In my latest illustration, I drew myself as an ethical white-hat hacker ‘Cypherpunk‘ (数码朋克) attempting to do a pentration-test hacking into a technological company’s servers.
Cyberspace has become the realm for computing devices, networks, data and other infrastructure to bring the internet and its myriad applications to billions of people globally. The vast and rich connectivity enabled by these technologies have brought significant benefits to global society and the economy. Cryptocurrencies are fast becoming a class of applications with the potential to create connections never seen before, with the rise of Bitcoin and many other digital currencies enlivening the digital and financial landscape today.
Amidst all this growth, cybersecurity is an issue that is gaining importance as companies, markets and countries increasingly come under attack from cybercriminals, hacktivists and spies. This is no different in the growing cryptocurrency space which is attracting a growing pool of users and investors, but also unwanted attention from bad cyber actors who seek to exploit it negatively. At its core, cybersecurity involves protecting both data and people from the multiple threats that it faces.
A pertinent area of concern to cryptocurrencies and its underlying blockchain technology is the security of online transactions and the protection of data integrity. Data breaches, for instance, are becoming ever bigger and more common. According to The Economist, in 2013, over 800 million data records were lost, mainly through such cyberattacks. Among the most prominent recent victims were American retailer Target, and technology companies such as Adobe and eBay. Cryptocurrency firms have been targeted as well.
The Mt Gox Episode
The sudden closure in February 2014 of Mt Gox, the world’s best-known exchange for Bitcoin at the time, due to significant financial losses sent shockwaves through the world of cryptocurrency. Mt Gox went bankrupt after it had lost nearly half a billion dollars’ worth (USD $460 million to be exact) or 850,000 Bitcoins due to the hacking of its faulty computer system. What came as a great surprise was that, according to leaked Mt. Gox documents, hackers had been skimming money from the company for years. This was actually the second time the exchange had been hacked; in June 2011, attackers made away with the equivalent of $8.75 million in Bitcoins, causing the site to go offline for several days. The cybersecurity breach which culminated in February 2014, unfortunately, proved to be the last one.
Poor cybersecurity protocols and practices can be attributed to Mt Gox’s demise. According to reports, the exchange did not use any type of version control software – a standard tool in any professional software development environment, which meant that any coder could accidentally overwrite another coder’s work if they happened to be working on the same file. In terms of management, there was only one person, Mt Gox’s CEO Mark Karpeles, who could approve changes to the site’s source code. This meant that some patches, such as security fixes, could be pending for weeks, waiting for Karpeles to get to the code. As a result, the source code was said to be a “complete mess”, according to an insider.
Underlying Basis for Cybersecurity: Blockchain technology
That is not to say that cryptocurrencies or their underlying blockchain technology possess inherent weaknesses. The vulnerabilities that contributed to the closure of Mt Gox were a result of extrinsic factors such as poor software management and over-reliance on a single individual. Blockchain shows great potential as a secure transaction ledger database that is shared by all parties participating in a distributed network of computers such as that dealing with a cryptocurrency. A major attribute of blockchain is that it records and stores every transaction that occurs in the network, essentially eliminating the need for third parties such as payment processors. Blockchain proponents describe the technology as a “transfer of trust in a trustless world”, pointing to the idea that the parties participating in a transaction do not necessarily know each other, yet are able to exchange value such as Bitcoins with assurance and no third-party validation.
The computers that make up the network which processes the transactions are located throughout the world and not owned or controlled by any single entity. Not relying on a limited number of locations or central authority means there is potentially less damage if a single node in the network is compromised. If a node is taken down, the data is still accessible through other nodes in the network because all of them maintain a full copy of the transaction ledger at all times.
Along with this decentralised structure, the use of security protocols such as sequential hashing and cryptography makes it very difficult for any party to tamper with a blockchain network as compared to a standard database. A consensus model protocol, which means at least 51% of users in a blockchain are needed to validate a transaction before it is subsequently added to the platform, presents an added layer of assurance for data security.
It is important to recognise that the cybersecurity of cryptocurrencies and blockchain is an ongoing process and that any vulnerabilities would not necessarily be limited to the technology itself. As the Mt Gox episode highlights, the surrounding ecosystem and human factors play a relevant role. Cyber actors with malicious intent will always be working to find a way to exploit cryptocurrency technologies and applications. One can never say that blockchain is a foolproof technology, especially when it involves large sums of money in the cryptocurrency space. What matters is that each lapse is taken as an opportunity to learn and make the cryptocurrency landscape more robust and resilient so it can achieve its potential for the benefit of society.