Pentagon’s recent study finds some disturbing vulnerabilities in blockchain technology that question its decentralized nature. The study by the Pentagon states that blockchain technology has concerning drawbacks even with the rising adoption of cryptocurrency.
The report titled “Are Blockchains Decentralized?” which was published on June 21, states that “a certain cult of participants can garner excessive, centralized control over the entire system.”
The investigation was conducted by the security research company Trail of Bits under the supervision of the Pentagon’s Defense Advanced Research Projects Agency (DARPA) and focuses on Bitcoin (BTC) and Ethereum (ETH).
“The number of entities sufficient to disrupt a blockchain is relatively low: four for Bitcoin, two for Ethereum, and less than a dozen for most PoS networks.”
The report states
Pentagon report questions the decentralized nature of blockchain
The report highlights that out of the total bitcoin Traffic, “60% of it passes through three ISPs.” Additionally, the report mentioned that several Bitcoin nodes don’t participate in mining. “These node operators face no explicit penalty for dishonesty.”
The Pentagon report also warns of a Sybil attack that could disrupt the entire blockchain network. A Sybil attack occurs when an attacker floods the blockchain network with malicious nodes that are controlled by a single entity or person. The report also states that the network can be exposed to attacks due to outdated and unencrypted protocols. According to Trail of Bits, Ethereum can be disrupted by just two entities, whereas Bitcoin can be disrupted by just four, and most of the PoS networks by less than a dozen.
“The safety of a blockchain depends on the security of the software and protocols of its off-chain governance or consensus mechanisms.”
The report speaks in-depth about each finding and states that Stratum, the blockchain mining pool’s standard protocol for coordination, is unauthenticated and unencrypted.
“For a blockchain to be optimally distributed, there must be a so-called Sybil cost. There is currently no known way to implement Sybil costs in a permissionless blockchain like Bitcoin or Ethereum without employing a centralized trusted third party (TTP).”
The report stated
The report highlights that in order to achieve true decentralization, a system to enforce Sybil costs without a trusted third party should be discovered. According to the report, Tor is the largest network provider of Bitcoin followed by a network provider called AS24940 from Germany. Notably, 21% of the Bitcoin nodes run an older version which is found to be vulnerable in June 2021.