July 6, 2016 By Koen Van Impe 4 min read

Blockchain technology has become one of the hottest trending topics within the computer world in the last couple years. The public has primarily come in contact with blockchains through the use of bitcoins, but there’s more to blockchains than cryptocurrency.

What Is Blockchain Technology?

What is a blockchain? Very simply put, a blockchain is a database that maintains a continuously growing set of data records. It is distributed in nature, meaning that there is no master computer holding the entire chain. Rather, the participating nodes have a copy of the chain. It’s also ever-growing — data records are only added to the chain.

A blockchain consists of two types of elements:

  • Transactions are the actions created by the participants in the system.
  • Blocks record these transactions and make sure they are in the correct sequence and have not been tampered with. Blocks also record a time stamp when the transactions were added.

What Are Some Advantages?

The big advantage of blockchain is that it’s public. Everyone participating can see the blocks and the transactions stored in them. This doesn’t mean everyone can see the actual content of your transaction, however; that’s protected by your private key.

A blockchain is decentralized, so there is no single authority that can approve the transactions or set specific rules to have transactions accepted. That means there’s a huge amount of trust involved since all the participants in the network have to reach a consensus to accept transactions.

Most importantly, it’s secure. The database can only be extended and previous records cannot be changed (at least, there’s a very high cost if someone wants to alter previous records).

How Does It Work?

When someone wants to add a transaction to the chain, all the participants in the network will validate it. They do this by applying an algorithm to the transaction to verify its validity. What exactly is understood by “valid” is defined by the blockchain system and can differ between systems. Then it is up to a majority of the participants to agree that the transaction is valid.

A set of approved transactions are then bundled in a block, which gets sent to all the nodes in the network. They in turn validate the new block. Each successive block contains a hash, which is a unique fingerprint, of the previous block.

Different Types of Blockchains

There are two main types of blockchains:

  • In a public blockchain, everyone can read or write data. Some public blockchains limit the access to just reading or writing. Bitcoin, for example, uses an approach where anyone can write.
  • In a private blockchain, all the participants are known and trusted. This is useful when the blockchain is used between companies that belong to the same legal mother entity.

Practical Implementations of Blockchain Technology


One of the most well-known implementations of the blockchain technology is bitcoin, a digital payment system.

Bitcoin technology is used for various valid transactions and payments, but the bad guys have also made use of it. Many recent forms of ransomware request victims pay a certain number of bitcoins to get their files unlocked. We’ve also seen bitcoin being used in various extortion schemes. For example, attackers threaten to launch a distributed denial-of-service (DDoS) attack if you don’t pay ransom in bitcoin.

There’s not a single instance that controls bitcoins. The distributed nature of the technology allows for a decentralized ecosystem. Because bitcoins deal with real payments and there’s no physical coin, it’s also important that participants are not able to spend the money more than once or undo a payment once the service has been received. The system also must ensure users cannot spend money that doesn’t belong to them. All of this is provided by the underlying technology, together with some extras.


But bitcoin isn’t the only system that employs blockchains. Ethereum is a system for building decentralized applications that uses blockchains. These applications then perform transactions according to certain rules, called a contract. Don’t look at this as a legal contract — it’s merely a trigger for an application to carry out code when it receives a transaction. That makes a great solution for the Internet of Things (IoT).

Let’s look at a practical example: You have storage space you’d like to put up for rent. In a traditional model, you have to employ a third party that handles the payment. Most of the time, this requires you to give some sort of fee to that middleman.

With the new solutions on Ethereum, you can imagine a situation in which the lock to the storage space only opens when a transaction has been performed (the payment by your customer, directly to you). Once the space is no longer needed, the customer can relock your space, and that transaction automatically triggers a new payment (maybe including some costs for cleanup, etc.).

There is still payment involved, but you no longer need to pay a fee to a third party. The use of the service is all handled by what’s called a smart contract.

Cutting Out the Middleman

In the traditional banking world, you still have to pay some sort of fee to banks handling your money. With blockchain technology this could be removed, reducing the global cost for conducting financial transactions. But not everyone agrees that removing the middleman entirely is feasible.

A report published by the SWIFT Institute argued that the technology does not entirely remove the need for third parties, even if it demands a “substantial re-engineering of business processes across multiple securities market firms.” However, this should be put in context since SWIFT provides a network for secure and reliable financial transactions.


Although blockchain technology is not that new of a technology, the practical implementations that go beyond the traditional digital payment system are still relatively young.

The IoT requires us all to solve a lot of new challenges. Providing technologies that allow for secure, fast transactions between the participants in that new world is just one of those obstacles. The traditional model of having a mediator between service and user must evolve.

As with all new technologies, these will also introduce their own set of security issues. Large-scale attacks on smart contracts have yet to materialize, but we’ve already seen the first reports on vulnerabilities that could lead to them. Don’t be afraid of new technologies, but use common sense when you adopt them in your environment.

More from Banking & Finance

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today