en
Back to the list

Are Blockchains Unhackable? Some Key Concerns

05 August 2022 07:17, UTC
Anirban Roy

In the last two years, blockchain hacking has become commonplace. Solana, one of the largest crypto ecosystems, has experienced a few traumatic events in the past and encountered one more at press time. The latest hack resulted in several million worths of crypto stolen from several hot wallets, including Phantom, Slope, and Trust Wallet.

The ongoing attack has compromised over 8000 wallets and duped SOL and SPL, among other crypto tokens. Experts found the bug in the software used in several wallets. The attacker gained access to sign transactions on the user's behalf, probably through compromising a third-party service through a supply chain attack.

A few months before, Axie Infinity, the pioneer crypto of the play-to-earn revenue model, was compromised, resulting in a massive loss of roughly $615 million.

However, this is not the end of the list of the big blockchain projects hacked. In August 2021, perpetrators breached a blockchain network called Poly network and looted $600 million. In early 2021, a bridge between Solana and Ethereum was compromised and stole around $320 million.

Cross Chain Bridge — The Raising Concern

In the last two cases, the original holders were later compensated with an equal worth of funds. But that doesn't hide the rising security concern around blockchain, which impacts several other buzzing industries such as crypto, metaverse, DeFi, and web3. For example, security website cryptosec.info claims 103 exploits of DeFi projects were compromised, resulting in a loss of over $3.6 billion. Out of the total number of exploits, 26 were spotted in 2022, including the latest ones such as Nomad Bridge, Audius, Horizon Bridge, and Inverse Finance, among others. Interestingly in most of these events, cross-chain bridges, which allow users to send and receive tokens between two blockchains, were found most vulnerable among other blockchain-based exploits.

For instance, in the cross-chain token bridge nomad exploit, experts claimed that smart contracts exist in the Nomad bridge that let users withdraw money that doesn't belong to them. In addition, the blockchain-powered Axie Infinity was compromised due to another cross-chain bridge dubbed Ronin Network. Experts claimed that instead of abusing any bug, the attackers probably exploited a weakness in the network by validating many transactions at once.

Interestingly cross-chain bridges are one of the most alluring technology in blockchain projects as it helps several new crypto projects escalate. However, a minor bridge flaw could result in such projects' total collapse.

Smart Contracts – the buggy heaven

Smart contracts are one of the most spoken terms in the world of crypto – they are used to achieve specific actions on a blockchain. Developers often use the Solidity programming language to create smart contracts alongside apps for Ethereum. Unfortunately, the Solidity language is complex to learn and practice. Leaving a single glitch on a smart contract code simply means a security vulnerability that would get discovered and exploited sooner or later.

Hackers also use specific coding techniques such as using the self-destruct function on a poorly written smart contract such as misusing this.balance resulting in removing all the byte codes from the contract address and forwarding the Ethereum to a specified address.

Ethereum, the second largest popular cryptocurrency platform, has reportedly over 32000 smart contracts vulnerable to poor coding and could get hacked anyway, resulting in another multi-million dollar funds loot.

If money gets stolen from a blockchain, there are no possible ways to fix the bug. Instead, the authority must create a new blockchain and switch users. Happily, many crypto and DeFi project developers nowadays initiate bug-bounty programs to invite white hackers to figure out the existing bugs on smart chains, bridges, and smart contracts. In exchange for finding bugs, these projects offer thousands of dollars and thus secure the network.

Imposing Artificial Intelligence (AI) is a widespread practice to oversee all the suspicious activities and issues on a blockchain. Auditing tools also help the developer fix all the stray bugs of a smart contract before rolling it out.

Imposing regulatory compliance by design could also force such projects to become more careful on security and thus avoid hacking incidents.

Validators – the theory of the 51% rule

In theory, blockchain is the most secure technology on earth. However, it also has several flaws proving the technology is not yet unhackable. In theory, a blockchain holds several blocks on a single chain, rewarding the members for validating, keeping, and announcing the records.

And here comes the concern. What if a bad actor holds over 50% of the total hashing computing power of a network? Other miners will validate their blocks for their hold over the network. The more than 50% hold over the hashing power would also allow them to create a fork or another version of the blockchain, create different transactions on it, and display it as the original chain.

The 51% rule-based attacks can't impact the more significant and complex blockchains. However, the smaller chains are still vulnerable to it.