If you’re looking for a quick answer to the title question then here it is: no, at least not in the technical sense. But blockchain protocols and loopholes can be exploited. This means that through a series of deliberate processes, a party can take control of a chain and “alter” it to their benefit. In this regard, some may consider this “hacking”. But that shouldn’t lead you to immediately divest from crypto, buy gold and go find a hill to bury it in. Like any system designed by humans, blockchains are not foolproof, and there are a number of examples of these systems being taken advantage of. Key components that determine the vulnerability of a particular blockchain include the design of the protocols, network design, and size of the network.
Most theft taking place in crypto has been the more traditional sort of fraud you might expect, such as phishing unwitting users, and hijacking their hot wallets. Meanwhile, as you’ll read below, blockchain exploits are a little more subtle, although just as effective.
Ways to Hack a Blockchain
#1 The 51% Attack
There are a number of ways for a blockchain to be hacked. The 51% attack is probably the best known, named after the proportion of a network necessary to carry one out. One post from Adam Bark previously mentioned 51% attacks as one of the known risks of staking. Since on a decentralised network validation occurs by copies of the ledger proliferating across it, controlling a majority through, say, a rented botnet of validator nodes means the ‘default’ version of the ledger can be doctored.
The damage a 51% attack can wreak on a blockchain varies — a spate of them in 2018 mostly on smaller coins but at one point included a million-dollar heist on Ethereum Classic. During this attack, hackers were able to spend the same cryptocurrency more than once which resulted in significant losses for some exchanges like Coinbase and Gate.io. To date, though, 51% attacks mostly target smaller cryptocurrencies outside of the top 20 currencies. This is because launching a 51% attack can be costly, but by focusing on lightly traded coins like Bitcoin Gold, hackers can circumvent prohibitive costs.
#2 Rug Pulls
Named after the expression “pulling the rug out from under”, rug pulls are among the digital age’s most prevalent investor scams. In a rug pull, scammers develop and launch a token that will be given false credibility by living on the blockchain and being listed on a decentralised exchange. For added marketability, many rug pulls are even accompanied by fleshed-out digital marketing campaigns. Given the interest in crypto, listed tokens can attract countless investors and amass liquidity pools running into tens to hundreds of millions within a few days. At this point, the scammers will “pull” all the liquidity from the DEX, leaving investors with nothing.
Currently, rug pulls are still among the most prolific means to exploit the blockchain, with almost $3 billion lost to this scam in 2021. Although victims continue to fall prey to the creative projects powering rug pulls, an introduction to rug pull scams on MarketWatch states that these projects are actually rife with red flags. Since most rug pulls are just fly-by-night projects, they are likely unaudited by professional organisations and have relatively unknown developers. While some scammers are still able to go the extra mile and post false credentials, looking under the hood of a new crypto project can reveal a lot about their credibility.
#3 Smart Contracts
Aside from developing their rug pull projects on the blockchain for false credibility, a post on ZDNet recently shared that scammers can further utilise blockchain technology in the form of smart contracts. Scammers include malicious code in their smart contracts that allow them to increase control over investors’ money while leaving little room for victims to extract themselves once the smart contract’s predetermined conditions are met. Alternatively, sometimes smart contracts are just poorly coded. In these cases, hackers can take advantage of potential flaws. Such was the case in DAO, billed as a decentralised investment fund, which saw attackers make off with about $50 million worth of crypto. This event soon raised ethical questions about the true efficiency of human-free transactions, since some argue that the maths behind codes can still be manipulated.
Mitigation
It’s always important to practice good opsec, and especially with financial investment. In crypto, that includes using a reliable cold wallet, ideally on a disconnected drive, along with the usual advice about passwords and codes. Should investors notice security risks or gaps in a blockchain, their blockchain community can also push for a hard fork. Through this, miners can unanimously decide on new protocols and rules that will be rolled out via a software update. Following this, the old chain and transactions that live on it will be effectively outdated and virtually void.
Alternative Investment Methods
Since none of this is necessarily for the faint of heart, one Time Magazine article suggests a few alternatives. This includes investments in blockchain and crypto ETFs that include companies with a stake in blockchain such as mining card manufacturer NVIDIA, direct investment in said companies, and even a few publicly listed crypto companies like Coinbase. Since all of these involve actually owning an asset or part of an asset, one possibility is to trade on the volatility itself. An overview of spread betting by FXCM explains how a trader joining a bid borrows leverage, in order to bet on the difference between the value of an asset between two, agreed points in time. Like all investments, this carries its own risks, but at least there’s nothing to steal.
Security experts will rightly tell you that nothing is unhackable. The ease, speed, and traceability of a hack are major determinants of how many will try, however. Some of the biggest recent hacks have really been more based in social engineering than technical exploits, notably attacks on bridges as covered in a piece in Wired. Luckily, alternatives exist that don’t expose traders to the precarity of holding assets.
