How Blockchain Can Be Hacked: The 51% Rule and More

The infamous criminal Willie Sutton was once asked why he robbed banks, and his response was “because that’s where the money is.” Blockchain technology and the related cryptocurrency revolution of recent years have garnered widespread attention. This attention has attracted people looking to steal money. Thieves steal money in blockchain by exploiting every detail of the design, implementation and execution of these networks.

Blockchains are distributed records (chains) of transactions (blocks). Members of the network are incentived to validate, record and announce the records. If these transactions are focused on currencies, then they are called cryptocurrencies. Examples of these currencies include Bitcoin, Litecoin and Ethereum. Each transaction validation yields the person validating a bit of the currency.

51% Attacks

On the surface, blockchain seems to be a solid and transparent system immune to fraud or deception. In reality, MIT reports that hackers have stolen nearly $2 billion worth of cryptocurrency since 2017. The methods for the thievery varies, but a technique that points to a theoretically weakness in blockchain is know as a “51% Attack.”

51% Rule for Blockchain

The 51% Rule refers to a situation where an entity controls more than 51% of the computing (hashing) power within a blockchain network. The entity then creates fraudulent, yet personally validated transactions records. These records might not include previous payments leading to a double payment. Other modifications to records that are beneficial result for the perpetrator can also occur.

The protocol of a blockchain system validates the record with the longest transactional history. If the attacker has more than 50% of the processing power, they will have the longest transactional history. This means that their incorrect blocks will be the valid ones. Smaller networks are especially vulnerable to a 51% Attack.  If trust is lost in a network, then the currency might crash.

Smart Contracts

A multi-university report says Smart Contracts can be vulnerable. Smart Contracts are used to assure transparent and secure interactions in the blockchain. They run a program that executes items related to contract agreements. For example, there might be an if then statement that releases to another person money if a form is signed. The exchange is controlled by a set automated process. The contracts are integrated into the blockchain to ensure transparency.

However, even Smart Contracts are vulnerable. Bugs can exist in the code, either intentionally or inadvertently.  The errors cause incorrect actions to occur in the contract. These errors have led to over $70 million in loses in recent years. There is no accurate tools available for testing and detecting these vulnerabilities.

No system is perfect. Knowing the fallible nature of technology frameworks can give users the insight to look out for errors and be vigilant. 

*** This is a Security Bloggers Network syndicated blog from Cipher Cyber Security Blog authored by Bill Bowman. Read the original post at: