We recommend you to read all the previous parts before going through the blockchain and its security aspects so that you can understand better.
Like most new technologies, our distributed ledger system, blockchain, has security issues which market participants and financial regulators will need to monitor.
We know that if a miner confirms the transaction, the transaction ID is included in a block and stored in the blockchain.
Some of the attacks that can take place in a Blockchain Technology are as follows:
- Issue of transaction malleability
The transaction ID of a valid bitcoin withdrawal is changed in such a way that it results in a different transaction which was not detected as different but was accepted in the network with the original valid ID been rejected or forgotten.
Think of this:
Valid ID – ThisIsAValidId
Changed ID – ThisIsValidId
The difference between the two is the “a” letter. Now whether letter “a” is there or not does not matter, it still makes sense and is acceptable.
Similarly, the changed transaction ID in bitcoin network may get accepted.
Transaction malleability is quiet a famous issue in the world of bitcoins, that allows an attacker to change a legitimate Bitcoin Transaction ID before its acceptance on the Bitcoin network. Such changes make it possible for attackers to pretend that a transaction did not happen.
Hence, it can be used to make a double deposit or a double withdrawal.
- 51% attack (Majority attack)
51% attack also known as majority attack is a network attack wherein a group of miners take control of more than 50% of the network’s computing power or mining hash rate. In this attack, the attackers can prevent the merchants from receiving confirmations on any new transactions, which allows them to stop payments between the users. The attackers then carry out a double spending transaction i.e. while the attackers are still in control of the network they can reverse the completed transactions. However, the work done may go waste as they would not be able to create new coins or modify existing blocks. So, even if this attack can be very damaging it probably cannot destroy any blockchain based currency.
- Transaction Spam Attack
The transaction spam attack also known as EXTCODESIZE opcode, creates blocks that take up 20-60 seconds for the validation of the transaction due to approximately 50,000 disk fetches that is needed in this process. This reduces the rate of block creation by twice or thrice than its normal rate and while this attack takes place there is no halt or failure in the network.
- Selfish Mining
Selfish mining is an integrity attack on the blockchain network, where a miner or a group of miners do not publish and deliver an effective solution to the network. The miner (attacker) then maintains the lead and continues to mine the other blocks, then the miner releases the solved solutions before the network can catch up.
The proof of work is more longer so the rest of the network accepts the solutions and the miner accepts the rewards. Bitcoin Improvement Proposals (BIPS) lower the probability of a selfish mining attack by randomly assigning miners to various branches or alternatively providing a threshold limit to which a mining pool can reach.
Good read –
Mt. GOX Blockchain incident
Mt. GOX was one of the most widely used bitcoin currency exchange market. The idea behind hosting such a currency exchange website was to provide a single place to connect bitcoin buyers and sellers.
Mt. GOX was in news after when around 600 thousand bitcoins stored by them went missing, comprising of 750,000 bitcoins deposited by users of the site, and 100,000 owned by Mt. Gox. It is the largest-ever bitcoin loss by USD value. It collapsed in early 2014 and declared bankruptcy.
Timeline of activities at Mt. Gox:
- In November 2013, it was found that Mt. Gox customers were experiencing a lot of delays in withdrawing funds from their accounts.
- On 7 February 2014, all bitcoin withdrawals were halted by Mt. Gox, as they needed to figure out the exact technical issue.
- On 10 February 2014, Mt Gox had a press conference wherein which it was announced that bitcoins were hacked by the means of “transaction malleability”.
- On 23 February 2014, the CEO of Mt. Gox, Mark Karpelès, resigned from the board of the Bitcoin Foundation.
- On 24 February 2014, Mt. Gox suspended all their trading operations, and hours later its website went offline.
If we go by what was said by Mt. Gox in the press conference transaction malleability issue was responsible for bitcoin loss.
Another story to Mt Gox hack “The Inside Story of Mt. Gox, Bitcoin’s $460 Million Disaster” related to its CEO – https://www.wired.com/2014/03/bitcoin-exchange/
Various users, organizations and governmental institutions are constantly facing security and privacy threats since the past decade. Blockchain technology recommends appropriate solutions as it can offer user data integrity, digital identity and authenticity systems and transparency in business processes.
Latest posts by Admin (see all)
- Blockchain and Bitcoins 101 – Part 6 - December 16, 2016
- Ignorance is not bliss with Malware - March 7, 2016
- Institute of Information Security wins “Special Recognition Award”, Presented by EC – Council - March 2, 2016