Consensus Attacks: A Deep-dive
Where centralized systems operate on the basis of centralized permission, blockchain protocols proceed on the basis of decentralized consensus. While this is more secure in theory, the system is not flawless. All blockchains are susceptible to consensus hacking, thanks to the ability to simulate, force, or circumvent majority consent for a nefarious aim. Solutions can be found for some of these attacks, but ultimately, the only solution to the consensus problem may be scale.
Introduction
The democratic nature of blockchain technology relies on the fact that it is permissionless. This refers to the fact that anyone can take...
Cyber-Attack Strategies in the Blockchain Era - A Framework for Categorizing the Emerging Threats to the Crypto Economy
Market attacks
Rely on the mass-manipulation of investors through asymmetric information
Pump-and-dump
Parties conspire to artificially inflate (pump) the price of an asset using various manipulation tactics (spoofing, wash selling, layering), in advance of selling (dumping) their stake. The reverse technique can be used to acquire an asset below fair value in a short-selling strategy.
Exit scam
A project such as an ICO or DAO raises substantial capital from investors, before unexpectedly terminating all operations. Rather than returning the capital to investors, the founders disappear with all...
The utopian view of the blockchain as an unhackable alternative to the status quo is a pipedream. Many traditional cyberattacks are effective in a blockchain-based setting, and even cryptographically-secured processes are prone to errors and exploits. Understanding the potential attack vectors is a prerequisite to building a stable blockchain-based alternative to today’s centralized networks.
Introduction
The capacity for blockchain to alter the modern-day economy and society is immense. This potential goes well beyond the creation of cryptocurrencies and trustless payment systems.
While still early in their evolution, blockchain networks have been shown to enable new means of exchanging value (tokenization), making agreements...
One attacker and hundreds of copycats looted the Nomad bridge for over $190 million; few did the right thing.
Decentralization is a hot-button topic in 2022.
To some, it seems like the solution to a variety of issues plaguing the so-called web2 ecosystem, such as the monopolization of social media, the centralized control over the flow of information, and bad data privacy and data monetization practices. Proponents of distributed blockchain technology offer web3 as the decentralized solution to these problems, but web3 has some kinks to work out before it can replace the established infrastructure of web2.
One of those kinks involves...
This article concludes our four-part series on the basic differences between traditional IT security and blockchain security. Previous articles discussed the security differences critical for node operators, smart contract developers, and end users.
In many ways, Security Operations Center (SOC) analysts and node operators face similar blockchain-related security challenges. The scale of SOC operations brings with it unique security challenges. Reduced telemetry from decentralized infrastructure hinders SOC detection, but additional information available on-chain could drive new ways of detecting security-related events.
The effectiveness of a SOC that is focused on detecting and responding to blockchain, crypto, and DeFi threats might be...
Around $170M worth of cryptocurrency was allegedly stolen from an obscure Italian crypto exchange called BitGrail in 2018; it’s still unclear exactly how or by whom.
Just weeks after Japanese crypto exchange Coincheck was hacked – an event dubbed “the biggest theft in the history of the world” at the time – the Italian crypto exchange BitGrail announced they were unable to account for millions of Nano (XNO), valued around $170M. Similar to the Coincheck hack, this incident involved BitGrail’s hot wallet allegedly being compromised.
However, that’s where the similarities end. Coincheck was praised for taking full responsibility and returning 90%...
The biggest crypto heist in history at the time it occurred in 2018 was an eye-opener for many reasons, not least of which for the way the stolen assets were being stored.
Seasoned crypto enthusiasts and early adopters of the disruptive new technology know now that safely storing your digital assets is half the battle, but it wasn’t always so. Insufficiently secured storage was the norm for almost a decade after Bitcoin’s creation, with many people simply keeping their crypto on centralized exchanges, hot wallets, or even just USB sticks without any password protection.
With the $534M Coincheck hack in January...
Blockchain is a rapidly-evolving technology with a great deal of interest and investment. Decentralized Finance (DeFi), in particular, has a great deal of money invested in it as well as a growing number of high-profile and expensive hacks. Beyond DeFi, many companies, both large and small, are investing heavily in blockchain technology.
