What Is a Blockchain?
A blockchain is a distributed database or ledger shared among a computer network’s nodes. They are best known for their crucial role in cryptocurrency systems for maintaining a secure and decentralized record of transactions, but they are not limited to cryptocurrency uses. Blockchains can be used to make data in any industry immutable—the term used to describe the inability to be altered.
Because there is no way to change a block, the only trust needed is at the point where a user or program enters data. This aspect reduces the need for trusted third parties, which are usually auditors or other humans that add costs and make mistakes.
Since Bitcoin’s introduction in 2009, blockchain uses have exploded via the creation of various cryptocurrencies, decentralized finance (DeFi) applications, non-fungible tokens (NFTs), and smart contracts.
How Does a Blockchain Work?
You might be familiar with spreadsheets or databases. A blockchain is somewhat similar because it is a database where information is entered and stored. But the key difference between a traditional database or spreadsheet and a blockchain is how the data is structured and accessed.
A blockchain consists of programs called scripts that conduct the tasks you usually would in a database: Entering and accessing information and saving and storing it somewhere. A blockchain is distributed, which means multiple copies are saved on many machines, and they must all match for it to be valid.
The blockchain collects transaction information and enters it into a block, like a cell in a spreadsheet containing information. Once it is full, the information is run through an encryption algorithm, which creates a hexadecimal number called the hash.
The hash is then entered into the following block header and encrypted with the other information in the block. This creates a series of blocks that are chained together.
Transactions follow a specific process, depending on the blockchain they are taking place on. For example, on Bitcoin’s blockchain, if you initiate a transaction using your cryptocurrency wallet—the application that provides an interface for the blockchain—it starts a sequence of events.
In Bitcoin, your transaction is sent to a memory pool, where it is stored and queued until a miner or validator picks it up. Once it is entered into a block and the block fills up with transactions, it is closed and encrypted using an encryption algorithm. Then, the mining begins.
The whole point of using a blockchain is to let people in particular, people who don’t trust one another share valuable data in a secure, tamperproof way. That’s because blockchains store data using sophisticated math and innovative software rules that are extremely difficult for attackers to manipulate. But the security of even the best-designed blockchain systems can fail in places where the fancy math and software rules come into contact with humans, who are skilled cheaters, in the real world, where things can get messy.
To understand why, start with what makes blockchains “secure” in principle. Bitcoin is a good example. In Bitcoin’s blockchain, the shared data is the history of every Bitcoin transaction ever made: an accounting ledger. The ledger is stored in multiple copies on a network of computers, called “nodes.” Each time someone submits a transaction to the ledger, the nodes check to make sure the transaction is valid—that whoever spent a bitcoin had a bitcoin to spend. A subset of them compete to package valid transactions into “blocks” and add them to a chain of previous ones. The owners of these nodes are called miners. Miners who successfully add new blocks to the chain earn bitcoins as a reward.
What makes this system theoretically tamperproof is two things: a cryptographic fingerprint unique to each block, and a “consensus protocol,” the process by which the nodes in the network agree on a shared history.
The fingerprint, called a hash, takes a lot of computing time and energy to generate initially. It thus serves as proof that the miner who added the block to the blockchain did the computational work to earn a bitcoin reward (for this reason, Bitcoin is said to use a “proof-of-work” protocol). It also serves as a kind of seal, since altering the block would require generating a new hash. Verifying whether or not the hash matches its block, however, is easy, and once the nodes have done so they update their respective copies of the blockchain with the new block. This is the consensus protocol.
Blockchain technology has significantly changed the way in which traditional networks operate. It is based on the concepts of cryptography, decentralisation and consensus, which have revolutionised record-keeping. Aside from improving the speed and efficiency of transactions, it provides many security benefits through cryptographic validation and improving the transparency of records. The misconception, however, is that it is fully secure by default.
Is it possible to hack the blockchain?
Judging from historical successful cyber attacks on existing blockchains, the answer is yes. This begs the question: given the inherent security principles in the design and operation of the blockchain, what vulnerabilities could exist and how have they been exploited?
Blockchains are classified into various types, distinguished by whether they are open to anyone or restricted to known participants, and whether they are permissioned or not. Permissioned and restricted – or ‘closed blockchains’ – are believed to offer higher levels of security. They provide greater control over who can participate and what activities they can perform. The decision on the type of blockchain to implement is usually a question of the relative importance of security compared with performance of the blockchain.
However, there are some weaknesses that resonate across blockchains. Some relate to the technologies used to implement blockchain, while others are specific to the way in which blockchains operate. The human participants in a blockchain provide an opportunity for spoofing, phishing and other social-engineering tactics widely used by cyber criminals in other areas.
Attackers can send phishing emails or pose as wallet providers to obtain participants’ private encryption keys, allowing criminals to perform illegitimate transactions on the blockchain. Other generic methods of attack involve taking advantage of weak endpoint security to access data stored on participants’ devices (including private keys) and exploiting weak network security to intercept confidential data.
These methods were used by attackers to hack into an employee’s computer at South Korea-based cryptocurrency exchange Bithumb. More than 30,000 customer details were compromised and later used to scam them into providing authentication details to steal cryptocurrency.
Open blockchains offer greater anonymity. Participants are identified by a public address, often consisting of a string of letters and numbers, not easily linked to an identifiable person. This anonymity makes it attractive for cyber criminals, who often request payment in cryptocurrency underpinned by blockchain technology. While blockchain analysis software can help trace wallets and transactions using IP addresses, for example, techniques such as mixing and tumbling can be used to hide the true origin of cryptocurrency, making it much harder to trace ownership.
Smart contracts automatically execute transactions in line with certain conditions but can be exploited to anonymously move funds out of the blockchain. This was the case with the breach of the Decentralised Autonomous Organisation (DAO) in 2016 where more than $60m was stolen.
Another attack that takes advantage of how blockchain networks operate is a 51% attack, where the perpetrator’s aim is to get control of more than half the blockchain network’s mining power, thereby allowing them to control and manipulate the ledger of transactions. This type of attack typically affects blockchains that use the proof-of-work consensus mechanism.
Ongoing security efforts
It is important to remember that security is an ongoing effort, and no technology can ever be fully secure at all times, particularly with the interconnection of various technology components and constant technological advancements.
Blockchain networks can be much more secure than traditional networks and can provide several security benefits. As with any technology, due diligence and care should be taken when developing, managing or participating in a blockchain. Consider secure communication, code security, key management, identity and access management, and consensus management.
As security standards are developed and accepted, they should be implemented to better leverage the security opportunities of blockchain technology.