Home Tags ARTICLE

Tag: ARTICLE

This article concludes our four-part series on the basic differences between traditional IT security and blockchain security. Previous articles discussed the security differences critical for node operators, smart contract developers, and end users. In many ways, Security Operations Center (SOC) analysts and node operators face similar blockchain-related security challenges. The scale of SOC operations brings with it unique security challenges. Reduced telemetry from decentralized infrastructure hinders SOC detection, but additional information available on-chain could drive new ways of detecting security-related events. The effectiveness of a SOC that is focused on detecting and responding to blockchain, crypto, and DeFi threats might be...
In recent years, the rise of artificial intelligence (AI) has revolutionized many sectors, bringing about significant advancements in various fields. However, one area where AI has presented a dual-edged sword is in information operations, specifically in the propagation of disinformation. The advent of generative AI, particularly with sophisticated models capable of creating highly realistic text, images, audio, and video, has exponentially increased the risk of deepfakes and other forms of disinformation.
GAN Poisoning is a unique form of adversarial attack aimed at manipulating Generative Adversarial Networks (GANs) during their training phase; unlike traditional cybersecurity threats like data poisoning or adversarial input attacks, which either corrupt training data or trick already-trained models, GAN Poisoning focuses on altering the GAN's generative capability to produce deceptive or harmful outputs. The objective is not merely unauthorized access but the generation of misleading or damaging information.
Emergent behaviours in AI have left both researchers and practitioners scratching their heads. These are the unexpected quirks and functionalities that pop up in complex AI systems, not because they were explicitly trained to exhibit them, but due to the intricate interplay of the system's complexity, the sheer volume of data it sifts through, and its interactions with other systems or variables. It's like giving a child a toy and watching them use it to build a skyscrapper. While scientists hoped that scaling up AI models would enhance their performance on familiar tasks, they were taken aback when these models started acing a number of unfamiliar tasks.
I’m skeptical of ‘futurists’. Work closely enough with the development of technology solutions and you’ll know that the only certain thing about the future is that it’s constantly changing. For example, few ‘futurists’ predicted the Covid-19 outbreak that brought the world to a standstill in 2020. Many, however, had spent hours waxing on about how 5G technology was to change the trajectory of human evolution, telling tales of what would be possible with ultra-high speed, ultra-low latency connectivity. Me included. Of course, 5G will enable many of these promised use cases, and many others we haven’t even dreamed of yet,...
This article is the third in a four-part series exploring the differences between traditional IT security and blockchain security.  Check out the first two articles in the series exploring the differences for node operators and application developers. This article explores how user security differs between traditional IT and blockchain environments.  While identical products and services may be hosted in traditional IT and blockchain environments, the differences between these ecosystems can have significant security implications for their users. IT vs. Blockchain Security for Users Traditional IT and the blockchain operate under very different philosophies.  Many traditional IT systems are centralized and try to...
This article is the second in a four-part series discussing the differences between traditional IT security / cybersecurity and blockchain security.  Check out the first article in the series discussing the differences for node operators. This article focuses on the differences between application security (AppSec) for traditional applications and smart contracts.  While the first blockchains, like Bitcoin, were not designed to support smart contracts, their invention dramatically expanded the capabilities of blockchain platforms.  The ability to deploy code on top of the blockchain has been one of the main drivers of blockchain’s widespread adoption and success. Traditional Development vs. Smart Contract...
Data masking, also known as data obfuscation or data anonymization, serves as a crucial technique for ensuring data confidentiality and integrity, particularly in non-production environments like development, testing, and analytics. It operates by replacing actual sensitive data with a sanitized version, rendering the data ineffective for malicious exploitation while retaining its functional utility for testing or analysis.
Label-flipping attacks refer to a class of adversarial attacks that specifically target the labeled data used to train supervised machine learning models. In a typical label-flipping attack, the attacker changes the labels associated with the training data points, essentially turning "cats" into "dogs" or benign network packets into malicious ones, thereby aiming to train the model on incorrect or misleading associations. Unlike traditional adversarial attacks that often focus on manipulating the input features or creating adversarial samples to deceive an already trained model, label-flipping attacks strike at the root of the learning process itself, compromising the integrity of the training data.
Recent events like the FTX meltdown have sparked interest and conversations about how the incident could have been prevented.  In the case of FTX, the primary problem was that the platform did not hold sufficient assets to cover its user deposits and liabilities. What are Merkle Trees and Proofs? Proof of Reserves and Proof of Liabilities can use Merkle trees to prove certain facts while keeping data anonymous.  To understand how these schemes work, it is useful to understand Merkle trees first. A Merkle tree is designed to securely summarize a set of data.  This means that, given the root value of...
Blockchain is a rapidly-evolving technology with a great deal of interest and investment. Decentralized Finance (DeFi), in particular, has a great deal of money invested in it as well as a growing number of high-profile and expensive hacks.  Beyond DeFi, many companies, both large and small, are investing heavily in blockchain technology. As blockchain increasingly underpins major systems, securing this technology becomes increasingly vital.  Financial systems built on the blockchain can suffer significant losses due to blockchain hacks.  The use of blockchain for supply chain tracking and audit logging relies on the blockchain being immutable. However, the widespread adoption of blockchain...
The most comprehensive ranked list of the biggest crypto hacks in history (Up until November 1, 2022. I suspect a larger one is just behind the corner) It wasn’t easy digging through the entire history of cybercrime involving cryptocurrencies, but I wanted to get to the bottom of which ones were the biggest in terms of total value of the stolen digital assets at the time of the incident. Two of the entries occurred while I was conducting my research; that’s how I know this will be the most accurate and up-to-date list of the top 12 hacking incidents in...
Backdoor attacks in the context of Machine Learning (ML) refer to the deliberate manipulation of a model's training data or its algorithmic logic to implant a hidden vulnerability, often referred to as a "trigger." Unlike typical vulnerabilities that are discovered post-deployment, backdoor attacks are often premeditated and planted during the model's development phase. Once deployed, the compromised ML model appears to function normally for standard inputs. However, when the model encounters a specific input pattern corresponding to the embedded trigger, it produces an output that is intentionally skewed or altered, thereby fulfilling the attacker's agenda.
$566M worth of BNB was stolen from Binance’s cross-chain bridge BSC Token Hub, but how they responded to the hack will be the most memorable part. Decentralization is a hot button topic in web3, and Binance is (at the time of writing) the biggest crypto exchange by trading volume in the world. The recent hack of Binance’s native cross-chain bridge BSC Token Hub revealed to the world what many early adopters of blockchain technology already knew: The BNB Smart Chain (formerly Binance Smart Chain) is not very "decentralized". How did the BNB Smart Chain bridge get hacked, how did Binance stop it,...
Understanding how flash loans and governance work in DeFi to demystify the Beanstalk Farms Hack The only way to understand how the Beanstalk Farms decentralized credit-based stablecoin protocol exploit happened is to first understand flash loans, which are a little known financial tool unique to the DeFi (decentralized finance) space, as well as governance. A flash loan is, like it sounds, a very fast loan. It happens within a single blockchain transaction and no collateral is needed. Instead, the borrower needs to set up a series of trades using smart contracts that can all be executed at once, and they must...