Security News > 2022 > June > DARPA study challenges assumptions about distributed ledger (and Bitcoin) security
The finding is part of a study [PDF] conducted by IT security researchers at Trail of Bits and commissioned by the Defense Advanced Research Projects Agency that points to several ways in which the immutability of blockchain - the distributed ledger on which Bitcoin and other cryptocurrencies rely - can be called into question.
"Of Bitcoin's nodes, 21 percent were running an old version of the Bitcoin Core client that is known to be vulnerable in June of 2021," the study said.
The study points out that Bitcoin traffic is unencrypted, meaning any third party on the network route between nodes, including ISPs, Wi-Fi access point operators, or governments could observe and drop any messages they wished.
"Today, the four most popular mining pools constitute over 51 percent of the hashrate of Bitcoin. Each mining pool operates its own, proprietary, centralized protocol and interacts with the public Bitcoin network only through a gateway node. In other words, there are really only a handful of nodes that participate in the consensus network on behalf of the majority of the network's hashrate," the authors say.
"If a node operator's self-interest is to be dishonest, then there is no explicit penalty for doing so. Moreover, the number of entities necessary to execute a 51 percent attack on Bitcoin was reduced from 51 percent of the entire network to only the four most popular mining pool nodes," the study found.
"A subset of a blockchain's participants can garner excessive, centralized control over the entire system. The majority of Bitcoin nodes have significant incentives to behave dishonestly, and in fact, there is no known way to create any permissionless blockchain that is impervious to malicious nodes without having a trusted-third party," the report concludes.