What would happen if JP Morgan’s ‘permissioned’ blockchain was hacked?

Last week, we saw global banking giant JP Morgan release its own stablecoin called JPM Coin. According to details released on the company website, JPM Coin will be implemented on a ‘permissioned’ and private blockchain protocol called Quorum.

Let’s dive into a few scenarios that could lead to this type of implementation being compromised.

As outlined in JP Morgan’s announcement, JPM Coin will be issued on a permissioned blockchain protocol.

A vulnerability often cited with permissioned blockchains is who has permission, and for what purpose?

As a private blockchain implementation, it looks like JP Morgan will have the ability to decide who can have a wallet, what transactions they can carry out, and have the potential to seize or censor transactions across the JPM Coin network.

Private key management

To assert this type of centralised control, I assume the ‘permission’ will be available to whoever can authorise such features via a combination of private key signatures and nodes that will facilitate transactions across the network.

A selling feature often cited for this type of blockchain implementation is the immutability and resilience of such networks – as opposed to the highly centralised way that institutions typically clear payments on systems such as Fedwire or SWIFT today.

The most widely adopted and best implementations of blockchains today have public and private key management as a cornerstone to help ‘settle’ transactions on the network.

However, on networks like Bitcoin and Ethereum, we have seen time and again individuals and institutions having their private keys (or permissions) compromised due to data breaches. Examples include major hacks at MT Gox and Bitfinex or lost keys such as the recent QuadrigaCX scandal.

Could JP Morgan lose the keys?

If a malicious actor gains access to private keys or compromises the node network, could these immutable blockchains be locked in a state of turmoil with payments being withheld or transactions flooding the network and compromising the fees or settlement times on the network?

Of course, attacks like this have been overcome on open blockchains, but it does require hefty (and sometimes contentious) actions to be taken to change the fundamental mechanics of the network. If JPM Coin is ever compromised in this manner, can the international bank really claim any benefits (especially in terms of immutability) over the centralised payment clearinghouse that operates today for fiat pegged transactions?

Time will tell

There can be no doubt that the entry of JP Morgan into the blockchain space has brought a renewed focus and interest in cryptocurrencies.

When this type of permissioned network launches, only time will tell how robust they really are. In the history of the development of robust software protocols, the ability to be open source and ‘out in the wild’ from day one has helped create security, stability, and ultimately shared value in these networks.

It will be interesting to see how a private implementation of a blockchain fares when it is released into the open, and whether such hopes of being able to “seamlessly and securely transfer and settle money for clients” can actually be a feature of this type of blockchain in the coming years.