HSBC suggests it might have found a... use for blockchain? HSBC claims to have settled three million foreign exchange (FX) transactions and made payments worth $250bn using distributed ledger technology (DLT). The bank said it had made "significant efficiencies" while using its DLT product, HSBC FX Everywhere, for the past year – suggesting the risk-averse financial sector is treating …
shared, single version of the truth of intra-company trades
Because blockchains are immune to people fiddling the system, aren't they...
"To execute the attack, the miner acquired at least 51 percent of the network’s total hashpower, which provided them with temporary control of the blockchain"
Sure, if one malicious entity is able to enter arbitrary transactions against your network without your knowledge, after taking control of half the people able to enter transactions on said network (note, this wouldn't include *users* or people *viewing* the chain to verify transactions, only those capable of making their own).
I think you'll find that any distributed ledger would be vulnerable to attack in such a circumstance.
You're literally asking "half-the-world's foreign-exchange banks" to collude to make a transaction that the others will accept as genuine, in a way that's blindingly obvious, flags all kinds of warnings immediately, and would only proceed if you were stupid enough to not put decent checks in your system and wait for the right number of verifications from trusted entities - at that point, you have bigger problems than what you use to record that transaction.
That sounds exactly like how Kerviel managed to engage 50 billions in DAX futures - knowing how to bypass weak controls and convincing people to ignore red flags. Granted, that was 12 years ago and banks have learnt from this, but we all know how history is doomed to repeat itself...
"I think you'll find that any distributed ledger would be vulnerable to attack in such a circumstance."
As it was intra-company I think that you will find HSBC's ledger (which might have been distributed but probably wasn't) was handled solely within HSBC's systems which voids the concept of a 51% attack.
I think you'll find that any distributed ledger would be vulnerable to attack in such a circumstance.
This is precisely the problem, and why BGP attacks attempting to partition the Bitcoin mining network happen around a hundred times a month.
"Such a circumstance" turns out to be quite common.
Buying Bitcoins won't give you exposure to this, because anyone can write their own blockchain, and HSBC presumably have.
Ultimately, it is just a way of storing data, just like an Oracle database or an Excel spreadsheet are ways of recording data. These things are of interest to techies like the people who read this website, but not really that important in the overall scheme of things.
The small and private blockchains such as the one HSBC is using can easily be hacked as we've seen on numerous occasions. It's not inconceivable that they instead use the Bitcoin blockchain since it's the biggest, oldest and most secure blockchain in existence. It could be implemented as a side chain with all the data being encrypted. Thoughts?
"These things are of interest to techies like the people who read this website, but not really that important in the overall scheme of things."
I think the following paragraph might create a step change in the financial system.
"It transforms the process around intra-company foreign exchange activity, automating several manual procedures and reducing reliance on external settlement networks."
At present credit and debit cards are an effective duopoly of Visa and Mastercard, both charging exhorbitant fees. This could eliminate these parties skimming every transaction
"automating several manual procedures" is something computers do. You don't need a blockchain to do it. Any sort of computer program will do.
"reducing reliance on external settlement networks", by replacing it by one run by HSBC. Do you think HSBC will be any cheaper than Visa or Mastercard? And again, HSBC could have an internal network that stores its data in a different format[1].
[1] Response in advance to anyone who replies telling me why Blockchains are so amazing:
You are probably correct, but, most of the problems that Blockchains seek to solve are not problems that exist in reality. Most of the fraud examples you see in real life, Bitcoin wouldn't stop. For banks, the risks are that someone steals a customers credentials, they could just as easily obtain the relevant key for their wallet; or loan application fraud - the decision to lend or not lend money has nothing at all to do with blockchains.
Blochchains would stop someone accessing the bank's ledgers and changing the recorded transactions, but this is not something that ever happens.
Well, we don't know how HSBC have implemented their tech. I would be very surprised if they used a 'proof of work' system like Bitcoin & Ethereum. Would they really want to spend that much on electricity? As it's a single organisation they don't necessarily need the 'double spend' protection that Bitcoin needs, so there will be other ways of giving the process the immutability guarantees required.
At a minimum, I'd expect that they'd need 51% of co-operating foreign exchanges to recognise the transaction as valid before it could be "falsified" into the blockchain.
Coin-based blockchain attacks are when malicious users own 51% of your blockchain AND you choose to recognise their branch of the blockchain as definitive.
