With blockchain being so accessible — on a public network anyone can become a miner and write transaction information — security has quickly become a serious consideration.

Blockchain is considered inherently un-hackable, yet scalability concerns are prompting alternatives in software, updates, and hard forks that may detract from the inherent security benefits.

Blockchains in their Current State

Currently, blockchains are locked to editing, and can only be updated by creating a new block that contains the sum of the blocks (record of transactions before it), and creating a new block requires verification with a cryptographical puzzle that must be confirmed by every node on the system. With a public system, every user is accountable to the others, which inhibits autonomous ownership and access as with traditional banking.

Hard Fork in Response

Ethereum has already taken a hard fork to recoup its losses after the $50 million DAO hack. It was impossible to continue with vulnerable code, and so Ethereum split — took a hard fork — and created two branches, Ethereum and Ethereum Classic.

However, abandoning the old system in favour of the new and, hopefully, improved system can never be a long-term response. Faith in cryptocurrencies will falter, and further forks may happen down the road.

More Users, More Verification

Hackers and fraudsters have a difficult time infiltrating blockchains.

Changing one block would necessitate the changing of the entire chain, and blackmailing or bribing one user into accepting invalid code is redundant with peer-to-peer verification. In this respect, scalability is beneficial to security, as it introduces more nodes for verification and longer blockchains to record entries. The downside is that more nodes mean more verification, which impacts on response time: not only does this mean longer waiting times, unfeasible when compared to transactions on other networks such as Visa, it also reduces the number of blocks can be produced per minute.

51% Attack

As individuals, miners have very little power over the blockchain: even if one were to attempt to pass an erroneous transaction, the rest of the miners would fail to ratify it.

However, miners can pool together into collectives, which is more profitable than working independently, and as a group, they hypothetically could exert a lot more influence, such as preventing transactions from being confirmed. Ethereum co-founder Vitalik Buterin has acknowledged that “selfish mining is profitable starting at 25–33% hashpower, and 51% censorship attacks are definitely profitable.”

In 2014, one such mining pool, Ghash.io, accounted for 51% of the network’s block verification, known as hashing power. The group voluntarily capped itself at 39.99% for the good of the network: after all, no one will use or invest in a currency that is liable to be taken over by one entity, contradicting the base principles of the decentralised exchange.

Scaling up would introduce more users and nodes into the network, theoretically reducing the chances of one group becoming dominant, particularly when it so blatantly threatens the platform’s security and economic viability. The increased profitably of blockchain mining may continue to attract professional conclaves that have the potential to exploit the system. Regardless of financial gain, mining may be exploited for no personal reason other than to disrupt the system.

Proof of Stake

Partly in response to the risks of a 51% attack, and partly because of the incredible amounts of power it takes to verify one transaction (it is estimated that in 2020 the energy used for Bitcoin mining and processing could power Denmark) new and existing currencies are shifting towards a Proof of Stake method of mining.

Initially, coins were rewarded by Proof of Work as detailed earlier, whereby the miner that solves the puzzle is verified by other nodes and paid. Proof of Work is intensely energy consuming due to multiple miners competing to be the first to solve a block, an issue that will only get worse as cryptocurrency expands, whereas with Proof of Stake the miner to validate the transaction is chosen.

A Proof of Stake miner (known as a forger) would have to hold 51% of the network coins before it could attack the system; apart from the cost of purchasing them, it would be difficult to source that amount of currency from other users and financially counter-productive to do so. Ethereum’s Casper protocol is also an incentive to Proof of Stake forgers: they “stake” a bet with their coin, and if the validation is accepted, they are rewarded with an amount proportionate to their stake, and to counteract malicious validation, the staked coin is slashed if the output isn’t correct.

Private Blockchains

In response to lagging verification times and preferences for discretion, more private blockchains within individual businesses are more likely to emerge. These can limit miners to specific validators, meaning that there are fewer nodes for a block to be verified by and therefore quicker processing times.

Attractive to companies that want to retain control over their transactions alongside faster verification, they bear the cryptographic security of blockchains with the privacy of more traditional transaction logs.

However, private blockchains are subject to some of the same pitfalls of traditional banking that cryptocurrency intended to distance itself from, namely autonomy. With markedly fewer miners involved in the validation process, it is much easier for the blockchain to be compromised via the humans involved, such as blackmail or a deliberate effort by the company.

Increased Use Will Reveal Issues

The Financial Stability Oversight Council, a collective of U.S. financial regulators, has already warned that blockchain systems are potentially vulnerable due to their limited use and that flaws in their security might not become apparent until they were “deployed at scale.”

With cryptocurrency still needing space to develop and adapt to a growing user base, more issues will undoubtedly be revealed as the networks struggle to handle scalability while keeping their processes as secure as possible.