It's been fifteen years since "Satoshi Nakamoto" released Bitcoin to the world, and it's changed things. Whether it's because it has made people billions of dollars, created a decentralized currency, or at the very least just caused public debate, cryptocurrency has made some lasting, global ripples in the economic and social landscape. According to some, it's one of the greatest things to happen to the way we trade and do business. Michael Saylor, a Bitcoin investor whose company made nearly $4.4 billion off of Bitcoin investments, has become so excited by it that he's even gone so far as to say, "{It's} the most secure ledger in the world, the most secure database, the most unhackable, most indestructible database."
But why does cryptocurrency work? More importantly, how does it work? More importantly than that, how secure is it, really? This article is going to look at these topics, but I hope to do it in a way that even the most non-technical of readers can understand.
The Building Block(chain)s of Crypto
Cryptocurrency is built on a technology known as blockchain. We'll get into the technical definitions in a moment, but for now, think of blockchain like a business ledger (or a checkbook, for those of you who remember those). Let's say I own a business that sells scones. Today, I sell $100 worth of scones. At the end of the day, I'm going to go to my ledger, and add $100 to my capital---my cash.
I then go to the store to buy ingredients for my next batch, say $20. So now, in my ledger, I subtract $20. I would do this everyday, for every transaction, making sure to keep my books in order so I can make appropriate financial decisions.
Blockchain is essentially the same thing: every new piece of data (deposits and withdrawals) is recorded into a "ledger," which is then used to create a new set of data (a total). In the case of crypto, it is a ledger. Now, what does this look like in computer terms?
Hashing
Blockchain technology relies very heavily on something known as hashing. Hashing is a very important part of IT and cybersecurity, because it is essentially how networks and systems keep our data safe. We're all familiar with the idea of encryption, right? It's when we take a message and work it so that no one reading it would be able to tell what it is without knowing the key to the code. We're talking real spy, stuff, here.
Encryption uses something known as an algorithm which, in this case, is a set of steps that encrypt whatever you're trying to protect. Let's say I wanted to send you a secret message: "The ice cream party is at three."
Clearly, this is vital information (I mean, we wouldn't want EVERYONE to show up, right?).
So how do I encrypt this? I could decide to use a cipher (the step I would take to encrypt) known as the Caesar Cipher. In this cipher, every letter of the alphabet is shifted by a certain number of letters. Let's say I use a Caesar 3 Cipher, which shifts every letter in the alphabet down by three. It would produce a chart like this:
A => D I => L Q => T Y => B
B => E J => M R => U Z => C
C => F K => N S => V
D => G L => O T => W
E => H M => P U => X
F => I N => Q V => Y
G => J O => R W => Z
H => K P => S X => A
If we apply this to our message, we get:
"The ice cream party is at three." ===Caesar 3===> "Wkh lfh fuhdp sduwb lv dw wkuhh."
This output is what we call the hash. Now, hashes are irreversible, but if you can figure out the algorithm, then you can crack a hash. This particular hash might stump us for a few minutes, but we'd eventually figure it out. For example, we might notice the large number of "h's," and decide that's probably an "e," since that is the most often-used letter in the English language. From there, we would figure out the Caesar Cipher used and be able to crack the code. What we would need is a more complicated algorithm, so we decide to pass our C3 hash through an algorithm that switches every fourth letter with the letter after it: "Wkh flh fudhp sdwub lv wd wkuhh."
This still wouldn't stop us for very long, because reversing the Caesar would reveal this: "The cie craem praty is ta three." Not exactly a challenge to decrypt, but you can probably see how passing our message through numerous algorithms could, eventually, make it nearly impossible to crack.
Blockchain technology depends almost entirely on hashing in order to operate. Let's say I start an initial block with an initial set of data. That data is encrypted, producing a hash. Now, let's say you decide to send me a cryptocoin (thanks!). That transfer is added to the ledger, which is added to the hash from the previous block. Then, finally, this entire new set of data is encrypted, creating a second hash:
hash-1 + transaction-1 => hash-2
Next, I send two coins to someone else, creating a new transaction. This is added to hash-2, encrypted, and made into an entirely new hash:
hash-2 + transaction-2 => hash-3
Each of these "blocks" is strung together, making a chain of blocks...a blockchain, if you will.
In essence, each hash is incorporated into the next transaction in order to make the next hash.
