Perkins Coie LLP: As More Blockchain Hacking Scandals Emerge, The Fight For Immutability Continues
As More Blockchain Hacking Scandals Emerge The Fight For Immutability Continues
As many of our readers probably remember, the Ethereum Classic blockchain recently fell victim to a 51% attack that effectively restructured the project’s native framework— thereby allowing miscreants to “double-spend” a total of 219,500 ETC tokens (which works out to nearly $1.1 million).
As a result of this, many firms are now looking to explore the concept of immutability since it has recently come to light that experienced hackers/ tech-experts can quite easily alter a blockchain’s native ecosystem using a set of defined principles.
Also, people are only now beginning to understand that protecting the permanence of data on the blockchain is not a given, rather it is a continuously evolving challenge that needs to be taken up by those who make use of blockchain networks to facilitate their daily business operations.
So What Exactly Is Immutability?
The term immutability is quite relative— especially when applied to the concept of a blockchain ecosystem. However, in practice, it can be thought of as the driving force that helps many altcoin projects (including BTC, ETH) make sure that their native tokens are “never spent more than once, duplicated or falsified” (a concept that is commonly referred to as double spending).
Thus, to accomplish this goal, a variety of hash-functions are often utilized to help connect transaction blocks and implement a competitive (and often resource intensive) mining process that allows for the verification of each consecutive block on the ledger.
When looking at the example of public blockchains such as Bitcoin, Ethereum, we can see that these projects make use of relatively easy hashing algorithms (SHA-256 for Bitcoin and KECCAK-256 for Ethereum) so as to maintain the integrity of their networks. To be even more specific, we can see that the aforementioned cryptocoins make use of a proof-of-work framework that helps provide them with a robust and (usually) immutable system.
Let’s Take A Closer Look At The Different Kinds Of Attacks That A Blockchain Network Can Potentially Face
(i) 51% Attacks: Also known as Sybil hacks, during such an incident, an individual or a group of miscreants are able to gain control of 51% of a network’s resources— thereby severely undermining the integrity of the network. This weakness is shared by a large number of blockchains that have been devised using PoW algorithms.
(ii) Eclipse Attack: As the name seems to suggest, during an eclipse attack, a hacker identifies a very niche’ set of nodes on a blockchain network — which the victim frequently makes use of to monitor and commit his/her alt-coin transactions with.
Once done, the hacker then slowly isolates his victim by “hijacking the connecting nodes and subsequently impersonating them for all future transactions”.
Recent Attacks Worth Bearing In Mind
(i) Bitcoin Gold: During May 2018, the Bitcoin Gold project fell victim to an attack that resulted in a loss of more than USD $18 million in damages. According to a number of experts, when the project’s core dev team made certain changes to its core architecture, the altcoin’s hashrate dropped quite significantly— thus allowing hackers to take advantage of this vulnerability.
(ii) VertCoin: Many of our readers might recall that late last year (December 2018), Vertcoin was subject to a majority attack as a result of which, hackers were able to steal more than USD $100,000 from the project.
(iii) Ethereum Classic: One of the most recent cases of a blockchain hack was when the Ethereum Classic blockchain experienced a majority attack— which resulted in the project losing millions of dollars in damages and losses.
For starters, it is important to understand that from an enforcement standpoint, any person/group that attacks the “integrity of a blockchain system” is potentially liable to face a wide range of criminal and civil violations such as:
- Wire fraud
- Unauthorized access to protected computer networks
Both of the above-mentioned areas are covered by the Computer Fraud and Abuse Act (CFAA). The legislation is designed to help victims move a private civil lawsuit in a federal court— so as to obtain compensatory damages as well as injunctive relief.
In addition to this, even in cases where the identity of the miscreant is not known, the plaintiff has the ability to file for a “John Doe” complaint— which allows them to make use of government services to trace down the identities of the bad actors in question.
Other Key Points Worth Bearing In Mind
- It is of utmost importance that blockchain service providers make use of stringent know-your-customer rules and other anti-money laundering regulations so as to ensure that all of their clients can be accounted for (at all times).
- Many hackers may also be liable to undergo investigations by the Commodities Futures Trading Commission (CFTC) if their crimes fall under the anti-fraud provisions that have been listed out in the Commodity Exchange Act (CEA).
- Lastly, the CTFC also has the power to use its anti-fraud and anti-manipulation authority to monitor public blockchain networks — if they feel the need to do so in certain cases.
In closing out this piece, it is worth remembering that as more and more people become educated on the subject of blockchain immutability, market participants will be able to make better business/legal decisions.
Last but not least, having a clear understanding about this burgeoning technology is very important for the hundreds of new startups that are now making use of blockchain systems to deliver their clients with a variety of different services.