In this webcast, we discuss the 51% attack on the cryptocurrency Ethereum Classic. There are multiple concerns when implementing a blockchain that come from any decentralized proof of work platform. We strongly advise clients to consider the following before deploying a blockchain solution:
Do you benefit from having a decentralized ledger? How?
How will you ensure that the blockchain won’t be impacted by a 51% attack?
If you can really ensure that, is it really decentralized?
How will you monitor for a blockchain reorganization (the sign of a 51% attack)?
What technical means will you use to respond to an attack on the integrity of the blockchain?
What contractual obligations do you have to other users of the chain if a blockchain reorganization occurs? Will transactions be rolled back? Who decides?
How do you remove data that was erroneously placed on the chain, illicit data (e.g. contraband), or service right to be forgotten requests?
Do your forensic investigators understand that data on a blockchain isn’t immutable under all circumstances?
This obviously isn’t a comprehensive checklist, but certainly can be used to start the discussion around “is blockchain right” for a given application. At Rendition Infosec, we’re highly optimistic that blockchain has applications outside of cryptocurrency, but we’re also cautious about the security issues that are likely to come with it. We find that most people considering a blockchain solution have not thought through the security implications prior to deployment. Hopefully this helps you to better evaluate the right technology to best address your challenges.