If you have been in the blockchain space long enough, you must have heard the term “unhackable” – and maybe wondered, “How do you hack a blockchain, anyway?” Here, we try to shed some light.
To answer the question of how to hack a blockchain, let’s begin by looking at what hacking is in the first place. For want of a simpler definition, hacking can be described as an authorized code modification or an unauthorized attack on a digital system in which data or information that should ordinarily be private becomes accessible to unauthorized parties or the public, without the owner’s permission. “The blockchain cannot be hacked” is a favorite phrase of Satoshi adherents. Is this a true representation of facts? Yes and No.
Yes, because it is somewhat illogical to try to hack something already public, although pseudonymized. In addition, blockchains have the cryptographic feature that securely connects blocks together, making it difficult to tamper with.
No, because even though the network is public, any participant able to gain 51% control of the network could successfully hack it (read: make changes to past records). If a stranger came armed with a shotgun and demanded your data, you most likely wouldn’t put up a fight.
For the sake of simplicity, we have narrowed governance rules to those that involve a proof of work (PoW) consensus system. A 51% attack refers to a hacker attempting to gain more than half of the total computing power in a particular blockchain network. The Ethereum Classic attack as reported by Coinbase is a classic example. Once an attacker succeeds in gaining this control, the intruder can then rewrite or reverse the past records of the blockchain.
Other ways to hack a public blockchain
As we have seen above, the unhackable blockchain is a theoretical security situation that is significantly different in practice. In a 51% attack, for instance, about four mining pools control at least 51% of computing power on the Bitcoin blockchain, while for the Ethereum blockchain, three mining pools control about 63% of the total computing power. So much for decentralization.
According to research by Cornell University led by Emin Gün Sirer, a hacker can hack a blockchain by sending the other nodes on a fool’s errand solving already solved computational puzzles. This hacking approach works even where the hacker controls less than 51% of the network. This is probably the method used by the IOTA hacker.
Another way to hack a blockchain is through an eclipse attack. As the name implies, a hacker fools an active node into validating false transactions, blocking it from knowing about legitimate activities. By doing so, the eclipsed node becomes unavailable to participate in true transactions on the network.
How can we prevent hacking?
Humans are the weakest link in the chain. When the blockchain is connected to external service providers like online wallets, the possibility of a hack increases. The major precaution here is educating users on safeguarding their private keys. Remember, once it is public, anyone who has access can control the wallet connected to the private key. In addition, the use of tamper-resistant governance infrastructures like consensus algorithms and even government. Lastly, the decentralization of blockchain nodes should not take place in theory only, but also in practice to a greater extent. This could bring us closer to making the unhackable blockchain truly unhackable.
This article was originally published in Blocks99