Blockchain is not as distributed as you think: Defense Agency report

Blockchain is not as distributed as you think: Defense Agency report – Mail Bonus

Distributed ledger technology (DLT) and blockchains, including Bitcoin and Ethereum, may be more sensitive to centralized risk than initially thought, according to Trail of Bits.

On Tuesday, the security company released its report entitled “Are Blockchains decentralized?”, Which was commissioned by the US Government Defense Advanced Research Projects Agency (DARPA).

The report aims to examine whether blockchains, including Bitcoin and Ethereum, are indeed distributed, although the report seemed to focus largely on Bitcoin.

Among its key findings, the security company found that outdated Bitcoin nodes, unencrypted blockchain mining pools, and the majority of unencrypted Bitcoin network traffic that spans only a limited number of online service providers could leave room for various parties to gain excessive, centralized online management.

Bitcoin nodes

The report stated that the Bitcoin nodes subnet is largely responsible for achieving solidarity and communication with miners and that “the vast majority of nodes do not significantly contribute to the health of the network.

It also found that 21% of Bitcoin nodes run an older version of the Bitcoin Core client, which is known to have vulnerabilities such as solidarity errors. It states that “it is important that all DLT nodes work on the same latest version of software, otherwise solidarity errors can occur and lead to a blockchain fork.”

A Bitcoin node is any computer that stores and verifies blocks in a blockchain. Nodes are used to monitor the health and security of the Bitcoin blockchain and verify the accuracy of transactions. The current version that all nodes should run is Bitcoin Core 22.0.

Another part of the report revealed that the protocol of the Bitcoin mining pool Stratum is unencrypted and in fact unconfirmed.

This means that malicious attacks can be made to “estimate the hashrate and payouts of a miner in the pool” and “handle Stratum messages to steal microprocessors and payouts from mining pool participants.

Transfer through an Internet service provider

The authors also found the vulnerability in the infrastructure, based on the fact that the Bitcoin protocol traffic is unencrypted and 60% of the network traffic only exceeds three ISPs.

This is a problem because “Internet service providers and hosting providers have the ability to cut or deny services at any node.

Twenty-six pages of detailed information, data and information images are in the report. DARPA was founded in 1958 and is responsible for the development of new technology for use by the US Department of Defense and the US military. Trail of Bits is a network security research and consulting firm hired by DARPA to develop the report.

Connected: Centralized vs. Distributed Digital Networks: A Key Difference

The report comes at an interesting time after Solana’s concerns about centralization.

On Sunday, Solana-based decentralized finance (DeFi) lending Solend put together an interim government proposal aimed at taking over a whale wallet that was facing bankruptcy that threatened to put a strain on Solend and its users.

The proposal, which was approved by one whale, was an immediate withdrawal from Twitter and the creation of another referendum to invalidate the previously approved proposal. Observers argue that the move could damage the overall image of DeFi, as taking control of one of Solend’s wallets means that DeFi’s basic principles are being questioned and reversing votes was not much better.