Whether prices are up or down, for many cryptocurrency investors the real appeal is that there is no one in charge.
As the crowd chanted at the recent Bitcoin 2022 conference in Miami, it’s all about “freedom!” By design, the system is supposed to be immune to interference from banks, corporations, and governments.
But a new report reveals that the decentralized system might not perform as well as many crypto enthusiasts assume.
The report was commissioned by the Defense Advanced Research Projects Agency, or DARPA, and the work was done by software security research firm Trail of Bits.
Trail of Bits CEO Dan Guido said blockchain — the public ledgers that keep track of cryptocurrencies, which are replicated in computers around the world — is not the egalitarian technology its proponents claim.
“It’s been taken for granted that the blockchain is immutable and decentralized, because the community says so,” says Guido.
But in practice, he says, these networks have evolved to concentrate power in the hands of certain people or companies, including large pools of “miners” whose computers earn virtual currency by maintaining blockchains.
Guido’s team calls these potential situations “involuntary centralities” – situations in which someone exerts influence over the decentralized system, creating opportunities for falsifying the record of who owns what.
Another example in the report of this kind of concentration is the fact that 60% of Bitcoin traffic is handled by just three internet service providers.
“Let’s say someone with great top-down control of the internet in their country starts interfering with that network,” Guido explains. By slowing down or stopping legitimate blockchain traffic, an attacker could become the “majority” voice in the consensus on what is written in a blockchain at that time.
“They can rewrite history. They can censor transactions. They can make it so you can’t spend your Bitcoin,” Guido explains. “It’s definitely something people would want to do if they want to ‘heartbreak’ the network.”
The notion of this type of attack isn’t new, but what the Trail of Bits report does is compile research on different types of “unintended centralities” to better understand the technology’s overall vulnerability.
Some of the findings are “disturbing,” says Josh Baron, project manager for the DARPA unit that commissioned the report.
“For example, the idea that 21% of Bitcoin nodes are running an older version of the Bitcoin core client known to be vulnerable,” Baron says, referring to the core software running this blockchain. This means that all of these computers are open to the same type of hack – an important first step for an attacker trying to dominate a blockchain network, sometimes called a “51% attack”.
“You’re already worried about 51%, and now I’m telling you 21% is just there to be taken, so to speak. That’s not great,” Baron says.
So far, the risks outlined in the report do not appear to be a major concern for the cryptocurrency industry. NPR approached some of the biggest companies, such as Coinbase, for a response, but they refused.
Yan Pritzker, co-founder of a small bitcoin services company called Swan, told NPR he considered the risks to be “theoretical.”
“If this kind of attack is possible, why didn’t it happen? Pritzer asks. “I think the proof is a bit in the pudding. In real world conditions, those things don’t happen.”
Pritzker agrees with the report on this point: there is more centralization in some of the newer forms of cryptocurrency, especially those that rely on a system called “proof-of-stake,” which uses less computing power. . He is more confident in Bitcoin’s resilience, as its power-hungry “proof-of-work” blockchain would require significantly more computing power to corrupt.
Pritzker also points out that this research was commissioned by a government agency.
“They basically do endgame research,” he says of reports like this. “Their game is, ‘how can we get better control over money’ and ‘how can we build better systems for our control over money’.”
Christian Catalini, founder of the MIT Cryptoeconomics Lab, considers the report helpful, but not overly worrisome.
“Some of the concerns that I think are valid, but maybe the danger to the wider ecosystem is a little overstated,” he says, noting that it’s important to keep in mind that the systems of cryptocurrency are not completely self-sufficient. Free associations of humans – volunteers and “grassroots developers” – work constantly to maintain and improve them.
“You can imagine some of the problems [in the report] be exploited, eventually — and I think that will potentially happen for some of them,” Catalini says.[But] the community can always coordinate, react and, I think over time, it will improve to develop the right solutions.”
Since cryptocurrencies are decentralized, with no oversight from governments or central banks, these solutions will require the attention and consensus of participants in these networks.
At Trail of Bits, Dan Guido says he thinks cryptocurrencies and blockchain have promise, but anyone investing in them should consider them still in the “prototype” stage.
“Everyone needs to know in some way what they’re buying, what they’re buying into – what they’re going to trust,” says Guido. “And there are a lot of things here that you shouldn’t trust. At least not today.”
#Cryptocurrency #technology #vulnerable #tampering #DARPA #analysis #finds