Blockchain technology has attracted considerable attention in recent years due to its use in a number of industries. The first manifested itself as technology in the cryptocurrency Bitcoin, which similarly experienced a surge and subsequent crash in Hollywood and is now used by other companies. A major reason for the blockchain’s popularity is Distributed Ledger Technology (DLT) because it not only stores transactions, but is designed like a digital log file, storing a number of linked block groups. Each block is cryptographically locked in a previous block and cannot be changed without adding another block.
Because of this structure, blockchain technology has been praised as un-hackable, but recent studies and reports have shown that even blockchain is vulnerable to various cybersecurity attacks. For example, a study on Hard Fork found that cybersecurity researchers discovered a number of vulnerabilities in the Bitcoin blockchain between February 13 and March 13, including the attack on the Hard Fork. By exploiting this vulnerability through recurring calls, criminals attacked a distributed autonomous organisation (DAO) to steal $60 million. Similarly, in 2014, criminals exploited a security flaw in Bitcoin’s transaction modification to attack MtGox, leading to its collapse when about $450 million of Bitcoin was stolen.
Block attributed the vulnerabilities in four of the received bug reports to a buffer overflow bug. This bug is said to make the software vulnerable to injection of arbitrary code, the report said.
Unlike human vulnerabilities, blockchain itself has a number of vulnerabilities and risks, according to the report. If the destructive power of a single miner is less than 51% of its capacity, an attack on the “51%” can be launched to arbitrarily manipulate or modify blockchain information.
In mid-2018, the attackers began attacking Bitcoin, one of the world’s most popular and easily traded coins, stealing an estimated $20 million in total. Attempts to attack the popular blockchain can be extremely expensive. According to the website Crypto51, it would currently cost more than $260,000 an hour to hire enough mining power to attack Bitcoin. But if you look at the cost of a single miner, or even a small number of miners, it becomes much cheaper over time.
Since there is no central institution that manages the blockchain, it is difficult to detect criminal behaviour and restore modified blockchain information. For example, if a criminal steals a private key, others can manipulate a user’s blockchain account. However, if users’ private keys are lost, they cannot be recovered and even if they are stolen by criminals, their account can be manipulated by others.
A double-spend issue refers to a consumer using the same cryptocurrency for one transaction several times or for transactions. An attacker only needs to use two transactions initiated and confirmed by the attacker to launch an attack quickly. For example, an attacker could use a race attack to initiate a duplicate output, but if the output of the first transaction is considered invalid, it will not receive the resulting duplicate output.
The blockchain system protects users, transactions and databases because user behaviour is traceable on the blockchain. Each user assigns a private key to each transaction, so an attacker cannot determine that the same user has received cryptocurrencies in different transactions.
This is possible because an attacker will perform a cost-benefit analysis of the other person and prioritise activities that yield the highest return with the least effort. The biggest security threat to the blockchain is the ability to target shared platforms such as Facebook, Twitter, and other social media. In recent years, the number of attacks on these platforms and their users has increased significantly.
In one case, hackers used malware to gain access to an employee’s computer and steal private keys from a digital wallet. In a similar incident in 2017, a fraudster set up a wallet service for cryptocurrencies and waited to log in before running away with the wallets of four million customers. After the incident became public in January 2018, the hackers managed to steal more than 500 million NEM coins from the Tokyo cryptocurrency exchange Coincheck, and in total stole cryptocurrencies worth almost two billion dollars from the exchange, most of them since the beginning of 2017, which has now become public.
As awareness of blockchain security risks grows, so does the responsibility for start-ups to address these problems as quickly as possible, even if they are not the most obvious.
In particular, Chainalysis intelligent contract verification platform can look for vulnerabilities and threats, particularly in blockchains. Chainalysis, founded in 2014, separately provides a blockchain transaction monitoring solution focused on real-time transaction audit to detect and investigate fraudulent transactions and helps investigate and detect money laundering and compliance violations in cryptocurrencies. Anchain, founded in 2018 by Victor Fang, offers an AI-based solution for monitoring and monitoring blockchain security. The team successfully uncovered the Fomo3D hackers who stole more than $4 million from Blockchain Ethereum, one of the world’s largest and most popular digital currencies. Despite the enthusiasm, blockchain technology is still in its infancy, and robust security processes and policies are urgently needed to address the vulnerabilities we have identified.