Edgica logo

How secure is blockchain? Well, before we consider blockchain security issues and vulnerabilities, let’s admit the harsh reality: the majority of laymen out there strongly associate the blockchain technology with a crazy rush of dubious cryptocurrency projects and scam ICOs, which have stolen hundreds million US dollars in Bitcoin or Ether from naive investors in 2017-2018. Well, those good old times taught us great lessons!

There was one kind of scammers that had been flourishing by selling away tokens of fake ventures taking advantage of ‘crypto-’ prefix in their names or pretending to be ‘blockchain-powered’ even when there was no slightest sense of using blockchain in what they’ve offered. And there was another kind of scammers, which had been trying hacking blockchain or deceiving cryptocurrency owners via social engineering and phishing attempts.

Of course, not all the crypto projects are scams, while the blockchain itself has a great potential for development and a variety of useful applications as it brings strong cybersecurity benefits to the table (sophisticated cryptography and decentralization are among them). Many respected businesses have already employed blockchain for security reasons, including modern banking, healthcare, and other industries. Let’s find out if blockchain vulnerabilities are real and if so, then how we can avoid them.

What is a 51% attack and how to prevent it?

Potential blockchain security issues can originate from the mechanisms making it so secure, namely from misusing the PoW (Proof-of-Work) consensus algorithm behind it. According to PoW, the role of a trusted single authority in between, which normally controls and assures transactions in traditional systems, is replaced with a practice of decentralized collective validation and encryption of blocks (sets of transaction records) performed by a network of allocated miners. They are constantly working to form the longest chain of blocks, which becomes a canonical (mutually recognized) public ledger based on PoW consensus principle.

The nodes included in such a blockchain network are constantly working (mining) to keep the transactions and blockchain versioning correct, consistent and valid according to accepted protocol rules. The process of mining consumes a terrific amount of electric power and calculational effort as it requires finding a solution to a block’s mathematical problem and thus producing valid block hash (encrypted output of a fixed length) that is to be checked and verified by other network nodes. Any altered or inaccurate version of the public ledger is to be identified and rejected by the distributed peer nodes. The capability of a miner to produce such work is called the hash rate.

If somebody ends up by gaining control over the majority (at least 51%) of the hash rate on a single network, such an entity can produce an alternative block record causing ‘chain reorganization’, adding more blocks until a new manipulative chain record becomes the longest one and thus recognized as canonical. It leads to many potential issues with blockchain, such as a double-spending problem: a fraudulent actor can send their cryptocoins to a recipient, but then reverse the said transactions to keep the cryptocurrency to them. However, a 51% attack cannot actually steal crypto-money from owners or reverse transactions from other users.

Normally, most of the large diversified blockchains such as Bitcoin cannot fall victim to such an attack as it would be too expensive for attackers to gain such extensive control over the network hash powers (so at least chances are extremely low). At the same time, smaller PoW-based blockchains should consider this kind of risk as pretty realistic.

How to avoid 51% attack? Implementation of different consensus mechanisms, such as Proof-of-Stake or Proof-of-Activity, can be an efficient solution to prevent a 51 % attack in smaller blockchain networks.

Cryptojacking: unsolicited use of your computer for mining

Cryptojacking (crypto + hijacking) is not a blockchain vulnerability itself but one of the widespread blockchain-related security risks that everyone should be aware of.

It does not entail direct stealing of the crypto-money from the victim’s wallet but it means the use of malware to hijack a victim’s computer and exploit it as a hidden mining node without the user’s authorization or consent. You may identify an overtaken device by some indirect signs, such as considerable performance slowdown, increased power consumption, overheating, and intensified hardware wear and tear problem. Infected individual machines can form bigger botnets or mining pools used to mine cryptocurrencies for the hackers’ sake.

