Blockchains remain the rage, promising the safety people desired when buying and selling cryptocurrencies on exchange platforms. More significantly, many believe it will become the backbone of financial technology networks for decades to come.
But hackers are proving that if it’s man-made, it can be broken into, according to new research.
Research by the Massachusetts Institute of Technology Review found that hackers have stolen nearly $2 billion worth of cryptocurrency since the beginning of 2017, mostly from exchanges, and that’s just what has been revealed publicly. These are carried out not just by opportunistic lone attackers, but also by sophisticated cybercrime organizations, the report said. It pointed out that analytics firm Chainalysis recently said that just two groups, both of which are apparently still active, might have stolen a combined $1 billion from exchanges.
“We shouldn’t be surprised. Blockchains are particularly attractive to thieves because fraudulent transactions can’t be reversed as they often can be in the traditional financial system. Besides that, we’ve long known that just as blockchains have unique security features, they have unique vulnerabilities,’’ the report noted.
It added, “Marketing slogans and headlines that called the technology 'unhackable' were dead wrong.’’’
The MIT study cited incidents last month where a security team at Coinbase spotted something strange going on in Ethereum Classic (one of the cryptocurrencies people can buy and sell using Coinbases’s popular exchange platform). Security noticed that an attacker had somehow gained control of more than half—why the method is called a "51 percent attack"—of the network’s computing power through blockchain, the history of all the transactions, and was using it to rewrite the transaction history. That made it possible to spend the same cryptocurrency more than once—known as “double spends,” the report explained.
The attacker was seen pulling off a $1.1 million heist, but Coinbase said no currency was actually stolen from any of its accounts. Gate.io, another popular exchange, wasn’t so lucky. It admitted losing around $200,000 to the attacker, who days later returned half of the loot.
“Just a year ago, this nightmare scenario was mostly theoretical. But the so-called 51 percent attack against Ethereum Classic was just the latest in a series of recent attacks on blockchains that have heightened the stakes for the nascent industry,’’ the report said.
The 51 percent attack is an inherent risk in most cryptocurrencies, the report noted, pointing out that the hit against Ethereum Classic was the first against a top 20 currency. But toward the middle of 2018, attackers began springing such attacks on a series of relatively small, lightly traded coins, including Verge, Monacoin and Bitcoin Gold, stealing an estimated $20 million. In the fall, hackers stole around $100,000 using a series of attacks on a currency called Vertcoin.
In the MIT study, David Vorick, cofounder of the blockchain-based file storage platform Sia, predicted that 51 percent attacks will continue to grow in frequency and severity, and that exchanges will take the brunt of the damage caused by double spends. One thing driving this trend, he said, has been the rise of so-called hashrate marketplaces, which attackers can use to rent computing power for attacks. “Exchanges will ultimately need to be much more restrictive when selecting which cryptocurrencies to support,” Vorick wrote after the Ethereum Classic hack.