Blockchain security: How safe blockchain really is
July 26, 2021
Digital data storage can be a tedious business, especially when it comes to recording — and safeguarding — digital transactions or maybe sensitive medical information.
A database with an essentially impenetrable cybersecurity structure would be pretty handy, right? That’s the thought behind blockchain technology. You might compare the database to a house of playing cards in that if you tamper with one card, the whole structure will tumble.
That just grazes the surface of blockchain security, though. Another facet of it is knowing the potential cyber threats associated with blockchain technology and how to manage those threats. Here, we’re overviewing just that, plus how blockchains are built to safeguard your data and best practices for you to level up your blockchain security.
What is blockchain?
A blockchain, also known as distributed ledger technology, is an online database that’s popularly used for cryptocurrency transactions like Bitcoin. Hence the name, the database stores digital information in blocks and in chronological order. Once a block is full, it’s linked and locked to the rest of the full blocks in the database, creating a chain. Then, an empty block is added to the end of the chain to record new information.
To put it into simpler terms, you might think of blockchain technology like a paper ledger book, which is used to record transactions. Once one page is full, you have to flip to the next blank page to continue recording information, and so on. In the case of a blockchain, once a block is filled and locked into the chain, that block can no longer be changed. It’s a permanent recording — at least, that’s the thought.
Of course, blockchain technologies can differ, especially when it comes to who can access the data in each block. This means blockchain security approaches differ, too.
Is blockchain safe?
Blockchains are widely regarded as secure, because they’re inherently tough to tamper with. For perspective, just consider how a house built of Legos can only be disassembled piece by piece and beginning from the outermost edges. To alter a piece in the middle of the house, you have to change all of the Lego pieces before it.
It goes back to the notion that there’s strength in numbers. For blockchains, the farther down the chain a piece of information is, the harder it is to tamper with.
Not to mention, all blockchain user activity is transparent and traceable. If a user attempts to move or tamper with information in a block, it can be traced back to the user through a unique identifier. This is also known as a key or digital signature associated with the blockchain.
What’s more, user credentials are revoked if a piece of information is altered. That’s because blockchains are built on the premise that information is recorded but never altered.
Finally, blockchain technology is also decentralized, meaning there’s not one single entry point to blockchains, making it difficult for cybercriminals to access blockchain data.
Of course, blockchain technology isn’t entirely immune to cyber threats. And the degree to which blockchain security can be compromised differs depending on the type of blockchain technology you’re dealing with.
Blockchain types + how secure they are
Blockchains tend to be categorized into two types: Public or private. Private blockchains are generally considered more secure than public blockchains. And much of that is attributed to the ways users are permitted to verify information that’s recorded in a blockchain.
Public (and permissionless) blockchains
As the name indicates, public blockchains are public. They can be joined by anyone with an internet connection, meaning they’re permissionless, and all users are also anonymous. Each user is given a public key — think of it like an ID badge — associated with their name that can be traced back to their activity. Remember, blockchain activity is transparent to all users.
Blockchains also take a village to operate, as users must verify or validate any information that’s added to a block. In the instance of public blockchains, that’s through solving cryptographic problems. For instance, you’ve perhaps heard the term “mining” when it comes to Bitcoin, which is among the most popular examples of blockchain technology. Bitcoin users essentially have to put in the work, or “mine,” to verify that their transaction is legitimate before it can be logged in a block. And this can require a lot of data, power, and time.
Private (and permissioned) blockchains
Private blockchains, on the other hand, require less work to verify and record a piece of information in a block. That’s because only permitted users are allowed to access a private blockchain, meaning they’re permissioned blockchains.
Given users are pre-vetted, any permissioned users can verify and view information recorded in a private blockchain. Think of it as a members-only club. Most often used by businesses or organizations, private blockchains are considered more secure than public blockchains since they involve more access control. Yet, they too can be susceptible to cyber threats, especially from internal actors.
Blockchain security issues + real-world examples
Blockchain technology might be touted as being tamper-less. In reality, it’s susceptible to cyberthreats. Consider the following blockchain security issues that can arise, including a few real-world examples of when blockchains were compromised.
One of the oldest hacking attempts in the book, phishing is when a scammer tries to lure sensitive information or data from you by disguising themselves as a trustworthy source. They use platforms like text messages, emails, and even phone calls to do it.
In the case of phishing and blockchain security, these phishing messages might entice blockchain users to provide their unique ID associated with a blockchain account or encourage them to click a link that gains access to a blockchain network.
Code exploitation is when a blockchain user — or cybercriminal acting as a blockchain user — identifies a weak spot in a blockchain’s software and exploits that weakness with malicious intent.
