- Human error, centralisation points, 51% attacks, and social engineering are some of the factors that contribute to its hackability.
- Lately, there has been a significant surge in blockchain breaches, as it has become evident to hackers that there are indeed exploitable weaknesses present.
Blockchain technology heralded for its promise of decentralised and immutable records, has been lauded for its robust security features. While blockchain itself boasts high security, it is not entirely impervious to hacking. Various elements within the blockchain ecosystem have been successfully targeted by hackers, demonstrating that vulnerabilities do exist.
Why blockchain technology is hackable
Several factors contribute to the hackability of blockchain technology, ranging from human error to inherent system complexities:
Human error and coding mistakes
One of the primary reasons blockchain technology can be hacked is human error. Mistakes made during the development of blockchain applications, such as smart contracts, can introduce vulnerabilities. For instance, if the code has bugs or logical flaws, hackers can exploit these weaknesses to execute unauthorised actions. The infamous DAO hack in 2016, where a flaw in a smart contract allowed attackers to drain $50 million worth of Ether, is a prime example of such vulnerabilities.
Also read: North Korea hacked $3bn in crypto says leaked UN document
Centralisation points
Despite the decentralised nature of blockchain, certain aspects can still become central points of failure. Cryptocurrency exchanges, for example, operate as centralised entities where large volumes of assets are stored. These exchanges have been frequent targets of cyber-attacks. Hackers often employ techniques such as phishing, malware, and social engineering to gain access to these centralised repositories. Once breached, significant financial losses can occur, as seen in the Mt. Gox and Coincheck incidents.
Also read: Can multi-factor authentication be hacked?
51% Attacks
A 51% attack, although difficult to execute, is another critical vulnerability. This type of attack occurs when a single entity or group gains control of more than 50% of the network’s mining hash rate or computing power. With this majority control, the attackers can manipulate the blockchain by reversing transactions and double-spending coins. Smaller blockchain networks with lower hash rates are particularly susceptible to such attacks. Ethereum Classic, for instance, has experienced multiple 51% attacks due to its relatively low mining power.
Social engineering and phishing
Hackers also exploit the human factor through social engineering and phishing attacks. By deceiving individuals into revealing their private keys or login credentials, hackers can gain unauthorised access to their blockchain assets. This method does not exploit the blockchain itself but targets the individuals interacting with the blockchain network.
Blockchain hacking is increasing
In recent years, there has been a notable increase in blockchain hacking incidents. Public data shows that since 2017, hackers have stolen around $2 billion in cryptocurrency. This surge in hacking activity underscores that while blockchain is secure by design, the surrounding ecosystem can be vulnerable.
Cryptocurrencies and blockchain-based applications have become high-value targets for cybercriminals. The significant financial gains associated with successful hacks have motivated hackers to continually search for and exploit vulnerabilities. The decentralised finance (DeFi) sector, in particular, has seen a rise in attacks due to the large sums of money flowing through DeFi protocols and the often experimental nature of these platforms.
The methods used by hackers have become more sophisticated. Attackers are now employing advanced techniques, including zero-day exploits, ransomware, and complex social engineering schemes. The evolving nature of these attacks makes it challenging for security measures to keep pace, resulting in occasional successful breaches.
Blockchain’s expanding role across industries is prompting regulatory bodies to create security standards for projects and exchanges. Yet, the swift evolution of technology often outpaces the development of comprehensive regulatory responses.