What The Cryptocurrency Hacks Mean For The Security Of Blockchain

Husch Blackwell LLP
Contact

Blockchain technology is seeing increasingly wide use internationally, but security issues are becoming a major problem.

Blockchain is a public electronic ledger that can be openly shared among users and that creates an unchangeable record of their transactions. Each transaction, or “block”, is time-stamped and linked to the previous one. Each block is then linked to a specific participant. Blockchain can only be updated by consensus between users in the system, and when new data is entered, it can never be erased, edited, adjusted, or changed.

Because blockchain uses cryptography to connect the contents of the newly added block with each block before it, any change to the contents of a previous block in the chain would invalidate the data in all blocks following it. Thus, no single entity can take control of the data in the blockchain. This makes it difficult to hack a single record because the hacker would need to change the block containing that record as well as those linked to it to avoid detection. Moreover, because blockchains are decentralized and distributed across peer-to-peer networks that aren’t contained in a central location, blockchains don’t have a single point of failure and cannot be changed from a single computer.

Blockchain technology has the possibility to solve data breach problems by removing the trust involved in the storage and access of digital content. But despite the benefits of blockchain, even the best-designed blockchain systems are not immune to attack. As a de-centralization technology where users can remain anonymous, blockchain makes it hard for regulators to deal with and allows for potential security threats. As with all technology, blockchain has its own weak points.

In fact, blockchain technology proved long ago that it is hackable. The first widely publicized hack involved Bitcoin—the most prevalent application of blockchain.  Back in 2010, a hacker manipulated a bug in Bitcoin’s software to generate a block that contained 92 billion bitcoin, which is 91,979,000,000 more bitcoin than the intended cap on bitcoin supply. The unknown attacker simply exploited Bitcoin by flooding the code to create an extremely large amount of Bitcoin.

Another one of the biggest attacks on blockchain technology occurred in Tokyo earlier this year, with the Coincheck hack. Japanese exchange Coincheck first confirmed the hack on January 26, 2018, confessing that more than $500 million worth of digital coins had been stolen by hackers from the Japanese cryptocurrency exchange.

These hacks have raised serious questions about the security of cryptocurrencies and blockchain around the world.

How are the hackers pulling it off?

The Coincheck hack demonstrated the importance of using some basic security measures with cryptocurrencies. Coincheck’s executives reported that the stolen coins were stored in a “hot” wallet that is connected to the internet. It is significantly more secure to keep funds offline, in “cold” storage—hardware wallets which are dedicated devices that offer an additional layer of security. Going forward, it will likely become standard practice for exchanges to hold funds offline.

According to Coincheck’s representatives, the hackers were able to steal the private key for the hot wallet where the coins were stored, enabling them to drain the coins. As described below, the use of multiple keys is much more secure and should be used with all cryptocurrencies.

No matter how secure a blockchain protocol is, it does not exist in a vacuum. The cryptocurrency hacks recently driving data security headlines are usually failures at places where blockchain systems connect with the real world—for example, in third-party applications.

What can you do to keep crypto-assets safe?

Use a multisignature address:

One solution, known as a multisignature address, requires more than one cryptographic key in order execute a transaction. It is similar to a multifactor authentication process sometimes used to access your e-mail account.  Every public cryptocurrency address is associated with a private key. The key is needed to move money from that address. So, if someone manages to acquire your private key, that person can access and distribute your money. This is what happened in the Coincheck hack. Using multiple keys would make it substantially more difficult for hackers to access funds.

Use hardware wallets:

Wallets are used to store cryptocurrency. The wallet does not actually hold your coins, rather, it holds the private key that allows you to access your coin address.  There are different types of wallets—each with varying levels of security. The safest option is a hardware wallet which you keep offline in a secure place that cannot be hacked. Hardware wallets can be stolen or lost, however, along with the coins that belong to the stored keys in the wallet. The least secure option is an online wallet, since the keys are held by a third party and you can generally access your coin from any device if you know the password(s). Whatever option you choose, backup everything if possible.

Reduce human error:

While the security of most cryptocurrencies remains intact, the security of the wallets, exchanges, and accounts of third-party services around these cryptocurrencies remains at risk. Billions dollars worth of Bitcoin and other cryptocurrencies have already been stolen from the compromised accounts of individuals and exchanges.

The attacks outlined above show that the flaw in the security of Bitcoin and any other cryptocurrency is the fact that humans are not so cautious. As is true with all data security, reusing passwords, getting trapped in phishing scams, and negligent exchange employees continue to be the most dangerous point of failure for the security of the cryptoeconomy.

Taking these measures will give your blockchain network the added security it needs to prevent attacks.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Husch Blackwell LLP | Attorney Advertising

Written by:

Husch Blackwell LLP
Contact
more
less

Husch Blackwell LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.