In May 2018, security researchers discovered vulnerabilities in the blockchain-based EOS platform. EOS is a cryptocurrency token and blockchain that claims to operate as a smart contract platform for the deployment of decentralized applications and a decentralized autonomous corporation. The vulnerability could potentially provide attackers with remote control over participating blockchain nodes — the computers that make up the distributed blockchain network. The vulnerability was first identified by 360 TotalSecurity, a Chinese security company.
In that post about the vulnerability, the company reported that conventional flaws in software can be used for cyberattacks and lead to data and privacy leakage. The cryptocurrency itself forms a complete financial ecosystem. Any flaws within cryptocurrency or blockchain network can cause more severe and significant impacts to online users. The post added, “Due to the decentralized computing architecture, a security hole in a single blockchain node can compromise the whole network. DoS (Denial of Service) attack that is considered with least impact in software industry can be huge in the blockchain ecosystem since everything in the system is connected and self-replicating.”
Earlier this year, in January one of Japan's largest digital currency exchanges acknowledged that it had lost some $534 million worth of virtual assets in a hacking attack on its network. Coincheck froze deposits and withdrawals for all cryptocurrencies except Bitcoin as it assessed its losses.
Starting to get the picture? Security is a problem for blockchain. Not that it is any more insecure or any more vulnerable than any other platform.
Elsewhere, Santa Clara-based McAfee, the device-to-cloud cybersecurity company, released research earlier this month detailing the numerous cybersecurity risks associated with blockchain-based cryptocurrencies, and asserts the necessity of making cybersecurity a top priority as industry builds out the foundations for the widespread implementation of blockchain technologies. The research titled McAfee Blockchain Threat Report points out that as the blockchain technology market is expected to reach $9.6 billion by 2024, there are tremendous potential for cybersecurity risks that could threaten this technology’s rapid growth and its quickly expanding pool of adopters. According to the McAfee report, attackers have aggressively sought to take advantage of the rapid adoption of cryptocurrencies and the early adopters who use them. McAfee sees this activity in four key attack vectors. They include phishing or fraud schemes, malware, implementation exploits, and technology vulnerabilities.
However, if security is one problem for blockchain there are other obstacles to adoption some directly related to security, others to do with problems of scale, others to do with adaption. In fact, over the past couple of weeks and following contact with many blockchain companies we were able to identify 10 drawbacks that organizations need to consider before investing.
Related Article: Blockchain: 10 Questions To Ask Before Diving In
1. 51% Attack
The 51% attack implies that if more than half of the mining hashrate (computing power) of a blockchain is controlled by a malicious party, they get to choose what transactions go through, according to Brian Ng, a blockchain developer and economist at New York City-based Canary Network, a research firm providing analysis into blockchain and crypto-assets.
For hackers, the key beauty of permissionless blockchains is anyone can run a node, small cryptocurrencies can be brought down with adequate manpower and financial resources. Small cryptocurrencies like ZenCash and Bitcoin Private have already been successfully attacked, allowing wallets to double spend transactions. This is partly the reason behind bitcoin community’s worry about China’s domination, (they control 45% of hashpower) along with mining companies like Bitmain and Nicehash, in the bitcoin mining space.
2. Smart Contracts
Another area of concern, according to Ng, are smart contracts. Smart contracts are programs that distribute transactions according to a predetermined set of rules. They allow for capital or data to be distributed across parties in a manner that none of them can renege on. Currently, smart contacts added to the blockchain are immutable. And if there are flaws in the code that may be exploited by hackers, they will remain unless migrated to a new contract, which is a painstaking process. Major hacks — including the DAO hack and the Parity multisig wallet attack — have proven difficult to recover from, resulting in huge losses for Ethereum.
Related Article: Will Blockchain Disrupt ECM or Is it Just a Lot of Hype?
