As blockchain processes become more and more a part of our financial lives, people are asking each other – can you hack the blockchain? Known as an “immutable ledger,” it would seem that the blockchain is impervious to bad actors. But are the networks comprising the ownership blockchains for these coins and tokens vulnerable to any type of hacking or fraud?
The short answer, from a lot of experts, is that the blockchain itself cannot be hacked. But blockchain-adjacent processes certainly can be hacked in a number of ways.
Blockchain transactions can be manipulated. Blockchain assets can be stolen. But that’s not a commentary on the blockchain itself. It’s a reality of the environment in which people trade and own blockchain assets.
The Cryptocurrency Exchange
Most of the infamous “blockchain hacks” that have occurred in recent years have happened on centralized exchanges. (Read also: Hacking Cryptocurrency.)
In certain situations, you almost have to use an exchange to trade cryptocurrency or blockchain assets. But hackers can get access to digital assets through an exchange network or platform. In other words, Bitcoin, for example, is naturally decentralized, so there’s no central system to hack. But the exchange puts the asset into a “place” that can be exposed to hackers.
The Mt. Gox story, when the exchange was hacked and subject to a massive theft is one example. But there are all sorts of headlines where some malicious actor was able to sniff out a vulnerability in some exchange, and make off with someone else’s assets. For that matter, there are also “rug pulls,” where people can get people invested in an asset and then take off with the money.
Again, though, none of that happens in the blockchain itself.
Now let’s talk about one aspect of a peer to peer network that you might think of as an actual “blockchain hack.”
The 51% Attack
When you ask knowledgeable people about hacking the blockchain, many of them will come up with one crucial exception to a blockchain network’s ironclad verified ownership model.
It’s called the 51% attack, and it works this way:
The integrity of network transactions is supported by the community of owners in a given blockchain. So for example, verifying Bitcoin ownership gets done by the consensus of the total community of Bitcoin owners, using the blockchain ledger.
With that in mind, if one party can get control of more than 50% of that ownership, then all sorts of things can be done with blockchain transactions. The accomplishing party of the 51% attack is the majority owner, so what they say goes.
In reality, it’s very difficult to execute a 51% attack. In a network of any size, it’s prohibitively expensive. Practically speaking, nobody is going to own 51% of Bitcoin or Ethereum or any of those major blockchain assets.
There’s also something called a Sybil attack, where people create numerous fraudulent identities and accounts. But that doesn’t help with the 51% attack strategy, because no matter how many people you split the assets between, they would have to have a full 51% of the entire blockchain asset model itself. (Read: An Introduction to Blockchain Technology.)
There is another caveat to the idea that you can’t hack the blockchain. It has to do with changes that have come about just in the past few years.
When we reported on “hacking the blockchain” a few years ago, cryptocurrency was still the predominant use case for blockchain ledger transactions.
But in many ways, that’s not really true anymore thanks to the introduction of something called the smart contract.
Smart contracts essentially involve putting data and code executions on the blockchain. You could think of smart contracts as nonfinancial blockchain transaction vehicles.
Smart contracts started to become more popular as people got deeper into cryptocurrency in the blockchain world. First, Ethereum was the major smart contract blockchain facilitator of note. But then people figured out that Bitcoin SV could handle smart contracts (although “regular” Bitcoin does not.). New coins and tokens like Solana also became known as “Ethereum killers” partially for their ability to handle smart contracts. (Read also: Comparing the Top 3 Cryptocurrencies.)
One of the benefits of smart contracts according to IBM: Blockchain transaction records are encrypted, which makes them very hard to hack. Moreover, because each record is connected to the previous and subsequent records on a distributed ledger, hackers would have to alter the entire chain to change a single record.
The bottom line is that smart contracts can be hacked in ways that cryptocurrencies cannot. In other words, if you can exploit some aspect of the smart contract that’s blockchain-adjacent, it can look very much like you’re hacking a blockchain.
The Human Element
There’s another very important point that we can’t forget when we’re talking about blockchain hacking.
That’s right, it’s social engineering. If you hook up to a sketchy airport wifi and send your crypto keys over that network, and somebody gets them and steals your crypto, that’s not a “blockchain hack.” (Read: Man in the Middle Attack (MITM)
You can protect data and systems in complicated network setups, but you can’t protect them from human error. You can’t protect them from people.
Many of the hacks and illegitimate activities that attempt to siphon money out of crypto networks, or conduct some type of fraud, are targeted toward the weakest link – the human operator. When they can get the private keys for some digital asset, for example, they’re off to the races.
The Bottom Line
All of that shows you how two sort of similar things can be true at once. When a blockchain related incident hits the news, it’s likely people will hear “Blockchain hacked!” regardless of if it’s accurate. As we’ve seen, on one hand, the blockchain itself as a model is very resistant to almost all kinds of hacking. On the other hand, lots of processes and systems connected to a blockchain and an asset have vulnerabilities. That’s important to think about as we continue to see more kinds of crypto coins and smart contracts develop in an ever-expanding network of new finTech assets.