4 Hidden and Rarely-Discussed Security Threats of Blockchain

Blockchain has emerged as one of the most popular technology initiatives of the century, mainly by virtue of its transparency and high immutability.

That is, people can see what has been added to a chain, but it is very difficult to change a record once it has been verified.

This doesn’t mean blockchains are immune to security threats, of course.

Any database can be compromised if an outsider gains access by stealing log-in codes or defeating defensive software.

What isn’t widely recognized, however, is that blockchains can be disrupted from the inside as well, even by legitimate users who exploit weaknesses in a chain’s design or governance to steal tokenized assets or defraud members in other ways.

Key Takeaways

  • Blockchain, known for transparency and immutability, still has security threats from both external and internal sources.
  • These include double-spending, a common scam, which involves sending a token to multiple accounts simultaneously.
  • ‘Secret chains’ and ‘melfish mining’ can invalidate the original chain, and any transactions on it.
  • Issues like re-entrancy, frozen tokens, and failures in handling certain functions can compromise the reliability of smart contracts.
  • Blockchains also struggle with scalability as they generate more blocks with increased transactions.
  • …However we remind you that these issues lie in the execution of blockchain technology, not in the technology itself.

4 Hidden Security Threats on Blockchains

4. ‘Secret Tokens’

Perhaps the most common scam within the blockchain universe is double-spending.

Advertisements

This begins when one member sends a token to another while simultaneously sending the same token to another account, usually their own.

This allows the duplicate transaction to be validated immediately, effectively canceling the original and leaving the first recipient with nothing.

Rules governing timestamps, transaction data, and block registries can be established to thwart double-spending, but this must be done proactively by the members of the chain. And they also must be crafted carefully so as not to hamper the execution of smart contracts and other automated processes.

3. ‘Secret Chains’ & ‘Selfish Mining’

Double-spending gives rise to another vulnerability called selfish mining. In this scam, an entire secret chain of transactions is created along with a legitimate chain.

When the secret chain becomes longer than the first, as can happen in coin-mining strategies and other automated functions, it can automatically invalidate the original chain, provided there are no specific rules to prevent this.

This can be a risky strategy, however. If someone else also starts a secret chain, the scammer could very easily become the scammee…

Regardless, the ability to conduct any transaction secretly in an open distributed ledger runs counter to the purpose of blockchain, which is to provide an honest, open, self-verifying means of exchanging digitized assets.

2. Not-So-Smart Contracts

Smart contracts can also create problems for participants depending on their coding. A key problem is re-entrancy, which is when one contract triggers a function, usually a withdrawal, from another contract before a previous execution terminates.

This can trigger an infinite loop of fund transfer calls that can then be used to bypass validity checks to inflate or deflate the value of a given set of tokens. Various measures exist to prevent re-entrancy, but they must be implemented into the contract upfront to prevent losses during the automated execution of transfers.

Another problem is frozen tokens, which can be deposited into a chain under a smart contract but cannot be withdrawn. In many cases, this is due to poor design that prohibits the transfer of tokens from an external source, but it can also be implemented under third-party contracts that may be hidden from participants of the primary contract.

A smart contract can also fail if it encounters integer functions that it is unprepared to handle or if a single digital signature is validated for multiple transaction types.

1. Dealing with Scale

In general, blockchains also have difficulty dealing with scale. Each block in a chain can only hold so much data, which means that as more transactions are recorded, the chain generates more blocks. At a certain point, this hampers performance and drives costs to unacceptable levels.

This threshold is extremely high, of course, but it is not infinite. As blockchains become the ledger of choice for both digital and traditional economies and expand beyond mere currency to incorporate all forms of data exchange, their loads will scale accordingly.

The introduction of artificial intelligence-driven automation and increased interoperability between chains will only accelerate this process, which means the scalability issue will likely come into play as the world’s health and well-being becomes dependent upon high-performing blockchains.

The Bottom Line

None of this should be seen as a deal-breaker, however. All of these faults are problems with the execution of blockchain technology, not the concept itself. As usage patterns emerge and advances in the underlying digital infrastructure continue, we can expect blockchain to become a more streamlined, operationally efficient construct going forward.

In the meantime, it would be wise for any participant in any blockchain to understand the basic underpinnings of their chain and the contracts that govern the creation and transfer of tokens. As the rewards of using blockchain become more pronounced, the priority of the entire user community must shift to minimizing the risks.

Advertisements

Related Reading

Related Terms

Advertisements
Arthur Cole

Arthur Cole is a freelance technology journalist who has been covering IT and enterprise developments for more than 20 years. He contributes to a wide variety of leading technology web sites, including IT Business Edge, Enterprise Networking Planet, Point B and Beyond and multiple vendor services.