The inherent quality of blockchain technology is to allow people to share important data or transaction details over a shared network without comprising on its security, indelibility or transparency. Blockchain networks use higher order mathematical calculations and complex software combinations that are protected against attacks by intruders. However, no matter how sophisticated the level of encryption, there’s always a possibility of human beings undoing the technology fashioned by their fellows, to break in and steal data.
To answer the question the title seeks to ask, we must unravel the different layers of this problem. The very first layer would be understanding how the security of blockchain functions in the first place. In a blockchain-powered ledger, transactions are updated and these ledgers have copies on a significant number of “node” computers, participants in the network. Every time some data is updated, the nodes confirm the validity of that particular update or transaction. Across different networks, different kinds of consensus models such as the Proof-of-Work, Proof-of-Stake etc. are utilized to make sure the transactions are validated quickly and efficiently without the need to involve every single node in the network in every instance. The agreement on shared information and the cryptographic identity that sets a block apart from another, ensures that the security of a blockchain network is tightly strung. Each block carries an imprint of the previous block’s hash value, which much like a fingerprint, is absolutely unique. This internal linking and chaining adds an extra layer of security to the system. All these security features make a blockchain network theoretically immutable.
However, as researchers at the Cornell University have figured out, participants can end up fooling other nodes by confusing them enough to waste time on re-solving completed cryptographic problems. Further, an eclipse attack might also compromise the security of a network, taking over just one node and beguiling it to validate false information that looks like it is coming from the remaining nodes in consensus but is actually a sham. Moreover, blockchain’s linkages with the external elements such as third-party applications and software clients often represents a point of security breakdown. Hackers often crack the codes of internet-connected wallets that store private keys of a crypto owner. Even when wallet providers keep the coins in “cold-storage”, or storages deprived of internet access, scams continue to plague the crypto world, making headlines for stealing cryptocurrencies worth millions every other week.
Another aspect which was meant to inject greater convenience into the blockchain network, involves “smart contracts” that helps to automate transactions based on pre-set stipulations. However, this technology often has loopholes that the hackers are quick to take advantage of. In 2016, a gap in a smart contract loaded on to the Ethereum blockchain left to the theft of $80 million worth of Ether tokens from a DAO (Decentralized Autonomous Organization). This forced the network to undergo a hard fork to reverse the damage. While researchers and developers are continually trying to make the technology foolproof, we can hardly be absolutely certain.
Another guarantee of blockchain’s supposed security element is the decentralization aspect which requires a number of nodes to agree on how the network would process data. However, as we have seen in both Bitcoin and Ethereum, the top two networks of the market, mining pools can often aggregate the role of several nodes to acquire majority power. For example, a recent study revealed that the top four mining pools controlled 53% of Bitcoin’s mining capacity and the top three in Ethereum controlled 61%. While certain alternative consensus models, such as the delegated proof of stake (DPoS) can help work around such problems, these solutions have not been scaled enough to ensure success. The question of having permission-based networks where users need admission rights also raises a number of questions about who gives the permission and how it is given.
As Neha Narula, the director of MIT’s Digital Currency Initiative says,the concept of blockchain security is a largely interpretive and perhaps a little elusive one. Blockchain is secure, yes, but we perhaps will never know if it’s secure enough.