Blockchain Paradox: Privacy and Security

News | July 16, 2018 By:

As we’re by now familiar with the genesis tale: blockchain technology was invented in the 1990s as a database tree that when made public embeds trust and delivers radical transparency through an open ledger. Although it has been around for a quarter of a century, combining cryptography and hashing power, it wasn’t until the 2008 Financial Crisis that its notoriety took off, ever so gradually with Satoshi Nakamoto’s revolutionary 9-page whitepaperBitcoin: A Peer-to-Peer Electronic Cash System. The launch of the Bitcoin genesis block was created on January 4, 2009.

 Bitcoin leveraged the trustless power of blockchain technology, in which all bitcoins can be traced back to their origin. As of today, the immutable blockchain record of bitcoin has not been altered. Yet, in the first half of 2018 hackers have stolen more than $1.2 billion from very hackable, unsecure cryptocurrency exchanges. How can that be? If blockchain offers a secure, immutable record of transaction history for cryptocurrencies, built on a breach-resistant database, where does the hacking take place?

“Everyone has heard ‘blockchains are virtually unhackable’, but what most people seem to miss is that the value of the blockchain publication which makes hacks obvious,” stated Michael F. Angelo, a cybersecurity expert with 61 security patents in his distinguish career in information technology spanning four decades. Recently, Angelo joined Myntum Ltd. as Security Architect and lead advisor to the board of directors.

Angelo’s point explains why bitcoin and other cryptocurrencies can be hacked—and are—and why exchanges have been forced to place more than 90 percent of crypto assets off-chain in deep cold storage systems. That is done to minimize the losses and reduce the risk surface when data breaches occur.

The blockchain record is secure. In order to prevent remote theft crypto-keys are often stored in machines that are disconnected from the internet. However, we have seen that even these options aren’t safe as evidenced by findings by Israeli data scientists as detailed in this 2016 Mother Board article.

“‘By measuring the target’s electromagnetic emanations, the attack extracts the secret decryption key within seconds, from a target located in an adjacent room across a wall,’” Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer write in a recently published paper.”

Privacy as a Security Threat

Another security issue revolves around the publication of bitcoin that allows anyone with access to the Internet to go online and trace the origin of a Bitcoin back to its mined creation. Although the identity of owners of cryptocurrencies is private, their transaction history is not. It can be tracked in such a way that a researcher can often identify the owner by mapping the digital breadcrumbs left across the blockchain.

By making the bitcoin database public in such a manner, recording all transactions and mining, “It creates a data lake, which will turn into a surveillance lake,” said Amber Baldet, former JP Morgan Blockchain Lead on the Quorum project and CEO and co-founder of blockchain startup Clovyr, at the True Global Ventures Disruption in Financial Services conference held at Credit Suisse in New York on July 11, 2018. Baldet went on to add that, as a result, she doubted the United States would ever publish its financial transaction history online, open for the world to see and scrutinize. “Probably not,” she concluded.

As Clovyr works on a privacy solution for all that blockchain public data, other companies are aiming to improve upon security gaps and issues left by legacy storage companies. They are doing this in several ways beyond cold storage solutions. One of these methods includes the “sharding” of data assets to be stored and distributed across thousands of nodes on the blockchain. However, sharding brings up other issues, like spotty power for nodes in Puerto Rico or frontier countries, as well as cryptojacking that enables hackers to steal computing power from many of the nodes to mine cryptocurrencies through a breach in a browser.

Neither sharding nor cold storage systems have been able to solve the “custody” issue, which, despite recent claims from Coinbase, continues to keep trillions of dollars of institutional money on the sidelines, preventing the cryptocurrency market from growing robustly, as it should.

Blockchain, as an immutable record of cryptocurrency and other digital assets, is quite secure and hasn’t been hacked. Questions remain on how to protect the cryptography keys and how to safely and securely provide a “hot” storage solution that will solve the custody issue so that the 3rd Digital Revolution can grow and reach its full potential.