Paper-cuts are not as serious as snake-bites. We know that. Speaking of security, forks are not as scary as knives. That. We don’t know yet.
It was not supposed to happen this way; but then, when does life (and technology) work on suppositions! Humans – genius-clever-brave-rebellious humans – had gathered around the capsule. Some shuffled their feet as the first cut was made. Some cringed and shut their eyes as the needle made its way in and out for a stitch. Some smiled as the body whirred back to life with a new sound. The inimitable and iron-clad creature had just been operated upon. As the surgeons moved out of the room, a few eyes stayed peeled on the creature. Timid and worried, they mumbled to each other.
“But wasn’t this species designed to never change in any way?
“Were the mutations necessary?
“What if these new genes make a Frankenstein of it?”
“The left side will function differently and the organs on the right side will not interfere at all? How will that even work?
“Forget that. Didn’t you see, we opened its lamination! God knows what viruses slid in before we sealed it back!”
Their audible thoughts were interrupted with a firm knock on the door. It was time to step out and hope everything will stay smooth. And safe.
Forks – not just a stubbed toe
Making a fuss over slight changes in weather is every neurotic’s right. And often, they are not without a fair argument. No one knew that the impregnable world of blockchain would one day have its own share of threat predictions and Houdini-style hacks. And yet here we are, in 2019, past a string of Exchange-burglaries, cryptomining malware, wallet thefts and what not.
We have a McAfee Blockchain Threat Report warning the industry well – “Without a clear understanding of where the risks are you may place undue trust in your blockchain implementations. As we’ve seen, mistakes are easy to make. Users are even harder to control and can negatively contribute to the risk. We need to learn from recent events to make better decisions for securing our technologies for tomorrow.
Even Checkpoint’s 2019 Security Report, Cyber Attack Trend Analysis highlights how Jenkins Miner, RubyMiner etc. were prominent threats to reckon last year; with over 20 per cent organizations impacted by cryptojacking malware every week. “A year after they took the world by storm, cryptominers show no intention of slowing down soon. New, sophisticated malware families keep integrating mining capabilities to their code …” When top malware charts of 2018 show cryptomining malware with a global impact of about 40 per cent – then it is not paranoid to get worried about what comes next
No one expected the well-cemented world of cryptocurrencies to have any dents; and yet we have a year pockmarked with attacks. And forks, or upgrades to the protocol, are going to be good excuses for the jittery ones to reach for the sanitiser every 15 seconds. Have we built better immunity or more fragility by going for hard and soft forks?
MRI Machine for a headache?
Upgrades may be a waste of panic. Or not. After all, the security of a blockchain hinges on certain assumptions – like the contribution to the network, the ‘hash rate’ is distributed well allowing no one entity or collaborative group to process more than 50 per cent of the network at any time.
What happens then when forks, specially contentious ones, lead to a reshuffling of developers and miners? Or what if double spending becomes easy (if not after or because of, then at least, during a fork) so that the same coin can be spent multiple times and leave one receiver empty handed? Don’t we need to learn about the risk of smaller coins and chains from what we saw with Verge or Krypton.
Also, would internally-developed chains or side-chains be inherently vulnerable to lack of honest nodes – another underpinning or assumption of a blockchain’s security?
If not anything else, two immediate and proven fear-bullets are worth sweating a bit over:
- Pick-Pocketers in a stampede or in a small alley:
The transition phase from old fork to new upgrade takes time – until everyone gets to wrap their heads around the big change. This can be a ripe window for hackers to aim for weak or clueless wallet-users and exchanges, specially centralized ones. Also, while implementation vulnerabilities (the Bitcoin wiki has a list of Common Vulnerabilities and Exposures related to official tools) – which are commonly discovered and fixed after release – have seen a slow-down in discovery. But the area of community and third-party tools is still a question-mark. Recall the zero-day exploit struck PyBitmessage (Feb 2018), a peer-to-peer message transfer tool that mirrored the currency’s block transfer system. Smaller communities and fewer resources, as seen in mid-July 2017 with Iota, can also get susceptible to coin-theft.
