In Finance, What Happens When You Trust the Untrustworthy? You're About to Find Out With Private Blockchains

0
106

Following up on my detailed analysis of the faux pas of private blockchains and the possibility of 4 year settlement times endured by Lehman’s counterparties from yesterday, I want to expound upon the extreme likelihood of a bank consortium blockchain being compromised through outright theft!

There are several economic arguments against private blockchains. For instance, and as described in the videos herein, the demand-side network effect allows for much faster and much more secure growth in public networks. More importantly, utility grows exponentially in comparison to close private networks – as does utility. This concept of utility should not be lost, for the most utilitarian aspect of public blockchains is the zero trust attribute. You simply do not have to trust anyone to do completely trusted business with them. The exact opposite is the case with the private blockchain, where you are force to trust the “trusted” parties. Of course, the primary caveat to that model is…. no one is trustworthy. Choose to trust an untrustworthy partner if you so desire, but….

This all boils down to the fact that there is truly no such thing as a “trustworthy” party. Therefore, any system or construct whose operations rely on a “trusted” party is destined to fail. If you need trust for it to work, then it will fail – absolutely guaranteed! Before we go further, let’s define a “trust” for the sake of this discussion. As per Wikipedia:

In a social context, trust has several connotations Definitions of trust typically refer to a situation characterized by the following aspects: One party (trustor) is willing to rely on the actions of another party (trustee); the situation is directed to the future. In addition, the trustor (voluntarily or forcedly) abandons control over the actions performed by the trustee. As a consequence, the trustor is uncertain about the outcome of the other’s actions; they can only develop and evaluate expectations. The uncertainty involves the risk of failure or harm to the trustor if the trustee will not behave as desired. Vladimir Ilych Lenine expresses this idea with the sentence “Trust is good, control is better”.

That risk of failure or harm is not only omnipresent, it is nigh guaranteed to rear its ugly head. Thus, with the guaranteed in mind, if one can transact on trustless basis, then one can transact on a superior basis. This is the primary and most basic flaw of the concept of private blockchains vs public blockchains. – the false presumption of “Trust”!

As per Kaspersky Labs:

Carbanak 2.0: new targets beyond banks

After our exposure of the Carbanak group exactly a year ago, the group disappeared for about five months, leading us to believe that the operation was disbanded. However, in September last year, our friends at CSIS published a blog detailing a new Carbanak variant affecting one of its customers.

In December 2015, we confirmed that the group was still active. Kaspersky Lab discovered signs of Carbanak in two institutions – a telecommunications company and a financial institution.

carbanak2.0executable

Executable files founded in SHIM during Carbanak incident response

One interesting characteristic of Carbanak 2.0 is a different victim profile. The group has moved beyond banks and is now targeting the budgeting and accounting departments in any organization of interest to them, using the same APT-style tools and techniques.

carbanak2.0

In one remarkable case, the Carbanak 2.0 gang used its access to a financial institution that stores information about shareholders to change the ownership details of a large company. The information was modified to name a money mule as a shareholder of the company, displaying their IDs. It’s unclear how they wanted to make use of this information in future.

I want all to think very carefully about this. A bank or systemic financial institution can be (and has on many occasions) been compromised by malware. Once comrpomised, these institutions are no longer trustworthy – but more importantly they are still trusted! What does this mean in this context?

There is no such thing as a trustworthy trusted party

This could not occur if the blockchain was heterogenous, diverse and large. Think centralized vs. decentralized vs. distributed…

The Power of Public Blockchains

In closing, I wish to recap the extreme probability for settlement risk in a consortium blockchain in the event that an entity goes bust – as exemplified in the Lehman bankruptcy example yestereday. While this risk is extant in the legacy system, the nigh irresponsible bandying about of the term “trusted party” lends credence to the premise that one would be led to believe said parties are trustworthy. None can be farther from the truth. A trusted party is one that IS relied upon. A trustworthy party is one that can be unconditionally relied upon. The second party literally does not exist. This concept is further amplified by my 2nd point – there are many, many vectors of compromise in trusted entitiy setup. The primary value drive of the invention of blockchain tech was the elimination of needed trust. By using a trusted network model, you are purposely reintroducing the risks that trustless networks reomved and eliminating the benefits that these networks offer. The vast majority of benefits touted by private blockchain proponents can be offered through Veritaseum over public blockchains with some engineering – while retaining zero trust attributes.

Feel free to contact me at reggie at veritaseum.com to discuss. I can make my team of software and financial engineers, lawyers, macro and fundamental strategists avaialble for consulting engagements if necessary.

Betchain bitcoin casino 728x90

NO COMMENTS

LEAVE A REPLY