Just as investors are pouring money into cryptocurrency and its infrastructure, the blockchain, hackers are preparing their attacks on such technologies – once thought of as hack-proof.


Important Details:  Several methods of attack on cryptocurrencies (most notably on bitcoin) have already circulated  around the hacker community.  Essentially, cryptocurrency is  safeguarded by mining – a process that creates data blocks that enable identification of “good” and “bad” transactions.  These  transactions, however, operate on prioritization, an assessment based on the level of work performed on a blockchain.  By manipulating  such prioritization, a hacker can choose which transaction will be  “accepted,” and which will not.

The second method of attack is for the hacker to foul with the block history:  Changing the time of creation to some point in the past.  This enables the attacker to possess a majority of the network control, which, in turn, could allow the perpetrator to overtake the other  chain.  In such cases, a hacker has freedom to reverse the status  of transactions from “bad” to “good,” and vice versa.

The third method of attack is for a hacker to take over a victim’s neighboring data nodes – essentially surrounding the victim’s node and controlling all its incoming and outgoing data, with the ability to feed it false data or to hinder outgoing data.  The attacker will also be  able to identify all transactions sent by the victim’s node.

To summarize, while attackers cannot steal or reroute other people’s money, they can prevent transactions from getting to the blockchain by canceling old transactions or reversing canceled transactions.

William Jan, Outsell’s VP & Lead Analyst has commented recently in an Outsell Insight about the implication of such developments:

Regulators have long warned [1]  against the transacting and the trading of cryptocurrencies.  Though the motives may be to protect the global treasury departments, the  potential widespread hacking of cryptocurrencies may have just created  more skepticism around the viability of digital currency and its  blockchain protocol.  Only recently, Tokyo-based Mt. Gox was the “king” of bitcoin exchanges until it imploded.

In 2013, it was handling 70% of the world’s bitcoin transactions, until it was not able to address an  influx of regulatory requirements, trade volumes, and subsequent  lawsuits in 2014 that led to its collapse.  So cryptocurrency has  had, and continues to have, a rocky path.

On the other hand, the venture capital community is already vested heavily in the future of blockchain technology [2], with hopes that it will truly disrupt the world of payments,  e-commerce, and accounting.  As such, precautionary measures (investments) against the potential attacks will be mission-critical as  this nascent network platform takes on a new life in the coming years.   For IT governance, risk, and compliance (GRC) management providers,  such as RSA Archer [3], BWise [4], and MetricStream [5],  this presents a new opportunity to focus on information security beyond  the traditional consumer and commercial data protection business.

Finally, the biggest barrier to general adoption of cryptocurrency and blockchain protocol has  always been fear of the unknown.  And the fact that such technology is no longer viewed as hack-proof will only serve to perpetuate that fear.   The real opportunity here is for providers of cryptocurrency technology and services to offer education / resource portals to lower  such barriers to adoption.

Links contained in this article:







Link to this Insights article:

Email William Jan about this Insight®2015

Courtesy:  William Jan VP & Lead Analyst, Outsell Inc.