How secure is blockchain really? Why you can’t hack Bitcoin
2008 saw Bitcoin’s arrival into the world. It held the long-term promise to provide a brand new means of exchange that would eventually overtake fiat currencies alongside the traditional financial systems and services – courtesy of transparency, security, and privacy in its characteristics. That caught everybody’s attention. Another promise, however, was also there and it was not as widely noticed as the first one. It wasn’t even a promise but a fact.
The technology underlying Bitcoin’s system, which we know as “blockchain,” gave us a system in which two previously unknown parties could transact successfully with each other — without any recourse to mutual trust. This new way to do business was not that novel. Cryptography professors worldwide had been talking about this kind of system for ages, at the level of principles and possibilities. Yet nobody before Satoshi Nakamoto came up with a way to turn all that cryptographic potential into a practical thing that works in real life.
It’s true. You don’t have to trust the person who is buying a Bitcoin from you or vice versa. The record is there in the Bitcoin ledger for all to see. And the ledger has a full copy of itself in every node in the network, so you’re safe.
There is the next question, of course. So yes, you don’t need to trust the other guy. You just need to trust the system, and everything will be ok. But can you trust the system? What if it’s hacked? What if it’s unfair? In this article, we will endeavor to explain why the system is fair; it can’t be rigged, and, most importantly, it is practically impossible to be hacked so that you know for sure that the answer is: yes, you can indeed trust the system.
Keep in mind that the information we present here to you applies to every extant blockchain. Bitcoin was the first one, and it’s still the one that gets most of the world’s attention. But the technology that supports the BTC environment can now be found in many other networks such as Tron or Ethereum to name a couple. Because they share the same basic informational principles as Bitcoin, all these different networks are also safe, provided that they are large enough and are genuine blockchains.
It’s been 13 years since 2008. We’ve been through a significant world financial catastrophe and a global pandemic since then. Everything has changed, and the financial world is no exception. There are plenty of investors who are pouring resources into Bitcoin and other cryptocurrencies in a myriad different ways. The best-known one is pair-trading, which is the same thing as its older, more established cousin of Forex. But there’s nothing to stop investors from using it to buy items such as a super luxury car of limited edition which will be more valuable next year.
While cryptocurrencies have had limited success so far as the world’s new money, the blockchain technology that enables its existence has grown very popular at the industrial level because many industries have seen its potential to solve some common problems. (More and more businesses keep getting attracted to this technology, let alone individuals.)
So what is a blockchain, anyway?
We’re glad you asked. The most common blockchain type consists of a digital database that keeps records of some data critical to a given process. In Bitcoin, for instance, that database is called “the ledger,” and it tells you who has how many Bitcoins right now as well as whom has transacted with whom.
The network’s complete history is kept right there for everyone to see. The critical thing in a blockchain is that the database’s information can’t be manipulated or altered. It’s sacred, if you will. That’s the feature. That’s why many institutions, mainly financial, governmental ones, are so interested in adopting it.
The way a blockchain keeps its data is also different from other paradigms you may already know. It is split into many pieces, known as blocks. Every block has a given size, an amount of information they’re supposed to hold. Once one block gets filled with data, the network creates a brand new block, appends it to the previous block, and uses the new space to keep writing data. So, the database is a chain of blocks that grows in time. Hence the name of blockchain.
So any bit of new information produced by the network’s activity goes into the last, newest block and only there. This new block is attached at the end of the chain, so the timeline in the database is obvious and irreversible. This is complex, but that makes decentralization possible because every node has a full exact copy of the whole blockchain, so every actor in the network has the same information.
Completed blocks are not at the chain’s end anymore, but they are “inside” and, as such, they are untouchable (remember, new information can only be written in the newest block, the last one). You can tell which is which because the network assigns a timestamp to every block, so you know exactly which comes before or after.
Also, a cryptographic mathematical algorithm calculates hash codes. That is how the network knows that the cherished information inside the blocks is kept safe and unchanged because if something goes wrong and the “untouchable” bits change, then the whole hash changes as well.
And is it really secure?
This is the big question. Scandals have hit the crypto-sphere at times, and when they do, the mainstream media always makes a big song and dances about it. It’s normal; scandal sells.
But before you sell all your digital assets out of fear of hackers, stop for a moment and ask yourself this question: was the hack in the news a problem of the security in the blockchain itself, or was it a hack in the centralized, traditional user systems that the exchanges use to manage their user pool?
You need to remember that websites that deal in Bitcoin have been hacked for sure. But Bitcoin itself has never had a security breach of any kind. Not once.
Let’s take the 2019 Coinbase incident as an example. A smart guy found a way to control a large enough piece of Coinbase’s blockchain, thus carrying out a successful attack. The said attack consisted of rewriting transaction histories, thus hitting at the very heart of the network’s security. The newly written transaction histories allowed for “double spending,” which means the assets could be used twice to buy whatever the hacker wanted.
Hackers are pretty active against sites like Coinbase, so hacking attempts have only increased in time. The 2019 Coinbase case saw no money lost for the platform’s users, but not all the other victim platforms have been so lucky.
Blockchain technologies are powerful and innovative. So there are plenty of good reasons for individuals and companies to adopt them. Take Samsung who is including blockchain features in many of its new smartphones – the ones that run on the Snapdragon chipset. The company announced the new phones to be “unhackable.” That was more of a challenge than a statement of fact, but it remains to be proven wrong.
Blockchains are among the safest technologies around today. Their security features are unique. But that’s not to say that they lack loopholes that can be taken advantage of by a clever enough observer.
Half the network plus one
There is a rule for hacking a blockchain. It relies upon the magic number 51. If somebody wants to hack a blockchain, they first need to gain control over 51% of the network’s computing power. The scenario is called “51% attack.”
