Immutability in Doubt: Do We Need to Protect Blockchain Data?

Published at: July 5, 2018

On June 12, the state of Michigan introduced a bill imposing criminal penalties for manipulating data on blockchains in order to commit fraud. This is the first attempt in the world to legally protect data stored on distributed ledger technology (DLT) — for entering false information into the blocks or changing the blocks themselves, up to 14 years of imprisonment can be faced.

The deliberate introduction of false data does not raise questions — here the signs of unlawful actions become visible to all the members of the network and do not call for any comment. But with the change in the blocks, things are more complicated because specific examples of such manipulation are not stipulated by the law, and the action itself has, until recently, been considered impossible.

As it turned out, this is feasible, as evidenced by regular and successful attacks on large blockchains, including those recently made on Bitcoin Gold and Verge. Therefore, the new law in Michigan seems to be aimed, rather, at protecting the network from so-called "51 percent attacks", which have become a serious problem for the entire crypto community in 2018.

Blockchain data immutability

The word “immutable” is heard frequently when people speak about blockchain. The consistency of the blockсhain structure implies the inability to make adjustments to the data after they are recorded in a distributed database. This is achieved due to the main property of blockchain — decentralization, when the individual parts of the network responsible for the authenticity of transactions are autonomous and not connected to a common server.

In this database, a list of ordered records — called blocks — is continuously stored and refilled. Blocks are repeatedly copied, and their verification is provided by the number of devices on which the information is stored — the nodes. At the moment, the reliability of each block in the Bitcoin blockchain is confirmed by over 9,000 nodes, with the number of blocks in the network now surpassing 500,000.

Image source: Bitnodes

To protect data in blockchain, the author of the record creates an access key. If changes are made to the block, the previous key becomes invalid, and it becomes visible to all network participants who, by a simple majority of votes, may prevent any further unauthorized actions. Thus, it makes it impossible to proceed with changes to the information stored in the blocks, and this is one of essential qualities of blockchain as a technology.

The data in the blocks can be very diverse. The creation of the cryptocurrency is just one example. Data integrity is a unique property of technology that can be used to protect any transactions, registries and documents, as well as ensure a fair interaction between network members.

Now, as the notion of the immutability of blockchain data has been formalized more or less clearly, the question still remains: If it's impossible to make a change in the blocks, why do we need the Michigan state law?

“51 person attack” —  blockchain’s main foe

Returning to the idea of "a majority rule," if an attacker or a group of intruders are able to get 51 percent of a network’s mining hash rate in their hands, they can pretty much do as they please with the world of data within — from altering blocks to manipulating transactions. After all, the majority of votes are on their side.

Theoretically, such a threat could exist. From a practical point of view, its probability tends toward zero, since the cost of computing power necessary to compromise blockchains is enormous — from $336 to $490,000 per one-hour attack, analytical service 51Crypto states. Taking into consideration that a large amount of money is necessary to possess the network hash rate, it is more rational to deploy a new system and give rewards to other miners for maintaining it, rather than to use resources for hacking the existing blockchain.  

Image source: 51Crypto

If we are talking about cryptocurrencies, the "51 percent attack" — which becomes immediately visible to all participants of the system — would lead to a sharp drop in the exchange rate of the currency. By making changes to the blocks, an attacker, who has spent large amounts of money to acquire the necessary computing power, will get what he wants — digital money. But his real profit will be minimal, since the rate will fall, and the attack itself will be quickly suppressed. This is the way the system protects itself.

Experts of the cryptocurrency industry often come up with various metaphors to illustrate the self-defense of blockchain technology. For example, the CEO and chairman of DLT Labs, Loudon Owen, characterizes the likelihood of breaking a blockchain in the following way:

“Pigs can’t fly. This is an absolute truth that we all know and agree on. But, given a phenomenally strong wind, pigs can fly. Nothing digital — including blockchain — is entirely immutable. But blockchain is a massive, distributed digital ledger which is as good as it gets for electronic storage.”

The financial researcher of the website Consumersafety.org, Cal Cook, reassured that:

“The chance of this happening, however, is very unlikely, because there would be no economic incentive to do so. A malicious user who overpowers a public blockchain network would, in doing so, devalue the currency. So even if they ‘stole’ some coins, they would very likely end up with less money in terms of fiat dollars than they had before.”

But as practice shows, experts who are guided by logic and expediency sometimes make mistakes.

Blockchain is attacked around the world

The more cryptocurrencies created on third-party blockchains and the more hard forks of the original networks appear, the easier it is for hackers to concentrate 51 percent of the network’s total hash rate in their hands.

Leading Bitcoin developers, such as Peter Todd and Ethan MacBrough, repeatedly warned that cloning large blockchains can lead to "51 percent attacks."

With some miners threatening 51% attacks against Bitcoin, researching a PoW change is a good backup plan: https://t.co/SEZ1qlxhAH

— Peter Todd (@peterktodd) March 19, 2017

If the chain faces a 51% attack, no number of confirmations is safe. My bet is most exchanges will refuse to list currencies with low hashrate.

— Ethan MacBrough (@emacbrough) May 29, 2018

But the cryptocurrency community seemed to be too fascinated by the prospects of the blockchain technology to hear those warnings.

As a result, only in May-June of this year, six blockchain-based projects became the victims of a "51 percent attack." Attacks were made on Bitcoin Gold (changes in blocks led to $18.6 million loss), Verge (attacks have been made twice and affected $1.76 million and $800,000, respectively), Monacoin ($90,000 stolen), and Electroneum — which claims that no money has been stolen.

