Stuart Madnick — the John Norris Maguire Professor of Information Technologies at the MIT Sloan School of Management and the Founding Director of the Cybersecurity at MIT Sloan research consortium — highlighted a forthcoming study on blockchain, stating that the technology is not as secure as many purport it to be.
The MIT study analyzed 72 cases of publicly reported security breaches in blockchain systems between 2011 and 2018, subsequently developing a taxonomy of blockchain vulnerabilities. Among major vulnerabilities, the study named transparency, distributed control and anonymity, which are also blockchain tech’s purported key advantages.
While transparency enables people to view the software and verify that there are no flaws, it purportedly also lets ill-intentioned persons to easily access and explore it to uncover flaws not yet observed by others, Madnick says.
Distributed control means that there is no central “on” or “off” switches like in traditional centralized systems. Madnick makes an example of a stock market running into a problem such as a flash crash, wherein a centralized exchange can just shut the market off. However, when it comes to an attack discovered on a blockchain system, it is purportedly impossible to turn off.
As for anonymity, Madnick stresses that it is impossible to restore access to a user’s blockchain account if they lose the key. “It is the only way that you are identified so you are anonymous, which is why it is popular for illegal transactions, such as ransomware payments,” Madnick further stated, and concluded:
“The bottom line is that while the blockchain system represents advances in encryption and security, it is vulnerable in some of the same ways as other technology, as well as having new vulnerabilities unique to blockchain. In fact, human actions or inactions still have significant consequences for blockchain security.”
Sheila Warren, head of Blockchain and Distributed Ledger Technology at the World Economic Forum, recently claimed blockchain could be a solution to the worsening trust crisis globally. Warren said:
“This technology could provide access to information that could enable third parties or other groups to actually come in and conduct audits of what is happening. And I actually think that could build faith back in institutions.”