In light of the continued blockchain related security hacks (e.g. the DAO and Bitfinex, to just name two recently visible ones), a fundamental question is front and center: will we eventually take blockchain security for granted, just as we take bank grade security for granted? Or is it too early in the maturity cycle of blockchains to expect total security resiliency?
There is no reason why we shouldn’t expect blockchains to be as trusted as what is commonly referred as “bank grade security”, although we are not there yet, today.
I’m using the term “bank grade security” figuratively, but with an intent to denote the same expected outcomes from blockchain operations as we get from banks, pertaining to standards in security. Despite being themselves subjected to thefts as well, banks are still considered relatively secure, both physically and online. If a bank theft occurs, individual customers are almost never affected because it is common (and expected) for banks to bear the entire responsibility by insulating customers from these occasional losses. However, in the blockchain world, users are left holding the bag when there is a breach of any kind. On one side of the spectrum, you could say that this type of risk comes with the decentralization ethos, but on the other side, one would like to see higher standards of security assurance, so that users are not responsible for funds losses, especially if they didn’t have any influence on it.
For background, and as a refresher, banks have had a rich history of robberies starting with the 1800’s during the Wild West era in the US. These were the days of Butch Cassidy, Jesse James, Billy The Kid, the Dalton Gang and other famous thiefs who were outlaws. During these crazy times, bank robberies happened often. Fast forward about a hundred years later, modern days bank robberies continued to take place during the 20th century, although with less frequency. In fact, Wikipedia has a list of 33 countries boasting some of the most famous bank robberies worldwide, since the Great Depression of the 1930’s, including a few even in 2016! Our memory is still fresh with the recent Bangladesh Central Bank heist of 2016, a cyber attack whose objective targeted $1 billion. Overall, notwithstanding the surprising amount of ongoing banking theft activity, we have not closed banks, and banks continue to operate in spite of incurring these losses.
I offered this backdrop to encourage us to think about whether we should accept blockchain robberies as a fact of life, although each time one of these hacks happen, public confidence for the blockchain is lowered. Perhaps it is too early to be so accepting during these early days of this new era?
Why don’t we expect hosted cryptocurrency exchanges (or crypto-tech businesses) to treat their users the same way as banks do? And if so, could these exchanges withstand losses without folding?
Six Categories of Security Layers
We should think of the various levels of blockchain security. All these layers should work together in order to deliver the highest possible security. The outcome will result in more public confidence, at similar levels as bank grade security.
1. Transaction Level
That is the minimum required level for a bona fide blockchain. A well functioning blockchain needs to validate transactions with certainty and predictability at the end of the consensus cycle. This is where the consensus method does its job of confirming the transaction finality. We have gotten pretty good at this level, but it’s in the remaining areas where more work is required.
2. Account Level
There are two parts to this. A user account could be self-managed via a private wallet, or it could be a hosted account at an exchange. The Bitfinex hack was an example of a hosted account hack, happened because accounts were compromised on the exchange. And on the private wallets side, the DAO replay attacks touched some DAO private wallets. This is the area where you “clients” are also vulnerable to Internet style DoS or phishing attacks. Self-managed wallets are not for the faint of heart, nor for the novice user, despite a plurality of Do’s and Don’ts that security experts will dispense. In order to deliver cryptocurrency to the masses, hosted exchanges and wallets providers have an important role to play, so they need to become really good at it. The analogy is Facebook. Facebook is not the Web. It is a walled garden, but it works well and it is arguably more secure than the Web at large.
3. Programming Level
This is where smart contracts or scripts could be compromised, and the DAO case was a perfect example in that category. Smart contracts could have vulnerabilities that can be exploited, resulting in a drainage or disappearance of funds. Vitalik Buterin provided an excellent explanation and classification of the known smart contract security categories, and this is an area where there is wide agreement that improvements are needed.The blockchain allowed us to program money, and we need to be careful in doing it.
4. Distributed Organizations Level
Think DAO here again, not at the smart contract level, but rather at the operational and organization level, and how a spaghetti topology of smart contracts labelled as “law” could become a house of cards for a Distributed Organization that wants to be autonomous. Autonomy has its risks, but first and foremost, the organization itself must be tested and it must be sound before it gets a chance to run autonomously. The DAO tried too hard and relied only on technical curators who gave it a passing grade, but didn’t have organizational experts that could have pointed fundamental flaws in linking the operations of a company to blockchain contracts.
5. Network Level
A blockchain is a peer-to-peer network, physically and virtually. That network is where the consensus methods run, and this is the area where you hear of the 51% attack vulnerabilities, i.e. when theoretically, an attacker can spend enough money and hash power to “hijack” the transaction validation process in their favor. This category of security will concern itself with the soundness of the actual algorithms, protocols, incentives and consensus economics (whether mining or transaction costs related). In my opinion, the specter of “51% attacks” shouldn’t even be in our vocabulary. Imagine if a bank advertised the percentage likelihood of them being robbed as part of their marketing material.
6. Governance Level
I’m going on a limb in differentiating governance level security from the network level security because I’m referring here to the application side of decentralized consensus. This is an embryonic area, and we have only seen rare cases of decentralized governance. The ones we don’t hear about may be failing in obscurity, and we can’t easily extract their lessons, but the two most publicized cases are Bitcoin (block size) and Ethereum (hard fork) governance. Strategic decisions taken in the name of decentralized governance affect the long term security of a blockchain. We are still learning by trial and error as we figure out the best practices of decentralized governance. On one hand, Bitcoin could be criticized for being too rigid on governance related changes, whereas Ethereum could be perceived to have been a little too lax with their recent hard fork decision process. Maybe one day, the pendulum will swing to the middle.
We often hear of Network security and Account security because they are the most visible, but any player in the blockchain space who is developing an application, running a business or providing a service must be thinking of the variety of security layers as part of good security hygiene.
Today, blockchain related robberies are more of the “cybercrime” flavor variety, because there is no physical entry into a bank or vault. It’s the hacking itself that makes these incidents possible. Crime, cybercrime, robbery, theft and hacks will continue to occur, regardless of the efforts, measures and practices of the criminal justice system. Therefore, the technology itself must do its part in being as good and as predictable as bank grade security.
Eventually, the frequency of blockchain security vulnerabilities should be a thing of the past, because security is an essential condition if blockchains want to become big. We had to solve the Internet security issues early (whether perceived or real), and I still recall the days when the Internet wasn’t deemed to be secure enough for many organizations, and when entering your credit card online was done “at your own risk” (1994-1997 period).
We need to elevate the security standards- technical, operational, and legal to pave the way for the blockchain market to proceed and grow.
This is about a new “infrastructure of value”. Value movements should be done with certainty.