Distributed ledger technology (DLT) and blockchains, including Bitcoin and Ethereum, may be more vulnerable to centralization risks than initially thought, according to Trail of Bits.
The security firm released its report titled “Are Blockchains Decentralized?” on Tuesday. which was commissioned by the US government’s Defense Advanced Research Projects Agency (DARPA).
The report aims to determine whether blockchains, including Bitcoin and Ethereum, are truly decentralized, although the report appears to focus largely on Bitcoin.
Among its key findings, the security firm found that outdated Bitcoin nodes, unencrypted blockchain mining pools, and the majority of unencrypted Bitcoin network traffic traversing only a limited number of ISPs could give way to various actors. to gain excessive centralized control over the network.
The report states that a subnet of Bitcoin nodes is largely responsible for building consensus and communicating with miners and that a “vast majority of nodes do not contribute significantly to the health of the network”.
He also found that 21% of Bitcoin nodes are running an older version of the Bitcoin Core client, which is known to have vulnerability issues such as consensus errors. He states that “it is vital that all DLT nodes are running on the same latest version of software, otherwise consensus errors may occur and lead to a blockchain fork.”
A Bitcoin node is a computer that stores and verifies blocks in the blockchain. Nodes are used to monitor the health and security of the Bitcoin blockchain and validate the accuracy of transactions. The current version that all nodes must be running is Bitcoin Core 22.0.
Another takeaway from the report revealed that Bitcoin’s mining pool protocol, Stratum, is unencrypted and essentially unauthenticated.
This means that malicious attacks can be launched to “estimate a miner’s hashrate and payouts in the pool” and “manipulate Stratum messages to steal CPU cycles and payouts from mining pool participants”.
Channeling through ISPs
The authors also found vulnerabilities in the infrastructure, based on the fact that Bitcoin protocol traffic is unencrypted and 60% of network traffic passes through just three ISPs.
This is a problem because “ISPs and hosts have the ability to arbitrarily downgrade or deny service to any node.”
Twenty-six pages of detailed information, data and infographics are contained in the report. DARPA began in 1958 and is responsible for the development of emerging technologies for use by the United States Department of Defense agency and the United States military. Trail of Bits is a cybersecurity research and consulting firm that was hired by DARPA to develop the report.
Related: Centralized or decentralized digital networks: main differences
The report comes at an interesting time, after centralization issues were highlighted on Solana.
On Sunday, Solana-based decentralized finance (DeFi) lending protocol Solend crafted an impulsive governance proposal to take over the portfolio of a whale that was facing a liquidation that threatened to strain Solend and its users.
The proposal that was passed by a whale saw an immediate backlash from Twitter and the creation of another governance vote to invalidate the previously approved proposal. With observers saying the move could hurt DeFi’s overall image, as taking control of one of Solend’s wallets means DeFi’s fundamentals are being challenged and reversing a vote wasn’t much better.