Cryptocurrency technology’s security weaknesses could compromise how it runs: DARPA: NPR

by · October 21, 2022

A visual representation of the digital cryptocurrency, Bitcoin. A new report says the technology’s security is vulnerable.

Dan Kitwood/Getty Images


hide caption

change caption

Dan Kitwood/Getty Images

Whether prices are up or down, for many cryptocurrency investors, the real appeal is that no one is in charge.

As the crowd chanted at the recent Bitcoin 2022 conference in Miami, it’s all about “Freedom!” By design, the system is meant to be free of interference from banks, companies and authorities.

But a new report finds that the decentralized system may not work as well as many crypto enthusiasts assume.

The report was commissioned by the Defense Advanced Research Projects Agency, or DARPA, and the work was carried out by software security research company Trail of Bits.

Coinbase is laying off 18% of its workforce. The CEO cites an upcoming crypto winter

Trail of Bits CEO Dan Guido says blockchain — the public ledgers that keep track of cryptocurrencies, which are replicated on computers around the world — is not the egalitarian technology its proponents claim.

“It has been taken for granted that the blockchain is immutable and decentralized, because society says so,” Guido says.

But in practice, he says, these networks have evolved in ways that concentrate power in the hands of certain people or companies, including the large pools of “miners” whose computers earn virtual currency by maintaining the blockchains.

Guido’s team calls these potential situations “accidental centralities”—situations where someone gains influence over the decentralized system, creating opportunities to tamper with the record of who owns what.

Another example in the report of this type of concentration is the fact that 60% of Bitcoin traffic is handled by just three ISPs.

“Let’s say someone with good top-down control of the internet in their country starts disrupting the network,” says Guido. By slowing or stopping legitimate blockchain traffic, an attacker can become the “majority” voice in the consensus of what is written to a blockchain at that moment.

“They can rewrite history. They can censor transactions. They can make it so you can’t use your Bitcoin,” Guido says. “It’s definitely something people want to do if they want to ‘mourn’ the network.”

The notion of this type of attack isn’t new, but what the Trail of Bits report does is bring together research on different types of “accidental centralities” to better understand the technology’s overall vulnerability.

Some of the findings are “eyebrow-raising,” says Josh Baron, project manager for the unit at DARPA that commissioned the report.

“For example, the idea that 21 percent of Bitcoin nodes are running an old version of the Bitcoin core client that is known to be vulnerable,” Baron says, referring to the basic software that runs that blockchain. That means all of those computers are open to the same kind of hack — a big first step for an attacker trying to dominate a blockchain network, sometimes called a “51 percent attack.”

“You’re already worried about 51 percent, and now I’m telling you that 21 percent is just out there for the taking, as it were. That’s not good,” Baron says.

There is a new plan to regulate cryptocurrencies. Here's what you need to know

2021 was the year of the cyber robbery

So far, the risks outlined in the report do not appear to be a major concern for the cryptocurrency business. NPR reached out to some of the larger companies, such as Coinbase, for a response, but they declined.

Yan Pritzker, co-founder of a smaller Bitcoin services company called Swan, told NPR that he sees the risk as “theoretical.”

“If this type of attack is possible, why hasn’t it happened?” asks Pritzer. “I think the proof is in the pudding a little bit. In real life these things don’t happen.”

Pritzker agrees with the report on this point: There is more centralization in some of the newer forms of cryptocurrency, especially those that rely on a system called “proof of stake,” which uses less computing power. He is more confident in the resilience of Bitcoin, because its energy-intensive “proof of work” blockchain will require much more computing energy to corrupt.

Pritzker also points out that this research was commissioned by a public agency.

“They’re basically running playoff investigations,” he says of reports like this. “Their game is, ‘how do we get better control of the currency’ and ‘how do we build better systems for our control of the currency’.”

Christian Catalini, founder of the MIT Cryptoeconomics Lab, sees the report as useful, but not too worrisome.

“Some of the concerns I think are valid, but perhaps the danger to the wider ecosystem is a bit overstated,” he says, noting that it’s important to keep in mind that cryptocurrency systems are not completely autonomous. Loose associations of people – volunteers and “core developers” – work constantly to maintain and improve them.

“You can imagine some of the problems [in the report] will be exploited, eventually – and I think it will happen potentially for some of these, says Catalini.[But] The community can always coordinate, respond and, I think over time, will get better at developing the right solutions.”

Because cryptocurrencies are decentralized, with no oversight from governments or central banks, these solutions will require the attention and consensus of the participants in these networks.

At Trail of Bits, Dan Guido says he believes cryptocurrencies and blockchain have promise, but anyone investing in them should consider that they are still in the “prototype” stage.

“Everybody needs to know what they’re buying, what they’re buying into — what they’re going to trust,” Guido says. “And there’s a lot here you shouldn’t trust. At least not today.”

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *