How do we define security? Hackers and cheaters are everywhere and the cheating methods in cryptocurrency is no less. Implementing it in practice is audios. The mere fact that a system works like bitcoin just as many cryptocurrencies do, doesn’t mean it’s just as secure. Even when developers use tried-and-true cryptographic tools, it is easy to accidentally put them together in ways that are not secure. Bitcoin has been around the longest, so it’s the most thoroughly battle-tested.

Creative Cheating Methods In Cryptocurrency

People have also found creative ways to cheat. Emin Gün Sirer and his colleagues at Cornell University have shown that there is a way to subvert a blockchain. That is even if you have less than half the mining power of the other miners. The details are somewhat technical, but essentially a “selfish miner” can gain an unfair advantage by fooling other nodes into wasting time on already-solved crypto-puzzles.

Another possibility is an “eclipse attack.” Nodes on the blockchain must remain in constant communication in order to compare data. An attacker who manages to take control of one node’s communications and fool it into accepting false data. False data that appears to come from the rest of the network can trick it into wasting resources. While even confirming fake transactions in the process.

Finally, no matter how tamperproof a blockchain protocol is, it “does not exist in a vacuum”. The cryptocurrency hacks driving recent headlines are usually failures at places where blockchain systems connect with the real world. For example, in software clients and third-party applications.

Hackers can, for instance, break into “hot wallets,” internet-connected applications for storing the private cryptographic keys that anyone who owns cryptocurrency requires in order to spend it. Wallets owned by online cryptocurrency exchanges have become prime targets. Many exchanges claim they keep most of their users’ money in “cold” hardware wallets—storage devices disconnected from the internet. But as the January heist of more than $500 million worth of cryptocurrency from the Japan-based exchange Coincheck showed, that’s not always the case.

Blockchains And Smart Contracts

Perhaps the most complicated touchpoints between blockchains and the real world are “smart contracts”. They are stored in blockchains and can automate transactions. In 2016, hackers exploited an unforeseen quirk in a smart contract written on Ethereum’s blockchain to steal 3.6 million ether. Which was worth around $80 million at the time, from the Decentralized Autonomous Organization (DAO), a new kind of blockchain-based investment fund.

Since the DAO code lived on the blockchain, the Ethereum community had to push a controversial software upgrade called a “hard fork” to get the money back. Essentially creating a new version of history in which the money was never stolen. Researchers are still developing methods for ensuring that smart contracts won’t malfunction.

The centralization question One supposed security guarantee of a blockchain system is “decentralization.” If copies of the blockchain are kept on a large and widely distributed network of nodes, there’s no one weak point to attack, and it’s hard for anyone to build up enough computing power to subvert the network. But recent work by Sirer and colleagues shows that neither Bitcoin nor Ethereum is as decentralized as you might think. They found that the top four bitcoin-mining operations had more than 53 percent of the system’s average mining capacity per week. By the same measure, three Ethereum miners accounted for 61 percent.

Can We Implement Better Security?

Some say alternative consensus protocols, perhaps ones that don’t rely on mining, could be more secure. But this hypothesis hasn’t been tested at a large scale, and new protocols would likely have their own security problems.

Others see potential in blockchains that require permission to join, unlike in Bitcoin’s case, where anyone who downloads the software can join the network. Such systems are anathema to the anti-hierarchical ethos of cryptocurrencies, but the approach appeals to financial and other institutions looking to exploit the advantages of a shared cryptographic database.

Permission systems, however, raise their own questions. Who has the authority to grant permission? How will the system ensure that the validators are who they say they are? A permission system may make its owners feel more secure, but it really just gives them more control, which means they can make changes whether or not other network participants agree—something true believers would see as violating the very idea of blockchain.

So in the end, “secure” ends up being very hard to define in the context of blockchains. Secure from whom? Secure for what? “It depends on your perspective.” Some creative should be made to check against the cheating methods in cryptocurrency.