Skip to main content

Blockchain Security Flaws Prompt Concerns Over Readiness for Enterprise

Much of the reason why blockchain has become one of the (un)official buzzwords of 2018 is the enticing lure of its “immutable smart contracts”—theoretically offering the kind of security and transparency that can decentralize many enterprise functions for the greater good and usher in a new and improved way of doing business.

But to date, blockchain—the distributed ledger database technology that powers nearly all cryptocurrencies—has been plagued by one security breach or flaw after another, prompting questions over its readiness for “primetime” even as some of the world’s largest companies invest significant dollars in incubators, accelerators and research groups aimed at developing a business-ready blockchain.

IBM notably spent $25 million on blockchain for a supply chain and food safety application used by Walmart and others, and partnered earlier this year with Maersk to form a new company that will rely on blockchain to power its shipping platform. Alibaba is using the tech to manage its sprawling logistics operations, and Amazon recently announced that Luxoft is one of six firms providing consulting services for enterprises that want to use the Amazon Web Services cloud to adopt blockchain in their business.

“Blockchain is about removing data silos, improving trust and operational efficiencies,” said Vasiliy Suvorov, vice president of technology strategy at Luxoft. “By using AWS to deploy and integrate [distributed ledger technologies] into day-to-day processes, businesses can revolutionize how they operate.”

Despite the excitement over blockchain, it’s hard to ignore some of the concerns that have emerged over a technology some hail as a cure-all to business as usual.

Related Stories

Above all, there’s no such thing as blockchain, which is better described as a technology concept that can be realized in many ways, Forrester Research principal analyst Martha Bennett wrote in the “Blockchain Technology: A CIO’s Guide To The Six Most Common Myths” report.

Taking aim at the essence of blockchain, the report indicates that smart contracts might not be such a great idea after all.

“A smart contract that doesn’t function as intended is clearly undesirable, whether it’s because of a bug or because the underlying business rules were captured incompletely or incorrectly,” according to the report. “Then there may be situations when it’s mandatory that a record is completely removed from a blockchain.”

Bitcoin and blockchain naysayer and tech journalist David Gerard arrived at the same conclusion in his book, “Attack of the 50 Foot Blockchain: Bitcoin, Blockchain, Ethereum & Smart Contracts.”

“Computer code maps very badly to real-world legal agreements, where the hard part is not normal operations, but what to do when things go wrong,” he wrote. “Immutability means you can’t fix problems, programmers need to write perfect bug-free programs first time every time, and the contract can’t be updated if circumstances or laws change; if the contract acts on real-world data, that data will often need human interpretation.”

The purported “finality” of blockchain is of particular concern where virtual currencies are concerned. Stringing together individual blocks into a chain might make sense most of the time but one wrong move can yield disastrous results, such as high-profile Ethereum disaster in which the Parity bug evaporated $200 million in value (estimates vary) in the blink of an eye. An honest mistake by a rookie developer, and poof! Crypto down the drain.

New research conducted by a team of British and Singaporean students recently uncovered yet another number of flaws in smart contract security, raising fresh concerns about the state of blockchain security. Analyzing close to 1 million smart contracts, the team discovered more than 34,000 contained vulnerabilities, and were able to exploit 86 percent of a subset. They described various vulnerability levels: some took over and tied up crypto funds indefinitely, others leaked funds to unauthorized users and still another vulnerability “killed” or wiped out funds altogether.

Considering that blockchain is being touted for healthcare records, supply chain management, financial data and more, this scenario is nothing short of frightening.

However, many believe that blockchain is still in its infancy, akin to the World Wide Web in the early 1990s when no one could imagine just how much it would change the world.

Still, though, will blockchain ever truly materialize or will advanced centralized databases suffice?

“To really leverage the potential of blockchain-based networks, we need a new, potentially radically different, approach to how processes are run in both the public and private sector, leveraging technology that’s scalable, secure, and usable, supported by laws and governance frameworks that are fit for purpose,” Bennett concluded.