July 6, 2016 By Koen Van Impe 4 min read

Blockchain technology has become one of the hottest trending topics within the computer world in the last couple years. The public has primarily come in contact with blockchains through the use of bitcoins, but there’s more to blockchains than cryptocurrency.

What Is Blockchain Technology?

What is a blockchain? Very simply put, a blockchain is a database that maintains a continuously growing set of data records. It is distributed in nature, meaning that there is no master computer holding the entire chain. Rather, the participating nodes have a copy of the chain. It’s also ever-growing — data records are only added to the chain.

A blockchain consists of two types of elements:

  • Transactions are the actions created by the participants in the system.
  • Blocks record these transactions and make sure they are in the correct sequence and have not been tampered with. Blocks also record a time stamp when the transactions were added.

What Are Some Advantages?

The big advantage of blockchain is that it’s public. Everyone participating can see the blocks and the transactions stored in them. This doesn’t mean everyone can see the actual content of your transaction, however; that’s protected by your private key.

A blockchain is decentralized, so there is no single authority that can approve the transactions or set specific rules to have transactions accepted. That means there’s a huge amount of trust involved since all the participants in the network have to reach a consensus to accept transactions.

Most importantly, it’s secure. The database can only be extended and previous records cannot be changed (at least, there’s a very high cost if someone wants to alter previous records).

How Does It Work?

When someone wants to add a transaction to the chain, all the participants in the network will validate it. They do this by applying an algorithm to the transaction to verify its validity. What exactly is understood by “valid” is defined by the blockchain system and can differ between systems. Then it is up to a majority of the participants to agree that the transaction is valid.

A set of approved transactions are then bundled in a block, which gets sent to all the nodes in the network. They in turn validate the new block. Each successive block contains a hash, which is a unique fingerprint, of the previous block.

Different Types of Blockchains

There are two main types of blockchains:

  • In a public blockchain, everyone can read or write data. Some public blockchains limit the access to just reading or writing. Bitcoin, for example, uses an approach where anyone can write.
  • In a private blockchain, all the participants are known and trusted. This is useful when the blockchain is used between companies that belong to the same legal mother entity.

Practical Implementations of Blockchain Technology


One of the most well-known implementations of the blockchain technology is bitcoin, a digital payment system.

Bitcoin technology is used for various valid transactions and payments, but the bad guys have also made use of it. Many recent forms of ransomware request victims pay a certain number of bitcoins to get their files unlocked. We’ve also seen bitcoin being used in various extortion schemes. For example, attackers threaten to launch a distributed denial-of-service (DDoS) attack if you don’t pay ransom in bitcoin.

There’s not a single instance that controls bitcoins. The distributed nature of the technology allows for a decentralized ecosystem. Because bitcoins deal with real payments and there’s no physical coin, it’s also important that participants are not able to spend the money more than once or undo a payment once the service has been received. The system also must ensure users cannot spend money that doesn’t belong to them. All of this is provided by the underlying technology, together with some extras.


But bitcoin isn’t the only system that employs blockchains. Ethereum is a system for building decentralized applications that uses blockchains. These applications then perform transactions according to certain rules, called a contract. Don’t look at this as a legal contract — it’s merely a trigger for an application to carry out code when it receives a transaction. That makes a great solution for the Internet of Things (IoT).

Let’s look at a practical example: You have storage space you’d like to put up for rent. In a traditional model, you have to employ a third party that handles the payment. Most of the time, this requires you to give some sort of fee to that middleman.

With the new solutions on Ethereum, you can imagine a situation in which the lock to the storage space only opens when a transaction has been performed (the payment by your customer, directly to you). Once the space is no longer needed, the customer can relock your space, and that transaction automatically triggers a new payment (maybe including some costs for cleanup, etc.).

There is still payment involved, but you no longer need to pay a fee to a third party. The use of the service is all handled by what’s called a smart contract.

Cutting Out the Middleman

In the traditional banking world, you still have to pay some sort of fee to banks handling your money. With blockchain technology this could be removed, reducing the global cost for conducting financial transactions. But not everyone agrees that removing the middleman entirely is feasible.

A report published by the SWIFT Institute argued that the technology does not entirely remove the need for third parties, even if it demands a “substantial re-engineering of business processes across multiple securities market firms.” However, this should be put in context since SWIFT provides a network for secure and reliable financial transactions.


Although blockchain technology is not that new of a technology, the practical implementations that go beyond the traditional digital payment system are still relatively young.

The IoT requires us all to solve a lot of new challenges. Providing technologies that allow for secure, fast transactions between the participants in that new world is just one of those obstacles. The traditional model of having a mediator between service and user must evolve.

As with all new technologies, these will also introduce their own set of security issues. Large-scale attacks on smart contracts have yet to materialize, but we’ve already seen the first reports on vulnerabilities that could lead to them. Don’t be afraid of new technologies, but use common sense when you adopt them in your environment.

More from Banking & Finance

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today