There's two different things at play, and a distributed ledger is going to have a lot more control stopping you getting 51% of the ledger under your control - maybe even by the simple precept of "there are only a hundred master nodes and HSBC control 20, another bank controls another 20, etc.)
My experience of merchant banking is they are quite the opposite of "Risk Averse".
Certainly in their financial dealings they will take any amount of risk if it generates larger bonuses.
Their IT departments has a penchant for shiny new technologies and bleeding edge software.
The first time I saw a serious Linux box deployed for a serious application was at an investment bank in 2003.
IB are more and more risk averse. They now prefer the safe and steady revenue streams of sales and arbitrage to the risks of trading for their own. Plus the regulatory constraints make it more and more costly to perform their activities. A lot of IB have been shutting down or reducing their prop trading activities in the last years.
Absolutely.
Bitcoins are basically generated by an anti-spam measure to stop one person hoarding all the coins without a proportional expense/effort on their part. You could have literally let people get a Bitcoin just by sending an email to an automated address, if you'd wanted, and used that as the ledger entry.
A ledger itself, though, just needs to know who made the transaction, who signed off on it, who can revoke it, and then put it into the ledger. Importantly, even complete compromise of their key cannot erase the history of what that key did, as each transaction is in effect "signed" by the next (basically the core idea of blockchain).
Think of it not like Bitcoin but like those play-by-mail games of old. You collect the transactions, perform the calculations, and modify the "database" in the middle. Then you send out the results of the next "round", everyone else can see the effects of those new results and "previous moves" but you can't change them.
The only difference is that instead of one person performing the calculations, you're publishing the data, letting everyone do the calculations at the same time, waiting for everyone to agree what the result is, and then having everyone sign off on that result.
Bitcoin does that, WHILE solving a pointless maths problems that's hard to solve (I believe it is literally "hashing the entire existing blockchain with random numbers until the hash results in 00000000000000000000000" - or it certainly was at one point). It's literally a time-effort-and-money-burning exercise so that there's something that has to happen to make a coin.
This is barely a rounding error on the rounding error in banks.
Other sources like the FT has it as
3m FX transactions worth $250bn thats billioooooon
I tend to read these puffs pieces as: our internal tech is shit, really shit, we done this other thing that that everyone is talking about and is less shit.
Aren't we great.
US government sponsored research is casting new light on the security of blockchain technology, including the assertion that a subset of a distributed ledger's participants can gain control over the entire system.
The finding is part of a study [PDF] conducted by IT security researchers at Trail of Bits and commissioned by the Defense Advanced Research Projects Agency that points to several ways in which the immutability of blockchain – the distributed ledger on which Bitcoin and other cryptocurrencies rely – can be called into question.
Executives at China's Blockchain-based Service Network (BSN) – a state-backed initiative aimed at driving the commercial adoption of blockchain technology – labelled cryptocurrency "the biggest Ponzi scheme in human history" in state-sponsored media on Sunday.
"The author of this article believes that virtual currency is becoming the largest Ponzi scheme in human history, and in order to maintain this scam, the currency circle has tried to put on various cloaks for it," wrote Shan Zhiguang and He Yifan in the People's Daily.
He Yifan is the CEO of startup Red Date Technology – a founding member and architect behind BSN – where he serves as executive director. Co-author Zhiguang Shan is chair of the BSN Development Alliance.
Comment Microsoft co-founder Bill Gates has declared that "expensive digital images of monkeys are going to improve the world immensely."
He was joking, obviously, though considering Gates's supposed connection to microchips in vaccines, one can never be too careful. What he's talking about are non-fungible tokens (NFTs), which came up at a TechCrunch event in Berkeley, California, on Tuesday. Specifically the Bored Ape Yacht Club variety.
You know those kids' books where the picture is divided into three (head, body, legs) so you can turn different sets of pages to get a different image? That's what the Bored Ape Yacht Club is for those willingly parted from large amounts of money for the right to stand next to a picture of a cartoon chimp.
China’s Supreme People’s Court has issued an opinion calling for massive adoption of blockchain across China’s judiciary, financial sector, and government, and for the technology to underpin intellectual property in the nation.
Published last week, the opinion* reveals that the Court has already recorded 2.2 billion items on a judicial blockchain. The Court now suggests 32 more initiatives, most of which concern using blockchain to enhance efficiency of, and trust in, the nation’s judiciary.
