July 6, 2016 By Koen Van Impe 4 min read

Blockchain technology has become one of the hottest trending topics within the computer world in the last couple years. The public has primarily come in contact with blockchains through the use of bitcoins, but there’s more to blockchains than cryptocurrency.

What Is Blockchain Technology?

What is a blockchain? Very simply put, a blockchain is a database that maintains a continuously growing set of data records. It is distributed in nature, meaning that there is no master computer holding the entire chain. Rather, the participating nodes have a copy of the chain. It’s also ever-growing — data records are only added to the chain.

A blockchain consists of two types of elements:

  • Transactions are the actions created by the participants in the system.
  • Blocks record these transactions and make sure they are in the correct sequence and have not been tampered with. Blocks also record a time stamp when the transactions were added.

What Are Some Advantages?

The big advantage of blockchain is that it’s public. Everyone participating can see the blocks and the transactions stored in them. This doesn’t mean everyone can see the actual content of your transaction, however; that’s protected by your private key.

A blockchain is decentralized, so there is no single authority that can approve the transactions or set specific rules to have transactions accepted. That means there’s a huge amount of trust involved since all the participants in the network have to reach a consensus to accept transactions.

Most importantly, it’s secure. The database can only be extended and previous records cannot be changed (at least, there’s a very high cost if someone wants to alter previous records).

How Does It Work?

When someone wants to add a transaction to the chain, all the participants in the network will validate it. They do this by applying an algorithm to the transaction to verify its validity. What exactly is understood by “valid” is defined by the blockchain system and can differ between systems. Then it is up to a majority of the participants to agree that the transaction is valid.

A set of approved transactions are then bundled in a block, which gets sent to all the nodes in the network. They in turn validate the new block. Each successive block contains a hash, which is a unique fingerprint, of the previous block.

Different Types of Blockchains

There are two main types of blockchains:

  • In a public blockchain, everyone can read or write data. Some public blockchains limit the access to just reading or writing. Bitcoin, for example, uses an approach where anyone can write.
  • In a private blockchain, all the participants are known and trusted. This is useful when the blockchain is used between companies that belong to the same legal mother entity.

Practical Implementations of Blockchain Technology

Bitcoins

One of the most well-known implementations of the blockchain technology is bitcoin, a digital payment system.

Bitcoin technology is used for various valid transactions and payments, but the bad guys have also made use of it. Many recent forms of ransomware request victims pay a certain number of bitcoins to get their files unlocked. We’ve also seen bitcoin being used in various extortion schemes. For example, attackers threaten to launch a distributed denial-of-service (DDoS) attack if you don’t pay ransom in bitcoin.

There’s not a single instance that controls bitcoins. The distributed nature of the technology allows for a decentralized ecosystem. Because bitcoins deal with real payments and there’s no physical coin, it’s also important that participants are not able to spend the money more than once or undo a payment once the service has been received. The system also must ensure users cannot spend money that doesn’t belong to them. All of this is provided by the underlying technology, together with some extras.

Ethereum

But bitcoin isn’t the only system that employs blockchains. Ethereum is a system for building decentralized applications that uses blockchains. These applications then perform transactions according to certain rules, called a contract. Don’t look at this as a legal contract — it’s merely a trigger for an application to carry out code when it receives a transaction. That makes a great solution for the Internet of Things (IoT).

Let’s look at a practical example: You have storage space you’d like to put up for rent. In a traditional model, you have to employ a third party that handles the payment. Most of the time, this requires you to give some sort of fee to that middleman.

With the new solutions on Ethereum, you can imagine a situation in which the lock to the storage space only opens when a transaction has been performed (the payment by your customer, directly to you). Once the space is no longer needed, the customer can relock your space, and that transaction automatically triggers a new payment (maybe including some costs for cleanup, etc.).

There is still payment involved, but you no longer need to pay a fee to a third party. The use of the service is all handled by what’s called a smart contract.

Cutting Out the Middleman

In the traditional banking world, you still have to pay some sort of fee to banks handling your money. With blockchain technology this could be removed, reducing the global cost for conducting financial transactions. But not everyone agrees that removing the middleman entirely is feasible.

A report published by the SWIFT Institute argued that the technology does not entirely remove the need for third parties, even if it demands a “substantial re-engineering of business processes across multiple securities market firms.” However, this should be put in context since SWIFT provides a network for secure and reliable financial transactions.

Conclusion

Although blockchain technology is not that new of a technology, the practical implementations that go beyond the traditional digital payment system are still relatively young.

The IoT requires us all to solve a lot of new challenges. Providing technologies that allow for secure, fast transactions between the participants in that new world is just one of those obstacles. The traditional model of having a mediator between service and user must evolve.

As with all new technologies, these will also introduce their own set of security issues. Large-scale attacks on smart contracts have yet to materialize, but we’ve already seen the first reports on vulnerabilities that could lead to them. Don’t be afraid of new technologies, but use common sense when you adopt them in your environment.

More from Banking & Finance

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today