Pentagon Warns: Bitcoin Network Has Massive Vulnerabilities

The Pentagon talked about the increasing security vulnerabilities on Bitcoin (BTC) and cryptocurrencies in its recent research.

The headlines in the report of the United States Department of Defense published on June 21 drew attention. “Are blockchains decentralized? A subset of participants can exert extreme, centralized control over the entire system.”

Focusing on Bitcoin (BTC) and Ethereum (ETH), the study was carried out by the American security research firm Trail of Bits under the control of the Pentagon’s Defense Advanced Research Projects Agency (DARPA).

According to the report:

The number of elements sufficient to disrupt (manipulate) a blockchain is relatively low: four for Bitcoin, two for Ethereum, and less than a dozen for most PoS networks.

60% of Bitcoin traffic passes through only 3 ISPs (Internet service providers)

In the report, referring to internet service providers, “60% of Bitcoin traffic only three ISPs” and “the vast majority of Bitcoin nodes (Nodes) do not seem to participate in mining and node operators face no clear penalty for dishonesty.” was stated.

As analysts warn, “Deploying a new node requires only one inexpensive instance of instance – no special mining hardware required.” This situation makes blockchains Sybil attack faces the serious network danger known as To briefly explain the Sybil attack, we can describe it as “a security threat that occurs as a result of a person trying to take over a network through more than one account, node or computer”. For detailed information on this subject, you can visit here.

The Pentegon’s report continues:

“The security of a blockchain depends on the security of the software and the protocols of off-chain governance or consensus mechanisms.”

Careless Mining Pools

The report also discovered that all mining pools that its analysts tested “either assign a hard-coded password for all accounts or simply fail to verify the password provided during authentication.” As an example in the report, the global cryptocurrency mining pool ViaBTCshowed the application that ‘s assigned the password ‘123’ to all accounts. another mining company poolinwhen you say “doesn’t seem to verify authentication information at all” slushpool “explicitly telling its users to ignore the password field.” According to available data, these three mining pools account for around 25% of the Bitcoin hash power.

Cybersecurity experts can identify a recent and user metamask He warned of potential crypto vulnerabilities that could lead to events like the one where dozens of NFTs were stolen, along with $650k in crypto from his account.

source site-9