1 min read

Decentralized security

Software is predictable. Computers do exactly what you tell them to do. Every software problem ever encountered was because of human error. Without humans, computers (and their software) wouldn't even exist, much less have errors.

This may seem obvious, but it's important as a baseline for discussions about security. Insecure code is just code with errors. These errors allow software to be used in unintended ways. This kind of security is important to both centralized and decentralized systems.

What might be less obvious is that most hacks/security breaches have nothing to do with insecure code. Most hackers attack the humans in the system instead of the system itself. This is because it's way easier. Convincing a person to hand over their password doesn't even require coding. This is called social engineering.

In a centralized system, social engineering can grant attackers access to everyone's data. If your bank is hacked, you could lose money. Of course there are consumer protections in place for your benefit and to punish companies that fail to secure their systems for their users (these protections are also centralized).

With properly decentralized systems, social engineering can't impact everyone in the system. When someone is hacked, it only affects their own data. Note that protections can also be offered for individuals in decentralized systems. They just need to be built as smart contracts or guaranteed by an external entity.

Your typical security discussions don't apply to decentralized environments. Public blockchains are permissionless. Anyone can read from and write to the blockchain. This set up would give someone in charge a centralized database a heart attack.

Security just looks different on blockchain.


P.S. This is why centralized exchanges account for so many of the cryptocurrency hacks we hear about. Small individual account holders aren't worth the time.