Could Blockchain Have Prevented Bangladesh’s Central Bank Hack?
In late April, blockchain evangelist Blythe Masters told a crowd in the London Docklands that banks could solve many of their problems if they embraced the transaction-processing technology.
The former JPMorgan Chase & Co. executive could also have been talking about Swift, which hosted the conference. The messaging system for transfers between banks was facing a crisis that had been bubbling under the surface for months. Hackers have exploited the Swift system to steal $81 million from Bangladesh’s central bank, and may have infiltrated as many as 12 banks.
The blockchain technology Masters was talking about is a distributed, encrypted system of transferring money. It’s the architecture behind bitcoin and is seen as the truly transformative aspect of the digital asset. While it doesn’t offer protection against stolen credentials, blockchain is probably a better-defended record than existing systems.
“Blockchain is more secure,” said Richard Johnson, a market structure and technology analyst at Greenwich Associates. “Theoretically they wouldn’t have been able to trick the database.”
The financial services industry, including the regulators who oversee it, has scrambled to harness blockchain, but its focus has mainly been the potential cost savings from replacing expensive back-office systems with something cheaper and more automated. One of blockchain’s most important, and perhaps overlooked, features could be its security technology.
In the case of Bangladesh’s central bank, hackers used the Swift system to send messages to the New York Federal Reserve, instructing it to move the Bangladeshi bank’s cash into accounts in the Philippines. They impersonated bank officials to send the messages.
Hackers also used malware to compromise the bank’s records, covering their tracks. That type of skulduggery, blockchain advocates say, would be immensely difficult using the encrypted ledger.
With blockchain, the statement of transactions is not kept in one place. Instead, the information is held on a network of computers that verify the data and keep each other honest. Hackers would have to break into the majority of computers on the network to cover their trail rather than just exploiting a single computer. For the biggest blockchains, such as bitcoin’s, that would mean hacking thousands of computers.
Swift has insisted that its core messaging service is secure and that the vulnerabilities are on the machines that interface with the network. Those computers are its members’ responsibility, the bank-owned cooperative says. Swift says its data center’s “golden copies” of transactions remained intact and could have been used to verify what had gone missing from the Bangladesh central bank.
Being blockchain, of course, the promise has yet to clear a few key hurdles. Assets, such as cash, would have to be placed on the blockchain. That means financial institutions’ existing systems need to somehow interact with a live blockchain.
“There’s no proof of concept that I know of that would put fiat currency onto a blockchain-type system yet,” Johnson said.
Going forward “everything is on the table,” including blockchain, even though the technology on its own can’t fully defend the network from attack, according to Swift Chief Executive Officer Gottfried Leibbrandt. And the keys used to access blockchains suffer from a 20th-century problem: password vulnerability.
“Innovation has to be part of the solution,” Leibbrandt said in an interview. “You have to keep the keys to that money, and if those keys are compromised then the money belongs to somebody else.”