Blockchain’s Weak Spots Pose a Hidden Danger to Users

Technologists, entrepreneurs, and some big companies are busy dreaming up new ways of using the core of Bitcoin—a distributed cryptographic ledger, or blockchain—to reinvent everything from business contracts and health records to carbon credits and new trading platforms (see “Why Bitcoin Could Be Much More Than a Currency”).

However, one expert warns that they may be building their dreams on top of a precarious foundation. Emin Gün Sirer, an associate professor at Cornell University, has been researching ways in which Bitcoin and blockchains can fail.

“The Bitcoin client is about 30,000 lines of code,” Gün Sirer said Tuesday at Business of Blockchain, a conference organized by MIT Technology Review and the MIT Media Lab. “It’s amazing that we haven’t found as many mission-critical bugs as one would expect, and in fact that’s a testament to people who have worked behind the scenes on it.”

Bitcoin is meant to make financial transactions more accountable and secure, without the need for any central authority. The digital currency uses a distributed, cryptographically signed ledger to verify and track transactions. A record of every transfer is stored across many different machines, and the ledger is maintained through a process of “mining” that generates more bitcoins.

Gün Sirer pointed to potential problems with the way blockchains are currently being designed, including the fact that all the clients in most networks run the same code, so one vulnerability can take down the entire system. He noted that in some critical situations developers employ what’s known as “n-version programming,” which means rewriting an application so that different versions won’t contain the same bugs.

Bitcoin was released in 2008 by an individual or group using the pseudonym Satoshi Nakamoto. The currency’s popularity, and value, exploded around 2014, as a growing number of people came to recognize its potential. Others have taken inspiration from Bitcoin, developing alternative cryptocurrencies and different kinds of blockchains suited to tracing and verifying more than just financial transactions.

Gün Sirer said, however, that the hype surrounding blockchain technologies was sometimes running ahead of the reality. He noted that some of the ideas currently receiving millions of dollars in funding seem like mediocre academic research projects.

But there are also serious efforts among big financial and technology companies to build blockchain systems for all sorts of uses, including tracking digital medical records and tracing provenance of gems in the diamond trade. An open-source organization called Hyperledger, for instance, which helps shepherd several blockchain projects, is working with companies to apply blockchains in finance, health care, and other industries.

Many compare the world of blockchain to the early days of the Internet. During the 1990s, in fact, there were also warnings about the stability of this fast-growing network. But in the end, financial incentives encouraged those involved to maintain the stability and security of the underlying systems.  

“Failures will happen,” Gün Sirer said. “As long as you have thought it through, you’re okay.”