Plus, when users are claiming a hard-forked coin or rearranging money after a fork or emptying money from earlier wallets, there is a new vulnerability open from the exposure of private key information needed for the claim. If not that, at least, there is a risk of financial privacy coming under the paper-shredder.
- Confusion and Duplication:
Double-spending and hash-collisions are not easy to ignore – even if they are just a theory-threat. Someone rightly reminded the golden rule of cryptography ‘Don’t create your own crypto’ when the need for extra care for any customized code (or changes to crypto-related functions) was highlighted. Forks and upgrades have to be heavily vetted prior to production, specially when we are talking about a quintessentially-decentralized community like blockchain. When forks themselves are full of friction and endless debates, these worries can get amplified. The migrations from MD5 to SHA- 1 to SHA-256 hashing and Verge development are substantial examples of the need for good-production-readiness here. As experts from Digital Asset Research have cautioned, “Context and timing is key when it comes to forks.” More so, with changes which are both drastic and sudden.
To add to this, there is possibility (if only on paper for now) of pre-mining coins or replay attacks that can use duplication for minting money at the cost of others. If no ‘replay protection’ is in place, then transactions involving the transfer of the original blockchain’s coins are valid on both chains, and hence a loop-hole for hackers to maliciously replay this same transaction on the new forked blockchain opens up.
No Rachel, you don’t look fat in a X-Ray
Thankfully, no major alarm or damage has transpired from the forks done so far. It could be again, courtesy of the underlying strength and community diligence that blockchain has been endowed with. In fact, even online debates on ‘whether miners can possibly steal SegWit transactions on The Real Bitcoin?’ had answers telling – “ …sure, you could hard fork and steal coins spent in Segwit transactions, but no one would care because it would be a hard fork and it would just become another altcoin that no one ever thinks about.”
Another interesting safeguard that came up is how miners are incentivized to not hard fork and steal coins. But these online ping-pongs also have people wondering about the short-term, as well as long-term, security of both chains since the hash power is spread to two chains and there is a negative effect on value that can ensue. As one comment stirred it up well- “… a project fork would throw the community into turmoil. Some developers might leave, some companies may be bankrupted, lots of users would lose money. The community would have to reorganize, work on governance, work out new goals, and rebuild teams. Blocks will slow down due to hash power splitting to two chains…”
And then there are broader questions, as this one put by Jannes: “Why would anyone trust a system whose fundamental rules can be changed by a simple minor majority? What kind of “digital gold” guarantee is that?
Or tweets like this that make anxious users bite well-manicured nails: “An SV miner can even legally kill off a chain. That is the miner’s right,” A Chief Scientist from nChain also underlined the importance of economic incentives instead of the so-called Maths as the real carrot for miners to stay honest. Not using replay protection as the real test of ‘honest majority’ can be good for one chain’s sturdiness-check but can be a panic-moment for users. The scientists here also cited other threats like poison-block attack, denial-of-service attacks, network-partition attacks, and zero-day exploits as important areas of concern.
So far, the waters are calm – except for some storms in some tea-cups. As Sanjay Katkar, CTO, Quick Heal Technologies reassures, “Software upgrades only make the chain more secure. Whatever comes later is always more strong and better-equipped. There is no concern during transition as well – thanks to the way the software is designed. The old will go on as usual and the new will be more secure.” He, however, avers that developers opting out can be a challenge given the open and distributed nature of the blockchain. “The more developers, the better it is for security as well.”
Nevertheless, it never hurts to watch out for what’s possible and be prepared. The surgery is done. The creature has no major signs of alarm – no wobbly feet, no weird noises, no strange burps.
Maybe if we stopped looking for missing canaries. But for cats that have eaten them. Or for dogs that don’t bark.