Users Beware: Blockchains Are Susceptible to Attacks
Blockchains, like any technology, can be attacked by exploiting coding errors or other vulnerabilities, experts say.
March 18, 2019 at 11:13 AM
4 minute read
|
Blockchain technology is often touted for its great security in preserving transaction records. However, blockchain isn't impenetrable. After all, a line of incorrect coding or a small computer network backing the blockchain could lead to unwanted transactions, meaning companies must assess and be aware of any risks in their blockchain-based software, experts said.
“With anything involving software, anything involving anything online, it's always an IT security risk,” said Phillips Nizer partner and former New York state Department of Financial Services deputy superintendent Patrick Burke. ”So while the blockchain itself is generally pretty impregnably accept for the '51% attacks', the software written around the blockchain is as susceptible as any other software.”
Indeed, news reports have documented a number of hacks of blockchain-backed cryptocurrencies and smart contracts. In January, for instance, hackers breached an adult entertainment company and stole $38,000 worth of cryptocurrency after it exploited an error in its smart contract.
Also in January, attackers rewrote cryptocurrency Ethereum Classic's transaction history and took $1.1 million, according to MIT Technology Review. The attacker was able to pull off the heist by gaining control of more than half of the network's computing power—which is called a 51% attack. To retrieve the currency, developers sought to change the software's rules used to decide if a transaction is valid or not. Most agreed, and Ethereum was created and the original cryptocurrency was renamed Ethereum Classic.
“Attacks similar to Ethereum Classic's are more likely to occur for proof of work blockchains where there is a limited amount of dedicated computing power,” noted Duke University finance professor Campbell Harvey. “For some of these smaller cryptos, you can rent enough cloud computing to disrupt the current transactions.”
“This is an issue for proof of work blockchains that don't have a lot of computing power powering them,” Harvey said. “What we are talking about is an attack of the most recent transactions, we are not talking about someone changing a transaction from last year. … [It's] still enormously difficult to go back and change a transaction from a year ago.”
Also a great deal of computers are needed to stage a 51% attack of a large proof of work blockchain, an expense that may deter some from targeting larger blockchains.
As more blockchains are attacked, blockchain-specific security services are emerging. For example, Japan-based NRI Secure Technologies started a blockchain security monitoring service that also diagnoses and analyses smart contracts.
Still, as some organizations are slowly adopting blockchains, they may fall victim to faulty coding in their blockchain or the software connected to it. But Phillips Nizer's Burke noted that most organizations are using permissioned blockchain where the nodes and miners are within a company's firewall and only the people working for them can be a miner. There are “fewer nodes you would have to control to gain control of it, but you can hopefully keep a closer eye on those people and they are people you trust,” Burke said.
However, he added that companies using blockchain must still ensure their transactions are safe, and regulators should also assess blockchains to figure out how vulnerable they are.
“At DFS, we would look at [a blockchain's] vulnerability to 51% attacks,” Burke said. ”You have to look at the number of miners it would take, what is the criteria for controlling [it], is it proof of work, proof of stake [and ]how small of a group can pull off a 51% attack.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Biggest Legal Tech People Moves of 2024
- 2NY Civil Liberties Legal Director Stepping Down After Lengthy Tenure
- 3Preparing for 2025: Anticipated Policy Changes Affecting U.S. Businesses Under the Trump Administration
- 4High Court May Limit the Reach of the Wire Fraud Statute
- 5Nelson Mullins Doubles Partner Promotions for 2025
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250