One of the many promises of blockchain technology is that it allows users to store and exchange valuable information in a secure and tamperproof way. But how secure is blockchain really?
David Lancashire, founder of Saito, and Sarah Zhang, founder of Points discussed blockchain’s vulnerabilities and long-term security issues during a panel on TechCrunch Shenzhen’s blockchain side stage.
When talking about blockchain security it is very important to identify “security from what and security for what,” said Zhang, who co-founded Points—a scalable blockchain data collaboration protocol for credit scoring and finance.
Security is about how you actually design those systems, Zhang said. Take data as an example, oftentimes data recorded on the blockchain is thought to be secure. Putting transaction data onto the blockchain can be very helpful for it allows users to have a universal track record of the transaction, however, certain types of information, such as raw data, if put on the blockchain will likely result in a security disaster.
Zhang said having security actually means implementing a good architectural design for the use case. Some pieces of technology, if put together in the wrong way, can create huge security vulnerabilities.
Economical vs. technical
Blockchain security vulnerability is not an issue limited to narrow technical issues. According to Lancashire, blockchain has a much more crippling long-term vulnerability. Lancashire is the founder of Saito, a terabyte level blockchain.
A common misconception about blockchain security is that it is vulnerable to threats from “the hacker in the room,” Lancashire said. For him, it’s more about economics. For example, one of the real controversies with the recent Bitcoin Cash fork was that miners started importing hash from the Bitcoin mining pools. When hash power becomes a commodity that people can buy as much as they want, instances like the fee-recycling attack—when an attacker finds a way to earn more money than his peers for doing the same piece of work—will likely be more common.
Separately, there is also the so-called “51% attack” where having a 51% dominance in hash power will allow majority chains to launch attacks against the minority chains. Lancashire added that a lot of people think the hash war is over, but it’s not. “No one’s attacking the cryptographic primitives. People are attacking people’s economic interest, profitability and ability to continue to execute.”
Aside from the inherent economic vulnerability with the current mechanisms, potential threats that might hurt the confidence of the community will likely cause significant damage, Zhang added. The whole point about blockchain is about storing, recording, transferring and distributing values, therefore, security vulnerabilities risk a huge amount of asset losses for the users.