- Example: In 2016, a hacker swiped more than $50 million from venture capital fund Decentralized Autonomous Organization by way of code exploitation.
- Routing attacks can come in a few forms, with the most common being denial of service attacks and man-in-the-middle attacks. In both instances, cybercriminals stealthily intercept data as it’s transferred across a network, usually a weak Wi-Fi network.
In the instance of blockchain of technology, cybercriminals essentially lurk on a weak network a permissioned blockchain user is on. The permissioned user has no idea the information they’re adding to a blockchain or verifying in a blockchain is being monitored and, therefore, potentially compromised.
Remember how every blockchain user is granted a unique identifier — kind of like an ID badge — to enter a blockchain network? Those are also known as private keys and, yes, they can be stolen. When in the wrong hands, a cybercriminal can attempt to alter information in a blockchain under a permissioned users’ key.
- Example: Also in 2016, $73 million worth of Bitcoin was stolen from the cryptocurrency exchange Bitfinex. Authorities pointed to stolen keys as the source of the theft.
The “Sybil” in Sybil attack stems from a fictional book character with multiple identities disorder. To that tune, Sybil attacks are when cybercriminals overwhelm a network with login attempts or false credentials and cause them to crash.
This, in turn, can give cybercriminals free rein over a compromised blockchain network.
Blockchain technology might seem advanced, but it’s no less vulnerable to good ’ole computer hacks — even in the form of a malicious individual sitting right in your computer chair and accessing a blockchain network you’ve been granted permission to.
- Example: In 2019, $13 million was stolen from South Korea-based cryptocurrency exchange Bithumb, with an internal actor being the primary suspect of the theft.
This blockchain security threat is mostly applicable to Bitcoin, which is built on “mining” or solving cryptographic problems to validate transactions added to a block. Bitcoin users can essentially commandeer a Bitcoin network if they’re able to control more than 50 percent of the computing power of a blockchain.
In other words, this would require a group of Bitcoin users to all be mining at the same time and with the intent of excluding new transactions being added to the blockchain. It’s a very unlikely scenario.
Blockchain security best practices + examples in action
Given blockchain security issues indeed exist, individuals and businesses alike are best to build up their blockchain security infrastructure from the inside out to protect their blockchain activity.
And that’s all about understanding the aforementioned cyber threats associated with blockchain technology — and how to manage those. Adhering to cybersecurity best practices can go a long way in protecting our data stored in blockchain networks, too.
To that end, consider putting the following measures in place to level up your individual blockchain security:
- Use a VPN to encrypt your internet activity and avoid routing attacks.
- Never share your keys with anyone to avoid being hacked.
- Don’t leave your devices unattended to prevent malicious actors from accessing them.
- Know how to spot phishing attempts by being wary of suspicious or unwarranted messages.
- Don’t alter data in blockchains so your user permissions aren’t revoked.
And find a little peace of mind with these examples of how organizations and enterprises safeguard your data using blockchain technology.
Cryptocurrency and blockchain security
Cryptocurrency trading companies are perhaps the most often associated with blockchain technology, primarily Bitcoin but also Ethereum, MobileCoin, Javvy, and Coinbase.
Given cryptocurrency isn’t something we can’t keep close — as close as, say, a wallet in our pocket — blockchain technology secures transaction data thanks to its rules that no transactions can be altered after being inputted. In addition, the fact that recorded transactions are traceable means there’s transparency in the event of a cyber attack.
Healthcare and blockchain security
Healthcare institutions store a bevy of confidential data regarding patients, from banking and insurance details to medical records and family history. And cybercriminals know this all too well, as they love targeting this industry with phishing attempts.
The decentralized nature of blockchain technology makes it more difficult for hackers to enter a database — there are too many entry points to choose from. Moreover, limiting user permissions on private blockchain networks means there are potentially fewer internal actors who might compromise this data.
IoT and blockchain security
From smart watches to smart home systems and smart toys in between, many devices fall under the Internet of Things (IoT) umbrella, most of which collect user data to provide a more personalized experience.
Similar to how the decentralization of blockchain technology benefits healthcare systems, the same is the case for IoT device manufacturers and how some leverage blockchain solutions to safeguard user data.
The ways we store our data are constantly evolving. Knowing how to keep yours secure isn’t only a best practice but imperative. All this to say, embrace the wonderful ways technology can streamline and safeguard the important parts of our lives — but also be proactive about ensuring it stays that way.
The freedom to connect more securely to Wi-Fi anywhere
With Norton™ Secure VPN, check email, interact on social media and pay bills using public Wi-Fi without worrying about cybercriminals stealing your private information
Try Norton Secure VPN for peace of mind when you connect online
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.