Blockchains: not so 'unhackable' after all?
As I wrote earlier this month, blockchain technology is not about trust, it’s about distrust. So we shouldn’t be surprised in such an environment that bad actors thrive.
Reporting on a blockchain-based currency (‘cryptocurrency’) hack, MIT Technology Review comment:
We shouldn’t be surprised. Blockchains are particularly attractive to thieves because fraudulent transactions can’t be reversed as they often can be in the traditional financial system. Besides that, we’ve long known that just as blockchains have unique security features, they have unique vulnerabilities. Marketing slogans and headlines that called the technology “unhackable” were dead wrong.The more complicated something is, the more you have to trust technological wizards to verify something is true, then the more problems you're storing up:
But the more complex a blockchain system is, the more ways there are to make mistakes while setting it up. Earlier this month, the company in charge of Zcash—a cryptocurrency that uses extremely complicated math to let users transact in private—revealed that it had secretly fixed a “subtle cryptographic flaw” accidentally baked into the protocol. An attacker could have exploited it to make unlimited counterfeit Zcash. Fortunately, no one seems to have actually done that.It's bad enough when people lose money through these kinds of hacks, but when we start talking about programmable blockchains (so-called 'smart contracts') then we're in a whole different territory.
A smart contract is a computer program that runs on a blockchain network. It can be used to automate the movement of cryptocurrency according to prescribed rules and conditions. This has many potential uses, such as facilitating real legal contracts or complicated financial transactions. Another use—the case of interest here—is to create a voting mechanism by which all the investors in a venture capital fund can collectively decide how to allocate the money.Human culture is dynamic and ever-changing, it's not something we should be hard-coding. And it's certainly not something we should be hard-coding based on the very narrow worldview of those who understand the intricacies of blockchain technology.
It’s particularly delicious that it’s the MIT Technology Review commenting on all of this, given that they’ve been the motive force behind Blockcerts, “the open standard for blockchain credentials” (that nobody actually needs).
Source: MIT Technology Review