To hack a blockchain: cybercrime targets distributed networks

Cyber attacks occur every 14 seconds around the globe. Large production companies and banks are hardest hit, and not only in terms of losses, which are also quite impressive. Businesses suffer from forced downtime – the cost of an idle hour for large companies can reach hundreds of thousands of dollars. Will big businesses be more secure with blockchain-based solutions? Maybe, but not right away, because far from all developers pay due attention to the security of their solutions. At the same time, there are more and more of them, and, according to forecasts, the market for blockchain solutions for business can grow to $13 bln soon.

An attractive target

At this stage, attempts to use corporate blockchain systems, especially at banks, create more risks, if anything, according to Positive Technologies, an international provider of enterprise security solutions. The company says 71% of pilot blockchain implementations in that niche contained vulnerabilities in smart contracts, and half of the projects had vulnerabilities in the client apps used to access data on the blockchain.

But the problem is bigger than the frightening statistics – one vulnerability in any component of the system is usually enough for a successful attack, the company said. The blockchain system handles critical data – and that is what becomes a strong motivation for attackers.

“The consequences of attacks can include unauthorized entry of data into the registry, attacks on users, or a complete shutdown of the system. Hypothetically, an attacker could gain full control of a company’s critical resources,” head of the company’s AppSec Research team Arseny Reutov said.

Cryptocurrency exchanges and DeFi projects at risk

In most cases, hackers are interested in stealing money and the goal remains the same when it comes to targeting blockchain solutions. So far, attacks have been aimed at b2c solutions but corporate blockchains will come next (they are simply less common).

In the early days of the blockchain boom, ICO startups were among those hit the hardest. According to Positive Technologies, in 2017 alone cybercriminals stole around $300 mio from ICO or almost 7% of all the ICO funds raised that year. Currently, hackers have turned their attention to cryptocurrency exchanges and miners as well as Decentralized Finance (DeFi) projects.

For example, the bZx credit platform lost $630K to thieves who manipulated the stablecoin (sUSD) exchange rate. In 2019 alone, there were seven major cryptocurrency thefts from exchanges. Attackers hacked into Upbit exchange users’ wallets and stole almost $50 mio.

“Cyber attacks on blockchain solutions will be growing fast as these systems emerge, with automatic settlement and other financial processes and tools being particularly vulnerable,” Artem Kalikhov, CPO of Waves Enterprise, believes.

Is there a way to protect yourself?

A source in the Russian Association of Cryptoindustry and Blockchain (RACIB) told Invest Foresight that the increase in cyber threats to blockchain solutions is becoming apparent.

“There is one huge problem: many companies that create blockchain solutions do not care much about security,” said Alexander Brazhnikov, RACIB executive director and vice-president for information security.

Moreover, there are not many companies on the market that can efficiently protect their solutions, he said. Directors for information security do not consider protection of blockchain projects a priority, Pavel Pokrovsky, head of blockchain security at Kaspersky Lab, confirms. In 2019, only 15% of security directors in the world believed that blockchain could influence IT security of organizations.

At the same time, audit of blockchain solutions could help detect vulnerabilities even before the deployment and protect users from attacks. Thus, Kaspersky Lab has recently checked the corporate blockchain platform by Waves Enterprise (it allows companies to create blockchain systems and integrate them into the existing IT infrastructure) for vulnerabilities. According to Waves Enterprise, experts conducted back box and gray box testing of network nodes and the user and program interfaces. All detected vulnerabilities were fixed.

In the meanwhile, users of blockchain solutions of all formats are at risk of not detecting an attack in time. To detect a hacker is only half the work. Unfortunately, there are not too many ways to counter the attacks. One of them could be a hard fork or a rollback of blockchain to the moment when the attack happened and adding new transactions starting that moment, Arseny Reutov said. And this means that all transactions that happened after the attack will be lost, and will have to be made all over again. Another way to counter an attack on a public blockchain is to simply accept the consequences.

By Olga Blinova

Previous ArticleNext Article