How Blockchain Can Be Hacked: The 51% Rule and More

The infamous criminal Willie Sutton was once asked why he robbed banks, and his response was "because that’s where the money is." Blockchain technology and the related cryptocurrency revolution of recent years have garnered widespread attention. This attention has attracted people looking to steal money. Thieves steal money in blockchain by exploiting every detail of the design, implementation and execution of these networks.

Blockchains are distributed records (chains) of transactions (blocks). Members of the network are incentived to validate, record and announce the records. If these transactions are focused on currencies, then they are called cryptocurrencies. Examples of these currencies include Bitcoin, Litecoin and Ethereum. Each transaction validation yields the person validating a bit of the currency.

51% Attacks

On the surface, blockchain seems to be a solid and transparent system immune to fraud or deception. In reality, MIT reports that hackers have stolen nearly $2 billion worth of cryptocurrency since 2017. The methods for the thievery varies, but a technique that points to a theoretically weakness in blockchain is know as a "51% Attack."

51% Rule for Blockchain

The 51% Rule refers to a situation where an entity controls more than 51% of the computing (hashing) power within a blockchain network. The entity then creates fraudulent, yet personally validated transactions records. These records might not include previous payments leading to a double payment. Other modifications to records that are beneficial result for the perpetrator can also occur.

The protocol of a blockchain system validates the record with the longest transactional history. If the attacker has more than 50% of the processing power, they will have the longest transactional history. This means that their incorrect blocks will be the valid ones. Smaller networks are especially vulnerable to a 51% Attack.  If trust is lost in a network, then the currency might crash.

Smart Contracts

A multi-university report says Smart Contracts can be vulnerable. Smart Contracts are used to assure transparent and secure interactions in the blockchain. They run a program that executes items related to contract agreements. For example, there might be an if then statement that releases to another person money if a form is signed. The exchange is controlled by a set automated process. The contracts are integrated into the blockchain to ensure transparency.

However, even Smart Contracts are vulnerable. Bugs can exist in the code, either intentionally or inadvertently.  The errors cause incorrect actions to occur in the contract. These errors have led to over $70 million in loses in recent years. There is no accurate tools available for testing and detecting these vulnerabilities.

No system is perfect. Knowing the fallible nature of technology frameworks can give users the insight to look out for errors and be vigilant. 

Did you enjoy this blog article? Comment below with your feedback.

 

About CIPHER

Founded in 2000, CIPHER is a global cybersecurity company that delivers a wide range of Managed Security Services and Security Consulting Services. These offers are supported by the best in class security intelligence lab: CIPHER Intelligence. With offices located in North America, Europe, and Latin America, 24×7×365 Security Operations Centers and R&D laboratories, the services are complemented by strategic partners around the globe. CIPHER is a highly accredited company holding ISO 20000 and ISO 27001, SOC I and SOC II, PCI QSA and PCI ASV certifications. We have received many awards including Best MSSP from Frost & Sullivan for the past six years.

Our clients consist of Fortune 500 companies, world-renowned enterprises, and government agencies with countless success stories. CIPHER provides organizations with proprietary technologies and specialized services to defend against advanced threats while managing risk and ensuring compliance through innovative solutions.

Recent Security Posts

Essential-Cyber-Security-Tips-Guide.jpg

Twitter Feed