Tag: ARTICLE
Getting to the bottom of the exploit that led to one of the biggest hacks in the history of decentralized finance.
In order to understand the $160M Wintermute hack, we first need to understand algorithmic market makers and how they work in DeFi (decentralized finance), since that’s what Wintermute is.
Imagine you’re the developer of a crypto project and you expect to get your token listed on a large exchange, even a top 10 such as Kraken or Binance. It sounds great, but now you have a new problem because you’ll need to constantly ensure the exchange always has enough liquidity...
What Are Blockchains Layers 0, 1, and 2?
A blockchain is a complex, multi-layered system. Bitcoin, the original blockchain, maintained a distributed and decentralized digital ledger on top of a peer-to-peer network. Later blockchains, like Ethereum, added complexity by integrating smart contract functionality and the technology needed to support these programs that run on top of the blockchain.
In addition to these various layers within a blockchain, there is now the concept of Layer 0, 1, and 2 blockchain solutions. Each of these “layers” is intended to describe a particular function that has been added to or abstracted from the blockchain.
In...
A missing pile of Safemoon and other cryptocurrencies, accusations of broken promises, and then nothing.
When a high-profile cyber attack takes place and hundreds of millions of dollars are lost, usually a healthy balance is struck between safeguarding information to protect ongoing investigations and maintaining a level of transparent communication with the public.
In the case of BitMart’s security breach, they chose to keep a lot under wraps. We can still get a general idea of what happened and what went wrong from a string of statements they made early on.
This is the fullest story you’ll find on what happened with...
In recent years, many organizations have adopted more modern development practices, including Agile, Scrum, and DevOps. The goal of these new processes is to improve the pace and efficiency of development by streamlining the development process and using automation whenever possible.
One of the main shortcomings of most DevOps programs is that they overlook security, focusing on getting software released as quickly as possible. As a result, tens of thousands of vulnerabilities reach production each year, putting customers at risk. Additionally, fixing vulnerabilities in production is costlier than in the development and steals resources away from developing new software.
With the...
The biggest crypto heist in history at the time it occurred in 2018 was an eye-opener for many reasons, not least of which for the way the stolen assets were being stored.
Seasoned crypto enthusiasts and early adopters of the disruptive new technology know now that safely storing your digital assets is half the battle, but it wasn’t always so. Insufficiently secured storage was the norm for almost a decade after Bitcoin’s creation, with many people simply keeping their crypto on centralized exchanges, hot wallets, or even just USB sticks without any password protection.
With the $534M Coincheck hack in January...
Wallet Attacks: A Deep-dive
Wallets are a logical target for cyber-attacks, along with the emerging institutions that hold custody of them on users’ behalf. While secured with technically unbreakable code, hackers have found numerous ways to gain illicit access to user wallets, whether by deception, theft, or ingenuity. In responding to this threat, the crypto-industry must consider whether to opt for traditional KYC-based measures or to seek crypto-native solutions to this perennial issue. If the industry fails to agree, it could lead to a two-tier system of ‘pure’ crypto institutions and players that embrace centralized and a certain necessary degree...
Axie Infinity’s Ronin Bridge Hack for $551M worth of crypto assets could paradoxically lead to higher rates of blockchain adoption by showing that it’s a lot easier to track stolen cryptocurrency than people think.
The popular misconception that cryptocurrencies are private and untraceable fuels the equally popular misconception that it’s impossible to track and recover stolen crypto assets.
In fact, even some of the most high-profile and sophisticated crypto theft operations have been exposed through the use of blockchain forensics and crypto investigations.
The infiltration of Sky Mavis leading to the Axie Infinity Ronin bridge exploit and the subsequent postmortem is a...
Consensus Attacks: A Deep-dive
Where centralized systems operate on the basis of centralized permission, blockchain protocols proceed on the basis of decentralized consensus. While this is more secure in theory, the system is not flawless. All blockchains are susceptible to consensus hacking, thanks to the ability to simulate, force, or circumvent majority consent for a nefarious aim. Solutions can be found for some of these attacks, but ultimately, the only solution to the consensus problem may be scale.
Introduction
The democratic nature of blockchain technology relies on the fact that it is permissionless. This refers to the fact that anyone can take...
As machine learning models become increasingly integral to industries ranging from healthcare to finance, securing these advanced computational tools has never been more critical. While these models excel at tasks like predictive analytics and natural language understanding, they are also susceptible to various forms of cyberattacks. One emerging threat that often flies under the radar is query attacks, which are designed to extract valuable model information.
The Basics of Machine Learning Models
Machine learning models are essentially algorithms that can learn from and make decisions or predictions based on data. They serve as the backbone for a plethora of applications that have become ubiquitous in...
Network Attacks: A Deep-dive
Network attacks are a class of exploits that focus on the isolation and manipulation of individual nodes or groups of nodes. While blockchain networks are theoretically robust against such attempts, both hackers and academics have found loopholes that can be used not only to defraud and damage individuals, but also scale up to take down entire exchanges. While easily overlooked, the list of network attacks is likely to grow in the years ahead, and is worth preparing for.
Introduction
A blockchain network is powered by the exchange of information between nodes. These are the individual ‘worker ants’ whose...
Smart Contract Risk and How to Mitigate It: A Deep-dive
The strengths of smart contracts are also the source of its weaknesses, and will always present opportunities for hackers to exploit. So far, the pace of innovation in counter-measures is struggling to keep pace with innovation in the methods of attack. It’s reasonable to assume that as the Web3 environment stabilizes, an equilibrium will be achieved. However, the threat cannot be eliminated, and vigilance will always be a necessity.
Introduction
In her seminal book on Web3 fundamentals, The Token Economy, Shermin Voshmgir defines a smart contract as ‘a self-enforcing agreement, formalized as...
The full story behind the exploit that led to the fraudulent minting of 120,000 wETH and threatened to crash Solana.
Early February of 2022 was a low-point for the cryptocurrency asset class; one of many more to come throughout the year. The price of BTC was on a relentless downtrend from a high of $69,044.77 on Nov 10, 2021, to under $40,000 by February 02, 2022.
This is the market atmosphere in which the $320M Wormhole bridge exploit occurred.
The Wormhole bridge exists to help users move their assets from one blockchain to another – most often from Ethereum to Solana. The...
The utopian view of the blockchain as an unhackable alternative to the status quo is a pipedream. Many traditional cyberattacks are effective in a blockchain-based setting, and even cryptographically-secured processes are prone to errors and exploits. Understanding the potential attack vectors is a prerequisite to building a stable blockchain-based alternative to today’s centralized networks.
Introduction
The capacity for blockchain to alter the modern-day economy and society is immense. This potential goes well beyond the creation of cryptocurrencies and trustless payment systems.
While still early in their evolution, blockchain networks have been shown to enable new means of exchanging value (tokenization), making agreements...
In the rapidly expanding field of data science, data labeling plays a critical role, particularly in the context of supervised machine learning. While this process is instrumental in transforming raw data into a structured format that algorithms can learn from, it also necessitates the handling of potentially sensitive or personal information. This is where Differential Privacy comes in. This mathematical framework acts as a safeguard by introducing ‘random noise’ into the data, essentially adding an additional layer of security that makes it statistically challenging to reverse-engineer any sensitive details. Unlike more traditional methods of data protection that require altering the...
Cyber-Attack Strategies in the Blockchain Era - A Framework for Categorizing the Emerging Threats to the Crypto Economy
Market attacks
Rely on the mass-manipulation of investors through asymmetric information
Pump-and-dump
Parties conspire to artificially inflate (pump) the price of an asset using various manipulation tactics (spoofing, wash selling, layering), in advance of selling (dumping) their stake. The reverse technique can be used to acquire an asset below fair value in a short-selling strategy.
Exit scam
A project such as an ICO or DAO raises substantial capital from investors, before unexpectedly terminating all operations. Rather than returning the capital to investors, the founders disappear with all...