Crypto, Blockchain and DeFi Security

This article concludes our four-part series on the basic differences between traditional IT security and blockchain security. Previous articles discussed the security differences critical for node operators, smart contract developers, and end users. In many ways, Security Operations Center (SOC) analysts and node operators face similar blockchain-related security challenges. The scale of SOC operations brings with it unique security challenges. Reduced telemetry from decentralized infrastructure hinders SOC detection, but additional information available on-chain could drive new ways of detecting security-related events. The effectiveness of a SOC that is focused on detecting and responding to blockchain, crypto, and DeFi threats might be significantly improved if it took a "fusion" approach that combines various fraud detection methods with the most effective cybersecurity methods,...

This article is the third in a four-part series exploring the differences between traditional IT security and blockchain security.  Check out the first two articles in the series exploring the differences for node operators and application developers. This article explores how user security differs between traditional IT and blockchain environments.  While identical products and services may be hosted in traditional IT and blockchain environments, the differences between these ecosystems can have significant security implications for their users. IT vs. Blockchain Security for Users Traditional IT and the blockchain operate under very different philosophies.  Many traditional IT systems are centralized and try to control every aspect of the user experience.  In contrast, the ethos of blockchain technology focuses on decentralization and self-custody. These different...

This article is the second in a four-part series discussing the differences between traditional IT security / cybersecurity and blockchain security.  Check out the first article in the series discussing the differences for node operators. This article focuses on the differences between application security (AppSec) for traditional applications and smart contracts.  While the first blockchains, like Bitcoin, were not designed to support smart contracts, their invention dramatically expanded the capabilities of blockchain platforms.  The ability to deploy code on top of the blockchain has been one of the main drivers of blockchain’s widespread adoption and success. Traditional Development vs. Smart Contract Development Traditional applications and smart contracts can implement much of the same functionality.  Smart contract platforms are Turing complete, and, on...

Recent events like the FTX meltdown have sparked interest and conversations about how the incident could have been prevented.  In the case of FTX, the primary problem was that the platform did not hold sufficient assets to cover its user deposits and liabilities. What are Merkle Trees and Proofs? Proof of Reserves and Proof of Liabilities can use Merkle trees to prove certain facts while keeping data anonymous.  To understand how these schemes work, it is useful to understand Merkle trees first. A Merkle tree is designed to securely summarize a set of data.  This means that, given the root value of the tree and some internal node values, it is possible to prove that a particular piece of data is included...

Blockchain is a rapidly-evolving technology with a great deal of interest and investment. Decentralized Finance (DeFi), in particular, has a great deal of money invested in it as well as a growing number of high-profile and expensive hacks.  Beyond DeFi, many companies, both large and small, are investing heavily in blockchain technology. As blockchain increasingly underpins major systems, securing this technology becomes increasingly vital.  Financial systems built on the blockchain can suffer significant losses due to blockchain hacks.  The use of blockchain for supply chain tracking and audit logging relies on the blockchain being immutable. However, the widespread adoption of blockchain technology is relatively recent, and security has not always kept up with the technology.  In many cases, traditional IT security...

The most comprehensive ranked list of the biggest crypto hacks in history (Up until November 1, 2022. I suspect a larger one is just behind the corner) It wasn’t easy digging through the entire history of cybercrime involving cryptocurrencies, but I wanted to get to the bottom of which ones were the biggest in terms of total value of the stolen digital assets at the time of the incident. Two of the entries occurred while I was conducting my research; that’s how I know this will be the most accurate and up-to-date list of the top 12 hacking incidents in crypto’s history. 1. Poly Network: $611M At $611M, the Poly Network exploit of August 10, 2021 ranks as the largest crypto hack...

$566M worth of BNB was stolen from Binance’s cross-chain bridge BSC Token Hub, but how they responded to the hack will be the most memorable part. Decentralization is a hot button topic in web3, and Binance is (at the time of writing) the biggest crypto exchange by trading volume in the world. The recent hack of Binance’s native cross-chain bridge BSC Token Hub revealed to the world what many early adopters of blockchain technology already knew: The BNB Smart Chain (formerly Binance Smart Chain) is not very "decentralized". How did the BNB Smart Chain bridge get hacked, how did Binance stop it, and what does this all have to do with decentralization? Let's go through this in order. How the BSC Token Hub was...