Blockchains, Bitcoins and other cryptocurrencies! – these topics are in the news for quite some time now because of the claims they made of being ‘immutable’ or ‘un-hackable.’
Have you wondered if they could ever be hacked? Even if you are a Blockchain developer or owner of a Blockchain company, you should know how the ‘security’ features of Blockchain work and what are the possible ways they can be exploited!
Security Features of Bitcoin and Blockchain
Cryptos rely on a pair of public and private keys to ensure secure transactions. Public Keys are visible to all the participants in a network whereas, the Private Key is kept a secret to avoid misuse. Bitcoin uses Elliptic Curve Digital Signature Algorithm (ECDSA) to generate the public key and its corresponding private key. Later, the public key is hashed to create the public address of that user.
The public key is derived from the private key through elliptic curve multiplication. The address is derived using SHA-256 and RIPEMD-160 hash functions. The errors generated are corrected using a checksum. When users do Bitcoin transactions, their public keys get exposed on the Blockchain.
All the technical information given above means the decoding of the information within Bitcoin and the Blockchain ledger is “infeasible.”
I have used the word “infeasible” instead of “impossible.”
So yes, it is difficult to hack Bitcoin and Blockchain, but not impossible.
Let’s move to the next section of this blog where we explore the various methods that can be utilized to hack Bitcoin and Blockchain.
Possible Methods of Hacking Bitcoin and Blockchain
It might sound like Steven Spielberg’s sci-fi movie when I claim that quantum computers can actually hack the elliptic curve cryptography used in Bitcoin, but it can be a true story! Just like quantum physics considers the idea of parallel worlds, quantum computers work by collapsing all possible and probable solutions of a variable into the right answer.
The quantum computer can be used to compute the factors of large numbers and crack the public key encryption using Shor’s algorithm. This publicly available information is all that is required by the quantum computer that can, in turn, get the private key and ‘become’ another user.
Miner Malware and Ransomware
Most of us use e-wallets to have seamless funds transfer. Bitcoins use ‘wallets’ to store their values. Imagine a worst-case scenario where a wallet userloses his authentication PIN and his value store is forever inaccessible. Miner malware and ransomware puts the Bitcoin users in a similar situation and poof!The money is gone!
Many a time we get fooled by the computer programs disguising as harmless enhancing software but are designed to cause damage to their target systems. These trojan’s lurk inside the computer and wait to spot a cryptocurrency account number. They get triggered as soon as they spot the account number and replace it with the fraudulent account number.
Demystifying the Patterns
Any type of cryptography has a pattern that could be deciphered. The same applies to cryptocurrency. The task of figuring out the pattern of Blockchain is possible because every block that constitutes it is a function of its previous block.
Supporting Websites Can Be Hacked
The centralized websites that control transactions can be hacked. If there is no back up of the Bitcoin values in an offline location, a significant amount of money will be lost.
These malware record your keystrokes and send them back to the hacker who is referred to as a keylogger. These programs hide on your computer or smartphone and keep track of every password, seed, and pin number you type. This gives the hacker easy access to Bitcoins.
Keyloggers can be installed as an email with an attachment that could be an executable file or any document like a pdf. Setting up a malicious website that would be frequently visited by a lot of users and hence recording important information will also do the trick.
Phishing can also be used as a medium of information theft. It uses email or a fake website to trick users to enter their private keys. Once the private keys are out, it is very easy to transfer the funds from that account to any other account.
Use of improper version control (VC) programs, improper testing policies, and unsupervised exchange management are some of the other possible threats to Bitcoin and Blockchain. The investors may lose all their money at a single go!
Threats of the Future
Are the SHA-256 and RIPEMD-160 hash functions strong enough? If not, it’s a huge concern. Many transactions make use of SHA-256 and HTTPS to ensure security and nothing has gone wrong till date, but we never know what the future holds!
Unfortunately, even 2FA does not provide maximum security if Google Authenticator is embedded in a web browser on a PC. With the TeamViewer tool installed, the probability that an attacker will gain access to real-time TOTP authentication codes will allow them to crack your account on the exchange.
2FA acts as long as the app is installed on another device, for example, a smartphone. Such measures reduce the risk of serious hacking.