Another Headache for Crypto: Blockchain Is Vulnerable, Study Says

Now, in cryptocurrency’s summer of discontent, comes a study that says the underlying technology for digital money is vulnerable to tampering.

Blockchain, the public ledgers used on computers worldwide to keep track of bitcoin and its ilk, is often hailed as a great way to ensure transactions are private. The point is to keep control of digital denominations out of the hands of government or other central authorities, such as banks.

But blockchain is subject to other forms of centralization, according to the study for the Defense Advanced Research Projects Agency, done by a research firm called Trail of Bits. The report finds “unintended centralities” in these purportedly decentralized systems that could let in outside hackers or other tampering.

Three internet service providers handle 60% of all bitcoin traffic, the report declares. It warns that bitcoin “traffic is unencrypted—any third party on the network route between nodes (e.g., ISPs, Wi-Fi access point operators, or governments) can observe and choose to drop any messages they wish.” In other words, these folks can commandeer crypto exchanges and assume control of the digital assets.

Of course, blockchain users need to trust the handful of entities that oversee the system, but DARPA throws doubt on its ability to deliver. One might argue that this situation is a lot like the one that oversees the traditional monetary structure.

Joshua Baron, the DARPA program manager in charge of the study, said in a statement: “We should not take any promise of security on face value and anyone using blockchains for matters of high importance must think through the associated vulnerabilities.”

Since peaking late last year, bitcoin has lost two-thirds of its value, with other cryptos also dropping enormous amounts. That has encouraged crypto critics, who argue that the digital assets are worthless and bound to fail.

The DARPA study’s conclusion is getting notice because the agency has a storied reputation. It is best known as the government office that funded the creation of the internet. The agency delves into science and technology that ranges from computer security to new weaponry.

Nonetheless, crypto fans aren’t impressed by its blockchain verdict. Take Ric Edelman, founder of an advisory firm now known as Edelman Financial Engines, and a staunch crypto advocate. He points out in an interview that crypto and blockchain are still in their infancy, with major bugs yet to be worked out.

The automobile has been around since the 1930s, and it took until the 1960s to add safety features such as seatbelts, he argues. “Blockchain technology is only 13 years old,” he adds.