Blockchain technology is considered to be secure and immutable due to its decentralized nature. But as it becomes more popular with new solutions popping up almost daily, hackers become inventive enough to find vulnerabilities and attack it.
Presently, these attacks mostly target cryptocurrency blockchains and are aimed at stealing funds. However, as the number of use cases for the technology grows, hackers are very likely to find other purposes and vulnerabilities for their criminal actions.
Ever since its appearance, blockchain was posed as an unhackable network. Due to its decentralized nature, it has no single database that can be broken into. Instead, the information is kept on independent nodes, while its verification is done through consensus. So even if one node is hacked, the information remains unharmed, and the attack itself is detected in no time.
The tech is really difficult to hack indeed. However, it still has a vulnerability that can be used by cybercriminals.
Most blockchains employ the proof of work concept, where all transactions and records are verified through a mining process with most of the computing power of the network forwarded there. Whenever a single person gains control over 51% of the mining power (i.e. network capacity), one can make changes into the entire blockchain.
That was what happened to Ethereum Classic blockchain back in 2019. An unknown hacker managed to gain control over 51% of its capacity and started rewriting the entire transaction history, thus enabling the possibility for double-spending. The flaw was first detected by Coinbase. At that time, the hacker had already stolen around $1.1 million.
In these terms, the Bitcoin blockchain is the least vulnerable, as to perform the 51% attacks, a hacker would need to spend over $260,000 per hour, thus making the attack itself a losing game. For this reason, hackers mostly target blockchains of other cryptos that are much cheaper. To steal bitcoins, they are mostly using inherent vulnerabilities of exchanges to steal customers data and get access to their wallets.
Another way hackers can break into a blockchain is through smart contract glitches. As it is practically a software that is used on a network, it can have bugs. But unlike with any other software, the bugs can not be fixed by a patch. With blockchain, everything is much more complicated.
To fix the existing bugs, the developers sometimes have to present additional smart contracts or even create a fork of the entire blockchain. Forking is the only way to get the stolen funds to the users. The process allows for rewriting the transaction history and getting back to the moment before the attack, at the same time creating an entirely new network. That was exactly the case that resulted in the hard fork of Ethereum, creating Ethereum Classic.
Since the very appearance of blockchain, the number of attacks has been growing as hackers raise their awareness and skill in the tech. Thus, according to research by the Atlas VPN team, the number of yearly hacks has grown from 2 attacks in 2012 to 31 breaches in 2020.
Generally, there have been 330 successful hacks of various blockchains resulting in the loss of around $13.6 billion. 36% of successful events targeted EOS Dapps, proving that its blockchain is the most vulnerable. The second place is taken by cryptocurrency exchange hacks taking advantage of blockchain vulnerability (87 events).
On the upside, it is worth noting that 2020 has seen a decrease in cyberattacks at blockchains. On one hand, it might mean that developers started paying greater attention to enhancing security and tracking possible breaches. However, it might also point out that cybercriminals simply turned to other, simpler and cheaper methods of stealing funds.
Thus, as CoinIdol, a world blockchain news outlet reported, the outbreak of COVID-19 triggered cybercriminals to switch to various fraudulent schemes related to the virus either to illegally selling protective equipment on the darknet.
All in all, the fact that even such secure technology as blockchain can be hacked proves that the overall progress influences hackers as well, prompting them to search and invent new ways of attacking users. Besides, it also proves that there is no lock secure enough against thieves and there is never too much in terms of security.