But the recommendations also go far wider, calling for the creation of “an interoperation collaborative mechanism with blockchain platforms”. That effort will allow “market regulation, property registration … and enable inquiry about and verification of information related to the ownership registration and status of transactions, such as basic business profile, variation of corporate equities, correlation between businesses, ownership of immovables and movables, financial leasing, precious metal trading, to facilitate the identification of ownership and transactions of property rights, so as to intensify the development of the classified and categorized supervision system based on data and credit, and to further improve the national business environment.”
A flaw detected in the browser version of the Ever Surf cryptocurrency wallet could have given hackers who exploited it full control over a targeted user's wallet, say threat hunters at Check Point Research.
The security vulnerability made it possible for threat actors to decrypt the private keys and seed phrases found in the browser's local storage, opening the door to cracking the victim's wallet and accessing the cryptocurrency stored there, the researchers wrote in a blog post Monday.
"As the browser's local storage is unprotected, the data stored there must be securely encrypted," they wrote. "Despite the fact that Surf uses reliable cryptographic libraries for the key derivation and the encryption, the sensitive data in the web version of Surf doesn't appear to have adequate protection."
HPE has lifted the lid on two new AI products, one aimed at enterprises wanting to build and train machine learning (ML) models at scale, and a second that introduces a decentralized ML system to enable distributed or edge deployments to share updates to their models.
The HPE Machine Learning Development System is a combined hardware and software platform based on technology gained from the buy of Determined AI last year.
Now rebadged as the HPE Machine Learning Development Environment, this is integrated with HPE compute infrastructure to deliver a system that HPE claims can speed up the typical time-to-value from building and training machine models from weeks or months to days.
Miscreants exploited a now-fixed design flaw in the Rarible NFT marketplace to steal a non-fungible token from Taiwanese singer and actor Jay Chou and sell it for about $500,000.
That's according to folks at Check Point, who on Thursday said the vulnerability could have been abused by crooks to gain full control of victims' marketplace accounts and the funds in them. Earlier this month, Chou said his NFT was stolen in what looked like a phishing attack.
When researchers Roman Zaikin, Dikla Barda and Oded Vanunu investigated the security shortcoming they found that fraudsters could lure users to click on a link to malicious NFT, enabling them to take control of their marks' Rarible accounts using a standard called EIP-721.
The Australian Securities Exchange (ASX) is attempting to replace its core trading systems with a blockchain-powered alternative – an effort often touted as one of the world's most significant blockchain implementations. Unfortunately, the project has struck trouble, again.
The application in question is called "CHESS" – the Clearing House Electronic Subregister System. ASX trading data suggests it handles 39.7 million trades in an average month. The Register understands the platform was built in COBOL and runs on servers running the discontinued Itanium processors cooked up by HPE and Intel in the 1990s – a combination that saw the ASX announce a blockchain-based rebuild in 2017, with a planned go-live in 2021. That was subsequently revised to April 2022, then April 2023.
The ASX liked the idea of a blockchain-powered bourse because it would mean market participants could store their own copy of the distributed ledger that recorded the state of the market. Orders placed on participants' own systems would be mirrored across the network of participants, with all entries immutably recorded – just the way traders and regulators like it.
Analyst firm Forrester Research has had a look at Web3 – the buzzword describing blockchain-powered decentralized metaverse-y stuff – and decided there's not a lot to like.
The firm this week issued a pair of documents assessing Web3.
The first, titled "Web3 And Web 3.0 Are Synonymous Today – But This Wasn't Always True", points out that the term "Web 3.0" was first used in the mid-2000s, when it was used interchangeably with Sir Tim Berners-Lee's vision of a "semantic web". The term re-emerged in 2014 when Ethereum cofounder Gavin Wood suggested the Ethereum blockchain become the foundation for a decentralized web.
China's president Xi Jinping has declared "there can be no modernization without informatization,” and outlined a strategy for how the world's most populous nation will use information technology to transform society and government.
A document posted by the Cyberspace Administration of China (CAC) quotes Xi as saying "informatization has brought a once-in-a-lifetime opportunity to the Chinese nation" and outlines a range of digital transformation tasks that must be achieved under the 14th five year plan (2021–2026) to achieve the desired level of digitization.
One development touted as enabling Chinese society to reach its next level of digitization is the creation of a "one card" which will expand on China's existing digital social security card that serves in employment and social insurance matters. The proposed card will add integration of government services, medical and drug purchases, subsidy management and more.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022
