How safe is blockchain technology? It has proven to be a powerful technology for protecting the integrity of vital information. But that doesn’t mean it’s entirely safe.
The technology has become increasingly prevalent in recent years as the cryptocurrency markets have moved toward center stage. One reason for its rapid adoption is that blockchain is designed to offer unparalleled security to digital information.
In its short life, blockchain—also known as distributed ledger technology—and the cryptocurrencies it powers has seen its share of successes and failures. And as its applications spread, blockchain security has become more important—and not just for cryptocurrency investors.
How Blockchain Works
In some ways, blockchain technology is like the internet, which relies on a decentralized network rather than just a single server.
Blockchain uses a decentralized, or distributed, ledger that exists on a host of independent computers, often called nodes, to track, announce, and coordinate synchronized transactions. This differs from traditional trading models that rely on a clearinghouse or exchange which tracks everything in a central ledger.
Each node in the decentralized blockchain constantly organizes new data into blocks, and chains them together in an “append only” mode. This append-only structure is an important part of blockchain security. No one on any node can alter or delete the data on earlier blocks—they can only add to the chain. That the chain can only be added to is one of the core security features of blockchain.
By referring to the chain, participants can confirm transactions. It cuts out the need for a central clearing authority.
Blockchain Security Basics
Blockchain is not immune to hacking, but being decentralized gives blockchain a better line of defense. To alter a chain, a hacker or criminal would need control of more than half of all the computers in the same distributed ledger (it’s unlikely, but possible—more on that later).
The largest and best-known blockchain networks, such as Bitcoin and Ethereum, are public, and allow anyone with a computer and an internet connection to participate. Instead of creating a security crisis, having more people on a blockchain network tends to increase security. More participating nodes means that more people are checking one another’s work and calling out bad actors.
That’s one reason why, paradoxically, private blockchain networks that require an invitation to participate can actually be more vulnerable to attack and manipulation.
Permissioned vs. Permissionless Blockchains
As the names imply, permissioned or private blockchains are closed systems that require an invitation to join. This can be useful for businesses like companies and banks, which may want more control over data and thus would restrict outsiders from joining. Ripple, which was created by the banking industry as a way to make low-cost transactions, is an example of permissioned blockchains.
Permissionless blockchains are public—anyone can transact on these blockchains, with no one in control. The data is copied and stored on nodes worldwide, and individuals can remain more or less anonymous. Bitcoin, Dash, Ethereum, and Litecoin are all examples of permissionless blockchains.
The Role of Miners in Blockchain Security
As Bitcoin and other forms of crypto have grown in popularity, so has the process of mining. For speculators, cryptocurrency mining is a way to receive crypto coins or tokens. For the cryptocurrencies themselves, mining contributes to blockchain security, as it’s a way to ensure the integrity of the underlying blockchain of their currencies.
Miners verify the transactions to make sure that they are valid and in line with the blockchain code. For popular crypto currencies like Bitcoin and Litecoin, they submit their proof of work (POW) algorithmic evidence supporting or denying each transaction, and receive payment in the form of coins.
How Blockchain Security Prevents Double Spending
For payments and money transfers, blockchain is useful in preventing “double-spending” attacks. These attacks are a core concern for cryptocurrencies. In a double-spending attack, a user will spend their cryptocurrency more than once. It’s an issue that doesn’t arise with cash. If you spend $5 on a sandwich, then you no longer have the $5 to spend. But with crypto, there’s a risk that a user will spend the crypto multiple times before the network finds out.
Blockchain helps prevent this. Within the blockchain of a given cryptocurrency, the entire network needs to reach consensus on the transaction order, to confirm the latest transaction, and to post them publicly.
Bitcoin was the first form of crypto to solve the problem of double spending. And it serves as an example of how blockchain helps preserve the integrity not just of currency, but of records as a whole. If someone wanted to spend the exact same bitcoin in two places by sending it to two recipients simultaneously, then the two transactions would first go into a pool of unconfirmed transactions.
The first transaction to be confirmed would be added to the coin’s blockchain as the next data block in its transaction history. The second transaction—being connected with the block in the chain that had already been added to—wouldn’t fit into the chain, and the transaction would fail.
Blockchain Security Risks
But even with the security provided by the very nature of blockchain itself in addition to a global network of nodes and miners constantly confirming and protecting the integrity of a blockchain, there are still risks.
No Human Safeguards
One risk is also a supposed benefit: blockchain creates a seamless way to execute transactions. There’s no manual intervention required to send or receive money, which eliminates some of the more human safeguards that have evolved over time. While the technology has benefits for ensuring the integrity of the assets identity, or information involved, it is completely agnostic about the sender and receiver. This is one area where a central clearinghouse can exercise valuable discretion.
