Blockchain is a broken chain after all

by Arthur · December 12, 2022

The hype surrounding the blockchain, cryptocurrency and decentralized finance (DeFi) infrastructure was quite a show. Recent events have shown that a lack of understanding of new technology, exaggerated security features and an overstated absence of centralized control are responsible for the misconceptions about blockchain.

Anonymity was an important characteristic of cryptocurrency transactions and investments. However, it has been argued that if cryptocurrency transactions are supposed to be anonymous, then how were cybercriminals able to hack wallets and decentralized ledger systems? Reports of authorities being able to retrieve stolen bitcoins and ransoms have forced the move many to reconsider blockchain anonymity for pseudonymity.

The cryptocurrency crash did not help problems. Blockchain’s acceptance gained traction due to the popularity (perhaps notoriety) of bitcoin and other cryptocurrencies. Overnight, cryptocurrencies were produced Nouveau Riche and became criminals’ preferred means of payment.

It shouldn’t be a surprise that blockchain is under scrutiny due to cryptocurrency crashes and recent high-profile cyber incidents. While it’s easy to dismiss skepticism about blockchain’s ability to deliver the utopia popularized by opportunists and enthusiasts, the failure to recognize the limitations of the technology and its vulnerability to software bugs is partly responsible for the rise in successful cyber attacks.

Table of Contents

So, what exactly is Blockchain?

Blockchain is a distributed ledger technology that allows the transparent sharing of transactions and assets in a network. As an advanced database system; blockchain records, stores and tracks blocks of transaction data.

The technology is based on shared consensus, record changeability and smart contracts. As a result of these features, records are trusted as no single network partner can change or delete data without the consensus of the network.

As a peer-to-peer technology, blockchain facilitates faster information transfer, transparency and trust among network participants. Other benefits include data accuracy, non-repudiation of transactions and improved efficiency.

Beyond theoretical benefits associated with blockchain, it has proven to be beneficial in the real world. In accordance Gardener, blockchain has evolved from the “peak of inflated expectations” to real benefits such as the use of smart contracts in aircraft maintenance and food safety. Other benefits include the use of blockchain to generate value in the supply chain, healthcare, retail, finance and other sectors.

Recent Blockchain Cyber Events

In accordance Immunefithreat actors stole more than $1 billion in Q1 2022 due to vulnerabilities in blockchain platforms. Hackers allocated more than 667 million dollars in the 2nd quarter and 398 million dollars in the 3rd quarter respectively. Between Q1 and Q3 2022, the community lost more than $2.3 billion due to hacks and fraud. 97% of these losses were due to cyber incidents.

More than 98% of the hacks occurred on DeFi platforms, which points to the severity of exploitable flaws in one of the main features of blockchain technology – decentralization. Both BNB and Ethereum were the most targeted chains in Q3 2022. BNB was hit by 16 incidents (28.6%), while Ethereum recorded 13 incidents (23.2%).

An analysis of some of the projects affected by cyber attacks points to widespread deficient cyber security controls. Compromised companies included Binance (the world’s largest cryptocurrency exchange), Nomad Bridge (a cross-chain communication standard), Beanstalk (a decentralized stablecoin protocol), and Harmony Horizon (a layer-1 blockchain bridge protocol).

There was also Ronin Network (a crypto wallet and NFT gaming operator), Wintermute (a global crypto market marker), TribeDAO (a decentralized autonomous organization that controls three projects), Wormhole Network (a bridge that facilitates the movement of digital assets across blockchains), and many others.

           *Photo by Sea and Sun - stock.adobe.com*

Broken links in Blockchain

Threat actors exploit vulnerabilities in blockchain to compromise projects and platforms. As DeFi platforms increase in adoption, their attack surfaces grow, leading to more exploits as seen in Q3.

DeFi projects are more vulnerable to cyber attacks due to lack of appropriate security controls. Mishandling fork code is another reason why DeFi is easily hacked. In 2021, the majority was off $14 billion lost in cryptocurrency happened on DeFi platforms.

The lack of secure key management exposes blockchain to exploitation. An automated cryptocurrency lending platform was exploited through a compromised private key, affecting team wallets on various chains.

Threat actors exploited vulnerabilities in the Domain Name System of an Interoperability Protocol to maintain a DNS hijack by redirecting users to a hacker-controlled front end.

Vulnerable blockchain endpoints provide threat actors with rewarding opportunities to wreak havoc. Threat actors also weaponized vulnerabilities in the contract’s source code, virtual machines and cryptographic algorithms.

Malicious mining software exploited unpatched vulnerabilities in operating systems. In accordance Kasperskythe number of new miner variants exceeded 150,000 in Q3 2022, an increase of 230%.

Phishing attacks and other social engineering tactics affect blockchain networks. Although these attacks are not specific to blockchain, there has been a significant increase in blockchain phishing attacks. Cryptocurrency Phishing increased by 257% in 2022 from 2021.

Social engineering was responsible 54% of cyber attacks aimed at cryptocurrency and digital wallet owners. The threat of cryptojacking spread beyond blockchain platforms to internet infrastructure. Leveraging social engineering as the first attack vector, cryptojacking in the financial sector increased as well 269% in the first half of 2022.

In 2014, a hacker performed a Border Gateway Protocol (BGP) hijack by redirecting traffic from 19 Internet Service Providers (ISPs) to steal bitcoins. Also known as a routine attack, blockchains are susceptible to this attack as a threat actor can intercept data before it reaches an ISP, thereby disrupting access to the real-time data transfer needed to form a consensus and complete transactions. Users usually do not recognize this diversion, thus amplifying unauthorized data access or disclosure. In Q1 2022 it was over 6 million BGP hijacks.

A consensus control attack focuses on achieving the majority of community consensus that gives a hacker control of the network. Two major examples include Sybil and 51% attack.

In a Sybil attack, the threat actor gains majority control by creating nodes to serve fake identities. A successful Sybil attack gives a hacker the ability to gain the majority of network influence, perform unauthorized actions, block users from the network, subvert legitimate network authority, and perform a 51% attack.

A 51% attack allows a threat actor to control at least 51% of a network’s hash rate. A successful 51% attack allows a hacker to alter or reverse completed transactions, enable double spending, prevent transaction confirmation, and destroy the integrity of a blockchain platform. Examples of 51% successful attack includes Verge, BTG and Ethereum.

Insider threats are increasingly becoming a major concern for society. Recent cryptocurrency crash is a result of blanket pulling as project developers scam investors. In 2021 it was over 1,300 rye pull fraudresulting in billions of dollars in losses.

Other security issues include double-spending, transaction malleability, selfish mining, post-hold fork, and flash loan attacks. The community should also be on guard against Finney, eclipse, vector76, rase, proof-of-stake, and distributed denial-of-service attacks.