Beruflich Dokumente
Kultur Dokumente
We use cookies to offer you a better browsing experience, analyze site traffic, personalize content, and serve targeted
advertisements. Read about how we use cookies by clicking "Cookie Information." If you continue to use this site, you ❯ Cookie Information
consent to our use of cookies.
Never miss another blockchain story Sign up for free ×
MS. TECH
Connectivity
An attacker had somehow gained control of more than half of the network’s
computing power and was using it to rewrite the transaction history. That
made it possible to spend the same cryptocurrency more than once—known
as “double spends.” The attacker was spotted pulling this o to the tune of
$1.1 million. Coinbase claims that no currency was actually stolen from any
of its accounts. But a second popular exchange, Gate.io, has admitted it
wasn’t so lucky, losing around $200,000 to the attacker (who, strangely,
returned half of it days later).
Just a year ago, this nightmare scenario was mostly theoretical. But the so-
called 51% attack against Ethereum Classic was just the latest in a series of
recent attacks on blockchains that have heightened the stakes for the
https://www.technologyreview.com/s/612974/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/ 1/7
1/4/2019 Once hailed as unhackable, blockchains are now getting hacked - MIT Technology Review
g
nascent industry.
But the more complex a blockchain system is, the more ways there are to
make mistakes while setting it up. Earlier this month, the company in
charge of Zcash—a cryptocurrency that uses extremely complicated math to
let users transact in private—revealed that it had secretly fixed a “subtle
https://www.technologyreview.com/s/612974/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/ 2/7
1/4/2019 Once hailed as unhackable, blockchains are now getting hacked - MIT Technology Review
cryptographic flaw” accidentally baked into the protocol. An attacker could
The protocol isn’t the only thing that has to be secure. To trade
cryptocurrency on your own, or run a node, you have to run a software
client, which can also contain vulnerabilities. In September, developers of
Bitcoin’s main client, called Bitcoin Core, had to scramble to fix a bug (also
in secret) that could have let attackers mint more bitcoins than the system is
supposed to allow.
https://www.technologyreview.com/s/612974/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/ 3/7
1/4/2019 Once hailed as unhackable, blockchains are now getting hacked - MIT Technology Review
Aside from 51% attacks, there is whole new level of blockchain security
weaknesses whose implications researchers are just beginning to explore:
smart-contract bugs. Coincidentally, Ethereum Classic—specifically, the
story behind its origin—is a good starting point for understanding them,
too.
As the hack illustrated, a bug in a live smart contract can create a unique
sort of emergency. In traditional software, a bug can be fixed with a patch. In
the blockchain world, it’s not so simple. Because transactions on a
blockchain cannot be undone, deploying a smart contract is a bit like
launching a rocket, says Petar Tsankov, a research scientist at ETH Zurich
and cofounder of a smart-contract security startup called ChainSecurity.
“The software cannot make a mistake.”
There are fixes, of a sort. Though they can’t be patched, some contracts can
be “upgraded” by deploying additional smart contracts to interact with
them. Developers can also build centralized kill switches into a network to
stop all activity once a hack is detected. But for users whose money has
already been stolen, it will be too late.
The only way to retrieve the money is, e ectively, to rewrite history—to go
back to the point on the blockchain before the attack happened, create a
fork to a new blockchain, and have everyone on the network agree to use
that one instead. That’s what Ethereum’s developers chose to do. Most, but
not all, of the community switched to the new chain, which we now know as
Ethereum. A smaller group of holdouts stuck with the original chain, which
became Ethereum Classic.
But making sure code is clean will only go so far. A blockchain, after all, is a
complex economic system that depends on the unpredictable behavior of
humans, and people will always be angling for new ways to game it. Daian
and his colleagues have shown how attackers have already figured out how
to profit by gaming popular Ethereum smart contracts, for instance.
In short, while blockchain technology has been long touted for its security,
under certain conditions it can be quite vulnerable. Sometimes shoddy
execution can be blamed, or unintentional software bugs. Other times it’s
more of a gray area—the complicated result of interactions between the
code, the economics of the blockchain, and human greed. That’s been known
in theory since the technology’s beginning. Now that so many blockchains
are out in the world, we are learning what it actually means—often the hard
way.
May 2, 2019
Cambridge, MA
Register now
https://www.technologyreview.com/s/612974/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/ 5/7
1/4/2019 Once hailed as unhackable, blockchains are now getting hacked - MIT Technology Review
01 A new type of airplane wing that adapts midflight could change air travel
https://www.technologyreview.com/s/612974/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/ 6/7
1/4/2019 Once hailed as unhackable, blockchains are now getting hacked - MIT Technology Review
02 The space mission to buy us vital extra hours before a solar storm strikes
The sun’s violent activity can shut down the power grid and knock out satellites. ESA’s Lagrange mission will be our early warning system.
by Erin Winick
03 Europe’s copyright dispute shows just how hard it is to fix the internet’s problems
The EU has just passed the Copyright Directive: now small sites and tech giants alike will have to deal with the fallout and recriminations.
by James Ball
Subscribe
Business Lab ×
See
Ourdetails+
new podcast helping business leaders make sense of new
technologies coming out of the lab and into the marketplace
Listen now
*Prices are for U.S. residents only
See international prices
https://www.technologyreview.com/s/612974/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/ 7/7