Fixing blockchain's vulnerabilities

THE recent attacks on Ethereum Classic (ETC) should send a shiver down any company using blockchain, or thinking about using blockchain, for anything other than money. (And even if they are thinking of using it for financial transactions, they should still get a shiver.)

First off, briefly, what happened: Ethereum Classic (not to be confused with the Ethereum blockchain from which it split in 2016) suffered two attacks in a single week, when miners stole millions of dollars worth of the ETC currency tokens by spending them twice, via a so-called chain-reorganisation attack. The attack involved removing transactions from the blockchain history - allowing the attacker to have spent the ETC coins but then seemingly cancel the transaction to return the coin to their ownership. For an investment of US$192,000, the attackers earned US$5.5 million.

So why is this a problem? There are a couple of issues. Firstly, it should put paid to the snake oil legend that somehow a blockchain is immutable, unassailable, impregnable. This is a myth that needs to be quashed, because it does a disservice both to the technology and its user. Secondly, there is another dangerous misperception: There is no single blockchain technology. There are lots of different types of blockchain, and just as you would not choose a hatchback to go off-road, so you need to choose the type of blockchain that is appropriate for what you are trying to do.