Cryptocurrency may NOT be as safe as advocates claim, researchers warn

Blockchain networks are widely considered ‘decentralised’ because no one person or organisation can control them – but a new report could finally change that.  

Trail of Bits, a cybersecurity firm based in New York, has investigated the fundamental properties of blockchains and their associated cybersecurity risks.

Researchers at the firm found that there are ‘unintended centralities’ in blockchains that can make them vulnerable to corruption and potentially stolen funds.

The risks inherent in blockchains and cryptocurrencies have been poorly described and are often ignored – or even mocked – by those seeking to ‘cash in’, the firm says.

All cryptocurrencies use what is known as blockchain technology – an open ledger that records transactions in code. A blockchain allows all records of transactions to be recorded and checked, making it not susceptible to change, or ‘immutable’


Blockchain is a shared, immutable ledger that facilitates the process of recording transactions and tracking assets in a business network. 

An asset can be tangible (a house, car, cash, land) or intangible (intellectual property, patents, copyrights, branding). 

A blockchain provides immediate, shared and completely transparent information stored on an immutable ledger. 

With this shared ledger, transactions are recorded only once, eliminating the duplication of effort that’s typical of traditional business networks.

Source: IBM 

All cryptocurrencies, including Bitcoin and Ethereum, use a blockchain – an open ledger that records transactions in code. 

A blockchain allows all records of transactions to be recorded and checked, making them ‘immutable’ (not susceptible to change). 

A blockchain also keeps track of all cryptocurrency transactions on a decentralised public ledger in a series of blocks, allowing users to maintain a record of payments without the need for a central bank to record it. 

But the new report from Trail of Bits – which was commissioned by the Defense Advanced Research Projects Agency – claims that blockchains aren’t truly decentralised at all.

According to the firm, a lack of true decentralisation could lead to manipulation of digital currencies by people, corporations or even governments. 

‘Other people can make it impossible for you to transfer your cryptocurrency, and they can make it impossible for you to spend it at all,’ said Trail of Bits CEO Dan Guido. 

‘This has really practical, real-world impacts; if Russia wanted to stop people from donating to Ukraine, they could do it.’

As each transaction between two people occurs on a blockchain, it is recorded as a ‘block’ of data, including information such as the sender, the receiver and the number of coins. 

Computers in the network, called ‘nodes’, check the details of the trade to make sure it is valid and authenticate transactions. 

This allows users to maintain a record of payments without the need for a central bank or other primary authority, to record it. 

This process of taking away the power and control from a ‘centralised’ entity (such as a bank) is known as ‘decentralisation’. 

Decentralisation, by definition, means that ‘everyone controls it, so no-one controls it’, but Trail of Bits’ findings suggest this is not strictly true for blockchain. 

Cryptocurrencies such as Bitcoin are the internet's version of money - unique pieces of digital property that can be transferred from one person to another

Cryptocurrencies such as Bitcoin are the internet’s version of money – unique pieces of digital property that can be transferred from one person to another


The cryptocurrency industry was on edge on Monday as Bitcoin struggled to stay above its key $20,000 resistance level. 

Bitcoin, the world’s most popular cryptocurrency, dropped Saturday to a low not seen in a year and a half – $17,592.78 – falling below the important $20,000 marker for the first time since December 2020.

The drastic drop, spurred by high inflation and upcoming rate hikes, saw other smaller tokens that usually move in tandem with the coin, such as Ethereum, fall to similar lows.

Read more  

Trail of Bits researchers performed analyses and meta-analyses of prior academic work and of real-world findings that had never before been aggregated. 

None of the issues listed by Trail of Bits have anything to do with blockchain’s fundamental cryptographic principle, which dictates how a transaction takes place between two nodes. 

Instead, ‘unintended centralities’ can subvert how a blockchain is implemented, giving power to individuals or groups, it claims. 

One of their findings was that 60 per cent of Bitcoin traffic in the past five years has been handled by just three internet service providers (ISPs).  

This is a problem because ISPs – and the governments that control them – could prevent the transfer and sale of certain cryptocurrency.  

This begs the question of would happen if a malicious employee at an ISP decided to block or filter cryptocurrency traffic. 

‘Let’s say somebody with great top-down control of the internet in their country starts to interfere with that network,’ Guido told NPR. 