So what is the magic in 51%? As stated before, every node in the network holds a full copy of the blockchain. So if you come into the network and try to push a different chain of blocks to substitute the genuine one, the rest of the networks will reject it, as it does not fit the information they already have.
If, on the other hand, you can inject the information you want into 51% of the network, then the remaining 49% will be forced to accept it because it becomes the network’s new consensus.
Is a 51% attack possible? Yes, it is. In principle, there is nothing stopping anybody who wants to try their luck. In reality, though, the sheer scale in this feat needs so many resources in both money, infrastructure, and expertise that it’s nearly impossible in reality. (Remember, we are talking about rewriting every single block in the chain and then having the new blocks distributed over the whole network.)
Again, think about the Bitcoin network. Most nodes are in China, but there are hundreds more in the USA, Europe, and other countries. The sheer problem of having physical access to 51% of those computers is just out of anybody’s reach. Even governments could not pull this feat off.
There is another potential gap apart from the 51% thing. It’s about weak points in smart contracts. A smart contract is a clever little piece of software that usually prescribes the movement of an amount of cryptocurrency among digital wallets if and when a set of conditions is met. This computer code usually runs on a blockchain network. As with any program, smart contracts can have bugs. This problem can be particularly grievous because transactions in a blockchain can’t be rolled back.
Blockchains are complex environments. We’ve been using Bitcoin to illustrate most points so far. The blockchain’s main task is to keep the ledger updated in the BTC system, but there are such things as second-generation blockchains such as Ethereum.
In these environments, the blockchain itself is the network’s operating system, so the complexity in the technology becomes much higher than in the first generation. The high degree of complication begets potential threats everywhere. Also, the system’s performance depends on human actions and decisions. And not every human with access to blockchain networks has the best intentions at heart.
Hacking cryptocurrency platforms is also becoming a career path for hackers, many of whom have figured out several ways to make a profit off many platforms’ lackadaisical security policies. Again, it’s the platforms that are getting hacked, not the blockchains themselves.
But if the blockchain is going to transcend the status of a nerd’s toy to become a useful tool for great problems (securing elections is an idea floating around as a killer application for blockchains), then it has to be secure enough to be hacker-proof. Not only that. The public must perceive it to be safe.
Blockchain safety, point by point
So now that we’ve described the general security panorama in blockchains, let’s examine the individual factors that help guarantee blockchains will never be hacked.
Decentralized and open-source software
The prevalent dynamics in blockchains are peer-to-peer networks driven by open-source software. This has several advantages. First of all, anyone with the right equipment can join a blockchain. Secondly, it brings a high degree of transparency which helps the public’s trust in the system.
The decentralization in the network, which is one of its core features, means that the system as a whole can’t fail. If a single node goes bad, the remaining nodes will keep working correctly. Decentralized networks are something akin to a perpetual motion machine. Once they are active, you just can’t turn them off. You can’t kill a headless snake because it has no head you can cut off.
Hash algorithms are mathematical tools created for cryptology. They are not functions precisely because they cannot be inverted, and they have no analytical representation (you can’t write down a formula for a hash, it’s an algorithm). The idea is that they turn a vast number into a small number in such a way that that the probabilities that different inputs will give you the same output are negligible in practical terms.
For every new block to exist, there has to be a hash that has been resolved backward. Because hashes are not analytical, solving this problem (called a collision) takes enormous amounts of computing power, and it can’t be falsified or reverse-engineered.
This hashing thing is precisely how new Bitcoins come into existence: if you solve the problem that the network needs, if you calculate the hash input needed to start a new block, you get a few Bitcoin in return for your efforts.
The 51% problem
Yes, it’s possible. But only if you have all the computing power and money in the world alongside all the knowledge about blockchains and cryptography. If you can manage that, you can launch a 51% attack on any network you want and win it. In other words: as a matter of principle, 51% attacks are possible and can bring any blockchain down.
Let’s get serious now. No individual or organization in the world will be able to aggregate enough resources to bring about a 51% attack on a network as big as Ethereum or Bitcoin. And if they did, it would be so expensive that the reward could not possibly be commensurate to the effort. If someone has that much money to burn, many other ways are either more profitable or a lot more fun.
What about the future?
No blockchain has ever been hacked so far. Any known breach has had to do with malicious internal activity in which members of the core development team collaborate with outside actors to breach the security.
So yes, blockchains are vulnerable to criminal activity as much as anything else, but even if that is true, it takes a lot of expertise from the criminals to carry out a successful hit. It’s anecdotal, not an impending problem.
As time passes, every blockchain in the crypto-sphere will grow in size (by which we mean the number of nodes will increase). That means security becomes more reliable by itself because size does matter in crypto. More nodes mean more difficulty for hackers. The practical probability of hacking a blockchain in time is, thus, approaching zero asymptotically.
And there is something else. Blockchain technology came to life as the pet project of Satoshi Nakamoto, a single man (or maybe a small group of like-minded experts, nobody knows for sure). But the academic world is slowly but surely joining the crypto-verse (Cardano, an altcoin, leads the way in this regard).
So pushing the blockchain forward is no longer a single man’s hobby but a serious endeavor that includes the efforts of some of the best computer scientists and mathematicians in the world. That alone is going to make everything in crypto much more solid.
Now you know. Next time you hear somebody say in the news or elsewhere that “the blockchain got hacked,” you can, with all politeness, understand precisely how mistaken they are (taking into account as things stand today).
About the author
Abeerah is a passionate technology blogger and cybersecurity enthusiast. She yearns to know everything about the latest technology developments. Specifically, she’s crazy about the three C’s; computing, cybersecurity, and communication. When she is not writing, she’s reading about the tech world.