Blockchain security is a common concern. Is it really safe? Ask any advocate of the technology, and you’ll probably hear terms like “immutable” and “cryptography” in their reply.
Blockchain provides a centralized database that acts as a single source of truth and offers its participants efficient, fast, and accurate global tracking. Blockchain or distributed ledger technology (DLT) consists of a digitized, decentralized ledger that boasts of a tightly secure, peer-to-peer encryption method for confirming transactions. By using a distinct protocol for verifying transactions, anomalies and false operations can be easily detected.
However, the technology isn’t fool-proof. In August 2010, for example, a bug in the Bitcoin network made it possible for a hacker to add large transactions to the ledger without proper verification, totaling 184 billion Bitcoin (BTC), generated and siphoned into three separate accounts. Hackers, frauds have threatened the supposedly secure, decentralized, and iron-clad blockchain system, and different scams ever since. According to the Wall Street Journal, more than $4 billion was lost to cryptocurrency scams in 2019.
So, the issue of blockchain security is a nuanced affair, taking in both blockchain security risks and solid reasons why blockchain is secure.
Security in blockchain technology derives from a number of factors.
Cryptography or encryption provides a mechanism for wallet protection whereby each user is provided with a unique key called a cryptographic “hash.” In public-key cryptography, hashing is a mathematical process that generates a specific, fixed output regardless of how many times the function is used. This makes each key-value an invariable characteristic for each individual on the blockchain.
Mining is a complex and resource-intensive process responsible for maintaining the integrity of the blockchain technology. Blockchain miners must typically solve complex mathematical problems or puzzles to add new “blocks” of transactions to the chain, thereby confirming that each part of the transaction is valid.
Once a transaction is verified, and data is added to the chain, the distributed ledger remains unaltered — the condition known as immutability. This immutable characteristic of blockchain technology also means that information cannot be erased from the platform once a transaction is confirmed.
Blockchain Security Concerns
So much for the plus side of the equation. Since the emergence of the technology, a number of blockchain security issues have come to light, which has inspired or enabled the diverse forms of attacks that the blockchain platform has suffered since its release.
If a miner or group of miners somehow manage to gain more than 50% of a blockchain’s computing network, they would be able to control and manipulate it. On a cryptocurrency exchange, for example, this “51% attack” would enable them to add new transactions to the system without spending — in effect, they could “double-spend” coins or tokens.
Such an assault occurred in May 2018, when the Bitcoin Gold blockchain was attacked by a set of coordinated actions. The perpetrators managed to double-spend a total of $70,000 in Bitcoin Gold (BTG), and in the aftermath of the attack, BTG was removed from the Bittrex listing.
Blockchain Security Concern: Phishing and Social Engineering
An attack vector uniting blockchain and cyber security in general, phishing and social engineering tactics are a form of fraud where con artists send out an email or other messages that mimic communications from known associates or reputable companies. They often incorporate embedded links luring victims to booby-trapped or counterfeit websites tailored to look like the real thing.
In the blockchain ecosystem, phishing lures are typically sent to the owners of wallet keys, asking them to provide their personal information via the bogus links. Other tactics may lure the victim into clicking on a link or visiting a site that installs crypto-mining malware on their device — effectively coopting their computer system as a host for illegal cryptocurrency mining activities.
Named after the title character (“Sybil”) of a book who was diagnosed with a dissociative identity disorder, these attacks involve creating multiple false identities on a peer-to-peer network. For the perpetrators, this allows various nodes to be run at the same time, swarming the blockchain network with these false identities and ultimately causing the system to crash.
Blockchain Security Concern: Malicious Routing
Blockchain technology is heavily reliant on the upload and download of large volumes of information in real-time. In a routing attack, hackers attempt to intercept the data as it’s being transferred to internet service providers. If successful, this enables them to partition the system while maintaining the illusion that everything is functioning as normal. Under cover of this illusion, the perpetrators can steal cryptocurrency or siphon off data from the network.
Blockchain Security Countermeasures
Blockchain-specific and general cybersecurity measures may be deployed to guard against the issues described above.
Two-Factor Authentication (2FA)
Two-step or two-factor authentication (2FA) is a strategy that has proven successful in private and corporate security circles for access management and account protection. In the context of blockchain technology, it adds a layer to wallet security, with the user providing their wallet key and a one-time password, or OTP, generated in real time, to access their currency wallet. Any cyber attacker looking to gain access to a network account protected in this way would have to own the pre-configured OTP device belonging to the account holder.
This includes programs and platforms specifically designed to identify malicious links, email threats, and fake websites — with tools to revoke access to these resources once they’re red-flagged. Many tools also have features to approve legitimate websites and links.
Blockchain storage and cryptocurrency wallets are usually of the “hot” variety and are online tools that must be connected to the internet, making them vulnerable to attack. Cold wallets are hardware devices that can remain offline, introducing the possibility of physical theft, but reducing their vulnerability to hacking.
Knowledge bases and online listings of fraudulent initial coin offerings (ICOs), phishing patterns, and known key or identity thieves can provide critical intelligence, enabling individuals and organizations to protect their assets on the blockchain.
Blockchain Security Companies
In addition to commercially available tools and solutions for blockchain security, a number of companies offer specialist services and resources in this regard. Working at the intersection between blockchain and cybersecurity, these companies typically build products using smart contracts and multi-step authentication. They include:
Block Armor is an enterprise cybersecurity company that employs several measures fundamental to blockchain-powered security, including authentic digital signatures for IoT devices within a network and distributed technological architecture. Their Blockchain-Defined Perimeter (BDP) is an enhanced software-defined perimeter which renders critical systems and cloud servers invisible to potential intruders.
Based in Oakland, Calif., CryptoMove uses blockchain technology to protect application programming interface (API) keys, apps, and trade secrets. Using their patented moving-target data protection technology, the CryptoMove Tholos key vault is designed to end the unintentional dissemination of sensitive information.
The Hacken ecosystem of blockchain-powered tools includes anti-phishing services and the detection of fraudulent advertisements, penetration testing based on practical, real-world threat scenarios, mobile application security testing, a bug bounty, and vulnerability platform, and load and performance testing. The Hacken token (HKN) is the secure unit of exchange that allows the ecosystem to exist.