Blockchain developers face a vast range of security challenges. They must also adapt to emerging blockchain regulation established by government legislation. Let us look into a few of the challenges that need to be addressed in 2019 and beyond.
SOME SECURITY CHALLENGES PROTOCOL BACKDOOR AND ROGUE DEVELOPERS
One rare but concerning issue with blockchain is the possibility of ample, unplanned token issuances. The most vital example of this occurred in October 2018 with Oyster Protocol(PRL). The project founder and chief developer Bruno Block, decided to exit scam by removing $300,000 of PRL from a platform smart contract backdoor and then re-selling it on KuCoin.
This case study clearly illustrates a major security flaw of blockchain for three primary reasons. Firstly, no one knew that Bruno Block had the capacity to do this without proper warning. Secondly, this entails that it is very possible for one individual to take down the entire value of a cryptocurrency project. Lastly, this created quite a tumult due to the fact that the project was initially one of the most promising in the cryptocurrency space. So, compared to other cryptocurrency scams, Oyster Protocol displayed none of the classic signs.
Most lofty decentralized blockchains confront constant security threats. This is very imminent for those that launch new code updates which could contain bugs. For instance, Ethereum planned to launch it’s Constantinople update in January 2019. Unfortunately, smart contract audit firm ChainSecurity discovered a major bug just around two days before the launch date. According to chain security, the issue was an error that could have ultimately led to a “reentrancy attack”. More importantly, this interpreted that someone could enter the same function multiple times without any update to the user about the state of affairs. In this kind of case, a hack can literally withdraw funds forever. As a result, the Ethereum core development team chose to delay the launch until February 2019. While developers try to fix the bug and eliminate all potential security crisis, it’s clear that errors in the code written for blockchains can most times be very difficult to find even with immense resources.
In 2018, the increase of 51% attacks displayed a possibility to hack major blockchains and gain control over a majority of the hash power. A lot of blockchains that were once thought of being too expensive to take over through the 51% attacks were victims. During bear markets, the cost of eliminating these attacks dropped drastically. By design, Proof of Work blockchains with fewer miners and less hash power are very vulnerable. Although, many other solutions exist. Some examples include requiring a higher number of confirmations or establishment of merged mining. Additional, using another type of consensus mechanism could present a possible solution. However, the fact that many of the top-notch blockchains today uses Proof-of-Work continues to showcase a lingering problem.
The above-mentioned issues illustrate issues with centralized control and potential bugs. Though, these are not the only security challenges to be concerned about. In most scenario, security challenges appear on the user side. For example, the easy accessibility of cryptocurrency funds still continues to be a major challenge. Despite warnings from crypto-exchanges, project teams among others, phishing attacks still continue to cause many individuals to lose crypto funds.
Furthermore, challenges exist with how users interact with cryptocurrency wallets. On the one hand, some individuals store funds offline in hardware wallets, save seed phrases in secure locations, and take measures to generally increase fund security. On the other hand, many individuals keep funds online, locked up in an exchange wallet. And yes, it is easier to access funds by choosing the latter option. Yet, this comes with a much higher probability risk of losing funds to hackers. One of the biggest technical issues for developers is to to find a better way of increasing accessibility of funds without sacrificing security
Legislation such as GDPR in the EU was initially intended to be neutral and properly secure the data of end users. However, it can be somewhat hard to know how exact the law works with the emergency of technologies like blockchain. For instance, who is in charge of controlling the data in a public blockchain? Because consensus as we know, is very decentralized and distributed across validators, no single entity is responsible. Compared to some Web 2.0 big tech companies (Facebook, Google, Amazon, Twitter etc.), it can be somewhat difficult to know exactly who controls and manages data with blockchain-based Web 3.0 software. Now in the era of blockchain data processing, what counts as personal data? For example, public keys, do not have the same features as anonymous data and their characteristics are somewhat very similar to pseudonymized data.
It is very possible that in the future, developers will design blockchains to not only tackle security problems but legislative ones too. So, this calls for question whether or not it is possible to develop systems that can accomplish both. Just like any new technology, the formation of standardized blockchain regulation might take some time. Meanwhile, the technology itself continues to evolve in many facets.
CENTRALIZATION AND DECENTRALIZATION
As governments begin the establishment of blockchain regulation standards, questions even beyond data ownership and data privacy begin to emerge. Most of today’s most popular blockchains are very publicly accessible and highly decentralized. Although, it is predicted that blockchains of the future would become even more centralized, especially those to be used by large corporations and governments.
Centralization may showcase a few exciting, real-world security quandary. Blockchains controlled by a central authority or even a majority of validators, belonging to an individual significantly open up the possibility of censorship. This goes against the concept of what most blockchains represent in 2019.
Also, if blockchains of the future are more centralized, this could even produce more malicious users (i.e hackers) to gain control of sensitive data. Again, while centralized blockchains might still be more secure than older database technologies, they would still not be able to attain the level of inherent security provided by decentralized blockchains.