"New DARPA-Funded Blockchain Study Points Out Exploits of Security"
According to a recent study by consulting firm Trail of Bits, supported by the US Defense Advanced Research Projects Agency (DARPA), blockchains are not impenetrable despite claims to the contrary and can be compromised using unethical methods. Blockchains and other forms of distributed ledger technology are becoming more common, but researchers found that the security that was assumed to be offered by these systems' lack of centralized control and claimed imperviousness to change was not all that it seemed. Malicious actors had other ways outside simply altering the characteristics of a blockchain's implementation, networking, or consensus protocol, even when the cryptographic components of the systems were more or less secure. The DARPA program manager overseeing the study, Joshua Baron, said the findings demonstrate the need for a thorough evaluation when assessing emerging technologies, such as blockchains, as they expand in society and the economy. The report covered the core characteristics of blockchains and looked at the cybersecurity risks that come with them. The holistic study revealed that some Bitcoin nodes constitute a weak link. Crawls of the Bitcoin network revealed that 21 percent of nodes are using a vulnerable outdated version of the Bitcoin Core client. While software flaws can result in consensus failures, researchers showed that overt software changes could also affect the blockchain's current state. Therefore, the central point of trust in the blockchain system—its core developers and maintainers—is vulnerable to targeted attacks. The report's authors pointed out that a small group of blockchain participants could gain excessive, centralized control over the entire system. This article continues to discuss the DARPA-supported study on blockchain security.