In 2020, as US hospitals were fighting a global pandemic, they were also battered by unprecedented cybercriminal activity. Ransomware attacks on hospitals doubled as healthcare jumped from 10th to 7th in the top 10 industries ranked by cyberattack volume. Hackers had a profitable field day exploiting legacy systems and centralized database weaknesses.
Centralized databases are vulnerable to a single point of failure, meaning if hackers compromise the central server, they can access all the data stored in the database. Every day users have limited control and can’t see what's happening, sometimes even with their own data. They need an intermediary, like a bank, to send statements and verify transactions.
What if a secure, transparent database technology existed where users could transact directly with no middleman? The alleged founder of Bitcoin, Satoshi Nakamoto, asked himself that same question when he was developing a ledger for cryptocurrency transactions.
His answer was blockchain technology, and it is rather ingenious. But in light of the spiraling number of cryptocurrency hacks, how safe is blockchain, really?
Quick View - What is Blockchain Technology?
First, there is no one blockchain to rule them all. But you probably already knew that. From its humble Bitcoin beginnings, blockchain technology is rapidly gaining popularity, with at least 1,000 blockchains operating today.
A blockchain is a distributed digital ledger that allows users to create a tamper-proof and transparent record of peer-to-peer transactions.
Blockchain in action looks like this:
- A blockchain is a decentralized network of nodes, each storing an identical copy of a client's ledger.
- Users submit information about transactions to add to blocks. The network's nodes work together to validate transactions and maintain the ledger's integrity. In blockchain’s original conception, like Bitcoin or Ethereum, chains are transparent in that anyone can see any transaction at any time.
- Once a block is verified and added to the chain, altering it without alerting the entire network is virtually impossible. Why? Because any attempt to make a change requires changing every subsequent block in the chain over multiple ledger copies.
Regarding data tampering, blockchain is very secure. However, as blockchain use cases grew beyond Bitcoin, life became complicated. Let's take a closer look.
Different Blockchains and Different Security Risks
Knowing the type of chain on trial is essential in evaluating blockchain safety. First of all, there are four “layers” of blockchain technology.
Some blockchain systems may not have distinct layers that correspond to a specific numbering scheme, and the specific blockchain architecture may vary depending on its design goals and use cases.
The basic framework for blockchain architecture that includes four layers is the following:
- Layer 0: Provides the foundation for creating multiple Layer 1 blockchains.
- Layer 1: Base layer blockchain developers use for building applications, such as decentralized applications (DApps). Ethereum and Solana are examples of Layer 1 chains.
- Layer 2: Offers scaling solutions that offload activities from Layer 1 blockchains to reduce their transactional loads to increase the speed and reduce the cost of transacting on a blockchain.
- Layer 3: Consists of the blockchain-based application layer, which includes games, wallets, and other DApps.
Layer 1 chains are the blockchain OG. These base blockchains are the ecosystem’s first level and main network chains, like Bitcoin or Ethereum.
Developers build Layer 3 solutions such as dApps and sidechains on top of the Layer 1 foundation, with the exception of Bitcoin. Bitcoin does not host any L3 apps.
Ethereum, for example, hosts thousands of dApps like Uniswap, OpenSea, and MakerDAO.
There are also four main types of blockchain networks based on how users access them.
- Public blockchains like Bitcoin and Ethereum offer high security and transparency but are slower to scale.
- Private blockchains offer more privacy and control but are not as transparent by design. For example, Walmart doesn't want its competitors and critics checking out its supply chain blockchain.
- Consortium blockchains are ideal for collaboration between multiple organizations but can be more complex to manage.
- Permissioned blockchains like Ripple offer the highest level of security but are more centralized, making them vulnerable to single-point failure hacks.
The Blockchain Trilemma
The blockchain trilemma refers to the challenge of optimizing the three defining traits of a blockchain system.
- As we saw above, decentralization means data storage and network control are distributed among multiple participants rather than a single authority.
- Scalability refers to the ability to handle increasing transaction volumes without sacrificing performance.
- Security refers to the protection of the system from attacks and manipulation.
The trilemma is like a three-way teeter-totter. Improvements in one area come at the expense of another. The visual below does a great job of using blockchain brands to illustrate the trade-offs.
Ethereum has about 500,000 validator nodes, and Bitcoin clocks in at about 12,000. They are both high on decentralization but struggle to scale efficiently.
Ripple is excellent with scaling, but the tradeoff is less decentralization, with about 150 validators. Stellar touts security based on a highly centralized chain run by 3 top nodes coordinating with 63 others. As we’ll see in another graphic below, it is harder for centralized chains to deliver on security because they lose the natural protection of a more distributed network.
Blockchain and Web 3 companies are working on improving blockchain security and mitigating the trilemma. Blockchain security measures include encryption, multi-factor authentication, and distributed consensus algorithms.
Is Blockchain the Security Silver Bullet?
So is blockchain the answer to centralized database security issues? The high-profile crypto hacks of the last few years vote a big fat ‘No.’
However, if you look beyond the clickbait headlines at what is causing these breaches, you find that, like most powerful tools, blockchain doesn't cause the damage; people do. Techopedia goes so far as to say that blockchains can’t be hacked. MIT begs to differ.
What is clear is that “blockchain-adjacent” processes are hacked with distressing regularity. For example, the chart below shows that most crypto hacks resulted from weaknesses originating off-chain or as the result of watering down decentralization.
Until 2021, centralized services were the leading sources of crypto losses. Fewer nodes and more top-down control take us back to centralized land, which is ironic because it undermines the original motive for developing blockchain - an alternative to the security drawbacks of centralized ledgers.
DeFi protocols present a different type of risk. Hackers try to exploit vulnerabilities in the smart contracts that underlie the protocols.
Smart contracts are programmed to execute automatically (self-executing) when certain conditions are met. Smart contract attacks are a substantial concern for blockchain safety. If hackers can exploit a flaw in the code, they can execute malicious code that results in significant losses.
Which Blockchains Are the Safest?
Blockchain safety and security depend on several factors, as different blockchains have unique use cases, security features, and vulnerabilities. Bitcoin, the original blockchain, is aging well with a reputation as one of the safest blockchains. Companies like Algorand are innovating to overcome the blockchain trilemma tradeoffs.
A general leading indicator of security is still the number of validators. In January 2021, Coin98 posted this graphic comparing some popular Layer 2 blockchains, along with the tweet, “The more validators, the more secure the blockchain.” By the way, this is not a complete list.
Cryptocurrency wouldn’t exist without blockchain’s innovations in security and reliability. Regardless of which blockchain power your assets, if you participate in the crypto space, ZenLedger can help you organize your transactions and compute your tax obligations each year.
This material has been prepared for informational purposes only and should not be interpreted as professional advice. Please seek independent legal, financial, tax, or other advice specific to your particular situation.