Blockchain Security Nightmare is Real despite Positive Uptake Forecast

Image: summerphotos/iStock

Blockchain is expected to see increasing uptake in Asia Pacific, reflecting growing confidence in the technology.

However, tech experts point out that the technology—unlike what its evangelists have pitched— is not 100% unbreakable.

IDC expects blockchain solutions spending in Asia/Pacific excluding Japan (APEJ) to reach nearly US$523.8 million in 2019, an increase of 83.9% from the US$284.8 million spent in 2018.

In addition, the advisory firm forecasts blockchain spending in the region to grow at a robust pace over the 2018-2022 forecast period with a five-year CAGR of 77.5% and total spending of USD 2.4 billion by 2022.

IDC said banking, securities and investment services, and insurance industries will invest US$294.8 million combined in blockchain solutions this year.

The manufacturing and resources sector, driven by the discrete and process manufacturing industries, and the distribution and services sector, led by the retail and professional services industries, are forecast to see blockchain spending of US$95 million and US$90.6 million respectively this year, IDC added.

The infrastructure sector will see the fastest growth in blockchain spending over the 2018-2022 forecast with a five-year CAGR of 99.6%, followed closely by the distribution and services sector with a CAGR of 83.0%, the firm noted.

Blockchain is not as secure as thought

Despite the expected increase in investment in the technology, there are security issues that enterprise adopters must understand.

“While the core of blockchain is secure, distributed applications are not! And this is causing problems,” said John Kirch, chief evangelist, Uppsala Security.

The hacking of wallets – Mt Gox (Japan, 2014), Bitfinex ( 2016), Gatecoin (Hong Kong, 2016), Youbit (Russia, 2017), Liqui (Ukraine, 2017) and Coincheck (Japan, 2018) – validate this assertion.

Last month, Singapore’s DragonEx was added to the roster of victims.

However, wallets and exchanges are not the only ones vulnerable to attacks.

The blockchain network itself can be attacked

Some of the risks facing the blockchain network itself include the often heard Distributed denial of service (DDoS) and the altering of a transaction ID.

In addition, virtual machines, as in the case of the Ethereum Virtual Machine, are also at risk from things like bugs in access control, cryptocurrency lost in the transfer, immutable defects, and short-address attack.

Blockchain security underdeveloped

Uppsala Foundation, to be renamed Sentinel Protocol, was created on the recognition that security of the blockchain remains underdeveloped. The company utilizes what it refers to as collective intelligence system to perform threat analysis.

Information is stored in what it calls a Threat Reputation Data (TRDB), security experts and vendors are compensated when they contribute to building the TRDB. It adds on preventive security measures such as machine learning for behavior modeling and cost-effective distributed sandboxing.

Narong Chong, head of operations at Uppsala Security, said the term collective threat intelligence is because contributors provide intelligence, they build a reputation, and are rewarded for contributing to the intelligence.

Chong acknowledged that most of today’s security information is stored in proprietary databases kept by vendors and end users.

And while there is some sharing in some communities, what is shared is often a limited subset of the total stored, and more important, it isn't subject to governance – no audit is conducted to check for validity.

More on blockchain security: click here.


Allan Tan contributes to this story.