So far, the last victim is considered to be ZenCash, which suffered an attack worth  $20,000 in hash rate, even with 11,823 full nodes — such a number of nodes exceeded that of the Bitcoin network and had been previously considered “resilient”. On June 3, the hackers managed to alter 38 transactions — totalling $550,000. At the same time, according to 51 Crypto, the organization of a one-hour attack on ZenCash network might cost only $5,417. The hackers did not have to obtain any giant amount of computing power, they just rented miners for four hours.

Image source: 51Crypto

Five days before the attack on ZenCash, Husam Abboud — a cryptocurrency analyst at the University of FECAP in Brazil — published the analytics on the cost of "51 percent attacks" on Ethereum and Ethereum Classic and mathematically calculated the vulnerability of the hard forks of all major blockchains. Besides that, he determined the pools and miners who may pose a threat to Ethereum-based networks.

Image source: Medium @HusamABBOUD

As it turned out, the price of the attack is minimal in comparison with the damage that it is capable of doing. And this is not about the profit of the attacker, but about the damage to the ecosystem.

Apparently, so far it is only about attacks on cryptocurrencies, where there is still a lot of chances for instant, illegal enrichment. When attacking blockchains, which belong to a state — or other services not connected with the cryptocurrency — the attacker will not get any profit at all, and his actions will be pure hooliganism, vandalism, fraud or blackmail. Or it could be the next generation of terrorism — one which doesn't require weapons.

All this makes Michigan’s initiative — introduced by the state legislature on June 12 in order to protect any records on blockchain against altering, forging, or counterfeiting — look very timely.

Blockchain is no exception

The potential of blockchain as a technology cannot be underestimated. The principle of unchangeable data allows the exclusion of intermediaries from any sphere of human activity: from medicine and education to trade, production and logistics. And this opens great prospects for the development of a new economy.

The principles of decentralization and transparency allow access to any services, knowledge and financial resources to any person from anywhere in the world. And this is fine, because it gives all people equal opportunities.

However, any system invented by a person can be hacked by another person, so it needs to develop general principles of protection and rules of conduct. And blockchain, here, is no exception.

More likely, the law of Michigan is only the first precedent of legal protection of blockchain, which — as many thought until recently — generally does not need protection at all.

Tags
Related Posts
CZ Insists That DDoS Attacks Were Foul Play From Binance Competitors
As Zhao told Cointelegraph on May 4, the April 29 attack was “well-coordinated” and focused on making Binance services unavailable in some countries of Asia. Competitors behind the attacks? Zhao emphasized that there are “a number of tell-tale” signs that such attacks came from competing exchanges. In the statement, Binance’s CEO stated that DDoS attacks were more expensive for hackers than for the exchange itself. CZ provided more details regarding specific DDoS targets: “The attacks focused on all of our public endpoints in those targeted regions simultaneously. We use a wide range of caching, clustering, and distribution services to optimize …
Blockchain / May 4, 2020
Tron Discloses Critical Vulnerability Which Could Have Crashed Its Blockchain
The Tron Foundation disclosed a fixed critical vulnerability which could have crashed its blockchain on vulnerability disclosure platform HackerOne on May 2. The disclosure explains that with enough malicious requests, an attacker could have filled up all the available memory and effectively perform a Distributed Denial of Service attack on the TRX network by employing malicious code in a smart contract. The disclosure further explains the impact of such an attack: “Using a single machine an attacker could send DDOS attack to all or 51% of the SR node and render Tron network unusable or make it unavailable.” The cybersecurity …
Blockchain / May 6, 2019
'Less sophisticated' malware is stealing millions: Chainalysis
Cryptojacking accounted for 73% of the total value received by malware related addresses between 2017 and 2021, according to a new malware report from blockchain analysis firm Chainalysis. Malware is used to conduct nefarious activity on a victim’s device such as a smartphone or PC after being downloaded without the victim’s knowledge. Malware-powered crime can be anything from information-stealing to denial-of-service (DDoS) attacks or ad fraud on a grand scale. The report excluded ransomware, which involves an initial use of hacks and malware to leverage ransom payments from vicitms in order to halt the attacks. Chainalysis stated: “While most tend …
Blockchain / Jan. 20, 2022
Report: Blockchain-related hacks have declined in 2020
The amount of cryptocurrency and blockchain-related hacks has been decreasing over the course of 2020, a new report claims. According to data analyzed by VPN provider Atlas VPN, the number of hacks in the first half of 2020 dropped more than three times compared to the same period in 2019. The data is part of a report released by Atlas VPN on Oct. 28. According to Atlas VPN, 2019 was a record-breaking year for blockchain hackers that exploited 94 successful attacks in the first half of the year, while in H1 2020 there were 31. Per the report, 2019 as …
Technology / Nov. 2, 2020
BNB Chain confirms BSC halt due to 'potential exploit'
BNB Chain (BNB) the blockchain of cryptocurrency exchange Binance, was paused on Oct. 6 due to what it states is “irregular activity” on the network with the team having determined a potential exploit. The official Twitter account of the BNB Chain announced the temporary pause, soon after adding it had found a possible exploit. Binance provide an update that the blockchain was “under maintenance” suspending all deposits and withdrawals. To confirm, we have suspended BSC after having determined a potential exploit. All systems are now contained, and we are immediately investigating the potential vulnerability. We know the Community will assist …
Blockchain / Oct. 6, 2022