Top Five Blockchain Security Issues in 2019
Blockchain technology is inherently secure. By distributing data, or a ledger in most cases, across several computers, blockchains remove any single point of failure. Additionally, cryptographic proofs and game theory consensus mechanisms make a blockchain near impossible to hack. However, these fundamental safety features don’t mean that blockchain security issues are non-existent.
In fact, blockchains have exposure to their own specific set of security issues that, if not accounted for, can be detrimental to your business. Here are the top five blockchain security issues to look out for in 2019.
In due part to HBO’s Silicon Valley, 51% attacks are one of the most recognized blockchain security issues. In a 51% attack, one, or several, malicious entities gain majority control of a blockchain’s hashrate. With the majority hashrate, they can reverse transactions to perform double-spends and prevent other miners from confirming blocks.
In 2018, several notable cryptocurrencies such as ZenCash, Verge, and Ethereum Classic fell victim to 51% attacks. Overall, attackers walked away with over $20 million last year due to this blockchain security issue.
If your blockchain utilizes a Proof-of-Work (PoW) consensus mechanism, you need to have security measures in place to prevent a 51% attack. Being vigilant of mining pools, implementing merged mining on a blockchain with a higher hashrate, or switching to a different consensus mechanism are all viable options.
One of the most costly blockchain security issues isn’t a problem with blockchain technology itself. Cryptocurrency exchanges have become lucrative honeypots for hackers due to their massive crypto holdings and sometimes poor security practices. Many exchange platforms are innately centralized, so they make the decentralized benefits of blockchains obsolete.
Any early crypto adopter can tell you about the 2014 Mt. Gox hack. At that time, Mt. Gox was the exchange leader, processing nearly 70 percent of all bitcoin transactions. In February 2014, the exchange revealed that a hacker had stolen approximately 850,000 BTC (~$473 million) from the platform. Affected users were left out cold.
Although the Mt.Gox hack occurred in Bitcoin’s infancy, exchange hacks are still prevalent. Last year, exchanges lost over $900 million to hackers.
When storing cryptocurrency for your business, remember the phrase, “Not your keys, not your crypto.” The safest methods of storing your funds are through either a hardware or paper wallet. These methods have minimal online touchpoints which keep your coins out of reach out malicious online hackers. If your business model involves regular trading, use a decentralized exchange (DEX) that allows you to trade directly from your cryptocurrency wallet.
Another blockchain security issue that you and your employees should be aware of is social engineering. Social engineering comes in many forms, but the goal is always the same: to obtain your private keys, login information, or more directly, your cryptocurrency.
Phishing is one of the most common forms of social engineering. In a phishing attempt, a malicious actor sends you an email, message, or even sets up a website or social media account imitating a company brand you trust. Often, they’ll ask that you send over your credentials under the guise of a giveaway or critical issue to force a sense of urgency. If you hand over your information, there’s little you can do to stop them from clearing out your account.
The message is convincing, but notice the difference between the two URL addresses. Source: Sans ISC InfoSec Forums
Almost $3 million was lost due to social engineering in 2018.
Preventing social engineering is relatively straightforward. Never send anyone your login credentials or private keys. And, if a deal sounds too good to be true, it usually is. Set up a training program for your employees that teaches them how to spot the different types of social engineering scams and avoid falling for them.
Most of the big-name blockchains (Bitcoin, Ethereum) have proven their resilience to all types of attacks. However, the apps built on top of them are still susceptible to bugs. Last year, software bugs in wallets and decentralized apps (dApps) led to over $24 million in damages.
It’s important that any software using blockchain technology under the hood undergo rigorous testing and review. This process should include code reviews, penetration testing, and smart contract audits. Additionally, any reputable application should have redundant security measures in place. It’s inevitable that a bug or two will slip through the cracks, so you want to be prepared when they do.
When using any blockchain-based software, check to see that, at the very least, it’s gone through a third-party security audit. Ideally, the code behind it is also open-source so that anyone can go in and review it for flaws or loopholes. Even with those precautions, you should have your own set of security practices in place as many software-level blockchain security issues go undiscovered for years.
Like the many faces of social engineering, there isn’t just one type of malware. This blockchain security issue ranges anywhere from malicious crypto mining software to code that could shut down a company’s servers.
Cryptojacking is the type of malware most associated with blockchain and cryptocurrency. Simply put, cryptojacking is the unauthorized and often unnoticeable takeover of a computer’s resources to mine cryptocurrency. Although cryptojackers don’t directly steal money from their victims, the malware they inject causes performance issues, increases electricity usage, and opens the door for other hostile code.
Because of cryptojacking and other malware’s secretive nature, the yearly cost to victims is largely unknown. However, estimates place the dollar amount somewhere in the multi-millions.
Vigilance is the key to dodging malware or at least stopping it as soon as possible after downloading it.
If you notice performance issues on your computer, check your task manager to see if you have any mysterious programs running. It may seem obvious, but avoid clicking on suspicious links. If you operate a website, run regular security checks to ensure that it hasn’t been injected with malware.
The Future of Blockchain Security Issues
This short list of blockchain security issues only encompasses a small portion of the threats out there. Criminals update their tactics as often as security strategies evolve, creating a constant game of cat-and-mouse. To avoid becoming a victim, It’s critical to stay up-to-date with the latest blockchain security issues and preventative security measures.
It only takes one blockchain security vulnerability to cause irreparable damage to your business.
If you’d like to learn more about the top threats to blockchain security and how to protect against them, download our 2018 Blockchain Security Threat Report.