Usually, a victim’s PC gets malware-infected because of unsafe web browsing, accidental clicking on malicious links, emails, ads, etc, or using fraudulent software that secretly brings auto-executing cryptomining code onto computers. After hackers manage to successfully place their cryptomining script on someone’s machine it keeps silently running in the background as the victim follows their daily routine. According to expert estimates, the cryptojacking profits exceeded $4 billion in 2017-2018.

How not to fall victim to crypto hacking attempts?

  • Make sure to get a good ad-blocking tool, or even find some specialized cryptomining prevention solutions from trusted vendors out there.
  • Make sure to get a good ad-blocking tool, or even find some specialized cryptomining prevention solutions from trusted vendors out there.
  • Stay attentive to indirect signs of cryptojacking: slower computer performance without a good reason, hardware overheating, etc.
  • Stay away from suspicious websites, clickbait ads, emails, etc.
  • Perform regular computer checkups using home anti-virus packages or resort to professional assistance.

Social engineering, software or smart contract flaws

One of the biggest blockchain security issues is that once a transaction is sent to the blockchain, there is almost no possibility to revert it. It doesn’t tolerate human mistakes, so if someone sends a certain amount of their crypto-tokens or cryptocurrency to a wrong account (let’s say to a scammer, if a fraud takes place), there is no authority or law enforcement that has a power to return it to the previous owner (efficiency of existing cryptocurrency legislative acts is still highly doubtful).

Since the blockchain itself is a tamperproof system, the hackers have focused on attacking the less reliable component — additional software and… humans. What they need is to trick you into giving away to them your crypto wallet private keys, login information, and cryptocurrency after all (as we just mentioned, once sent to the blockchain, your coins cannot be returned by anyone, except for the receiver themselves).

Just to name a few popular social engineering or phishing methods and tools:

  • Collecting the personal keys by making imitated versions of websites like MyEtherWallet and putting them at the top of Google’s search results using promoted ads.
  • Promoting fraudulent cryptocurrency wallets, which let the crypto in but never out.
  • Offering fake login forms to collect your sensitive info for hackers.
  • Sending deceiving messages and emails pretending to be from project support teams or trusted persons with clickbait links leading to fake websites and forms (usually creating a sense of urgency).

Additionally, hackers may exploit bugs and security flaws found in all sorts of software, apps, and websites built to connect to the blockchain, like wallets, crypto exchanges, etc. In some cases, poorly tested smart contacts might give hackers some additional ways to interfere with blockchain normal functioning.

How not to fall victim to social engineering and scams?

  • Use hardware wallets and blockchain authorization tools, if possible.
  • Bookmark your crypto or blockchain-related services, so you don’t need to search.
  • Get trusted extensions like MetaMask Chrome Extension to warn you if you are on a crypto-phishing side.
  • Do not trust all messages or links sent via private messengers or email. Make sure to verify the information and look for proof.
  • When working with any blockchain-based software, make sure it was well-examined by a third-party security audit or whether it is open-source and thus everyone can check it for security problems.
  • Double or even triple check every link or website which you’re going to deal with. Google up every project’s reputation, reviews or available scam reports.

In a nutshell:

Blockchain has its own issues and disadvantages, but when it comes to storing and exchanging valuable records, it’s a much more reliable and hackerproof technology than anything we knew before it. Nothing is perfect yet, and the blockchain’s main security issue lies in the field of human-machine interaction or in combination with traditional systems where user data, such as personal keys, can fall victim to fraud, hijacking or hacker attacks.

Copyright 2019 Edgica LLC, All rights reserved
Subscribe to our Newsletter!

Subscribe to our Newsletter!

Join our mailing list to receive the latest news and updates from Edgica. We keep your contact information confidential, you always can unsubscribe.

Thank you! Please, check your Inbox to confirm the subscription!

Pin It on Pinterest

Shares
Share This
Read previous post:
Trading mission to Norway 2019. Findings

Edgica was selected by the initiators as one of the 15 Ukrainian IT companies to participate in the trade mission...

Close