Adam Mazzocchetti Securely auditing a blockchain smart contract

How secure is your Blockchain Platform?

Adam Mazzocchetti Blockchain Security

In August 2010, a flaw in the Bitcoin network was discovered that allowed large transactions to be entered in the register without proper verification. Hackers have seized and hijacked more than 184 billion Bitcoin (BTC) from three separate accounts. 

Fortunately, the developers quickly identified the bug and removed it from the blockchain, but not before it could cause serious damage to the Bitcoin network. 

Since the development of blockchain technology, many industries have adapted the technology for storing and transferring pieces of data. If hackers succeed, blockchain technology could threaten the integrity of the entire financial system, not just the Bitcoin network. 

The technology had an iron defences that it claimed could not be hacked, and the industry is booming mercilessly. But its secure, decentralised system is under threat from hackers, scammers and various scams. More than $1.7 billion was lost in cryptocurrency fraud in 2019, according to a US Justice Department report. 

What makes blockchain secure? 

Blockchain technology is a digitised and decentralised register that prides itself on its ability to confirm transactions. Wrong operations can be detected with a unique protocol for checking transactions, and wrong transactions cannot be verified. 

Encryption: 

Protect your wallet, where each user is provided with a unique key (so-called “hash”) and is protected by a wallet in which users are provided with unique keys, so-called hashes. 

A hash is a method to generate a specific, fixed output from a mathematically generated process, no matter how often a function is used. Simply put, the key of any user who is safely in his wallet is the hash of his hash, not the value of the transaction itself. 

Mining: 

Mining is a complex and expensive process that is responsible for maintaining the integrity of the technology, according to a recent report by the US Department of Energy. 

Blockchain miners add new transactions or blocks to the chain that confirm which parts of a transaction are valid. In exchange for these cryptocurrencies, they are rewarded with a small percentage of the total number of coins in the blockchain, as well as a reward for their efforts. 

Immutability: 

Invariance technology means that no information can be deleted from the platform after a transaction has been confirmed. The integrity of the distributed register and the security of its data remain unchanged, regardless of the number of transactions or the time between them. 

Why are hackers still gaining access? 

Blockchain technology has suffered from various forms of attack since its release, and not just because of a lack of security and privacy. 

Many of these attacks target wallets, exchanges, and cryptocurrencies, but here are some examples of how blockchain technology has been manipulated in a variety of ways in recent years, both in the public and private sectors. 

51% attacks: 

Mining is a very intensive process that requires high computing power, and if a miner or group of miners hypothetically gained more than 50% of the computers in the network, they would be able to control and manipulate them all. 

A new transaction could be added to the system without spending money, and this would not double or triple the amount of money in the network. 

This happened in May 2018, when a series of coordinated actions attacked the Bitcoin Gold Blockchain. A total of $70,000 was issued in Bitcoin Gold (BTG) and subsequently delisted by Bittrex. 

In January 2019, Ethereum Classic became the latest blockchain to be attacked with bitcoin gold tokens worth a total of $1.5 million. 

Phishing: 

Blockchain investors have lost more than $225 million to phishing scams in the past two years, according to a new report by the US Securities and Exchange Commission. Phishing scammers are hackers who imitate emails from reputable companies and use users’ computers as hosts for illegal cryptocurrency mining. One of the most common types of phishing scams is that to wallets and key holders, which ask them to reveal their personal information about themselves. 

Sybil attacks: 

Sybil’s attack involves creating multiple false identities in a peer-to-peer network and creating a false identity for each of them. 

Blockchain technology works in such a way that the network is teeming with false identities and the system crashes. The term is coined by the book’s title character, Sybil, who has been diagnosed with a dissociative identity disorder. 

Routing: 

Blockchain technology is based on the ability to upload and download large amounts of information in real time. On the way to an attack, hackers intercept data that is transmitted too and from Internet service providers. 

In this way, the system is divided and seems to work as usual; in the meantime, hackers are making the currency a currency. 

What are some measures of preventing cryptocurrency fraud? 

As expected, exchanges, tokens, and blockchain companies are realising what they have learned in the past about detecting peer-to-peer fraud. 

Investors in blockchain platforms are aware of the importance of keeping their investments safe. If a loophole is discovered in a symbolic offer, security professional like myself continue to try to close it before listing it on an exchange. 

Two-factor authentication: 

Here the user hands over the wallet key and provides a unique password (OTP), which is generated in real time to access the wallet. This would mean that hackers who gain malicious access to a user’s password would have to have a preset OTP device to access their wallets. Also known as two-factor verification(2FA), 2FA is a term that is increasingly popular in the bitcoin community and has been promoted by Bitcoin core vendors such as Bitfinex, Coinbase and many other popular wallet providers. 

Google Authenticator is a free 2FA software that can be used on multiple devices to protect your crypto wallet. This will keep your wallet safe from phishing scams, identity theft and other forms of fraud. 

Anti-phishing software: 

This is a software programme specifically designed to detect fraud and other forms of money laundering in the financial system. 

Metacert’s anti-phishing software protects users from both known and unknown forms of phishing and threats. It is able to verify web addresses on a large scale and in many cases also authorise legitimate web page links. 

Cold wallets: 

Typically, cryptocurrencies have two types of wallets: cold wallets and hot wallets. Cold Wallets do not connect to the Internet and are available to users in the form of a device, making them less vulnerable to hackers than a hot wallet. While most “hot wallets” are free and more common, a cold wallet is much safer and is available to all users in any form or device. 

Blacklisting: 

Cryptocurrency companies can protect themselves from repeated fraud by identifying phishing patterns, according to a new report from the US Department of Homeland Security. 

However, the relevance of the technology is certainly linked, and understanding and preventing fraud in distributed registers must be a priority in order to maintain the integrity of this technology and maintain its growth. If there is a COVID-19 pandemic affecting the world, it is likely to be the use of digitised systems such as Bitcoin and blockchain technology, as it has been in recent years in response to the threat of cyberterrorism.