Two key problems of the blockchain technology that still slow down its widespread use throughout the world are scalability and security. Considering that we regularly see news about another leak of tokens and a hacker attack on a successful cryptocurrency, it is not surprising that serious market players continue to treat the blockchain suspiciously, and their activity still should be considered experiments in spite of the fact that huge budgets and investments are in the game.
Most recent security accidents in blockchain
- Recent reports show that in 2017-2018 global blockchain losses from security breakthroughs resulted in $1.8 bln.
- North Korea’s hacking group Lazarus stole $571 mln during 2017-2018 according to cybersecurity vendor Group-IB report. Total loss from hackers’ attacks at crypto exchanges amounted to $882 mln.
- In September and October 2018 EOS Bet platform was hacked losing $200,000 and $338,000 worth of EOS respectively due to a vulnerability in the EOS blockchain. The hackers were able to trick the EOS smart contracts functionality into paying their fake accounts using a malicious code.
- In October 2018 The Trade.io team reported losing 50 mln of the platform’s own coins, TIO. The stolen coins were meant to be the company’s ‘liquidity pool’. Thrade.io claims that the stolen coins were in a cold wallet in safe deposit boxes in banks which weren’t compromised during the hack.
- In January 2018 Tokyo-based cryptocurrency exchange Coincheck reported losing 58 bln yen (approx. $533 million) during a massive hacker attack. According to Bloomberg, 500 million NEM tokens were stolen from Coincheck’s digital wallets.
- The largest example of hacker attack that buried the project was in 2016, when hackers exploited an unforeseen quirk in a smart contract written on Ethereum’s blockchain to steal 3.6 million ether ($80 mln worth) from the DAO.
Ways to cheat
Security is considered one of the key advantages of the blockchain due to the nature of data encryption and complex mathematical calculations that are extremely difficult for attackers to manipulate. The problem is that the holes are usually located in those places where technology and cryptography come into contact with the human world, it is people who turn out to be a weak point in case of security breakthroughs.
There’re “technical” ways suggest that the hacker is looking for holes in the technology itself:
- There’s a way to subvert a blockchain, when a miner can gain an unfair advantage by fooling other nodes into wasting time on already-solved crypto-puzzles, experts say
- An attacker can take over one node’s communications and fool it into accepting false data that appears to come from the rest of the network can trick it into wasting resources or confirming fake transactions.
But the most common weak point is human factor:
- Creating fake ICO
- Breaking through smart contracts
- Using social engineering (phonejacking, phishing attacks)
- Getting malware access to wallets and private keys
- Creating fake wallets and arranging supply chain attacks
- Using DNS attacks or redirecting to fake web pages
- Breaking into “hot wallets” – apps for storing the private keys
Now the main issue of the further development of the blockchain rests on the scalability and many projects are fighting over the best ways to solve the problem. However, there is an opinion that the widespread blockchain raises new security issues.
For example, a US organisation the Financial Stability Oversight Council (FSOC) raises several questions:
- The lack of experience in solving problems inside the blockchain system makes them fear that with the growth of the system with a scalably big core problems, this can put the economy of the whole sector at risk.
- The 51% problem (the majority attack) can become reality if a significant number of participants conspire against the rest of the users.
- Lack of regulation: many experts consider a big disadvantage the lack of common rules and regulations. If chains need to be integrated the lack of standards would mean new risks during the merging process.
How to reduce risks for a common user
The following simple steps are highly effective at keeping hackers from stealing your blockchain keys:
- Store you private key in cold storage or encrypted apps and never in a text file
- Use an antivirus for Windows and Android and have regular anti-malware check-ups
- Never send your private keys in an email
- Always check the address of your crypto funds recipient
It must be admitted that the blockchain is a very promising technology that develops at high speed and gradually solves its problems, reaching a new level with every new project. Understanding that we are now at an early stage of its development will help to treat what is happening with optimism, but also caution. Serious security vulnerabilities are often patched up quickly enough and when there’s an extreme situation community can agree to create a hard fork (as it happened with The DAO). Blockchain is not yet perfect, but what is? It’s important that the community continues working on solving security issues making it as save as possible.