Blockchain security is one of the most challenging security problems. With every new technology, it takes time and use for risks to emerge. It takes additional time to create a way to address those issues. While a blockchain itself may be immutable secured data, the parts and pieces that go into that data may not be secure themselves. The components interacting with the blockchain like wallets, exchanges, miners, and smart contracts are written in code which by default has bugs and vulnerabilities. Veracode studies have shown that over 85% of apps have at least one risk point on initial review. Simple programming errors in smart contracts can result in significant breaches as seen with The DAO which allowed an attacker to drain $50 million worth of Ether via a re-entrancy bug.
While the current threats are primarily restricted to the public blockchain, it’s only a matter of time before the enterprise space sees attacks as well. Until the entire blockchain system is secure, attackers have places to infiltrate and wreak havoc. Business security solutions will need to act fast to stay ahead of cybercriminals. The learning curve may be steep, but solutions for the public blockchain risks may benefit the enterprise chains. Businesses are an attractive target. Cybercriminals don’t need to do anything with the data they steal to make money, the just steal the virtual money itself.
Cryptocurrency platforms where users exchange one type of currency for another are particularly attractive to hackers. According to a Carbon Black study, hackers stole $1.1 billion worth of cryptocurrency in the first half of this year. Earlier this year Mt. Gox filed for bankruptcy protection due to a hack that resulted in the loss of over 850,000 bitcoins. Coincheck also reported an attack where their system was infiltrated because they stored everything in a hot wallet and had only single-factor authentication security in place.
So what can you do to help protect your blockchain and yourself? Ensure basic security measures are in place: unique private keys and two-factor authentication are examples. Don’t publish email addresses or phone numbers when using the exchanges. Much like posting on social media your plans to go out of town for a week, public boasting of success by your crypto traders only serves as a beacon for criminals. SSL and certificates, industry standards for best practice, can be used to verify user identity. Building security directly into the code during software development is a must, particularly if that software interacts with a blockchain build.
Contact us for more information on blockchain technologies and security.