- Cryptocurrency has played a huge role in revolutionising the world digitally and has offered innovative services in various aspects to markets, located worldwide.
- With the wide applications it has, and the rise in its emergence as a digital alternative, it is definite to be posed with questions about the security it offers.
- It is worth acclaiming that crypto proponents have been lauding about the security of cryptography and blockchain-based digital currencies for years. Blockchain supposedly designed such that there is an existence of difficulty in hacking.
However, throwing light on the rare events of hacking in the crypto world, Binance, the world’s largest cryptocurrency exchange based on the transaction volume, admitted in the mid-2019 that they had become the victim of a large scale data breach. The breach was reported to have resulted in the loss of the cryptocurrency worth US$40 million. Binance had claimed that there occurred a stealing of over 7,000 BTC from the company’s hot wallet.
In the year 2019, the Ethereum Classic blockchain reported to have a security compromise. Although the Cryptocurrency hacking and theft has only been a small part in the cyber threat index, the significant risk it poses cannot go unseen.
Possibilities of Blockchain being hacked
It is essential to bring to notice that the impossibility of Blockchain un-hackability may no longer be a fact, and chances of hacking events can yet occur.
Coinbase’s security team had observed unusual activities in the Ethereum Classic network in January 2019. It seemed that the alternative currency’s history of transactions was under attack. This event enabled the hacker to rewrite the transaction history, leading to the double-spending of crypto coins. It was possible for the hacker because he managed to take control of the Ethereum Classic network’s computing resources. The hack reported to have led to the stealing of coins equivalent to $1.1 million.
51% is the label given to this attack because the hacker was successful in taking control of more than half of the computing capacity of a cryptocurrency network (half+1%). Control of the majority of the computing resources in the network gives the hacker the ability to tamper Blockchain. And once this interference in the consensus mechanism occurs, guarantee of the integrity of the system becomes extremely difficult.
51% attacks so far have only been worked on smaller cryptocurrencies. There existed no reports on Bitcoin, Bitcoin Cash, Ripple, and other top digital currencies, and this is the only soothing fact.
Working of 51% Attacks
The hacking of the Blockchain requires humongous computing power, at least 51% of the entire cryptocurrency network. There would be a need for numerous superfast computers working together or millions of devices infected by cryptojacking malware. 51% attacks have occurred on less popular cryptocurrency due to their small underlying network of computing resources.
The attacker first generates an alternate and isolated version of the Blockchain and does not directly start with the stealing of coins. The attacker then cleverly builds blocks that are not broadcasted to other miners. As a result, a fork occurs that is followed by the regular miners and another by attacker’s miners.
The isolated alternative Blockchain is created by the attacker to take advantage of reversing the transactions and in enabling the double-spending by broadcasting the isolated Blockchain to the network and by outpacing other miners in completing blocks with the superior computing resources.
The regular miners then forced to acknowledge the faster, longer, and heavier alternative blockchain version as the correct one and eventually switch to it as the new canonical transaction history since the design of most blockchain-based cryptocurrencies to be deferred to the rule of the majority.
The hack makes the re-use of coins that were already spent or transferred to other wallets possible, thus, implying that the new transaction history does not indicate the creation of crypto coins out of nothing.
This process lets the previously confirmed transactions be reversed, or ongoing transactions are voided to give way to a new transaction history. However, this can mean the loss of coins held by an original owner to recognize a new holder based on the new transaction history.
What are Crude Attacks?
The crude attacks may not prove to be direct assaults on Blockchain, but they can occur merely because of human errors. The failure of using strong passwords, two-factor authentication, and other security measures all fall under human errors.
In 2018, the 51% attack against the Verge blockchain was possible because there existed a flaw in the Verge blockchain protocol, making it possible to generate a more extended version of the Blockchain in a short time.
Due to the extreme challenges, the 51% attack poses, the cybercriminals steal bitcoin and other coins with their usual attack methods instead where social engineering and malware are usually involved.
To cite an example of a social engineering attack, in the year 2013, Bitcoin was attacked wherein, 4,100 coins were stolen from the now-defunct digital wallet Input.io. This attack has since then put Input.io out of commission. Also, it was reported that this happened as the attacker was successful in deceiving the site’s owner to give details required for a password recovery request via email.
The Cryptocurrency security doesn’t possess perfection. But, the use and further development of the new class of digital assets cannot merely be disrupted or discouraged because of the few security issues. As cited in the examples, most of the weaknesses of crypto security is due to the human factor, the failure to secure personal crypto wallets. Lastly, the hackability of Bitcoin and other cryptos is possible, but there exists no strength in this reason to give up on the idea of a decentralized currency.