Distributed ledger technology (DLT) and blockchains including Bitcoin and Ethereum may be more vulnerable to centralization risks than initially thought, according to Trail of Bits.
The security firm on Tuesday released its report titled “Are Blockchains Decentralized?”, which was commissioned by the U.S. Government’s Defense Advanced Research Projects Agency (DARPA).
The report aims to investigate whether blockchains including Bitcoin and Ethereum are truly decentralized, though the report appeared to focus largely on Bitcoin.
Among its key findings, the security firm found that outdated Bitcoin nodes, unencrypted blockchain mining pools and a majority of unencrypted Bitcoin network traffic traversing over only a limited number of ISPs could leave room for various actors to garner excessive, centralized control over the network.
Bitcoin nodes
The report stated that a subnetwork of Bitcoin nodes is largely responsible for reaching consensus and communicating with miners and that a “vast majority of nodes do not meaningfully contribute to the health of the network.”
It also found that 21% of Bitcoin nodes are running an older version of the Bitcoin Core client, which is known to have vulnerability concerns such as consensus errors. It states that “it is vital that all DLT nodes operate on the same latest version of software, otherwise, consensus errors can occur and lead to a blockchain fork.”
A Bitcoin node is any computer that stores and verifies blocks in the blockchain. Nodes are used to monitor the health and security of the Bitcoin blockchain and validate the accuracy of transactions. The current version all nodes should run is Bitcoin Core 22.0.
Another takeaway from the report found that Bitcoin’s mining pool protocol Stratum is unencrypted and essentially unauthenticated.
This means that malicious attacks can be made to “estimate the hashrate and payouts of a miner in the pool” and “manipulate Stratum messages to steal CPU cycles and payouts from mining pool participants.”
Funneling through ISPs
The authors also found vulnerabilities in the infrastructure, based on the fact that Bitcoin protocol traffic is unencrypted and 60% of the network traffic traverses only three ISPs.
This is a problem because “ISPs and hosting providers have the ability to arbitrarily degrade or deny service to any node.”
Twenty-six pages of detailed information, data, and infographics are contained within the report. DARPA started in 1958, and is…
Click Here to Read the Full Original Article at Cointelegraph.com News…
