Click to learn more about author Daniel Jebaraj.
Despite enthusiasts’ proclamations that accuracy and security are inherent characteristics of blockchain, there are still ways cryptocurrencies and other blockchain-derived technologies can be manipulated and compromised. Let’s examine four accountability concerns that arise in cryptocurrencies and blockchain.
Accountability Issue #1: Who Manages the Exchanges?
Since most cryptocurrency users buy and sell their currency through a coin exchange, whoever manages the exchange has significant access to and control over users’ money. Users have no choice but to trust whoever built the exchange.
Exchanges can be compromised through poor security or even outright fraud on behalf of exchange owners. In the case of the Mt. Gox exchange collapse in 2014, an ongoing, years-long theft by hackers resulted in a loss of between $300 million and $480 million of users’ funds by the time the breach was detected. It has been estimated that $1.5 billion in cryptocurrencies has been stolen from exchanges since they started being created.
Since exchanges can hold billions of dollars in cryptocurrency assets, they’re a prime target for attackers. Most exchanges weren’t built by security experts, so even if you take extra precautions to guard your coins, any you hold in an exchange could be at risk.
Accountability Issue #2: Immutability as a Weapon
Once a transaction is logged in the blockchain ledger, it cannot be changed. This is touted as one of the major benefits of the technology, but what can be done about illegitimate, yet valid transactions?
In 2016, a security vulnerability in the DAO, an investor organization, resulted in the theft of $50 million in Ether cryptocurrency from its investors. Two solutions were proposed:
- Ethereum could be hard forked, undoing the theft and returning the money to investors, but rendering older versions of Ethereum invalid.
- Ethereum could be soft forked, leaving the theft unaltered since it was a valid transaction allowed by the blockchain implementation, fixing the protocol so that such a theft could not happen again, and maintaining backwards compatibility with older versions of Ethereum.
In the end, Ethereum was hard forked to return the money to the DAO investors. However, some who believed the hard fork violated the immutability principle of blockchain technology decided to stick with the previous version of Ethereum. This resulted in the creation of a new cryptocurrency called Ethereum Classic, in which the theft was left completed. At the time of writing, both Ethereum and Ethereum Classic can be purchased through coin exchanges, though Ethereum currently has 33 times the market cap of Ethereum Classic.
This debacle showed that depending on how blockchain is implemented, the implementors could hard-code a fix to an illegitimate transaction, which gives them excessive control over how the technology is used and runs counter to the ethos of decentralization and immutability.
In the case of illegitimate cryptocurrency transactions, at best, exchanges can refuse to accept funds that were acquired through ill-gotten means. Peer-to-peer transactions with illicitly gained cryptocurrency could be discouraged, but not stopped, because no intermediary is required for a transaction to occur.
Accountability Issue #3: Anonymity and Pseudonymity
Depending on how the blockchain is implemented for a cryptocurrency, it could be relatively easy or nearly impossible to discover the identity of malicious users of the currency.
Bitcoin, the most popular cryptocurrency, was originally promoted as anonymous, since no identification is required to create a Bitcoin address. In practice, Bitcoin only provides psuedonymity due to parameters outside of the blockchain. A Bitcoin address alone is not enough to reveal the identity behind the address, but in concert with other information like an email address or username, the address holder can be identified. Once the connection is made, the user’s entire transaction history is immediately identifiable and available for anyone to see due to Bitcoin’s use of a public ledger.
According to MIT researchers, even with obfuscating techniques, holders of Bitcoin addresses can be identified in 60% of cases, largely due to leaked information from online stores and checkouts.
Accountability Issue #4: Accountability Without a Third Party
In traditional financial systems, third-party regulators police and correct illegitimate transactions. There are no regulators in cryptocurrency; the cryptocurrency itself is supposed to act as the regulating body. Psychologically, are we ready to accept accountability that is enforced by math inside the blockchain? Can we trust the process, so to speak?
On one hand, in our current system, there is strong distrust of financial institutions due to financial crises and manipulations caused by the institutions themselves. The crypto-curious may favor a system that removes the flawed human element from transactions. Time and money are saved by rendering third parties unnecessary.
On the other hand, even if we trust a third-party-free system, it lives or dies based on secure implementations. For instance, Zcash, a cryptocurrency that was created to provide completely anonymous transactions through its use of zero-knowledge proofs, recently disclosed a “catastrophic” bug that it patched in 2018 that would have allowed infinite counterfeit coins to be introduced into the system. Everything is secure until it isn’t.
No Shortcuts When It Comes to Accountability
The principles behind blockchain—trust, privacy, decentralization, security—are noble, but difficult to achieve, even with strong cryptographic backing. It is up to the blockchain implementors to decide how to handle these issues, and to what extent the implementors, the blockchain itself, or the users will be responsible for them. Accountability in any system is vital, and as blockchain and derived technologies progress and mature, we can expect some expensive growing pains along the way.