June 29, 2022

A Pentagon-commissioned report has revealed some hard security truths about the blockchain, including the position that the blockchain is not decentralized, highly vulnerable to attack, and run on outdated software.

The Pentagon’s research arm, Defense Advanced Research Projects Agency (DARPA), hired Trail of Bits, a security research organization, to study the blockchain.

Trail of Bits focused on Bitcoin and Ethereum and discovered that it only takes four entities to disrupt Bitcoin and only two to disrupt Ethereum.

To analyze the challenges of Bitcoin security, the researchers from Trail of Bits registered multiple accounts with mining pool sites to study its code when available.

Security flaws discovered during the process include the fact that ViaBTC, a leading global mining company, assigns the password “123” to its account. Pooling, another mining company, does not even check the login credentials. Slushpool, a mining company that has mined more than 1.2 million Bitcoin since 2010, instructs users to ignore the password.

The three mining companies account for about 25% of the Bitcoin harsh rate, or total computer performance, and their security incompetence expose organizations and individuals to a high risk of cyberattacks. This is because the nodes used by crypto miners can easily be used to flood the network in a so-called Sybil attack using an inexpensive cloud server.

Another security problem in the blockchain is the use of older versions of software that cause software errors and bugs. Software bugs have already caused blockchain errors in Ethereum, and 21% of Bitcoin nodes run on older versions of the notoriously vulnerable Bitcoin Core client known to be vulnerable.

The sources for this piece include an article in TechRepublic.