reported. The reported breaches over the past eight years cost organizations anywhere from $12,000 to hundreds of thousands of dollars in losses.
The column lays out blockchain’s downside, noting that “blockchain may be its own worst enemy, as many of the things that make it so great also increase its vulnerability when it comes to security. Three examples include transparency, distributed control and anonymity.”
As for transparency, given the blockchain ledger and software code is copied on many servers and viewable by many, it leaves room for a “bad guy” to access it and study it. The distributed nature of the technology, in which there is no “on” or “off” switch from a central computer, means that it is difficult to stop an intruder from siphoning off more and more money.
Additionally, the anonymity offered to blockchain users, who receive a ”blockchain keys” comprised of long numbers, poses a threat. While the number is impossible to guess and therefore has its security benefits in that sense, there is “no override capability on your blockchain account,” and therefore if you lose your key, the account is lost. In one case, the CEO of a cryptocurrency exchange died unexpectedly, and $180 million in customers' funds were not retrievable, per PC Mag.
Regulatory Hurdles, Disappointing Bank Test
News of the security breaches comes as up to 40 startups have applied to the SEC to use blockchain as licensed brokerages, per another Wall Street Journal story. None of the applications, including those from companies hoping to launch electronic trading platforms, have been approved since regulators upped enforcement against crypto-issuers at the start of last year, according to the report. This reflects the regulatory hurdles and burdensome delays that many crypto-companies, as well as major players like Facebook Inc. (FB) that are expanding their crypto-reach, may face.
Meanwhile, a report from Germany's central bank demonstrated that blockchain technology was slower and more expensive in a recent test, as outlined in an earlier Investopedia story.
While recent reports highlight blockchain’s downside, its champions are confident that the technology will prove itself in the long-run, revolutionizing the tech world much like the Internet did in the 90s. Crypto bulls have a great deal to celebrate in 2019, as more institutional investors express interest in the sector and the price of digital assets led by bitcoin more than double.