Cryptocurrency evangelists promote the underlying blockchain technology as the stepping stone for a more equitable internet (read: Web3) infrastructure, one built on promises like decentralization, immutability, transparency, and efficiency. But according to a study commissioned by the Defense Advanced Research Projects Agency (DARPA), the blockchain technology might not be so decentralized and immutable after all.
The in-depth study, which was conducted by Trail of Bits, unravels how a very small number of participants can get excessive control over the entire ecosystem. Over the last half-decade, 60% of the net global bitcoin traffic has been controlled by only three Internet Service Providers (ISPs). The report also picks up on a 2020 metric, which claims that only 4.5% of bitcoin owners control over 85% of the entire crypto pool, which has come crashing down over the past few months.
Are #blockchains actually decentralized? Analysis we commissioned from @trailofbits uncovers unintended centralities and provides important insights on the potential impacts of security vulnerabilities within this technology. Access the full report here: https://t.co/V36rSOmvJc pic.twitter.com/WCbv7m9WQy
— DARPA (@DARPA) June 21, 2022
It is worth noting here that the report doesn’t disclose any vulnerability in the cryptographically secure blockchain network. Instead, it highlights the weaknesses in the systems overseeing it. For example, interim changes made to the blockchain software can modify transactions. Similarly, a networking entity that controls a big share of a particular blockchain can be coerced — or driven by personal incentives — to deny services for varied reasons.
Indirect vulnerabilities, realistic centralization
The study notes that the protocol traffic is unencrypted, opening the doors for man-in-the-middle attacks. Trail of Bits also crawled the bitcoin network and found that 21% of the nodes controlling it run an old version of the bitcoin core client that is susceptible to attacks. Another systemic flaw highlighted in the report is that there is no penalty system in place if a node operator starts acting out of the line.
The Stratum protocol, which coordinates activities in the mining pool, is also said to be unencrypted. And since Tor alone accounts for 55% of bitcoin traffic that is exclusive to addressing it, a bad exit node can be used to influence traffic. “They can rewrite history. They can censor transactions. They can make it so that you can’t spend your Bitcoin,” says Trail of Bit CEO Dan Guido. However, this isn’t the first time that the growing centralization of the blockchain ecosystem has made waves.
Former Twitter chief Jack Dorsey recently lambasted the venture capitalist culture that is concentrating in the field and tweeted that Web3 is “ultimately a centralized entity with a different label.” Moxie Marlinspike, the creator of encrypted messaging app Signal and a cryptography expert himself, also wrote extensively about the impending segment centralization. However, experts talking to NPR about the DARPA-commissioned study are of the opinion that even though the concerns are legit, they lean more towards the theoretical side and the blockchain ecosystem will eventually rise above those flaws.