Home Topics Blockchain Security What is blockchain security?
Explore IBM's blockchain solution Sign up for sustainability updates
Illustration with collage of pictograms of face profile, leaf, cloud
What is blockchain security?

Blockchain security is a comprehensive risk management system for a blockchain network. It uses cybersecurity frameworks, assurance services and best practices to reduce risks against attacks and fraud.

Basic blockchain security

Blockchain technology produces a structure of data with inherent security qualities. It's based on principles of cryptography, decentralization and consensus, which ensure trust in transactions. In most blockchains or distributed ledger technologies (DLT), the data is structured into blocks and each block contains a transaction or bundle of transactions.

Each new block connects to all the blocks before it in a cryptographic chain in such a way that it's nearly impossible to tamper with. All transactions within the blocks are validated and agreed upon by a consensus mechanism, ensuring that each transaction is true and correct.

Blockchain technology enables decentralization through the participation of members across a distributed network. There is no single point of failure and a single user cannot change the record of transactions. However, blockchain technologies differ in some critical security aspects.

IBM Blockchain 101: Quick-start guide for developers

Build a kick-starter blockchain network and start coding with IBM's next-generation blockchain platform.

Related content

Register for the playbook on smarter asset management

How security differs by blockchain types

Blockchain networks can differ in who can participate and who has access to the data. Networks are typically labeled as either public or private, which describes who is allowed to participate, and permissioned or permissionless, which describes how participants gain access to the network.

Public and private blockchains
Public blockchain networks typically allow anyone to join and for participants to remain anonymous. A public blockchain uses internet-connected computers to validate transactions and achieve consensus. Bitcoin is probably the most well-known example of a public blockchain, and it achieves consensus through "bitcoin mining."

Computers on the bitcoin network, or “miners,” try to solve a complex cryptographic problem to create proof of work and thereby validate the transaction. Outside of public keys, there are few identity and access controls in this type of network.

Private blockchains use identity to confirm membership and access privileges and typically permit only known organizations to join. Together, the organizations form a private, members-only "business network." A private blockchain in a permissioned network achieves consensus through a process called "selective endorsement," where known users verify the transactions. Only members with special access and permissions can maintain the transaction ledger. This network type requires more identity and access controls.

When building a blockchain application, it’s critical to assess which type of network best suits your business goals. Private and permissioned networks can be tightly controlled and preferable for compliance and regulatory reasons. However, public and permissionless networks can achieve greater decentralization and distribution.

 

Public blockchains are public, and anyone can join them and validate transactions.

Private blockchains are restricted and usually limited to business networks. A single entity, or consortium, controls membership.

Permissionless blockchains have no restrictions on processors.

Permissioned blockchains are limited to a select set of users who are granted identities by using certificates.

Cyberattacks and fraud

While blockchain technology produces a tamper-proof ledger of transactions, blockchain networks are not immune to cyberattacks and fraud. Those with ill intent can manipulate known vulnerabilities in blockchain infrastructure and have succeeded in various hacks and frauds over the years. Here are a few examples:

Code exploitation

The Decentralized Autonomous Organization (DAO), a venture capital fund operating through a decentralized blockchain, inspired by Bitcoin, was robbed of more than USD 60 million worth of ether digital currency—about a third of its value—through code exploitation.

Employee computer hacked

When Bithumb, one of the largest Ethereum and bitcoin cryptocurrency exchanges, was recently hacked, the hackers compromised 30,000 users' data and stole USD 870,000 worth of bitcoin. Even though it was an employee's computer that was hacked—not the core servers—this event raised questions about the overall security.

How fraudsters attack blockchain technology

Hackers and fraudsters threaten blockchains in four primary ways: phishing, routing, Sybil and 51% attacks.

Phishing attacks

Phishing is a scamming attempt to attain a user's credentials. Fraudsters send wallet key owners emails designed to look as though they're coming from a legitimate source. The emails ask users for their credentials by using fake hyperlinks. Having access to a user's credentials and other sensitive information can result in losses for the user and the blockchain network.

Routing attacks

Blockchains rely on real-time, large data transfers. Hackers can intercept data as it's transferring to internet service providers. In a routing attack, blockchain participants typically can't see the threat, so everything looks normal. However, behind the scenes, fraudsters have extracted confidential data or currencies.

Sybil attacks

In a Sybil attack, hackers create and use many false network identities to flood the network and crash the system. Sybil refers to a famous book character diagnosed with a multiple identity disorder.

