A Pentagon-commissioned report has found that blockchain technology lacks true decentralization, is susceptible to attacks, and operates on outdated software. Titled ‘Are Blockchains Decentralized? Unintended Centralities in Distributed Ledgers’, the report reveals that a subset of participants can wield disproportionate and centralized control over the entire blockchain system.
The findings of the report raise significant concerns across various sectors, particularly in security, fintech, big tech, and the burgeoning crypto industries. The Defense Advanced Research Projects Agency (DARPA), the Pentagon’s research arm, commissioned Trail of Bits, a security research organization, to examine blockchain technology. Focusing on Bitcoin and Ethereum, the two leading cryptocurrencies globally, Trail of Bits discovered that disrupting Bitcoin requires just four entities, and disrupting Ethereum only two. Furthermore, a striking 60% of all Bitcoin traffic flows through merely three ISPs. The report also highlighted issues with outdated, unencrypted software, and blockchain protocols.
Challenges in Blockchain Security
The security of a blockchain hinges on the robustness of its off-chain governance, consensus mechanisms, and underlying software protocols, as highlighted in the Trail of Bits report. Researchers from Trail of Bits conducted an investigation by creating multiple accounts on mining pool sites to examine their code, uncovering alarming findings.
According to Trail of Bits, ViaBTC, a prominent global mining pool, uses the password “123” for its accounts. Pooling, another mining organization, fails to validate credentials altogether, while Slushpool, responsible for mining over 1.2 million Bitcoin since 2010, advises users to leave the password field blank. Together, these three pools control about 25% of the Bitcoin hash rate, illustrating their significant influence.
Trail of Bits warns that crypto miners can easily deploy nodes using inexpensive cloud servers, making them susceptible to Sybil attacks. These attacks can potentially execute an eclipse attack, isolating users by blocking access to nodes.
The report also reveals instances where a dense network of public nodes plays a critical role in achieving consensus and communicating with miners. For example, a Sybil attack traced back to a malicious actor, believed to be from Russia, gained control of up to 40% of Tor exit nodes to manipulate Bitcoin traffic.
Furthermore, software vulnerabilities and bugs pose serious security risks in blockchain systems. Ideally, all nodes should operate on the latest software versions to mitigate such risks. However, Trail of Bits notes that Ethereum and 21% of Bitcoin nodes still run older, vulnerable versions of their respective clients.
Blockchain developers, maintainers, and millions of crypto users globally face mounting security threats, including targeted attacks on mainstream technology platforms adopting blockchain for new revenue streams.
COMMENTS