Digital currencies are an increasingly important aspect of e-commerce and other transactional arenas. But be aware: Bitcoin, and other cryptocurrencies based on blockchain technology, have a few flaws that could open them up for abuse by enterprising hackers.
Kaspersky Lab and INTERPOL broke that sobering news at the BlackHat Asia conference in Singapore, where they presented research on how blockchain-based cryptocurrencies could be abused through the pollution of public decentralized databases with arbitrary data.
They also demonstrated a proof-of-concept exploit using the Bitcoin network—a harmless piece of code that did nothing more than open up the Notepad application. Nonetheless, it made its point.
“Blockchainware, short for blockchain-based software, stores some of its executable code in the decentralized databases of cryptocurrency transactions,” Vitaly Kamluk, a Kaspersky researcher, explained in a blog. “It is based on the idea of establishing a connection to the P2P networks of cryptocurrency enthusiasts, fetching information from transaction records and running it as code. Depending on the payload fetched from the network, it can be either benign or malicious.”
He added that it’s important to address potential future threats before virtual currencies are fully adopted and standardized.
The time to strike is now. A report from Juniper Research has found that the number of active Bitcoin users worldwide will reach 4.7 million by the end of 2019, up from just over 1.3 million last year. The firm expects usage to continue to be dominated by exchange trading, with retail adoption largely restricted to relatively niche demographics. It added that the protocols behind cryptocurrency could be deployed in areas such as real-time transactional settlement.
According to the report, while a number of high profile retailers are enabling Bitcoin payment, activity levels from both online and offline deployments are extremely low. While average daily transaction volumes have increased by around 50% since March 2014, the indications are that much of this growth results from higher transaction levels by established users rather from any substantial uplift in consumer adoption. Additional uptake will come when security fears are addressed and the currency stabilizes.
For now, Kamluk said that possible solutions can be introduced at different layers—such as implementing a network consensus/negotiation algorithm that will sustain the clean state of the blockchain.
“From the perspective of a company developing endpoint security solutions, we don't believe it's too much trouble to blacklist applications that load unpredictable external payload from a P2P network,” he said. “However, from the perspective of the cryptocurrency network, it's still an open question…That's why we suggest this is a project for the cryptocurrency community.”