51% attacks

Mining requires a vast amount of computing power, especially for large-scale public blockchains. But if a miner, or a group of miners, might rally enough resources, they might attain more than 50% of a blockchain network's mining power. Having more than 50% of the power means having control over the ledger and the ability to manipulate it.

Note: Private blockchains are not vulnerable to 51% attacks.

In today's digital world it is essential to take steps to ensure the security of both your blockchain design and environment. X-Force Red blockchain testing services can help you do just that.

Explore X-Force® Red blockchain testing services
Blockchain security for the enterprise

When building an enterprise blockchain application, it’s important to consider security at all layers of the technology stack, and how to manage governance and permissions for the network. A comprehensive security strategy for an enterprise blockchain solution includes by using traditional security controls and technology-unique controls. Some of the security controls specific to enterprise blockchain solutions include:

  • Identity and access management

  • Key management

  • Data privacy

  • Secure communication

  • Smart contract security

  • Transaction endorsement

Employ experts to help you design a compliant and secure solution and help you achieve your business goals. Look for a production-grade platform for building blockchain solutions that can be deployed in the technology environment of your choosing, whether that is on-premises or your preferred cloud vendor.

Explore IBM Hyper Protect Digital Assets Platform
Blockchain security tips and best practices

When designing a blockchain solution, consider these key questions:

  • What is the governance model for participating organizations or members?

  • What data will be captured in each block?

  • What are the relevant regulatory requirements, and how can they be met?

  • How are the details of identity managed? Are block payloads encrypted? How are the keys managed and revoked?

  • What is the disaster recovery plan for the blockchain participants?

  • What is the minimal security posture for blockchain clients for participation?

  • What is the logic for resolving blockchain block collisions?

When establishing a private blockchain, ensure that it's deployed in a secure, resilient infrastructure. Poor underlying technology choices for business needs and processes can lead to data security risks through their vulnerabilities.

Consider business and governance risks. Business risks include financial implications, reputational factors and compliance risks. Governance risks emanate primarily from blockchain solutions' decentralized nature, and they require strong controls on decision criteria, governing policies, identity and access management.

Blockchain security is about understanding blockchain network risks and managing them. The plan to implement security to these controls makes up a blockchain security model. Create a blockchain security model to ensure that all measures are in place to adequately secure your blockchain solutions.

To implement a blockchain solution security model, administrators must develop a risk model that can address all business, governance, technology and process risks. Next, they must evaluate the threats to the blockchain solution and create a threat model. Then, administrators must define the security controls that mitigate the risks and threats based on the following three categories:

  • Enforce security controls that are unique to blockchain

  • Apply conventional security controls

  • Enforce business controls for blockchain

IBM Blockchain services and consulting can help you design and activate a blockchain network that addresses governance, business value and technology needs while assuring privacy, trust and security.

Build securely with IBM Blockchain services and consulting
Related solutions
IBM Blockchain® Platform

Get an in-depth look at the leading open source blockchain for the business platform: developer tools, pricing, product tours, customer reviews and documentation.

Build on the leading blockchain platform
IBM Blockchain Solutions

Connect with experts, read some client success stories and learn how to join an IBM network.

Explore all blockchain solutions
IBM Blockchain Services

With more than 1,600 business and technical experts—leaders in building a blockchain for business from the ground up—IBM can help you address the three most critical design points in bringing a blockchain for a business network to life: governance, business value and technology.

Learn about blockchain consulting
Resources
What is blockchain technology?

Learn blockchain basics from the key elements to blockchain network types to how industries use it.

Blockparty

See how IBM clients and business partners use blockchain to transform consumer confidence, food safety, sustainability and more. Then, see how contemporary artists interpret their innovations in Blockparty, a webinar series.

Secure your blockchain solutions

This in-depth article highlights the blockchain security reference architecture that can be applied across blockchain projects and solutions for various industry use cases and deployments.

The Founder's Handbook: An introduction to building a blockchain solution, Third Edition

This handbook can help you identify your blockchain use case, learn how to mobilize your ecosystem and navigate a governance model. It also includes information on defining and managing smart contracts in a multiparty system, digitizing assets, legal considerations and real-world examples.

Take the next step

IBM Blockchain solutions use distributed ledger technology and enterprise blockchain to help clients drive operational agility, connectivity and new revenue streams. Move beyond your organization's boundaries with trusted end-to-end data exchange and workflow automation.

Explore blockchain solutions Subscribe to the Think Newsletter