Now, hashes are irreversible, which is one of the most attractive features of blockchain security, and the current hashing technology used by blockchain (known as SHA-256) has remained unbroken for the last two decades. We'll talk more about the security of it shortly. A second feature of hashes is that one tiny change in the data creates an entirely different hash. To go back to our message example, we would have a hash for "The ice cream party is at three." that might look something like this:
235vrTHjkdhdgoph3469pudfklmASDsSFj8Hr0dg4njf0mtv
But if I were to change the period at the end of the message to an exclamation point, the hash might look like this:
dzfgmqergilwetu4jgkm5ryeihj5kfbmhjwsb6p9w4i5788ig
Completely different, right? This is the power of hashing, and part of what makes it irreversible. If you're interested in learning more about how to create a blockchain, as well as the power of hashing, check out the video below. It does get a little technical, but I tried to make it as user-friendly as possible:
Security of the Blockchain
As with everything else on the internet these days, one of the most important aspects to consider is security, especially when we are dealing with finances. We've already discussed two of the key components, but let's refresh it.
First off is the hashing algorithm used by blockchain. Most chains use the SHA-256 algorithm, unanimously considered to be the most secure form of hashing available. It is almost completely irreversible, and the only way to actually read the hashed data is if the person accessing it has the cryptographic key.
"Yo, dude...hold up. What's that?" I hear you asking. Because I'm sure that's exactly what you sound like.
Remember the Caesar 3 cipher I used in our example above? That's a simplified version of a cryptographic key. Let's say I handed you the secret note, and I also told you to check under your doormat. Under your doormat is another note that reads, "Caesar 3." This is your cryptographic key, because it tells you how to "unlock" the coded message. Now, when computers do it, it's a lot more complicated (and they don't have to look under doormats), but this should give you the general idea. When your computer accesses, say, a transaction log, it pulls the encrypted data, reads the hash, and uses the key to convert the data back into plain text. That's the first step of security. The second step is how the chains are formed.
When creating a new block, the data from the new block---which includes everything from the transaction and crypto wallet address to the date and time of the transaction---is added to the hash of the previous block (which is hashed from all of the previous data), as we've already seen. If I buy half a Solana coin on Tuesday, February 2nd at 1:22 am, all of that is recorded in the data. We also covered that a small change in data creates an enormous change in a hash. So if I were a hacker who broke into a chain and tried to add a bogus transaction in the middle of the chain, it would alter the hashes for every single block further along the chain. This is where proof of work comes into play.
Proof of work (PoW) is the series of checks and balances introduced to crypto. Remember, we're dealing with a decentralized form of currency. What proof of work does is verify the chain, ensuring that the transactions haven't been tampered with. This type of work takes a ton of computing power, and is usually done with a large number of people and computers, known as nodes. The fact that these nodes are made up of a group of people (rather than a government) who are donating large amounts of energy and computing power to verify transactions is why it is called a peer-to-peer verification system. Without this large network, cryptocurrency would be highly susceptible to attacks.
"Okay," you may be thinking, "why would anyone tie up their computers doing this? Who would voluntarily do that?" Have you ever heard the term "mining" in relation to cryptocurrency? This is what PoW is: it's mining a new "coin," which rewards the miner (or group of miners) with new currency. And when a currency can increase in value very quickly, mining new coins can be lucrative (of course, it should be noted that decreases happen, too, so always be cautious before investing in crypto).
We've already looked at the fact that each block is hashed using the previous block's hash. This is a key component of blockchain security, because even the smallest change in data creates an entirely new hash. So tampering with the blockchain would change the entire series of hashes, something that proof of work would catch, and if most of the PoW participants agree that the next block in the chain is valid, the block is added to the chain. If I had to guess, I'd say this is the reason why so many people believe blockchain technology to be "unhackable." But it isn't. While it is very secure, it isn't the impenetrable Fort Knox that some people seem to think it is.
Vulnerabilities of the Blockchain
When discussing and considering blockchain security, many people overlook the simple fact that, at its heart, blockchain utilizes cryptographic keys to secure the data. Well, cryptography is only as secure as the keys, and if the algorithm becomes known or the keys are stolen, then the cryptography is compromised. So, if someone were to crack the SHA-256 hashing algorithm (however unlikely that may be), then the cryptography of the blockchain would be utterly useless. Your security is only as safe as the cryptographic keys.
