The three pillars of distributed ledger technology: What can we learn from recent blockchain attacks?

Blockchain technology, also known as distributed ledger technology (DLT), is crucial to the transformation of the financial services sector. According to a recent survey report by Greenwich Associates, financial services companies are investing heavily in the technology in the hope of bringing it to market. In addition, they are confident that distributed ledger technology will have a significant impact on the industry within two years.

However, there are several major obstacles that need to be overcome before this great goal can be achieved. The most critical one is security. In a report titled Securing the Blockchain, we discussed several technical difficulties surrounding blockchain security, including consensus, transaction confidentiality, and protecting private keys. As can be seen from recent attacks, the above points are very important.

Protecting Private Keys

Recently, the Bitcoin exchange Bitfinex was attacked, resulting in a loss of up to $70 million. Therefore, we can see that the security of private keys cannot be ignored. Although the details of the attack are still unclear, it is certain that the hackers somehow successfully obtained the private keys that protect user accounts before stealing Bitcoin.

Private keys guarantee ownership of digital assets, similar to passwords. Technology companies that develop private blockchains for financial services companies must reconsider whether the multi-signature and cold storage methods used by digital currency exchanges are really effective. Although these solutions are relatively secure, they come at the cost of low efficiency and high management costs. It is indeed because Bitfinex took shortcuts that led to the theft of funds, and the responsibility does not lie with the technology itself.

Immutability

Another question worth considering is what to do after an attack? What is stolen is digital assets, which exist in the form of computer code. Therefore, can we roll back the blockchain and modify its code to the version before the attack?

If this is done, from the perspective of the blockchain itself, the attack will be as if it never happened. However, the Bitcoin community did not take this approach to save Bitfinex's losses. Instead, the Ethereum blockchain rolled back transactions (i.e., hard forks) in this way after being attacked (losing $50 million). The smooth implementation of a hard fork requires the consensus of a large number of nodes in the entire network, and this Ethereum hard fork has always been controversial. Because immutability is an important attribute of the blockchain, that is, every transaction recorded in the blockchain cannot be changed or cancelled.

Today, the financial services industry can cancel trades: whether it's a stock exchange, a credit card company, or any software involved in the trading process, they all reserve the right to cancel or modify an erroneous trade.

Given that the financial services industry will eventually adopt distributed ledger technology, it cannot escape this feature of the blockchain. Is immutability a bug for them? Or will the industry create specific functions to record offset transactions, achieving the same purpose as reversing transactions without destroying the integrity of the historical transaction record (respecting the immutability of the blockchain)?

Smart Contracts

The success of the DAO attack proved that smart contracts have security vulnerabilities. Smart contracts are computer programs that can automatically execute contract terms and transfer value between multiple parties. The DAO is a smart contract investment project based on the Ethereum blockchain.

However, the irrationality of the smart contract code gave hackers an opportunity to steal funds. Smart contracts are an important part of distributed ledger technology solutions and can be used for collateral management, over-the-counter (OTC) derivatives, etc. For example, if the smart contract code is perfect, it can trigger payment processes between banks and other companies, with a profit margin of up to $50 million.

Vulnerabilities in smart contracts can not only lead to attacks, but also cause system failures and initiate erroneous transactions. Similar incidents have occurred many times in the financial market, and the participants have paid a heavy economic price.

Therefore, our entire industry should work together to develop the best use cases and provide the best protection and control measures for smart contracts to prevent the above incidents from happening again. From this perspective, the Smart Contracts Alliance recently launched by the Chamber of Digital Commerce is the first step towards success.

Distributed ledgers in financial services can reduce settlement times, eliminate friction, lower costs, and streamline workflows. Before we can reap these benefits, the industry must focus on security. Digital assets and distributed ledger technology bring new ways to transact, but we also need to explore new ways to protect the security of blockchains.