China’s National Internet Emergency Response Center (CERT) has launched a website for blockchain security vulnerabilities. It has an existing database, the China National Vulnerability Database with blockchain now added as a subset. So far, it identified 247 blockchain vulnerabilities, of which 246 are for public blockchains. One was in a peripheral system.
The fact that the vulnerabilities are almost exclusively with public blockchains does not imply private blockchains are more secure. They’re just less open to scrutiny.
Public blockchain advocates argue that because of the extreme openness and regular hacking attempts, public blockchains tend to be more security hardened. And those that are well decentralized are immutable. Any blockchain on just two nodes isn’t immutable, because two nodes are capable of manipulation. The larger the number of nodes, the more data that needs manipulation.
The CERT said that the database was launched to comply with General Secretary Xi Jinping’s urging to “promote the safe and orderly development of blockchain.” It’s notable that the database primarily covers public blockchains, despite China’s crackdowns on cryptocurrency trading and the State promotion of permissioned blockchains.
Last year a security survey highlighted security vulnerabilities in the Ethereum blockchain. And the Ethereum Trust Alliance was formed to create a security rating for smart contracts.
Earlier this year, the DTCC, which processed $2.15 quadrillion in U.S. securities transactions in 2019, published a whitepaper on security for distributed ledger technology (DLT) networks. It hopes to form a consortium to drive standards in the area.