There is no doubt about the benefits of a Central Bank Digital Currency in spearheading financial inclusion in society. Hence, the countries currently researching on CBDC should be aware of the potential risks of Central Bank Digital Currency. This knowledge shall help countries in launching CBDC with an absolute perfect design in the mainstream economy.
Some of the challenges of CBDCs are as follows1Hansen, T., & Delak, K. (2022, March 2). Security considerations for a central bank digital currency. The Fed – Security Considerations for a Central Bank Digital Currency. Retrieved January 29, 2023, from https://www.federalreserve.gov/econres/notes/feds-notes/security-considerations-for-a-central-bank-digital-currency-20220203.html:-
Authorized Users Doing Malicious Activities
Most of the countries are planning to go with a Centralized Distributed Ledger Technology2Minwalla, C. (2020, June 24). Security of a CBDC. Bank of Canada. Retrieved January 29, 2023, from https://www.bankofcanada.ca/2020/06/staff-analytical-note-2020-11/ as the underlying technology to run the CBDC network. There shall be a dedicated group of authorized government officials who shall have an access to manage the network. These individuals, will be able exercise their powers, when required, to monitor or block transaction(s), without the consent of an individual holding the retail CBDC.
Misuse of CBDC network access by government officials can compromise the CBDC infrastructure and increase the risk of cyber attack. In such a situation, the whole CBDC network can come at a halt and freeze the economy.
How to Tackle it?
A multi-user authorization for any task on the CBDC network shall help in controlling unauthorized and malicious activity. This means that to authenticate a transaction, more than one person’s credentials shall be required.
Quantum Computing
As per IBM3What is quantum computing? IBM. (n.d.). Retrieved January 29, 2023, from https://www.ibm.com/topics/quantum-computing, Quantum computers leverage the laws of quantum mechanics and have the capability to solve complex problems. To put it in simpler terms, it’s an advanced version of supercomputers. It is therefore used in industries involving data mining, research & development and data based decision making.
The extraordinary capability of Quantum computers makes it risky for the CBDC network as it can be misused by the hackers to decode the cryptography in the CBDC network.
How to Tackle it?
Sound technical governance and technical resilience shall be required to make the network robust and prevent Quantum computers from compromising the CBDC network.
Compromise or Loss of Access to CBDC Network
Individuals having access to the CBDC network have the credentials in the form of passphrases. Such credentials if irresponsibly saved, can get into the hands of malicious actors which can compromise the CBDC network and in turn lead to the loss/theft of funds.
How to Tackle It?
Two-factor authentication technology will add another layer of security and make the CBDC network even more robust.
Double Spending
A retail CBDC transaction can be carried out in both online and offline (in the absence of a network) mode.
In case, if the transaction is abrupted in between or the network is lost while completing a transaction, the token moves out of the Payor’s wallet but it doesn’t reach merchant’s wallet. In such a situation, a copy of the CBDC coin may get created in the Payor’s wallet. This means that now the payor illegitimately has more balance in his digital wallet, than it should actually have been and he can spend it again. This is called as Double Spending.
Further, hackers can purposely inject ‘double spending DDOS attack’ in a compromised CBDC network which can create copies of CBDCs. This is called as counterfeiting the digital currency. In such a situation the hacker shall be able to pay the merchant with copies of the original CBDC token. However, once the network resumes, these counterfeited CBDC token, from the merchant’s wallet, shall get reversed due to failure in transaction validation.
There are multiple types of double-spending attacks:-
A) 51% Attack
The hackers in this type of attack, takeover, over more than 51% of the validator nodes. Thereafter they create copies of the coins and double spend it illegitimately.
B) Race Attack
In this type of attack, the hackers send the same coin, at the same time, to 2 different merchants. The coin gets credited to only one merchant but the hacker is able to avail the service from both merchants.
How to Tackle It?
The issue of double spending is mostly found in offline CBDC transactions where the network is temporarily absent and therefore real-time validation of the transaction node is not possible. This can be handled by applying a limit on the value and number of transactions a user can do in an offline mode.
Further, log records while making a payment, creating copies of transactions, timestamp, and block confirmation techniques can be deployed to eliminate the risk of double spending.
Conclusion
Even though the benefits of CBDC outweigh the risks of CBDC, a robust, technically resilient and strong technical governance shall facilitate quick adoption of CBDC. A dedicated, highly skilled cybersecurity team shall be required to monitor the bad guy’s activity and take pro-active actions to prevent disruption in the CBDC network and eventually take the economy of the country to greater heights.
References