"Blockchain technology is not inherently more or less secure than other technologies," Karen Scarfone
There's also something known as a 51% attack. This goes back to Proof of Work, where the majority of people running the cryptographic puzzles verify the integrity of a new block. Well, if a large enough group of people can, in essence, hijack a portion of the chain, insert their own transactions, and "agree" that the chain is valid, then they have successfully hacked the blockchain.
Now, the manpower needed for this is enormous. To gain a 51% advantage, some hashing networks would require the attackers to have close to 1 million computers working on the hash algorithms. While there are ways to do this, that's a fairly steep cost, both in equipment and money.
Believe it or not, though, this has actually happened a few times. The most notable example was in 2018, when an attack allowed the hackers to double spend $81 million in Bitcoin Gold. There have been a few others, including several attacks on the Ethereum blockchain, but the cost and time needed to successfully pull off a 51% attack deters most attackers. Still, it is a risk that cannot be ignored.
Lastly, we need to be aware that common software and platform vulnerabilities--such as phishing attacks and web app vulnerabilities--still apply to crypto trading platforms. In short, while blockchain has several things going for it, in terms of security, it isn't the "most secure...
unhackable...indestructible" system. Like all technology, there are weaknesses that can be exploited, however small those weaknesses might be.
How to Protect Yourself
From a blockchain perspective, I hate to say it, but there isn't much, but that's not necessarily a terrible thing. Though not without vulnerabilities, they are very secure, and their vulnerabilities are largely outside of your or my control. However, on the application side of things, particularly in relation to cryptocurrency, there are a few steps you can take.
If you've spent any time in the cybersecurity sphere, you already know everything I'm about to say. First, if you are using a platform to trade crypto---Coinbase and Robinhood are two examples---make sure the platform is reputable and has a track record of security. To use Coinbase as an example, there are constant attempts from all over the globe to hack Coinbase, but there's only been one successful attempt that I know of. In 2021, attackers managed to gain access and funds from an estimated 6,000 customers. However, Coinbase responded quickly, patched the vulnerability, and reimbursed everyone. That's a fairly decent track record.
Second, make sure your password is strong. One way that password cracking tools work is that they operate on a list of known hashes. All hashes are stored in a file on the database for quick retrieval. If a hacker gains access to that file, he or she can use various tools to check those hashes against the aforementioned list. For example, "password123" has a SHA-256 hash of EF92B778BAFE771E89245B89ECBC08A44A4E166C06659911881F383D4473E94F. Now, remember how we saw that even the smallest change can create a brand new hash? Well, the unfortunate side of this coin is that a phrase or word will always produce the exact same hash. So anyone who uses "password123" will have this hash stored in the database. This makes it extremely easy to log in to someone's account if that person is using a common or weak password.
Password cracking tools will go though the file of hashes and compare them to their lists. Once they find this hash, they can apply the known password to the associated account, and Mr. or Mrs. Thiefypants now have access to your funds.
By contrast, a strong and uncommon password is far less likely to have a hash in this list. This is why longer passwords with more variety are essential: you are narrowing the chances of duplicating a known password hash. Third, you need to institute Multifactor Authentication. This way, if someone does crack your password and attempt to log in, you'll receive the notification, and he or she won't be able to continue without your authorization. Yeah, it's a pain, but so is losing all of your money.
Fourth, your platform may email you from time to time, but never, ever, ever click on a link in the email. I don't care how much in danger it says your account is, or how real it looks. I don't even care if it's legitimate. Type the website directly into your browser and check your account from there. Phishing emails are still among the top methods hackers use to gain access to accounts, and you don't want to add to that statistic, right? We want those numbers down, to change in the right direction, so be part of that change.
So, blockchain technology is fairly secure, yes. Is it completely secure? No, but the biggest security concerns we need to have are in the application of it, and really, security remains the same for most users, regardless of the platform, a simple, six-word phrase: Be smart with what you do.
Your Turn
Okay, this was a surface-level look at blockchain and how it applies to crypto. If you're really interested in taking a deeper dive, I do recommend it. We didn't even cover concepts like the nonce or staking, all of which play integral parts in both the tech and the application, and we barely touched on nodes. So, if you want to learn more, I encourage you to do so! Anyway, thanks for reading. If you have something to add to the conversation, drop a comment below, and as always, be smart and be safe.
Comments