Are Smart Contracts the Next Target for Hackers?
Smart contracts are poised to revolutionize the way transactions are handled in industries ranging from insurance and healthcare to financial services and even gambling. However, smart contracts can be vulnerable to hacking.
On July 19, Parity Technologies, a start-up that specializes in blockchain technology, released a security alert advising that hackers took advantage of a bug in the code of Parity Wallet, Parity’s multi-sig smart contract, and stole $30 million in cryptocurrency. The Parity hack casts a spotlight on smart contracts – a young, but rapidly developing technology that is poised to change the way business is conducted across all sectors.
“White hat” hackers were able to protect an additional 377,000 ethers, the cryptocurrency used on the Ethereum blockchain platform, worth an estimated $75 million from the hackers by moving the cryptocurrency out of the vulnerable wallets and into secure locations. The hack was discovered around noon and by midnight Parity reported that an update was available for wallet users to patch the code flaw and that all wallets created following the hack were secure. In the aftermath of the theft, the price of ether has fallen from $244 to $201.
The Parity hack followed a smaller hack on July 17 where $7 million in ether was stolen. The $7 million hack targeted vulnerability in the initial public offering of cryptocurrency from the company CoinDash, known as an initial coin offering or ICO, rather than a blockchain component.
Cybersecurity expert Tyler Moffit, in an email interview with CNBC, advised that those wishing to deal in cryptocurrency at the present time use only hardware or native wallets (desktop wallets) rather than software wallets such as the ones hacked in this case. “[T]hey are the most secure, as you are in control of any transaction,” Moffit said of hardware and desktop wallets.
What is a smart contract?
A smart contract is “a piece of software that stores rules for negotiating the terms of a contract, automatically verifies the contract and then executes the agreed terms.” In theory, smart contracts decentralize the contracting process, allowing the contracting parties to reach an agreement, verify that agreement, and execute that agreement without going through a central authority such as a bank. Instead, the terms of the contract are encrypted in computer code. This coded contract is then distributed to all the parties who subscribe to a blockchain. The blockchain is a digital ledger that records transactions conducted by its members, with each member called a node in the blockchain. By having the code distributed as part of a ledger to each party in a transaction network, these parties and the computer system work together to keep watch over the transactions and ensure that no party manipulates any given transaction. For a visualization of how smart contracts work, see this video.
The Pros and Cons of Smart Contracts
First, the pros: In an ideal world (that could possibly be the near future), smart contracts remove the costs and time associated with having a middle man manage transactions. As an example, if Jack wants to buy a bike from Jill on the first day of the year that the temperature is 70 degrees, then Jack and Jill can create a computer code, a smart contract, that uses data about the weather to track the first day that the temperature hits 70 degrees. The code, upon recognizing that the temperature is 70 degrees, will immediately release digital money (like bitcoins or ethers) held in Jack’s digital wallet to Jill’s account. The code can also provide that the release of this money to Jill will trigger an email to Jill instructing her to send the bicycle to Jack. All of these steps will be written in the code eliminating the possibility of human error in carrying out a majority or the entirety of the contract. This process eliminates the need to pay a bank to process payment and eliminates the time it takes for the funds to transfer, as well as potential disagreements about the facts that trigger commencement of the transaction (in our example, whether the temperature reached 70 degrees). The automated smart contract creates efficiency in a transaction.
The cons: We are not in the ideal smart contract world yet. Decentralized smart contracts, as a new technology, have not developed to the point where their benefits outweigh their costs. Smart contracts are only as good as the code underlying them and therefore are only as good as the programmers who create that code. The most popular platform currently for smart contracts is Ethereum. Ethereum only put out the web browser, known as Mist, needed to program smart contracts for its interface in 2015 and programmers are still familiarizing themselves with the Solidity coding language used to create the smart contracts on Ethereum. This means that at the current time, creation of a smart contract could be laborious and incur more cost than traditional contracting methods. Since programmers are still feeling out the technology, smart contract code is vulnerable to bugs and coding weaknesses like the one the Parity hackers exploited to corrupt a smart contract.
Further, the transparency component of blockchains is a double edged sword. While it provides a way to keep a check on all transactions without a middle man, it also means that the information in the smart contract is available to all members of the blockchain. Programmers are still working on ways to limit the number of blockchain members who have access to this information for privacy, while retaining the verification mechanisms that the transparency of a traditional blockchain provides.
The Bottom Line
Experts predict that once programmers settle into it, blockchain technology generally, and smart contracts in particular, are poised to revolutionize the way transactions are handled in a wide range of industries. Now is the time to get ahead of the curve and learn more about this technology.