Blockchains Under Attack: A Security Roundup

A February article from MIT Technology Review highlights recent blockchain hacks to explain that while blockchain is a technology known for security, there are still a few weak points that can be exploited.

One of the most notable blockchain hacks is called the “51% attack.”

In January, Ethereum Classic – a cryptocurrency that only exists because of a previous hack – fell victim to this type of cyberattack through defects in online exchanges’ security.

The 51% attack is devastatingly effective due to the structure of blockchains.

The distributed ledger of a blockchain system functions through user consensus. If a hacking group can take control over more than 50% of the network’s computing capacity, then they have the ability to create alternative versions of a blockchain that ‘erase’ previous transactions.

If a user receives a cryptocurrency payment through a blockchain that has been compromised by a 51% attack, that payment can be cancelled out by recreating the blockchain without it, leading to ample opportunity for fraud.

Like many blockchain hacking attempts, the recent attack on Ethereum Classic was orchestrated by flaws in online exchanges, not in the chain itself. This is a security weakness that is not always considered when blockchain is touted as an un-hackable technology.

While blockchains feature robust structures that make direct hacks difficult, associated apps and software remain much more susceptible. MIT’s article reports that hackers have made off with almost $2 billion in cryptocurrency since 2017 – a number that suggests these attacks are a significant issue in the growing blockchain industry.

Companies that rely on blockchains have taken steps to counteract hacking concerns. Many employ socially-conscious (“white hat”) hackers to strengthen their security protocols. TheNextWeb reports that in 2018, white hat hackers earned $878,000 in blockchain-related bug bounties.

Block.One, the software firm behind EOS, accounted for over 60% of the bug bounties paid out last year, but more companies have started taking their own safety measures.

At the end of February, cyber-security firm Security Innovation announced the expansion of their own blockchain hacking competition. Beginning March 1st, Security Innovation invites hackers to exploit potential vulnerabilities in their Blockchain CTF DApp to win cryptocurrency prizes.

“The Security Innovation Blockchain CTF has proven to be an incredible resource for developers and security experts to test their skills with practical exploitation challenges,” said Mick Ayzenberg, Blockchain Center of Excellence Lead at Security Innovation and Blockchain CTF creator. “Given it’s still an emerging technology, this demonstrates the demand for educational resources for Blockchain smart contract security.”

Understanding potential security threats in a blockchain system enhances users’ awareness of the risks involved with trading cryptocurrencies. Creating wider conversation around blockchain hacks is an important part of limiting future cyberattacks as blockchain technology continues to attract new users and industries.