The idea of decentralization of the digital ledger is a fallacy, according to research conducted by Trail of Bits. Controlling the four biggest mining pools could disrupt the Bitcoin chain, withEthereum faring worse at three entities, according to the report.
The Defense Advanced Research Projects Agency DARPA, the Pentagon's research and development branch, was commissioned to investigate technology for potential military use.
The report, which targets IT professionals, added more doubts about the use of cryptocurrencies in a time when security risk and price instability are at the forefront of everyone's minds.
The report goes in-depth, covering immutability, the Nakamoto coefficient, which refers to the number of entities required to attack a network successfully, mining pool vulnerabilities, 51% attacks, network topology, network and software centrality.
The most critical findings stated that inmutability could be broken, and distributed ledger technology DLT can be centralized via authoritative, consensus, motivational, topological, network and software means.
The report said that Virtual Machines VM, which are used to include new features and execute security migrations, are a potential gateway to breaking immutability.
It is possible that software authors and maintainers can change the semantics of the blockchain, which can include reverting the blockchain to a previous state. Trail of Bits shows the example of devs doing this in response to the 2016 DAO attack.
As such, neither the code nor the data can be considered semantically immutable. Researchers state that DLT can be centralized across a number of ways, despite the fact that the concept of operating securely without central control is sold on the concept of centralized control.
It has a Nakamoto coefficient of four, so taking control of four mining pools would be enough to attack the network. The closer the coefficient is to one, the more centralized it is.
Trail of Bits researchers argue that there are still perverse incentives that exist, such as from competing countries or unfriendly nation-states that have the resources to pull off such an attack, despite the fact that the cost of controlling four Bitcoin mining pools is uneconomically expensive.
Over a fifth of Bitcoins are running an old client version, which has known vulnerabilities, according to other key findings. 60% of all BTC traffic passes through three Internet Service Providers.