3. Secure Data Storage
Crystal Stranger is an author of The Small Business Tax Guide and a co-founder of El Paso, Texas -based PeaCounts. She said that one of the major limitations of blockchain is that most blockchains are public ledger systems and there are certain applications with private data that cannot legally be stored on a public blockchain. This is ironic because data is more secure on a distributed storage system.
However, consumers are not comfortable with this application yet, and laws prevent this for certain types of data such as financial or health data, or any personal data that could be subject to GDPR in Europe. Thus, many companies use blockchain just for hashing the location of the data and then store the actual data on centralized servers.
4. Legacy Infrastructure
Jon Underwood is CEO of Portland, Ore.-based seedpay, a blockchain based digital payment solution for micro-retailers and underbanked businesses. He said for organizations to really benefit from blockchain they need new infrastructure. Legacy infrastructure is a major limitation for blockchain. "Industries like payments, insurance, real estate, banking, identity all operate on legacy systems. There is a significant investment of both time and capital to create a new infrastructure let alone get people to use it,” he said.
Related Article: Blockchain Makes Inroads in the Enterprise at Consensus
There are a lot of third parties making significant amounts of money from the current infrastructure in place. Asking people to change the way they do business and cut out their trusted advisor is a big ask. These middle men include, credit bureaus, banks, processors, security services, consultants, associations, etc. Entire industries are built around the need to provide guidance and assurance for the largest service based industries.
The current cryptocurrency landscape has created a lot of confusion and mistrust. The sheer number of cryptocurrencies, ICOs and scams have eroded the credibility of potential blockchain solutions. The misinterpretation of the importance of cryptocurrency to blockchain technology is not clear.
7. Scaling Limitations
Alluminate is a blockchain services and investment company based in Washington DC. Luke Bateman is responsible for marketing and community at the company. Blockchain, he said, has a wealth of potential for a variety of industries, but it finds itself challenged most heavily by scaling issues that are not unlike the early days of the internet.
Distributed systems are inherently unwieldy at scale, creating several new issues that can offset the solutions promised by the new tech. While tech often progresses at exponential rates, consumer appreciation for emerging solutions can lag, creating a bad market-fit.
8. Throughput Speed
KillianMcGrath, co-founder of Las Vegas-based Unhashed, an education resource for those interested in blockchain and cryptocurrencies, told CMSWire, that the most obvious current limitation of blockchains is their limited throughput. The more decentralized a blockchain is, the more its transactions per second (TPS) typically suffer. For app developers looking to build on top of an existing public blockchain, they're unlikely to find one that's sufficiently decentralized and can also handle their long-term throughput needs.
“Fortunately, the future looks promising as numerous projects are all aiming to solve these issues of scalability,” he said. One of the most promising approaches to scalability is sharding. Sharding divides the network of a blockchain's nodes into smaller sub-networks, capable of performing computations in parallel. Zilliqa, which claims to be the first blockchain to implement sharding, expects throughput to increase as nodes join the network. It is just one of the promising projects working to make blockchains more feasible for app developers.
9. Legal Complexities
Morvareed Salehpour is managing partner at Salehpour Legal Consulting, a Los Angeles law firm that gives legal advice to start-ups and entrepreneurs. She points out that with blockchain resolution of disputes will be more complicated as issues relating to jurisdiction, liability, and enforcement with respect to transactions occurring on a decentralized system are much more complex than with standard transactions.
For example, jurisdictional issues are made more complex because blockchain based transactions could arguably be subject to the jurisdiction and laws of every country where a node is physically located. This creates a mess of laws and regulations (potentially conflicting) that would apply to transactions on the blockchain which muddies legal disputes and drives up costs associated with litigating them.
10. Illegal Content
Another limitation of blockchain is that inclusion of embedded illegal materials (a copy of which all node operators are forced to keep) creates potential liability for blockchain node operators and thus, threatens blockchain integrity as the node operators are faced with the choice of being subject to liability or forced to delete the unlawful content.