The Bitcoin mania has created an estimated $250 million-a-year crypto hacking industry. The blockchain ecosystem -- the decentralised "distributed ledgers" that track crypto transactions -- is also vulnerable. Those losses could snowball as more companies and investors rush into the white-hot cryptocurrency market without weighing the dangers or taking steps to protect themselves. Super-secure? Blockchain records are shared, making them hard to alter, so some users see them as super-secure. But in many ways they are no safer than any other software, Matt Suiche, who runs the blockchain security company Comae Technologies, said in a phone interview.

And since the market is immature, blockchains may even be more vulnerable than other software. There are thousands of them, each with its own bugs. Until the field is winnowed to a few favourites, as happened with web browsers, securing them all will be a challenge. "Each implementation is going to have its own problems," Suiche said. "The more implementations, the harder it is to cover all of them." Blockchains can track identity information, property records and even digital car keys, not just cryptocurrency. But of course, they do that too, and stolen Bitcoins can be converted into hard cash. So while hacking a blockchain may be harder than breaking into a retailer's database, "the rewards are greater," according to Andras Cser, an analyst at Forrester Research. "You have much more information you can steal." Exploiting forks

Many blockchains started as forks that diverged from existing crypto ledgers, and as Taiwanese security researchers have pointed out, every fork gives hackers a new way to try to falsify data. In a December 25 paper, researchers at the Institute of Electrical and Electronics Engineers outlined ways hackers can spend the same Bitcoins twice, the very thing blockchains are meant to prevent. In a Balance Attack, for instance, hackers delay network communications between subgroups of miners, whose computers verify blockchain transactions, to allow for double spending. "We have no evidence that such attacks have already been performed on Bitcoin," the IEEE researchers said. "However, we believe that some of the important characteristics of Bitcoin make these attacks practical and potentially highly disruptive." 'Sensitive data' A researcher from Cisco Talos, a security group, found vulnerabilities in Ethereum clients, including a bug that "can lead to the leak of sensitive data about existing accounts." A security hole in the Parity wallet resulted in losses of $US155 million in November.

In December, Youbit, an exchange in South Korea, said it would file for bankruptcy following an attack in which it lost 17 per cent of its assets. The same month, mining service NiceHash said hackers stole as much as $US63 million in Bitcoin from its virtual wallet. Smart contracts -- blockchain-based programs that automate asset transfers -- are also vulnerable. In 2016, hackers stole at least $US50 million out of the DAO, a venture-capital smart contract. Only an update to Ethereum allowed users to get their money back. Programmers' old-school mindsets are partly to blame for the technology's flaws. "When you have a bug, you release a patch," Richard Ma, co-founder of Quantstamp, a company backed by venture-capital firm Y Combinator. "With a smart contract, you deploy it to the network, and it's not possible to ever change it again." Opportunity knocks

But Ma sees an opportunity. In March, Quantstamp will release an automated tool that scours smart contracts for bugs. Established security firms such as McAfee may also repurpose their wares for the blockchain crowd. "In many cases, our existing products can help secure the ecosystem," Steve Grobman, chief technology officer of McAfee, said in a phone interview. "In general, it will be vulnerable to threats just like any other software system." The market for software, services and hardware to secure blockchain activity should grow to $US355 billion as the digital economy moves to cybercurrency and banks and the financial community totally restructure, according to WinterGreen. It was $US259 million in 2017. Loading Let's hope they put all that money somewhere safe.

Bloomberg