Decentralization of everything, the great new idea of which the web can’t stop babbling, might still seem a bit utopian if you inspect it closely.
Yes, blockchains are likely to reshape our economy, or a huge part of it, and benefit considerably those who are currently unbanked.
They might also facilitate the creation of rating/reputation systems that are not controlled by any single entity and thus allow people (say Uber drivers who’d like to work for Lyft) to switch employers without having to establish their credibility anew.
They might give users complete control over their assets; protect them, to a degree, from being robbed and provide tools to sustain privacy even when a state-level actor – a bank or a government – is after their identity.
But before these things start to happen the issues of privacy and security, which are currently pressing on blockchains, must be dealt with.
In this article, we’ll discuss how some major networks are trying to tackle the problems of safety and dispense advice to those using decentralized ledgers as to how to keep their assets protected at all times.
Let’s get started!
The concept we should introduce first before we proceed to talk about security is that of digital wallets.
In layman’s terms, a wallet is a software program in which public and private keys are stored. After accessing it, one could manage the crypto assets it contains, and carry out, seamlessly, all sorts of transactions.
Currently, there are four types of digital wallets in the blockchain ecosystem – desktop, web, mobile, and hardware ones. And to protect them, users encrypt the wallets with long, complicated passwords.
In 2011, a member of bitcointalk forum (someone “allinvain”) wrote a panicky post – a cry for help – to his fellow forum members after finding out that he’d been hacked and robbed of 25,000 BTC (which now, in October 2017, would be worth about $150m).
Evidently, the attacker had managed to gain access to allinvein’s PC and had, somehow, emptied out his digital wallet. He (or she) had either sent the transaction directly from the victim’s machine or copied the wallet.dat file and ran it from his (or her) own.
Another noteworthy theft was reported on the Bitcoin subreddit. The user, asoltys, was fairly careful with his blockchain.info wallet, so it came as an utter shock to him to discover, one day, that 160 bitcoins had been stolen from it.
The vulnerability that made the theft possible lay with blockchain.info mobile app; it had to do with the user’s rooting his Android phone.
Generally, when one attempts to enter their blockchain.info wallet (from a desktop computer) they are asked to type in two passwords – a long one (16-20 digits) to access the entire wallet, and a shorter one (typically 8 digits) to get ahold of private keys.
However, since typing lengthy passwords is tiresome on a smartphone, the wallet app will often have it memorized, and only require you to enter the second one.
Therefore, if someone hacks into your phone, the one that’s been rooted, they might find out where the main password is stored and decrypt it. Afterward, they can crack the second PIN code (hackers often use GPU or cloud-based computing clusters to brute force an 8 digit password promptly) and gain complete control over your wallet.
_ A few smart contracts on Ethereum, the second largest blockchain in the world, were attacked as well.. _
Ethereum isn’t just a cryptocurrency. It is also a platform on which one could build decentralized apps.
The software that’s hosted on the network, therefore, must be designed impeccably: its code must contain zero vulnerabilities. Or else, it’s bound to fall prey to clever attackers.