A recent report by Greenwich Associates explores some security issues associated with the use of blockchain.
- Security of private keys. Private keys are secret codes or passwords that prove ownership of digital assets. The security of the private keys has come to the forefront due to $70 million theft of bitcoins from the Bitfinex exchange. Although early in the investigation, it appears that the theft was possible because hackers gained access to the private keys that protected customers’ accounts. The report suggests that companies who are working to develop the technology “rethink the multi-sig/cold storage approach currently employed by digital currency exchanges.”
- How to respond after an attack. The nature of blockchain is such that assets only exist in computer code; therefore, it would be possible to roll back that code to a pre-attack version. However, such a decision could be controversial to users because one of the “fundamental aspects” of blockchain is that transactions could not be undone or tampered with. While blockchain does not currently permit roll backs of transactions, other financial services entities do have the ability to undo transactions. As a result, the report questions whether participants should explore the possibility of building “functionality to record or impose counteracting transactions that have the same effect as reversal but preserve the benefit of a complete historical transaction record.”
- Vulnerability of smart contracts. Smart contracts permit a computer program to execute the terms of a contract between parties. Such functionality is useful in the OTC derivatives market and in collateral management, for example. However, a poor design of the program can allow a hacker to gain access to funds. Additionally, a coding issue could cause the program to prompt improper transfer of funds. The report encourages the industry to work to develop best practices and safeguards and controls to mitigate these issues.