DARPA, the research arm of the Pentagon, ordered a study to examine how truly decentralized blockchains are. The security firm hired by DARPA, Trail of Bits, focused largely on Bitcoin and Ethereum but also discovered evidence of significant security holes in the blockchain system.
The paper highlighted how Bitcoin and Ethereum are not actually centralized, which was a damning conclusion. It also showed that in the case of Bitcoin and Ethereum, only a set of four entities and two entities, respectively, are required to modify historical transactions.
The effectiveness of the mining method is also questioned in the report. It claims that there are no standards in place to penalize dishonesty and that Bitcoin miners are not participating in the mining process. Additionally, the Stratum protocol used for coordination in mining pools is actually unencrypted and unauthenticated. It also discovered that Sybil and 51% attacks may both be used against Bitcoin.
Another significant issue is that 21% of Bitcoin nodes have been utilizing a vulnerable version of the Bitcoin core since June 2021.
Furthermore, three ISPs account for 60% of all Bitcoin traffic. It frequently happens that non-blockchain vulnerabilities are used to attack blockchain services. Due to a server vulnerability that has nothing to do with blockchains, Ronin and more subsequently, the Harmony protocol, were both compromised.
The paper also questioned the validity of blockchains like Ethereum that offer full-on-chain Turing implementation. It holds that such blockchains cannot prevent the upgrading of smart contracts. As a result, these blockchains must deal with the same trust problems as a centralized financial system.