The Pentagon’s Defense Advanced Research Projects Agency (DARPA) recently commissioned a report to investigate the true decentralization of the Bitcoin and Ethereum blockchains. The company that handled the commission, Trail of Bits, found evidence that both blockchains have serious security vulnerabilities.
The reason why the Pentagon became interested in the topic and commissioned an investigation through DARPA is supposed to be the increase in hacking attacks in recent times, resulting in multi-million dollar losses.
A report by Trail of Bits revealed that despite many claims, the reality is that the Bitcoin and Ethereum blockchains are far from decentralized. In the case of Bitcoin, enough computing power to influence transactions is in the hands of four entities, while in the case of Ethereum, it is only in the hands of two.
The report also questioned the professionalism of miners and the efficiency of mining the two largest cryptocurrencies. According to its findings, Bitcoin and Ethereum miners do not engage in the mining process at all, resulting in the absence of any penalties for being dishonest. As if that weren’t enough, according to analysts at Trail of Bits, the Stratum protocol used to coordinate so-called mining pools is unencrypted and unauthenticated.
Trail of Bits employees tested the mining pools and found that they “either use permanently assigned passwords, the same for all accounts, or do not require any password to be entered.”
What’s more, more than 60 percent of Bitcoin traffic goes through the three Internet providers. According to experts from DARPA and Trail of Bits, such a phenomenon has repeatedly been the cause of successful hacking attacks that exploited vulnerabilities unrelated to the blockchain itself, including on Ronin Wallet and the recent, famous attack on Harmony (ONE).
For those interested, the entire report in English produced by Trail of Bits on behalf of DARPA is available at this link.