On June 12, the state of Michigan introduced a bill imposing criminal penalties for manipulating data on blockchains in order to commit fraud. This is the first attempt in the world to legally protect data stored on distributed ledger technology (DLT) — for entering false information into the blocks or changing the blocks themselves, up to 14 years of imprisonment can be faced.
The deliberate introduction of false data does not raise questions — here the signs of unlawful actions become visible to all the members of the network and do not call for any comment. But with the change in the blocks, things are more complicated because specific examples of such manipulation are not stipulated by the law, and the action itself has, until recently, been considered impossible.
As it turned out, this is feasible, as evidenced by regular and successful attacks on large blockchains, including those recently made on Bitcoin Gold and Verge. Therefore, the new law in Michigan seems to be aimed, rather, at protecting the network from so-called "51 percent attacks", which have become a serious problem for the entire crypto community in 2018.
Blockchain data immutability
The word “immutable” is heard frequently when people speak about blockchain. The consistency of the blockсhain structure implies the inability to make adjustments to the data after they are recorded in a distributed database. This is achieved due to the main property of blockchain — decentralization, when the individual parts of the network responsible for the authenticity of transactions are autonomous and not connected to a common server.
In this database, a list of ordered records — called blocks — is continuously stored and refilled. Blocks are repeatedly copied, and their verification is provided by the number of devices on which the information is stored — the nodes. At the moment, the reliability of each block in the Bitcoin blockchain is confirmed by over 9,000 nodes, with the number of blocks in the network now surpassing 500,000.
Image source: Bitnodes
To protect data in blockchain, the author of the record creates an access key. If changes are made to the block, the previous key becomes invalid, and it becomes visible to all network participants who, by a simple majority of votes, may prevent any further unauthorized actions. Thus, it makes it impossible to proceed with changes to the information stored in the blocks, and this is one of essential qualities of blockchain as a technology.
The data in the blocks can be very diverse. The creation of the cryptocurrency is just one example. Data integrity is a unique property of technology that can be used to protect any transactions, registries and documents, as well as ensure a fair interaction between network members.
Now, as the notion of the immutability of blockchain data has been formalized more or less clearly, the question still remains: If it's impossible to make a change in the blocks, why do we need the Michigan state law?
“51 person attack” — blockchain’s main foe
Returning to the idea of "a majority rule," if an attacker or a group of intruders are able to get 51 percent of a network’s mining hash rate in their hands, they can pretty much do as they please with the world of data within — from altering blocks to manipulating transactions. After all, the majority of votes are on their side.
Theoretically, such a threat could exist. From a practical point of view, its probability tends toward zero, since the cost of computing power necessary to compromise blockchains is enormous — from $336 to $490,000 per one-hour attack, analytical service 51Crypto states. Taking into consideration that a large amount of money is necessary to possess the network hash rate, it is more rational to deploy a new system and give rewards to other miners for maintaining it, rather than to use resources for hacking the existing blockchain.
Image source: 51Crypto
If we are talking about cryptocurrencies, the "51 percent attack" — which becomes immediately visible to all participants of the system — would lead to a sharp drop in the exchange rate of the currency. By making changes to the blocks, an attacker, who has spent large amounts of money to acquire the necessary computing power, will get what he wants — digital money. But his real profit will be minimal, since the rate will fall, and the attack itself will be quickly suppressed. This is the way the system protects itself.
Experts of the cryptocurrency industry often come up with various metaphors to illustrate the self-defense of blockchain technology. For example, the CEO and chairman of DLT Labs, Loudon Owen, characterizes the likelihood of breaking a blockchain in the following way:
“Pigs can’t fly. This is an absolute truth that we all know and agree on. But, given a phenomenally strong wind, pigs can fly. Nothing digital — including blockchain — is entirely immutable. But blockchain is a massive, distributed digital ledger which is as good as it gets for electronic storage.”
The financial researcher of the website Consumersafety.org, Cal Cook, reassured that:
“The chance of this happening, however, is very unlikely, because there would be no economic incentive to do so. A malicious user who overpowers a public blockchain network would, in doing so, devalue the currency. So even if they ‘stole’ some coins, they would very likely end up with less money in terms of fiat dollars than they had before.”
But as practice shows, experts who are guided by logic and expediency sometimes make mistakes.
Blockchain is attacked around the world
The more cryptocurrencies created on third-party blockchains and the more hard forks of the original networks appear, the easier it is for hackers to concentrate 51 percent of the network’s total hash rate in their hands.
Leading Bitcoin developers, such as Peter Todd and Ethan MacBrough, repeatedly warned that cloning large blockchains can lead to "51 percent attacks."
With some miners threatening 51% attacks against Bitcoin, researching a PoW change is a good backup plan: https://t.co/SEZ1qlxhAH
— Peter Todd (@peterktodd) March 19, 2017
If the chain faces a 51% attack, no number of confirmations is safe. My bet is most exchanges will refuse to list currencies with low hashrate.
— Ethan MacBrough (@emacbrough) May 29, 2018
But the cryptocurrency community seemed to be too fascinated by the prospects of the blockchain technology to hear those warnings.
As a result, only in May-June of this year, six blockchain-based projects became the victims of a "51 percent attack." Attacks were made on Bitcoin Gold (changes in blocks led to $18.6 million loss), Verge (attacks have been made twice and affected $1.76 million and $800,000, respectively), Monacoin ($90,000 stolen), and Electroneum — which claims that no money has been stolen.
So far, the last victim is considered to be ZenCash, which suffered an attack worth $20,000 in hash rate, even with 11,823 full nodes — such a number of nodes exceeded that of the Bitcoin network and had been previously considered “resilient”. On June 3, the hackers managed to alter 38 transactions — totalling $550,000. At the same time, according to 51 Crypto, the organization of a one-hour attack on ZenCash network might cost only $5,417. The hackers did not have to obtain any giant amount of computing power, they just rented miners for four hours.
Image source: 51Crypto
Five days before the attack on ZenCash, Husam Abboud — a cryptocurrency analyst at the University of FECAP in Brazil — published the analytics on the cost of "51 percent attacks" on Ethereum and Ethereum Classic and mathematically calculated the vulnerability of the hard forks of all major blockchains. Besides that, he determined the pools and miners who may pose a threat to Ethereum-based networks.
Image source: Medium @HusamABBOUD
As it turned out, the price of the attack is minimal in comparison with the damage that it is capable of doing. And this is not about the profit of the attacker, but about the damage to the ecosystem.
Apparently, so far it is only about attacks on cryptocurrencies, where there is still a lot of chances for instant, illegal enrichment. When attacking blockchains, which belong to a state — or other services not connected with the cryptocurrency — the attacker will not get any profit at all, and his actions will be pure hooliganism, vandalism, fraud or blackmail. Or it could be the next generation of terrorism — one which doesn't require weapons.
All this makes Michigan’s initiative — introduced by the state legislature on June 12 in order to protect any records on blockchain against altering, forging, or counterfeiting — look very timely.
Blockchain is no exception
The potential of blockchain as a technology cannot be underestimated. The principle of unchangeable data allows the exclusion of intermediaries from any sphere of human activity: from medicine and education to trade, production and logistics. And this opens great prospects for the development of a new economy.
The principles of decentralization and transparency allow access to any services, knowledge and financial resources to any person from anywhere in the world. And this is fine, because it gives all people equal opportunities.
However, any system invented by a person can be hacked by another person, so it needs to develop general principles of protection and rules of conduct. And blockchain, here, is no exception.
More likely, the law of Michigan is only the first precedent of legal protection of blockchain, which — as many thought until recently — generally does not need protection at all.