Every single discussion of blockchain seems to start with some variant of the phrase “secure, distributed hyperledger.” I take no issue with the fact that it’s a hyperledger—in other words, a continuously growing list of linked records. And I have no problem describing it as distributed—in this case, across a peer-to-peer network communicating over a protocol that describes how to validate new records being added to the chain.
But it seems to me we’re jumping the gun on describing blockchain as “secure.” That’s a high-bar claim for any system, which must be proved again and again in various levels, scenarios, applications, and other contexts. It would be more accurate to describe the technology as a cryptographically secured distributed hyperledger. This definition that leaves open the crucial question of whether that tactic alone is sufficient to reduce a blockchain’s vulnerability to tampering, password theft, malware-borne denial of service, and other attacks.
In fact, you don’t need to wade out too far into the growing blockchain literature before the security vulnerabilities just jump out at you. In fact, the security issues with blockchain seem to form a chain of their own, in which the weak links start to overwhelm the strengths conveyed by the technology’s underlying reliance on strong public key cryptography. As you contemplate the fact that more the world’s stored wealth and commercial exchange value is starting to ride on blockchains of one sort of another, the security vulnerabilities of this technology start to loom larger in your consciousness.
Blockchain is more than a distributed database—it’s a growing system of record on which the global economy will rely intimately. So how secure is it, in reality? And how much cost, time, and trouble should any of us be spending to put our blockchain implementations into a secure-enough form before we can justify putting mission-critical assets on a distributed hyperledger?
What’s clear is that, more often than not, we users are blockchain’s weakest link. Attackers will continue to exploit endpoint vulnerabilities—in other words, our own inability to secure the blockchain identities, keys, credentials, and software that we install on our PCs, mobile phones, and other systems. In practice, that could expose us to phishing, malware, password dictionary attacks, and other attack vectors that leave our chain-based assets—such as cryptocurrency—wide open for the taking.
