open share links close share links
Blockchain technology is anonymous, distributed, permanent, and widely touted as unbreakably secure.
But those qualities are also the source for some of blockchain’s greatest weaknesses, and with the technology gaining popularity and acceptance as a solution to just about everything, it’s important to be cautious before jumping on the bandwagon.
“Blockchain has a lot of great advantages to it, but sometimes those advantages can be misused in ways that often have not been thought about,” said Stuart Madnick, MIT Sloan professor of information technologies.
Madnick and Jae Hyung Lee, SM’19, are releasing a study on 72 publicly reported blockchain security breaches between 2011 and 2018. The research is part of an overarching thesis on blockchain security and vulnerabilities. In a recent Wall Street Journal blog post, Madnick wrote that the breaches range in losses from $12,000 to as much as $600 million.
Stuart Madnick MIT Sloan professor of information technologies
“In total, the publicly reported losses by cyberattacks against blockchain systems during the past eight years exceed $1 billion,” Madnick wrote in the post.
The hope, Madnick said, is not to diminish blockchain’s benefits, but rather encourage caution around the newly mainstream technology.
“It’s not just whether it’s breakable or not, but whether it can be misused,” Madnick said. “The trouble is blockchain itself is just a piece of data; it doesn’t do anything. It’s the software and the use of the software that makes the blockchain useful. Blockchain itself might be secure, but the use of the blockchain is where all of these weaknesses come through.”
Here are three blockchain advantages, and the risks that go with them.
Blockchain doesn’t have a central database. Instead, it’s run on hundreds of thousands of servers. If one of those servers stops, the others keep running.
“In that sense, distributed also means unstoppable,” Madnick said.
But a lack of an on/off switch can cause problems. In 2017, hackers found a coding flaw in the Ethereum blockchain platform, and used it to siphon away millions of dollars. Watchdogs realized what was going on, Madnick said, but weren’t able to shut down or disconnect the system. Instead, white-hat hackers used the same coding bug to steal the remaining money faster than the criminals, and redistribute it.
In a similar vein, because the softwarethat drives blockchain is publicly available [and how it’s replicated on thousands of servers around the world], someone with bad intentions might exploit a software flaw they find before anyone else notices and fixes it.
Accessing a blockchain account requires a key. This key is a long combination of numbers and letters and is nearly impossible to guess. The key is also anonymized, so no one knows the identity of the key holder, Madnick said.
Unlike a safety deposit box at a brick-and-mortar bank — which in the case of a lost key could be identified by the owner and pried open with a crowbar — if someone loses their blockchain key, that account can never be accessed again.
Blockchain is used in a variety of industries, but what will happen if and when it’s used to record something a person would rather not have around forever?
What if blockchain is used for criminal records, Madnick suggested, and someone wants their record expunged? On a blockchain, that history will permanently follow the person.
And what about the General Data Protection Regulation, the European Union’s effort to give individuals more control of their personal data. A person living in one of the EU countries has the right to request that that information be erased if it is no longer needed. How can someone be erased if nothing can be removed from blockchain, Madnick asked.
“[Immutability] is what I would call an unexpected consequence,” Madnick said. “Which for certain people may be viewed as a negative unexpected consequence.”
Earlier this year child pornography images were found in the Bitcoin Satoshi Vision (BSV) ledger. The images appeared on a website which allows people to see content added to the BSV ledger. The browser was shut down, and a filter put in place, but actually removing the content from the ledger would require agreement among all of the blockchain servers — which is no small feat.
Blockchain stakeholders are working on ways to prevent future instances of abusing blockchain technology, but in the meantime, Madnick said he wants current and potential users to build up caution for the relatively new technology.
“I’m not trying to diminish the fact these are great advantages it’s just that these advantages have consequences as well,” Madnick said. “These are all great things but also be aware of the ways in which they could be abused and either A) minimize the likelihood of being abused or B) decide the risk of them being abused is small enough that you’re willing to tolerate it.”