According to Trail of Bits, distributed ledger technology (DLT) and blockchains, including Bitcoin and Ethereum, may be more vulnerable to centralization risks than originally thought.

- Advertisement -

security firm on tuesday came out his report entitled “Are Blockchains Decentralized?” commissioned by the US Defense Advanced Research Projects Agency (DARPA).

- Advertisement -

The report aims to explore whether blockchains, including Bitcoin and Ethereum, are truly decentralized, although the report appears to be mostly focused on Bitcoin.

- Advertisement -

Among its key findings, the security firm found that legacy bitcoin nodes, unencrypted blockchain mining pools, and much of the unencrypted bitcoin network traffic passing through only a limited number of ISPs can allow various actors to gain excessive centralized control over the network.

Bitcoin nodes

The report states that the Bitcoin node subnet is largely responsible for reaching consensus and communicating with miners, and that “the vast majority of nodes do not significantly contribute to the health of the network.”

It has also been found that 21% of Bitcoin nodes are running an older version of the Bitcoin Core client that is known to have vulnerability issues such as consensus errors. It states that “it is imperative that all DLT nodes run the same latest software version, otherwise consensus errors may occur, leading to a fork of the blockchain.”

A Bitcoin node is any computer that stores and validates blocks on the blockchain. Nodes are used to monitor the health and security of the Bitcoin blockchain and verify the accuracy of transactions. The current version that all nodes should be running is: Bitcoin Core 22.0.

Another finding from the report showed that the Stratum Bitcoin mining pool protocol is not encrypted and, in fact, not authenticated.

This means that malicious attacks can be launched to “estimate the hashrate and payouts of a miner in the pool” and “manipulate Stratum messages to steal CPU cycles and payouts from mining pool members.”

Redirection through ISPs

The authors also found vulnerabilities in the infrastructure based on the fact that Bitcoin protocol traffic is not encrypted and 60% of network traffic only goes through three ISPs.

This is a problem because “Internet service providers and hosting providers have the ability to arbitrarily degrade or deny service to any site.”

The report contains twenty-six pages of detailed information, data and infographics. DARPA was founded in 1958 and is responsible for developing new technologies for use by the US Department of Defense agency and the US military. Trail of Bits is a cybersecurity research and consulting firm that DARPA commissioned to develop the report.

Centralized and Decentralized Digital Networks: Key Differences

The report came at an interesting time, after the issues of centralization were highlighted on Solana.

On Sunday, Solana-based decentralized finance (DeFi) lending protocol Solend unveiled an impromptu governance proposal aimed at taking over a whale’s wallet facing liquidation, threatening to put a strain on Solend and its users.

The proposal, which was accepted by one whale, prompted an immediate pullback from Twitter and the creation of yet another governance vote to void the previously approved proposal. Observers argue that the move could hurt DeFi’s overall image, as gaining control of one of Solend’s wallets means the fundamental principles of DeFi are being called into question, and devoting wasn’t much better.