Advertisement
Nearly two-thirds (60%) of all Bitcoin traffic travelled through just three ISPs over at least the past five years, according to the report. Additionally, around half of all Bitcoin, traffic was reportedly routed through Tor. If so inclined, Trail of Bits CEO Dan Guido said in an interview with NPR, those providers could potentially possess the ability to “rewrite history” by restricting certain transactions and preventing Bitcoin from changing hands altogether.
“Let’s say somebody with great top-down control of the internet in their country starts to interfere with that network,” Guido said. “By slowing down or stopping legitimate blockchain traffic, an attacker could become the ‘majority’ voice in the consensus of what’s written to a blockchain at that moment.”
Advertisement
Then there’s the issue of outdated software. According to the report, around 21% of Bitcoin nodes are running an old version of a Bitcoin core client that’s vulnerable to attacks. Trail of Bits says “overt software changes” can actually modify the state of a blockchain which in turn makes the developers of blockchain software a centralized point of trust in the system uniquely vulnerable to attacks.
“This choice is not simply about the convenience of delegating management to a third party; it is about whether one trusts a centralized third party versus one’s own security hygiene and the developers of one’s non-custodial wallet,” the authors write.
Advertisement
The DARPA-commissioned report’s warnings around unintended crypto centralization partly echoes recent claims voiced by prominent Web3 naysayers. Possibly the biggest name in the “Web3 isn’t what you think it is” crowd is Block CEO and former Twitter king Jack Dorsey. Dorsey has spoken critically of venture capitalists’ involvement in Web3 companies even going as far as to call the supposed new era of the internet, “ultimately a centralized entity with a different label.”
Advertisement
Signal founder Moxie Marlinspike has similarly spoken out against what he sees as weaknesses in Web3 infrastructure that are in effect acting to centralize a supposedly decentralized system.
“Once a distributed ecosystem centralizes around a platform for convenience, it becomes the worst of both worlds: centralized control, but still distributed enough to become mired in time,” Marlinspike wrote in a widely circulated essay earlier this year. “I can build my own NFT marketplace, but it doesn’t offer any additional control if OpenSea mediates the view of all NFTs in the wallets people use (and every other app in the ecosystem).” For his part, Dorsey’s actually already moving on to what he views as a more decentralized “Web5,” era, somehow skipping the Web4 jargon altogether
Advertisement
Still, Web3 believers like Swan co-founder Yan Pritzker aren’t necessarily sold on the criticisms outlined in the recent DARPA-backed report. Speaking with NPR, Pritzker saw the possibility of attacks laid out in the report as mostly “theoretical” and called into question the report’s backing by a major, inherently centralized, government agency.
“They’re basically doing endgame research,” Pritzker told NPR “Their game is, ‘how do we get better control of the currency,’ and ‘how do we build better systems for our control of the currency’.” Of course, even a theoretical strategy for a government to control cryptocurrency would undermine the promise of blockchain tech that proponents have spent years pushing.
Advertisement