As blockchain increasingly underpins major systems, securing this technology becomes increasingly vital. Financial systems built on the blockchain can suffer significant losses due to blockchain hacks. The use of blockchain for supply chain tracking and audit logging relies on the blockchain being immutable.
However, the widespread adoption of blockchain...
Proving knowledge of a secret is the basis of password-based authentication systems. The assumption is that only you know your password. If this is the case, entering your password into a system proves your identity and grants you access to your account.
However, this approach doesn’t work as well on the blockchain, where everything stored on the digital ledger is publicly visible. Any password or other secret included within a blockchain transaction would be revealed to all nodes and users of the blockchain. This is where zero-knowledge proofs (ZKPs) come into play.
What is a Zero-Knowledge Proof?
A ZKP allows a prover...
What Are Blockchains Layers 0, 1, and 2?
A blockchain is a complex, multi-layered system. Bitcoin, the original blockchain, maintained a distributed and decentralized digital ledger on top of a peer-to-peer network. Later blockchains, like Ethereum, added complexity by integrating smart contract functionality and the technology needed to support these programs that run on top of the blockchain.
In addition to these various layers within a blockchain, there is now the concept of Layer 0, 1, and 2 blockchain solutions. Each of these “layers” is intended to describe a particular function that has been added to or abstracted from the blockchain.
In...
Understanding how flash loans and governance work in DeFi to demystify the Beanstalk Farms Hack
The only way to understand how the Beanstalk Farms decentralized credit-based stablecoin protocol exploit happened is to first understand flash loans, which are a little known financial tool unique to the DeFi (decentralized finance) space, as well as governance.
A flash loan is, like it sounds, a very fast loan. It happens within a single blockchain transaction and no collateral is needed. Instead, the borrower needs to set up a series of trades using smart contracts that can all be executed at once, and they must...
Recent events like the FTX meltdown have sparked interest and conversations about how the incident could have been prevented. In the case of FTX, the primary problem was that the platform did not hold sufficient assets to cover its user deposits and liabilities.
What are Merkle Trees and Proofs?
Proof of Reserves and Proof of Liabilities can use Merkle trees to prove certain facts while keeping data anonymous. To understand how these schemes work, it is useful to understand Merkle trees first.
A Merkle tree is designed to securely summarize a set of data. This means that, given the root value of...
Code reuse is considered best practice in software engineering. Reusing high-quality, secure code can speed development processes and often results in higher-quality code than software developed entirely from scratch. Additionally, the reuse of high-quality, audited libraries reduces security risks by decreasing the probability that new vulnerabilities will creep into the code base.
In open source communities such as the blockchain and crypto community, code reuse is even more strongly encouraged. Open-source code released with permissive licenses is intended to be reused in other projects.
However, this can also create security risks. Smart contracts and other software that reuses existing, open-source code...
A missing pile of Safemoon and other cryptocurrencies, accusations of broken promises, and then nothing.
When a high-profile cyber attack takes place and hundreds of millions of dollars are lost, usually a healthy balance is struck between safeguarding information to protect ongoing investigations and maintaining a level of transparent communication with the public.
In the case of BitMart’s security breach, they chose to keep a lot under wraps. We can still get a general idea of what happened and what went wrong from a string of statements they made early on.
This is the fullest story you’ll find on what happened with...
Annualized data from blockchain forensics provider Chainalysis indicates that crypto-enabled crime has dropped precipitously through the first half of 2023, but cybercriminals are also continuously evolving new cash-out methods to cover their tracks.
Chainalysis’s mid-year update found that crypto inflows to “known illicit entities” were down 65% compared to where they were last June. Meanwhile, crypto flows to high-risk entities, which generally entail “mixers” and non-compliant exchanges were down 42%. Crypto mixers are protocols that enable large groups of users to pool their funds together in a deposit wallet that is programmed to redistribute tumbled crypto assets back to designated...