All computer systems are vulnerable to errors by their programmers. This truism is becoming more evident as we rely increasingly on AI and other 4IR systems to work for us. Blockchain is no exception, and since some aspects of blockchain are used for crypto-currencies, these errors can become worrying. The blockchain protocol employs cryptography, game theory, and economics to create incentives for the nodes to work toward securing the network instead of attacking it for personal gain. If set up correctly, this system can make it extremely difficult and expensive to add false transactions but relatively easy to verify valid ones, which makes the technology so appealing to many industries, beginning with finance. Fidelity Investments and Intercontinental Exchange, the owner of the New York Stock Exchange, will start to enmesh blockchains in the existing financial system. Even national central banks are using blockchain systems to introduce new digital forms of national currency.
But the more complex a blockchain system is, the more ways there are to make mistakes while setting it up. Earlier this month, the company in charge of Zcash—a cryptocurrency that uses extremely complicated math to let users transact in private—revealed that it had secretly fixed a “subtle cryptographic flaw“ accidentally put into the protocol. An attacker could have exploited it to make unlimited counterfeit Zcash. Fortunately, no one seems to have actually done that. The protocol isn’t the only thing that has to be secure. To trade cryptocurrency on your own, or run a node, you have to run a software “client”, which can also contain vulnerabilities. Last September, developers of Bitcoin’s main client, called Bitcoin Core, had to scramble to fix a bug that could have let attackers mint more bitcoins than the system is supposed to allow.
Still, most of the recent headline-grabbing hacks weren’t attacks on the blockchains themselves, but on exchanges, the websites where people can buy, trade, and hold crypto-currencies. And many of those heists could be blamed on poor basic security practices, but there are other dangers – eg in the recent hack of Ethereum Classic. As the hack illustrated, a bug in a live smart contract can create a unique sort of emergency. In traditional software, a bug can be fixed with a patch. In the blockchain world, it’s not so simple, becausetransactions on a blockchain cannot be undone. Basically the flaw allowed the hacker to keep requesting money from accounts without the system registering that the money had already been withdrawn.