‘They can rewrite history. They can censor transactions. They can make it so that you can’t spend your Bitcoin.’  

Secondly, 21 per cent of Bitcoin nodes are running outdated versions of the Bitcoin Core client – a type of software that’s known to be vulnerable to cyber attacks.

‘While software bugs can lead to consensus errors, we demonstrated that overt software changes can also modify the state of the blockchain,’ the firm says.

‘Therefore, the core developers and maintainers of blockchain software are a centralized point of trust in the system, susceptible to targeted attack.’ 

Also, as of March 2022, about 55 per cent of Bitcoin nodes were addressable only via open-source software called Tor.

This is a problem because a malicious Tor exit node – the last node that traffic passes through in the Tor network before exiting onto the internet – can modify or drop traffic, similar to the issue with ISPs. 

In a podcast describing its findings, Trail of Bits says some blockchains are more protected than others, but that they are ‘all vulnerable’. 

‘Another government, an ISP, somebody running on Tor exit node, can tell you how to spend your cryptocurrency,’ said Guido.

‘Much more research is needed so that we can find out when people are censoring transactions, when the network operates in ways its not supposed to – because right now it’s way too difficult.’ 

Trail of Bits also states that it thinks blockchain technologies are ‘innovative’ and that the firm is not ‘by any stretch of the imagination anti-blockchain’. 


What is a Bitcoin?   

Bitcoin is what is referred to  as a ‘crypto-currency.’ 

It is the internet’s version of money – a unique pieces of digital property that can be transferred from one person to another.

Bitcoins are generated by using an open-source computer program to solve complex math problems. This process is known as mining.  

Each Bitcoin has it’s own unique fingerprint and is defined by a public address and a private key – or strings of numbers and letters that give each a specific identity.

They are also characterized by their position in a public database of all Bitcoin transactions known as the blockchain. 

The blockchain is maintained by a distributed network of computers around the world.

Because Bitcoins allow people to trade money without a third party getting involved, they have become popular with libertarians as well as technophiles, speculators — and criminals.

Where do Bitcoins come from?

People create Bitcoins through mining.

Mining is the process of solving complex math problems using computers running Bitcoin software.

These mining puzzles get increasingly harder as more Bitcoins enter circulation.

The rewards are cut in half at regular intervals due to a deliberate slowdown in the rate at which new Bitcoins enter circulation. 

Who’s behind the currency?

Bitcoin was launched in 2009 by a person or group of people operating under the name Satoshi Nakamoto and then adopted by a small clutch of enthusiasts.

Nakamoto dropped off the map as Bitcoin began to attract widespread attention, but proponents say that doesn’t matter: the currency obeys its own, internal logic.

Dr Craig Wright was suspected as the creator following a report by Wired last year and he has now confirmed his identity as the cryptocurrency’s founder.  

What’s a bitcoin worth?

Like any other currency, Bitcoins are only worth as much as you and your counterpart want them to be. 

Bitcoins are lines of computer code that are digitally signed each time they travel from one owner to the next. Physical coin used as an illustration

Bitcoins are lines of computer code that are digitally signed each time they travel from one owner to the next. Physical coin used as an illustration

In its early days, boosters swapped Bitcoins back and forth for minor favours or just as a game. 

One website even gave them away for free. 

As the market matured, the value of each Bitcoin grew.

Is the currency widely used?

That’s debatable.

Businesses ranging from blogging platform WordPress to retailer Overstock have jumped on the Bitcoin bandwagon amid a flurry of media coverage, but it’s not clear whether the currency has really taken off. 

On the one hand, leading Bitcoin payment processor BitPay works with more than 20,000 businesses – roughly five times more than it did last year. 

On the other, the total number of Bitcoin transactions has stayed roughly constant at between 60,000 and 70,000 per day over the same period, according to Bitcoin wallet site

Is Bitcoin particularly vulnerable to counterfeiting?

The Bitcoin network works by harnessing individuals’ greed for the collective good. 

A network of tech-savvy users called miners keep the system honest by pouring their computing power into a blockchain, a global running tally of every bitcoin transaction. 

The blockchain prevents rogues from spending the same bitcoin twice, and the miners are rewarded for their efforts by being gifted with the occasional Bitcoin. 

As long as miners keep the blockchain secure, counterfeiting shouldn’t be an issue.