The blockchain: Not as secure as it seems

Blockchain technology has a reputation for being secure. Due to its decentralised nature, the blockchain itself is nearly impossible to hack. But this has created a false impression – among retail crypto investors particularly – that using the blockchain is secure in general.

“[The blockchain] gives a false impression of security for the user, because actually going in and out of the blockchain isn’t secure by nature,” said Pascal Gauthier, CEO at Ledger.

As Pascal pointed out, there is still vulnerability on the front-end, where accessing the blockchain creates an opportunity for hackers.

As recently as February 2022, US$320 million in crypto was lost in a hack on Wormhole (a bridge between consumers and the Ethereum and Solana blockchains). In August 2021, US$600 million in assets were stolen from the Poly Network in the largest crypto hack to date.

[The blockchain] gives a false impression of security for the user, because actually going in and out of the blockchain isn’t secure by nature.

– Pascal Gauthier, CEO at Ledger

Attacks on the blockchain take different forms:

• Phishing: This is done by obtaining users’ credentials using fraudulent emails designed to harvest login details. Once the fraudster has obtained a user’s logins, they have complete access to a user’s information.
• Routing: As blockchain technology relies on fast transfers of large amounts of data, hackers can intercept and extract it as it transfers via users’ internet providers. What makes this hack particularly harmful is that it’s nearly invisible to users.
• Sybil: In this attack, hackers crash the system by flooding the network with huge numbers of false user identities.
• 51%: Exclusive to public blockchains, miners combine their computing power to gain control of more than 50% of the blockchain. Once this has been achieved, they have control of the ledger and can manipulate it to their advantage.

These attacks point to a flaw in the concept of decentralised currency and data.

Security is your problem

“Before cryptocurrencies, you would trust your bank. You would trust a third party with your money. And security was their problem,” said Pascal.

Now, he says, the onus of security instead falls on the user. Pascal explained: “As soon as you move into crypto, and if you want to hold your crypto, then your security becomes your problem. And so you have to forget everything that you learned about security, and learn again with crypto.”

While this may be feasible for larger entities in the crypto space, it raises questions for retail investors who may not have the capital or know-how to manage all their security themselves.

“If you switch the value of the well [of money] onto a blockchain, and you don’t handle security and cybersecurity well, then hackers will have a feast,” said Pascal.

With all new technology comes new risks. Without an institutional safety net, like that provided by established finance industry practices, the question remains whether small-stake crypto users can stay ahead of the threat.

Main image: Harry Murphy/Web Summit