在线英语听力室_免费在线英语听力学习网站

Cryptocurrency tech is vulnerable to tampering¹, a DARPA analysis finds

Transcript²

Whether prices are up or down, for many investors³ in cryptocurrency, the real appeal is that there's nobody in charge.

As the crowd chanted at the recent Bitcoin 2022 conference in Miami, it's all about "Freedom!" By design, the system is meant to be from interference by banks, companies and governments.

But a new report finds that the decentralized system might not be working as well as many crypto enthusiasts⁵ assume.

The report was commissioned by the Defense⁶ Advanced Research Projects Agency, or DARPA, and the work was done by the software security research company Trail of Bits.

Trail of Bits CEO Dan Guido says blockchain — the public ledgers⁷ that keep track of cryptocurrencies, which are replicated⁸ on computers around the world — isn't the egalitarian tech its advocates claim.

"It's been taken for granted that the blockchain is immutable⁹ and decentralized, because the community says so," says Guido.

But in practice, he says, these networks have evolved in ways that concentrate power in the hands of certain people or companies, including the large pools of "miners" whose computers earn virtual currency by maintaining the blockchains.

Guido's team calls these potential situations "unintended centralities" — situations in which someone gains leverage¹⁰ over the decentralized system, creating opportunities for tampering with the record of who owns what.

Another example in the report of this kind of concentration is the fact that 60% of Bitcoin traffic is handled by just three internet service providers.

"Let's say somebody with great top-down control of the internet in their country starts to interfere⁴ with that network," Guido says. By slowing down or stopping legitimate¹¹ blockchain traffic, an attacker could become the "majority" voice in the consensus¹² of what's written to a blockchain at that moment.

"They can rewrite history. They can censor¹³ transactions. They can make it so that you can't spend your Bitcoin," says Guido. "It's definitely something people would want to do if they want to 'grief' the network."

The notion of this kind of attack isn't new, but what the Trail of Bits report does is compile research into different kinds of "unintended centralities" to better understand the technology's overall vulnerability.

Some of the findings are "eyebrow-raising," says Josh Baron¹⁴, project manager of the unit at DARPA that commissioned the report.

"For example, the idea that 21 percent of Bitcoin nodes are running an old version of the Bitcoin core client that's known to be vulnerable," Baron says, referring to the basic software running that blockchain. That means all those computer are open to the same kind of hack¹⁵ — a big first step for an attacker trying to dominate a blockchain network, sometimes called a "51 percent attack."

"You're already worried about 51 percent, and now I'm telling you that 21 percent are just out there for the taking, as it were. That's that's not great," Baron says.

So far, the risks outlined in the report don't seem to be a major concern for the cryptocurrency business. NPR approached some of the larger companies, such as Coinbase, for a response, but they declined.

Yan Pritzker, co-founder¹⁶ of a smaller Bitcoin services company called Swan, told NPR he sees the risks as "theoretical."

"If this kind of attack is possible, why hasn't it happened?" Pritzer asks. "I think the proof is in the pudding a little bit. In real-world conditions, these things don't happen."

Pritzker agrees with the report on this point: There is more centralization in some of the newer forms of cryptocurrency, especially those that rely on a system called "proof of stake," which uses less computing¹⁷ power. He's more confident in the resilience of Bitcoin, because its energy-intensive "proof of work" blockchain would take much more computing energy to corrupt¹⁸.

Pritzker also points out that this research was commissioned by a government agency.

"They're basically doing endgame research," he says of reports like this. "Their game is, 'how do we get better control of the currency,' and 'how do we build better systems for our control of the currency'."

Christian¹⁹ Catalini, founder of the MIT Cryptoeconomics Lab, sees the report as useful, but not too worrying.

"Some of the concerns I think are valid²⁰, but maybe the danger to the broader ecosystem²¹ is a little overstated," he says, noting that it's important to keep in mind that cryptocurrency systems aren't completely autonomous²². Loose associations of humans — volunteers and "core developers" — are working constantly to maintain and improve them.

"You could imagine some of the issues [in the report] being exploited, eventually — and I think it will happen potentially for some of these," Catalini says. "[But] the community can always coordinate²³, respond and, I think over time, will get better at developing the right solutions."

Because cryptocurrencies are decentralized, with no oversight²⁴ by governments or central banks, those solutions will require the attention and consensus of the participants in those networks.

At Trail of Bits, Dan Guido says he thinks cryptocurrencies and blockchain have a promise, but anybody investing in them should consider them to be still in the "prototype" stage.

"Everybody needs to know kind of what they're buying, what they're buying into — what they're going to trust," Guido says. "And there's a lot here that you should not trust. At least, not today."