The Pentagon's science department has reservations about the blockchain technology that underpins Web3. A Defense Advanced Research Projects Agency (DARPA) release on Are Blockchains Decentralized? (Is blockchain really decentralized?) "Found key vulnerabilities that could jeopardize the so-called" decentralization "concept of blockchain technology.
The report, conducted in collaboration with research firm Trail of Bits, singles out "unintended centralities" that the authors believe have the potential to concentrate power over blockchain in the hands of a few specific individuals or groups. These "unexpected hubs" range from powerful new cryptocurrency miners and outdated computers that are vulnerable to attack to some groups of Internet service providers responsible for handling bitcoin traffic.
It's worth noting that the report's authors don't start with the vulnerabilities/weaknesses in cryptography (which was actually described as "pretty powerful "-- at least until quantum computing became a great reality), but rather explore the problems with blockchain by" upending the properties of blockchain implementations."
"We believe that the risks inherent in blockchain and cryptocurrencies have been poorly described and often ignored, or even ridiculed, by those trying to cash in on this decade's gold rush," the authors note in the report.
DARPA has reportedly worked with Trail of Bits over the past year, asking the company to study the fundamental properties of blockchain and the potential security risks associated with it. The timing of the report comes amid a historic loss of value for Bitcoin and other cryptocurrencies that has shocked many in the field.
According to the report, for at least the past five years, nearly two-thirds (60 percent) of bitcoin traffic has gone through just three Internet service providers. In addition, about half of all Bitcoin traffic reportedly goes through Tor. If so, Trail of Bits CEO Dan Guido said in an interview with NPR, these providers could have the ability to "rewrite history," limiting certain transactions and preventing Bitcoin from changing hands entirely.
"Suppose someone took control of the Internet in their country from the top down and started messing with the network," Guido said. By slowing or stopping legitimate blockchain traffic, an attacker could become the 'majority' voice in the consensus written into the blockchain at that moment."
Then there is the issue of out-of-date software. According to the report, about 21 percent of Bitcoin nodes are running an older, vulnerable version of bitcoin's core client. Trail of Bits says that "overt software changes" can actually modify the state of the blockchain, which in turn makes the developer of blockchain software a unique point of trust in the system and vulnerable to attack.