Yes, Blockchain Can Be Hacked Too
What is Blockchain?
Many different organizations, including those in the legal industry, use blockchain for several business functions. Blockchain allows users to record transactions over a distributed network of computers. The server is secure and the transactions are permanent, which makes verification easier. The transactions are also performed directly between users without the need for a third-party facilitator. There will be a blockchain protocol in place to instruct the computers how to verify and add transactions. The blockchain will keep a history of all transactions with no way for users to alter the data.
Cryptocurrency (such as Bitcoin) is the most popular type of blockchain technology. Many organizations utilize cryptocurrencies for important financial transactions. Some legal professionals may even allow clients to pay for services with cryptocurrency. Additionally, business and technology lawyers will undoubtedly encounter cryptocurrency or other blockchain technology in some of their cases. Other ways that legal professionals interact with blockchain include reviewing eDiscovery, tele-attorney services, medical records and health databases, and smart contracts.
Blockchain and Hacking
Since blockchain is supposed to be extremely secure and unalterable, many individuals have dubbed this technology as “unhackable”. However, recent incidents have unfortunately shown that hackers can access blockchains in certain situations. This includes the following scenarios:
- 51% attacks: During the verification process, individuals referred to as “miners” will review the transactions to ensure they are genuine. When one or more hackers gain control over half of the mining process, there can be extremely negative consequences. For example, the miners can create a second version of the blockchain, referred to as a fork, where certain transactions are not reflected. This allows the miners to create an entirely different set of transactions on the fork and designate it as the true version of the blockchain, even though it is fraudulent. This also allows the hackers to double spend cryptocurrency. These 51% attacks are more common on smaller scale blockchains because it is hard for miners to gain significant control over larger and more complex blockchains.
- Creation errors: Sometimes, there may be security glitches or errors during creation of blockchain. This may be more common with larger, more intricate blockchains. When this occurs, hackers looking for a way in can identify the vulnerabilities and attempt an attack. This has transpired with smart contracts, which use a blockchain network to operate. Common functions of smart contracts include assisting with the financial aspect of contract dealings and automating tasks. Legal professionals may encounter smart contracts in their practice, whether using them internally or through exposure from cases and client issues. If a security flaw exists on the blockchain network where a smart contract operates, hackers may be able to steal money from users without being detected because the fraudulent activity is not reflected. Unfortunately, since blockchain transactions cannot be altered, the only way to get back stolen money is to make a fork that all users recognize as the authoritative blockchain.
- Insufficient security: Many blockchain hacks have happened on exchanges, which is where users can trade cryptocurrecy. If the security practices surrounding the exchanges are weak, hackers will have easier access to data.
Recently, blockchain hacks have drastically increased as hackers have discovered that vulnerabilities do in fact exist. Since 2017, public data shows that hackers have stolen around $2 billion in cryptocurrency (https://www.technologyreview.com/s/612974/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/). This recent activity illustrates that blockchain is unfortunately not unhackable and users should still be cautious, especially when trading on exchanges. Looking forward, legal professionals who encounter blockchain should keep apprised on the risks and any new solutions. Before using smart contracts or trading on an exchange, be sure to research whether there have been previous attacks and any relevant security measures. However, at this point it does not appear that blockchain users need to be too apprehensive because the technology is still very secure in design. Creators and administrators will undoubtedly continue to perfect security measures to decrease future hacking risks.