Ethereum is one of the most popular and influential blockchain ecosystems in the world. Unlike many other altcoins that tried to compete with Bitcoin and failed, Ethereum has successfully transformed the world of cryptocurrency and blockchain for different use cases and different purposes. And due to the increasing numbers of users, there are also increasing numbers of hackers who are ready to find their prey.
Here is the real question we often ask ourselves, can Ethereum be hacked? In other words, Is it possible to hack Ethereum? Before we know the answer, actually we need to narrow down the question. There are actually several different interpretations of this same question.
Can Ethereum Blockchain Be Hacked?
So, whenever a casual crypto enthusiast asks a question, “Can Ethereum be hacked?” usually, that same individual does not really understand his own question. Whenever you hear about “hacking attempt” story on crypto websites or news, usually, the story is more related to Ethereum wallet or exchange. But, let’s break it down one by one. Let’s start with the Ethereum blockchain itself.
So, regarding Ethereum blockchain, it is actually very hard to hack the blockchain itself. Just like Bitcoin, Ethereum still utilizes Proof-of-Work mechanism (even though they plan to migrate to Proof-of-Stake soon). And with a Proof-of-Work mechanism, the way to exploit it is with the 51% attack – which means you have to control 51% of the hash rate if you want to steal money from it.
But the nature of Ethereum is already very decentralized with various nodes from various entities supporting the network. The blockchain itself has never been hacked. And it is easy to say that Ethereum itself would never be hacked when there are more nodes and entities supporting more decentralization. If there is one single entity controlling half of the blockchain, then we might need to start getting worried.
Can Ethereum Smart Contract Be Hacked?
Now, this is where things get trickier. An Ethereum smart contract is deployed and created by an individual. Think of it like this. A smart contract is a bunch of code. Just like a website is a bunch of code managed and created by someone. If someone is capable of writing smart contract in Solidity (Ethereum’s smart contract programming language), he can deploy it to Ethereum mainnet, and people can actually exploit a bug or flaw if there is any. On the other hand, a smart contract that is managed and deployed by an expert or smart contract veteran might not have any major bug or flaw.
So, the question “Can Ethereum smart contract be hacked?” depends on who deploys it and who tries to exploit it. Just like normal codes in your favourite apps or websites can be exploited, you can use the same logic to a smart contract.
Things get tricky with Ethereum smart contracts because they involve money. When someone can exploit your smart contract, there is a chance that someone can steal some ETH or ERC-20 tokens from the smart contract itself. The best practice to avoid this risk is to make sure you trust the smart contract deployer. Many newer companies typically hire a smart contract auditor before they launch their own token, just to be sure nobody would exploit them. Because when a new token gets exploited, it will be very hard to regain the community’s trust.
Can Ethereum Wallet Be Hacked?
This is another tricky question and perhaps the most common problem that Ethereum (or general crypto) community has faced. You see, whenever you hear a story about someone’s crypto wallet getting hacked, usually, it means the individual gets phished instead of hacked.
The majority of popular Ethereum wallets are already decentralized. They don’t actually store your backup phrase or private key in their own centralized server. They display it to you and that is it. You have to memorize your own backup phrase and/or private key on a piece of paper or on another device. However, most people often ignore this advice because they think it is too much work or too inconvenient.
And this is where the problem typically happens. The same ignorant people can easily get phished. For example, Metamask is a popular Ethereum wallet. A year or two years ago, there was another (fake) Metamask application on Chrome store. Some naive users actually downloaded this fake Metamask extension and they chose to submit their backup phrase to it. The owner of this fake Metamask extension then stole the information from the victims and moved the tokens and ETH to his own wallet address.
Whenever you hear a story about Ethereum wallets get hacked, this is the typical story that actually happened (people get phished and voluntarily entered their sensitive information into the fake website or app or extension). With good security standard procedures, it would be much harder to “hack” your Ethereum wallet. Good security standard procedures involve double-checking the website or application and using a hardware wallet or a unique device every time you want to access your ETH or ERC-20 tokens.
Can Ethereum Exchange Be Hacked?
Another common security problem in the Ethereum world is the crypto exchange. The problem here is actually not related to Ethereum blockchain and codes but to the centralized server of the same exchange. For your information, the majority of crypto exchanges are still centralized. They control your cryptocurrencies in hot wallets where people can withdraw and deposit automatically.
So, if someone gains access to your Ethereum exchange’s credentials, the same “hacker” might be able to withdraw your ETH or ERC-20 tokens to his own wallet address. Another potential issue is if the “hacker” exploits some API bugs in the centralized exchange, so he would be able to transfer other traders’ cryptocurrencies into his own account. And then, he would be able to withdraw his cryptocurrencies from the exchange’s hot wallet.
Once again, the story about a crypto or Ethereum exchange getting hacked usually involves API exploit or individual account phishing. A decentralized exchange with proven smart contract codes typically won’t be able to get hacked.
To answer the question “Can Ethereum be hacked?”, you need to identify which part of Ethereum you are talking about. If it is about the blockchain, the answer is no. It is not hackable. If it is about the smart contract, it depends who deploys it and if there is any exploitable flaw. If it is about the wallet, it depends on the wallet application and your security standard procedure. If it is about the exchange, it depends on the exchange’s centralized server, its API security, and your own security practice in securing your account credentials with the same exchange.