While this doesn’t pose a direct risk to any crypto assets an investor may hold at the moment, it could lead to issues later. Many critics of bitcoin and other forms of crypto point to its growing use by criminal and terrorist groups to circumvent money-laundering and other bank regulators. The anonymity that crypto allows also made it popular on the Silk Road online bazaar of illegal goods and services that flourished between 2011 and 2013.
That criticism has led to increased interest from regulators in the US and abroad, which could ultimately lead to new laws about how blockchain can and can’t be used.
Other critics point to the high cost of maintaining the networks that make blockchain function. The process of mining these coins, which is vital to their integrity and survival as a working currency, consumes vast amounts of energy. The total energy consumption of the bitcoin network is equal to the electricity needs of 2 million U.S. homes, according to Morgan Stanley.
Because miners are paid in coins, that creates a real risk. If the price of the coins go down low enough, or the price of electricity rises high enough, then people may decide the game isn’t worth the candle.
While the very nature of how blockchain works—using decentralization, consensus, and cryptography—ensures that transactions are basically tamper-proof, hackers have still found ways to defraud the system over the years. In 2019 alone, twelve crypto exchanges were hacked.
These are a few ways the system is vulnerable to hackers.
• Phishing is one problem, in which scammers send bogus emails in an attempt to get wallet key credentials from crypto users. (Securely storing your cryptocurrencies isn’t enough—it’s also essential to stay vigilant about protecting sensitive information.)
• There’s also a chance that one miner or a large enough group of miners could eventually gain control of more than 50% of a network’s mining power. In that case, they’d gain control over the ledger.
• In other situations, hackers can access real-time data as it’s being routed between internet service providers.
How to Choose a Secure Blockchain Network
There are a few things a user can do to make sure the crypto exchange they select is secure. Here’s a checklist to use when choosing an exchange:
• Does the exchange engage auditors to look for flaws in the system?
• Does the exchange store assets in “cold storage” (someplace without an internet connection—think of a paper wallet with a private key)
• Do they offer security options like alerts for suspicious transactions? Two-factor authentication? Multi-signature transactions?
For Blockchain, security is both a strength and a concern. Cryptocurrency transactions—including paying with crypto, investing in crypto, and crypto lending—is anonymous and protected in part by the very way blockchain technology is built. But as with most other technologies, it’s not completely immune to tampering.
That said, users can protect themselves by securely storing their private keys and not falling prey to phishing emails looking for personal information in order to hack your account.
SoFi Invest® crypto investing works on a secure platform that keeps your holdings safe. Members can buy, sell, and trade Bitcoin, Ethereum, and Litecoin alongside all their other investments.
The information provided is not meant to provide investment or financial advice. Investment decisions should be based on an individual’s specific financial needs, goals and risk profile. SoFi can’t guarantee future financial performance. Advisory services offered through SoFi Wealth, LLC. SoFi Securities, LLC, member FINRA / SIPC . SoFi Invest refers to the three investment and trading platforms operated by Social Finance, Inc. and its affiliates (described below). Individual customer accounts may be subject to the terms applicable to one or more of the platforms below.
1) Automated Investing—The Automated Investing platform is owned by SoFi Wealth LLC, an SEC Registered Investment Advisor (“Sofi Wealth“). Brokerage services are provided to SoFi Wealth LLC by SoFi Securities LLC, an affiliated SEC registered broker dealer and member FINRA/SIPC, (“Sofi Securities).
2) Active Investing—The Active Investing platform is owned by SoFi Securities LLC. Clearing and custody of all securities are provided by APEX Clearing Corporation.
3) Cryptocurrency is offered by SoFi Digital Assets, LLC, a FinCEN registered Money Service Business.
For additional disclosures related to the SoFi Invest platforms described above, including state licensure of Sofi Digital Assets, LLC, please visit www.sofi.com/legal. Neither the Investment Advisor Representatives of SoFi Wealth, nor the Registered Representatives of SoFi Securities are compensated for the sale of any product or service sold through any SoFi Invest platform. Information related to lending products contained herein should not be construed as an offer or pre-qualification for any loan product offered by SoFi Lending Corp and/or its affiliates.
Crypto: Bitcoin and other cryptocurrencies aren’t endorsed or guaranteed by any government, are volatile, and involve a high degree of risk. Consumer protection and securities laws don’t regulate cryptocurrencies to the same degree as traditional brokerage and investment products. Research and knowledge are essential prerequisites before engaging with any cryptocurrency. US regulators, including FINRA , the SEC , and the CFPB , have issued public advisories concerning digital asset risk. Cryptocurrency purchases should not be made with funds drawn from financial products including student loans, personal loans, mortgage refinancing, savings, retirement funds or traditional investments.
Financial Tips & Strategies: The tips provided on this website are of a general nature and do not take into account your specific objectives, financial situation, and needs. You should always consider their appropriateness given your own circumstances.