West Virgina Blockchain Voting Reportedly Compromised

West Virginia supposedly had its blockchain-based voting system hacked at the beginning of October and now have the FBI involved to investigate further, casting some doubt on the otherwise promising prospect of using blockchain for voting platforms.

The hack involved the Voatz smartphone app that the West Virginia government used last year collect ballots from citizens living overseas. Further investigation shows that the venerable part of the system was not the blockchain, itself, but actually the identify verification system built on top of the blockchain. Barry Gitarts, a developer for another voting decentralized application (DApp) for the Status network, explained the necessity of a secure and accurate identification system if the tool is used for voting

“The biggest unsolved issue with these types of votes is that in order for the vote to not be prone to manipulation there has be to identity tied to the voters, otherwise some voters can get a disproportionate amount of voting power by splitting their tokens among multiple addresses and voting with them.”

However, the Voatz system cannot currently prove that zero votes were compromised, which Ivan Ivanitskiy, chief analytics officer at software solution firm SmartDec, explained that “means that the whole idea of using blockchain is flawed” since the whole point of using a blockchain is so anyone can prove the accuracy of the system.

Negatives of using a closed blockchain system

The part that really makes the faults of the Voatz system stand out is that it is “essentially a private hyperledger network that has less than 10 nodes”, which makes the system more vulnerable. However, the fear is not that votes would be changed after the fact since the risk of this kind of attack can decrease as the number of nodes increases, but the fear is that potential attackers will insert themselves between when the user authenticates themselves and casts their vote. Jeff Stollman, a principal consultant at Rocky Mountain Technical Marketing, explained this further.

“The problem with blockchain voting is the front-end application that manages the new data that is added to the blockchain. Blockchain technology does not stop someone from hacking the front-end application and altering the data (e.g., votes) before it is added to the blockchain. For example, i[f] a fraudster is able to impersonate a legitimate voter (because he has stolen the voter’s credentials), he can vote in place of the legitimate voter. This has nothing to do with the blockchain.”

This is often the weakest point in blockchain recording technology since the attacker only has to compromise some databases storing personal identifying information, which already happens frequently. However, despite these vulnerabilities in connecting to the blockchain, more government agencies are allowing the use of blockchain systems, including 18 states in the U.S. with some allowing for the use of blockchain in assisting electronic transfers, while others allow for recording of information on the blockchain. Then the United Kingdom’s Food Standards Agency (FSA) recently complete a pilot on using blockchain to track meat distribution and Uruguay Digital Party partnered with Æternity to allow Uruguayans to participate in local political decisions.

Dash’s DAO and voting methods remain strong after several years

Dash’s voting system remains one of the premier examples of an effective and functional decentralized voting platform built on a blockchain-based system. As a decentralized autonomous organization, and possibly the world’s first, Dash employs a collateralized voting where masternodes, specialized nodes which must prove ownership of 1,000 Dash, vote on the allocation of the network’s monthly budget of 10% of new coins created. In addition to distributing funds, this system has also been used to make network-wide decisions, such as to pursue on-chain scaling rather than off-chain solutions. To date, Dash’s governance system has successfully functioned for several years.

Source

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Must Read