The safety of the blockchain ecosystem is the cybersecurity problem more difficult at this time. The blockchain itself could be secure, but that does not mean that all the pieces that intersect with it – wallets, exchanges, miners, smart contracts – are safe. And many are not. According to a recent study by Carbon Black, hackers stole $ 1.1 billion of cryptocurrency in the first half of this year.
Although the threat is mainly limited to the public blockchain at this time, the corporate space will be next. There is so much money to be spent on blocking the public blockchain that the business blockchain is an uncharted territory for hackers right now. Weaknesses in the corporate blockchain will be discovered due to the successful exploits of the public blockchain.
The safety learning curve
The new technology means new threats and a new security learning curve. With any new technology, it takes some time before the risks emerge and therefore to understand how to deal with the risks to be developed. We went through this same curve with the wifi and we are still inside with IoT. We are currently in the early stages of learning when it comes to blockchain security. And we will have to learn quickly, because it is an attractive goal. There is a lot of money involved and a considerable amount of activity of the strikers that emerge.
Part of the reason why it is such an appealing target is that, in this new scenario, cyberattachists can take a step away from the payday: You do not have to worry about how to make money from the stolen data. They simply steal (virtual) money itself.
The weakest links
As long as the entire blockchain system is secure end-to-end, there will be places where hackers can enter. Components that interact with the blockchain are written in the code, and most of the software code has bugs and vulnerabilities. We have analyzed billions of lines of code in CA Veracode and detected a significant number of vulnerabilities year after year. Our most recent data set found that 77% of apps had at least one vulnerability in the initial scan. With statistics like that, do you trust that all software that interacts with the blockchain is safe? Portfolios, smart contracts, exchanges?
Let's take a look at exchanges and smart contracts, for example. Cryptocurrency exchanges are online platforms where users can exchange a cryptocurrency with another cryptocurrency (or with fiat currency). In other words, depending on the exchange, it can function as a stock exchange or a currency exchange (at the airport or at the bank).
There have been some significant trade violations in recent years:
- Gox lost $ 480 million in Bitcoin
- In 2016, Bitfinex suffered a multiple signature theft and lost $ 72 million
- Nicehash has lost $ 63 million after a hacker stole credentials through a phishing attack
- Coincheck suffered an attack because he was storing everything in a hot wallet and using single-factor authentication. (This is like a bank that keeps all their money in the drawer of a cashier).
Smart contracts that facilitate, verify or digitally impose the negotiation or execution of a contract are not even immune. We also saw simple programming errors in smart contracts that led to significant violations:
- DAO had a bug in its smart contract. A return bug allowed an attacker to download $ 50 million of Ether.
- The problems of controlling access to the peer portfolio have led to a $ 30 million infringement.
Ultimately, it is naive to think that just because you are dealing with blockchain, your transactions are secure.
What should blockchain users do to protect themselves? Start with some basic security measures:
- Do not expose your private key
- Use two-factor authentication
- Do not publish any email address or phone number online when using exchanges  Do not boast your online crypto luck
Implementing security at the code level
We need those who create software that interacts with the blockchain to build security in their processes. They must consider:
- A good life cycle / software development ecosystem – add security in the development process and code inherited from the vet
- Use of two-factor authentication and hardware portfolios
- Adhere to the standard best practices – using SSL and certificates to ensure that the parties are those they claim to be
There are many benefits to blockchain, including better legal contracts, greater visibility in supply chains and even less fraud in voting. But like any new technology, threat actors are probing weaknesses that can increase skepticism and slowness of adoption.
This article is published as part of the IDG network of collaborators. Do you want to join?