eDiscovery Daily Blog

Is Blockchain as Secure as People Think? Maybe Not: Cybersecurity Best Practices

As you may have seen yesterday, Tom O’Connor has written his latest terrific informational overview series for CloudNine about blockchain that we will be covering in a six-part series over the next couple of weeks.  Not to steal any thunder, but Tom’s article will cover things like the advantages of blockchain and its impact on legal technology and eDiscovery.  One advantage that a lot of people have been saying about blockchain is the idea that it’s essentially “unhackable” from a cybersecurity standpoint.  That may not actually be true.

According to the MIT Technology Review (Once hailed as unhackable, blockchains are now getting hacked, written by Mike Orcutt – hat tip to Rob Robinson’s Complex Discovery blog for the link), hackers have stolen nearly $2 billion worth of cryptocurrency since the beginning of 2017, mostly from exchanges, and that’s just what has been revealed publicly.

Last month, the security team at Coinbase noticed something strange going on in Ethereum Classic, one of the cryptocurrencies people can buy and sell using Coinbase’s popular exchange platform.  An attacker had somehow gained control of more than half of the network’s computing power and was using it to rewrite the transaction history. That made it possible to spend the same cryptocurrency more than once—known as “double spends.” The attacker was spotted pulling this off to the tune of $1.1 million (though Coinbase claims that no currency was actually stolen from any of its accounts).  The so-called 51% attack against Ethereum Classic was just the latest in a series of recent attacks on blockchains that have heightened the stakes for the nascent industry as a second popular exchange, Gate.io, has admitted it wasn’t so lucky, losing around $200,000 to the attacker (who, strangely, returned half of it days later).

As the article notes, blockchains are particularly attractive to thieves because fraudulent transactions can’t be reversed as they often can be in the traditional financial system. Besides that, we’ve long known that just as blockchains have unique security features, they have unique vulnerabilities. Marketing slogans and headlines that called the technology “unhackable” were dead wrong.

The article concludes by noting that, while blockchain technology has been long touted for its security, under certain conditions it can be quite vulnerable. Sometimes shoddy execution can be blamed, or unintentional software bugs. Other times it’s more of a gray area—the complicated result of interactions between the code, the economics of the blockchain, and human greed. That’s been known in theory since the technology’s beginning. Now that so many blockchains are out in the world, we are learning what it actually means—often the hard way.

When this article came out last week, Tom and I discussed whether to reference it in his already completed paper – ultimately, we agreed to let me cover it here.  One thing that Tom’s article makes clear is that we’re still learning a lot about blockchain and its capabilities and this article certainly reinforces that notion.  Do your homework!

So, what do you think?  Are you surprised by this indication that blockchain may not be “unhackable” after all?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.