Pentagon finds regarding blockchain vulnerabilities

Image of the Pentagon.
Image: Pentagon via DHR Virginia.

A report commissioned by the Pentagon concluded that the blockchain is not decentralized, vulnerable to attack and runs outdated software. The report, “Are Blockchains Decentralized, Unintended Centralities in Distributed Ledgers,” revealed that a subset of participants can “exercise excessive and centralized control over the entire blockchain system.”

The findings of the report are a cause for concern for a wide range of sectors, but particularly serious for the security, fintech, big tech and crypto industries, which continue to grow.

The Pentagon’s research arm, the Defense Advanced Research Projects Agency (DARPA), engaged the Trail of Bits – a security research organization – to investigate the blockchain. Trail of Bits focused on Bitcoin and Ethereum, the two leading cryptocurrencies in the global market.

Trail of Bits says it only takes four devices to disrupt Bitcoin and only two to disrupt Ethereum. In addition, 60% of all Bitcoin traffic goes through only three ISPs. Outdated and unencrypted software and blockchain protocols were also identified by the organization.

Cryptocurrencies and the new era of digital finance

The Pentagon’s report appeared just weeks after the Luna cryptocurrency. In May 2022, the decentralized stable currency TerraUSD – linked 1: 1 to the US dollar – fell to 30 cents when an algorithm running on the blockchain collapsed. Financial experts warn that the Luna crash was an important lesson about the risk at the blockchain.

Since the Luna crash, cryptocurrencies have been in full meltdown with billions of dollars lost and investors paying off their cryptocurrencies. Cryptocurrencies continue to be affected by the global economy, supply chain problems, federal interest rate hikes, inflation and a looming recession. The DARPA assignment report only adds more concerns about the blockchain and affects investors’ perception and confidence.

Furthermore, the crypto world and blockchain operations are now deeply entrenched in many industries that have designed plans to use cryptocurrencies because of their agility, immediacy, product potential and capacity to provide easier access to financial services to the global population. Security remains a top priority, challenge and concern in this new digital economic era.

SEE: Security policy for mobile devices (TechRepublic Premium)

The blockchain security challenges

“The security of a blockchain depends on the security of the software and the protocols of its off-chain management or consensus mechanisms,” the Trail of Bits report states. Trail of Bits researchers registered several accounts with mining pool sites to study the code when it became available. Their discoveries are shocking.

According to Trail of Bits, ViaBTC, a leading global mining pool, assigns the password “123” to its accounts. Pooling, another mining organization, does not even validate credentials at all, and Slushpool – which has mined more than 1.2 million Bitcoin since 2010 – instructs users to ignore the password field. Together, these three mining pools make up about 25% of the Bitcoin hash rate, or total computing power.

Trail of Bits warns that nodes used by crypto miners can be easily distributed using an affordable cloud server. These can be used to flood the network in what is known as a Sybil attack. Sybil attacks can carry out an eclipse attack, in which a malicious actor seeks to isolate users by denying access to the nodes.

Trail of Bits presented evidence that a dense sub-network of public nodes is largely responsible for reaching consensus and communicating with miners. An example of a Sybil attack was linked to a malicious actor believed to be from Russia. The attacker gained control of up to 40% of the Tor output nodes and used them to rewrite Bitcoin traffic.

In addition, software bugs and errors are also a major security issue in the blockchain. Ideally, all nodes should operate under the same latest version of the software, but this is not the case. Software errors have already caused blockchain errors in Ethereum and 21% of Bitcoin nodes run an older version of the Bitcoin Core client, known to be vulnerable, says Trail of Bits.

Blockchain software developers and maintainers, and millions of cryptocurrencies around the world are also being targeted in attacks, along with mainstream technology websites that are starting to use the blockchain as a new source of revenue.

Big Tech and the Web3 marketing revolution

The new DARPA report finds large-scale technology at a critical moment, with many top companies already investing heavily in blockchain technology. For decades, big tech’s main source of revenue has been online advertising. However, the global trend driven by users’ privacy concerns brings the third-party era to an end, and significantly affects online advertising revenue.

All major technology companies – Meta Platforms, Spotify, Paypal, Twitter, Google, Apple, Alibaba, Microsoft and others – are moving to Web3 and blockchain in search of new sources of revenue.

For example, in 2016, Microsoft developed Project Bletchley, a blockchain as a service project (BaaS). Since then, the company has continued to explore cryptocurrencies. In 2021, Microsoft was also granted a US patent for blockchain software that would create crypto tokens. On May 31, 2022, Microsoft announced that it will allow advertising for cryptocurrency exchanges in the United States, limited to the Microsoft Advertising Search Network.

While Microsoft focuses on technical solutions, other companies such as Meta Platforms or Twitter manage their investments for regular blockchain use. On November 10, 2021, Twitter formally launched Twitter Crypto – a specialized crypto team – to build blockchain and Web3 services. Crypto expert Tess Rinearson, who has been working with cryptocurrency since 2015, was called to lead the team. Twitter has explored and developed cryptocurrencies, cryptocurrencies, revenue generation for creators, NFTs and decentralization of social media.

In similar ways, other large technology companies are looking to the future of the blockchain. In November 2021, Apple CEO Tim Cook said during the NYT Dealbook Conference that the company is looking at cryptocurrencies. While Cook did not reveal exactly what Apple is working on, he hinted at NFTs and accepts crypto on Apple Pay.

The new Trail of Bits report warns of major technologies as they develop their future. “The report demonstrates the continuing need for careful review when considering new technologies, such as blockchains, as they are spreading in our society and economy,” said Joshua Baron, DARPA program leader overseeing the study.

SEE: Password breaking: Why pop culture and passwords are not mixed (free PDF) (TechRepublic)

The emergence of the crypto market, risks and opportunities

Cryptocurrencies saw massive adoption during the pandemic years, which drove a global digital transformation and acceleration. In 2021, Bitcoin, after 12 years, reached a milestone that took companies such as Amazon, Apple or Microsoft from 21 to 44 years to achieve: A market value of 1 trillion dollars. As the popularity of cryptocurrencies increased, governments and banks stepped up to stay ahead, often testing the waters to regulate the sector, without success.

One of the biggest challenges for the blockchain is its global expanding dimensions and rich diversity. Skyquest’s Global Cryptocurrency Market report valued the cryptocurrency market at $ 1.85 billion by 2021 and expects to reach $ 32.5 billion by 2028. Not only are millions of users turning to crypto, but thousands of new ones and old companies are now working on the blockchain.

Roland Berger says that there are around 12,000 crypto projects and companies in operation by January 2022. The number of Crypto Unicorn companies – valued at over 1 billion dollars – increased by an incredible 491% in 2021.

A vulnerable blockchain environment – as described by the Trail of Bits report – puts these companies, their investments, years of work and hundreds of thousands of jobs at risk.

These companies develop, among other things, financial services, asset tokenization, metaverse, NFTs, supply chain management solutions, capital markets and insurance products, and cryptocurrency mining and staking. They are ready to disrupt and affect all industries. But is the world ready for a blockchain change?

“We should not make any promises about security at face value, and everyone who uses blockchains for high-profile cases must think through the associated vulnerabilities,” concludes Baron from DARPA.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *