Pentagon Report Outlines Blockchain Vulnerabilities

Share post:

A Pentagon-commissioned report has revealed some hard security truths about the blockchain, including the position that the blockchain is not decentralized, highly vulnerable to attack, and run on outdated software.

The Pentagon’s research arm, Defense Advanced Research Projects Agency (DARPA), hired Trail of Bits, a security research organization, to study the blockchain.

Trail of Bits focused on Bitcoin and Ethereum and discovered that it only takes four entities to disrupt Bitcoin and only two to disrupt Ethereum.

To analyze the challenges of Bitcoin security, the researchers from Trail of Bits registered multiple accounts with mining pool sites to study its code when available.

Security flaws discovered during the process include the fact that ViaBTC, a leading global mining company, assigns the password “123” to its account. Pooling, another mining company, does not even check the login credentials. Slushpool, a mining company that has mined more than 1.2 million Bitcoin since 2010, instructs users to ignore the password.

The three mining companies account for about 25% of the Bitcoin harsh rate, or total computer performance, and their security incompetence expose organizations and individuals to a high risk of cyberattacks. This is because the nodes used by crypto miners can easily be used to flood the network in a so-called Sybil attack using an inexpensive cloud server.

Another security problem in the blockchain is the use of older versions of software that cause software errors and bugs. Software bugs have already caused blockchain errors in Ethereum, and 21% of Bitcoin nodes run on older versions of the notoriously vulnerable Bitcoin Core client known to be vulnerable.

The sources for this piece include an article in TechRepublic.

SUBSCRIBE NOW

Related articles

Rogers CEO Faces Grilling Over Mid-Contract Price Hikes, Customer Complaints

Rogers Communications CEO Tony Staffieri testified before a Parliamentary committee Monday, facing tough questions about mid-contract price increases...

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

OpenAI’s Text-to-Video Generator Leaked by Disgruntled Artists

A group of 16 artists has leaked OpenAI's unreleased text-to-video generator, Sora, accusing the $157 billion AI company...

Who Owns Your Social Media Accounts? Elon Musk Says YOU Don’t. Hashtag Trending for Thursday, November 28, 2024

Can AI help accelerate renewable energy projects?  Artists leak OpenAI’s New Video Tool In Protest, and Who really...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways