Tag: ARTICLE
Proving knowledge of a secret is the basis of password-based authentication systems. The assumption is that only you know your password. If this is the case, entering your password into a system proves your identity and grants you access to your account.
However, this approach doesn’t work as well on the blockchain, where everything stored on the digital ledger is publicly visible. Any password or other secret included within a blockchain transaction would be revealed to all nodes and users of the blockchain. This is where zero-knowledge proofs (ZKPs) come into play.
What is a Zero-Knowledge Proof?
A ZKP allows a prover...
The $611M Poly Network exploit is the largest crypto hack to date in terms of mark-to-market value and all the stolen funds were returned, but the identity of the hacker is still unknown.
Dubbed “Mr. White Hat” by the Poly Network security team, the anonymous perpetrator of the biggest crypto hack to date gave all the stolen crypto assets back within 15 days of the incident.
But how was the hack carried out? Why did they return the funds? And how did they manage to remain anonymous? We’ll explore these questions, but first..
What is the Poly Network?
The Poly Network is a...
Getting to the bottom of the exploit that led to one of the biggest hacks in the history of decentralized finance.
In order to understand the $160M Wintermute hack, we first need to understand algorithmic market makers and how they work in DeFi (decentralized finance), since that’s what Wintermute is.
Imagine you’re the developer of a crypto project and you expect to get your token listed on a large exchange, even a top 10 such as Kraken or Binance. It sounds great, but now you have a new problem because you’ll need to constantly ensure the exchange always has enough liquidity...
What Are Blockchains Layers 0, 1, and 2?
A blockchain is a complex, multi-layered system. Bitcoin, the original blockchain, maintained a distributed and decentralized digital ledger on top of a peer-to-peer network. Later blockchains, like Ethereum, added complexity by integrating smart contract functionality and the technology needed to support these programs that run on top of the blockchain.
In addition to these various layers within a blockchain, there is now the concept of Layer 0, 1, and 2 blockchain solutions. Each of these “layers” is intended to describe a particular function that has been added to or abstracted from the blockchain.
In...
As we edge closer to the Q-Day—the anticipated moment when quantum computers will be capable of breaking traditional cryptographic systems—the need for crypto-agility becomes increasingly critical. Crypto-agility is the capability of an organization to swiftly and efficiently transition between different cryptographic algorithms and protocols in response to emerging threats and technological advancements.
Text Classification Models are critical in a number of cybersecurity controls, particularly in mitigating risks associated with phishing emails and spam. However, the emergence of sophisticated perturbation attacks poses substantial threats, manipulating models into erroneous classifications and exposing inherent vulnerabilities. The explored mitigation strategies, including advanced detection techniques and defensive measures like adversarial training and input sanitization, are instrumental in defending against these attacks, preserving model integrity and accuracy.
A missing pile of Safemoon and other cryptocurrencies, accusations of broken promises, and then nothing.
When a high-profile cyber attack takes place and hundreds of millions of dollars are lost, usually a healthy balance is struck between safeguarding information to protect ongoing investigations and maintaining a level of transparent communication with the public.
In the case of BitMart’s security breach, they chose to keep a lot under wraps. We can still get a general idea of what happened and what went wrong from a string of statements they made early on.
This is the fullest story you’ll find on what happened with...
In simplest terms, a multimodal model is a type of machine learning algorithm designed to process more than one type of data, be it text, images, audio, or even video. Traditional models often specialize in one form of data; for example, text models focus solely on textual information, while image recognition models zero in on visual data. In contrast, a multimodal model combines these specializations, allowing it to analyze and make predictions based on a diverse range of data inputs.
In recent years, many organizations have adopted more modern development practices, including Agile, Scrum, and DevOps. The goal of these new processes is to improve the pace and efficiency of development by streamlining the development process and using automation whenever possible.
One of the main shortcomings of most DevOps programs is that they overlook security, focusing on getting software released as quickly as possible. As a result, tens of thousands of vulnerabilities reach production each year, putting customers at risk. Additionally, fixing vulnerabilities in production is costlier than in the development and steals resources away from developing new software.
With the...
The biggest crypto heist in history at the time it occurred in 2018 was an eye-opener for many reasons, not least of which for the way the stolen assets were being stored.
Seasoned crypto enthusiasts and early adopters of the disruptive new technology know now that safely storing your digital assets is half the battle, but it wasn’t always so. Insufficiently secured storage was the norm for almost a decade after Bitcoin’s creation, with many people simply keeping their crypto on centralized exchanges, hot wallets, or even just USB sticks without any password protection.
With the $534M Coincheck hack in January...
Wallet Attacks: A Deep-dive
Wallets are a logical target for cyber-attacks, along with the emerging institutions that hold custody of them on users’ behalf. While secured with technically unbreakable code, hackers have found numerous ways to gain illicit access to user wallets, whether by deception, theft, or ingenuity. In responding to this threat, the crypto-industry must consider whether to opt for traditional KYC-based measures or to seek crypto-native solutions to this perennial issue. If the industry fails to agree, it could lead to a two-tier system of ‘pure’ crypto institutions and players that embrace centralized and a certain necessary degree...
Axie Infinity’s Ronin Bridge Hack for $551M worth of crypto assets could paradoxically lead to higher rates of blockchain adoption by showing that it’s a lot easier to track stolen cryptocurrency than people think.
The popular misconception that cryptocurrencies are private and untraceable fuels the equally popular misconception that it’s impossible to track and recover stolen crypto assets.
In fact, even some of the most high-profile and sophisticated crypto theft operations have been exposed through the use of blockchain forensics and crypto investigations.
The infiltration of Sky Mavis leading to the Axie Infinity Ronin bridge exploit and the subsequent postmortem is a...
Consensus Attacks: A Deep-dive
Where centralized systems operate on the basis of centralized permission, blockchain protocols proceed on the basis of decentralized consensus. While this is more secure in theory, the system is not flawless. All blockchains are susceptible to consensus hacking, thanks to the ability to simulate, force, or circumvent majority consent for a nefarious aim. Solutions can be found for some of these attacks, but ultimately, the only solution to the consensus problem may be scale.
Introduction
The democratic nature of blockchain technology relies on the fact that it is permissionless. This refers to the fact that anyone can take...
Query attacks are a type of cybersecurity attack specifically targeting machine learning models. In essence, attackers issue a series of queries, usually input data fed into the model, to gain insights from the model's output. This could range from understanding the architecture and parameters of the model to uncovering the actual data on which it was trained. The nature of these attacks is often stealthy and surreptitious, designed to mimic legitimate user activity to escape detection.
Network Attacks: A Deep-dive
Network attacks are a class of exploits that focus on the isolation and manipulation of individual nodes or groups of nodes. While blockchain networks are theoretically robust against such attempts, both hackers and academics have found loopholes that can be used not only to defraud and damage individuals, but also scale up to take down entire exchanges. While easily overlooked, the list of network attacks is likely to grow in the years ahead, and is worth preparing for.
Introduction
A blockchain network is powered by the exchange of information between nodes. These are the individual ‘worker ants’ whose...