Stockholm, Sweden

Security Risks in Blockchain Technology

blockchain security risks
June 5, 2020 Maria Shoaib 3 comments
Categories : Learning
Tags :

Is Blockchain hackable?

We shouldn’t be surprised. Blockchains are particularly attractive to thieves
because fraudulent transactions can’t be reversed as they often can be in the
traditional financial system. Besides that, we’ve long known that just as
blockchains have unique security features, they have unique vulnerabilities.
Marketing slogans and headlines that called the technology “unhackable
were dead wrong.

Ideally, everyone gets this...

rate of ethereum crypto digital currency

rate of ethereum crypto digital currency

A smart contract is a computer protocol intended to digitally facilitate, verify, or enforce the negotiation or performance of a contract. Smart contracts allow the performance of credible transactions without third parties. These transactions are trackable and irreversible.

In January this year, the security team at Coinbase noticed something strange going on in Ethereum Classic, one of the cryptocurrencies people can buy and sell using Coinbase’s popular exchange platform. Its Blockchain, the history of all its transactions, was under attack.

An attacker had somehow gained control of more than half of the network’s computing power and was using it to rewrite the transaction history. That made it possible to spend the same cryptocurrency more than once—known as “double spends.” The attacker was spotted pulling this off to the tune of $1.1 million. Coinbase claims that no currency was actually stolen from any of its accounts. But a second popular exchange, Gate.io, has admitted it wasn’t so lucky, losing around $200,000 to the attacker (who, strangely, returned half of it days later).

Just a year ago, this nightmare scenario was mostly theoretical. But the so-called 51% attack against Ethereum Classic was just the latest in a series of recent attacks on Blockchains that have heightened the stakes for the nascent industry.

Companies that got hacked

hacked bitcoin companies

hacked bitcoin companies

The Decentralized Autonomous Organization (DAO), a venture capital fund operating through a decentralized blockchain inspired by bitcoin, was robbed of more than $60 million worth of Ether digital currency (about one-third of its value) through code exploitation.

A theft of nearly $73 million worth of customers’ bitcoins from one of the world’s largest cryptocurrency exchanges, Hong-Kong-based Bitfinex, demonstrated that the currency is still a big risk. The likely cause was stolen keys.

 

When Bithumb, one of the largest Ethereum and bitcoin cryptocurrency exchanges in the world, was recently hacked, the data of 30,000 users were compromised, and $870,000 worth of bitcoin was stolen. Even though it was an employee’s computer that was hacked — not the core servers — this event raised questions about the overall security.

51% attack rule

During the verification process, individuals referred to as “miners” will review the transactions to ensure they are genuine. When one or more hackers gain control over half of the mining process, there can be extremely negative consequences. For example, the miners can create a second version of the blockchain, referred to as a fork, where certain transactions are not reflected. This allows the miners to create an entirely different set of transactions on the fork and designate it as the true version of the blockchain, even though it is fraudulent. This also allows the hackers to double spend cryptocurrency. These 51% attacks are more common on smaller scale blockchains because it is hard for miners to gain significant control over larger and more complex blockchains.

Creation Errors

Two of the main concerns are as follows:
  • Security glitches
  • Size of the blockchain

For example, legal professionals may encounter smart contracts. Sometimes, there may be security glitches or errors during the creation of Blockchains. This may be more common with larger, more intricate Blockchains. When this occurs, hackers looking for a way in can identify the vulnerabilities and attempt an attack. This has transpired with smart contracts, which use a Blockchain network to operate. Common functions of smart contracts include assisting with the financial aspect of contract dealings and automating tasks. Legal professionals may encounter smart contracts in their practice, whether using them internally or through exposure from cases and client issues. If a security flaw exists on the Blockchain network where a smart contract operates, hackers may be able to steal money from users without being detected because the fraudulent activity is not reflected. Unfortunately, since Blockchain transactions cannot be altered, the only way to get back stolen money is to make a fork that all users recognize as the authoritative Blockchain.

bitcoin security and vulnerabilities

bitcoin security and vulnerabilities

How to protect against this?

  • Leverage Trusted Platform Modules (TPMs) for sensitive code execution
  • Use API security best practices to safeguard API-based transactions
  • Use a privileged access management (PAM) solution for escalated actions
  • Treat the underlying infrastructure of the blockchain solution as critical infrastructure.

Certain solution components are more critical than others, and these critical components should use trusted platform modules. This helps with storing cryptographic material — enabled by HSMs. They also enable privacy-preserving chaincode execution such that the node’s administrator cannot tamper with the execution without being detected.

APIs are the primary form of communication between the different parts of a blockchain solution. APIs need to be protected from any improper use and limited to the scope of the transaction. While API security encompasses a number of things, three key controls should be enforced for all APIs: identification, authentication, and authorization. It’s important to leverage an industry standard like OAUTH, not only to standardize the interactions but also to secure the APIs.

Use a PAM solution to ensure that the appropriate users with the appropriate privileges access the components for administrative or change management purposes. This is especially important since the platform may have confidential information, including payment transactional data for users and members.

A PAM solution should be put in place with password rotation and efficient separation of duties. It’s also important to configure end-to-end logging to capture flows from entry to exit. Access to secrets should be linked to a ticketing system, and every secret release should have a reviewer. Every instance of administrative access should be traced to an approved ticket or change.

Key takeaways

  • Ethical responsibility to protect our products
  • Blockchain is not auto-immune to hacks
  • Take measures now 
Let us know about your thoughts. 🙂

Have You Learned Something New Today?

I can’t wait to hear your thoughts , suggestions or questions in the comment section below. If you find this piece of content helpful. Do share it with like-minded peoples in your circle.

Zahin Azher Rashid

I am Zahin, a professional freelancer, software developer, product manager and I am on a mission to help freelancers learn high-paying skills and earn good money. Enable the struggling freelancers to become high-paid freelancers in their respected domains and niches.

Follow Me On

Instagram
Share this on:
«
»

3 comments on “Security Risks in Blockchain Technology

    zubair

    • June 26, 2020 at 1:40 pm

    Guide me

    Reply

      zahinazher

      • October 26, 2020 at 4:32 pm

      Í will surely guide you. Please follow my tutorials

      Reply

    Hafsa

    • June 27, 2020 at 6:42 pm

    Blockchain

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2020, Get Your Tech Guide, Inc