Cyber attacks raise questions about blockchain security

September 12, 2016

A series of cyber attacks against digital currencies has left the financial services industry wondering whether new blockchain technology can be made secure enough from criminals.

From established names such as UBS and Santander to new fintech companies Ripple and R3, many in the industry are eager to rip out old systems of moving money and replace them with quicker and cheaper blockchain technology. Developed as a technology to underpinning digital currency bitcoin, blockchain allows transactions to be verified electronically over a network of computers, with no central ledger.

However, cyber criminals have targeted companies using blockchain and digital currencies, attacking DAO and Bitfinex in recent months. The DAO was a kind of crowdsourced venture capital fund that allowed people to make investments using Ether, another digital currency. It had raised over $150m in May, only to have more than 50M drained by cyber criminals in June, cutting the value of the currency by a third. Bitfinex, a Hong Kong-based digital currency exchange, lost about $65m in a cyber attack in August.

Fred Ehrsam, co-founder of Coinbase, a San Francisco-based start-up where merchants and traders can buy and sell digital currency, says blockchain will become more secure with time.

“I think at the beginning you’ll have people who screw up with it. It is true of any new technology, people have to get used to it,” he says.

Even before these attacks, the Financial Stability Oversight Council, a group of US regulators, warned that because these systems, known generically as distributed ledgers, were new, flaws might not become clear until they were “deployed at scale”.

“Like most new technologies, distributed ledger systems also pose certain risks and uncertainties which market participant and financial regulators will need to monitor,” the Council said.

One of the most serious problems is that some cryptocurrency companies rely on new programming code. It is hard to anticipate what the flaws are in new code or a new programming language, as there has not been a history of specialists examining it for flaws.

Read full story…