Time To Get Serious About Blockchain Security
Guest Blog by Rod Soto, Ethical hacker, AnChain.AI advisor.
There has been a false belief within the cryptocurrency community for many years that the transparency and balancing features of blockchain somehow was going to protect and prevent a technology, which carries a huge number of daily transaction, from malicious actors.
Anybody that has worked long enough in cybersecurity knows that there is no such thing as ‘unhackable’ technology. Proof of that is the litany of breaches, successful compromises and, all too often, the lack of serious security efforts from many of the major cryptocurrency actors. This includes mysterious ‘hacks’, arrests, convictions and most of all, lack of compromise. An industry cannot progress without trust. The cryptocurrency industry must embrace security in its technology and its operational values.
The thought of replacing the mainstream technology of fiat currency while disregarding the remarkable efforts made and standards previously built throughout history in order to achieve trust and reliability is simply a losing proposition. It is time to consolidate and focus on coin technologies that are already popular and widespread, reducing the proliferation of ‘altcoins’ and the unfortunate speculation and fraud that usually surrounds them.
Do you want to create a new coin? Fine, go ahead and do it. However, there should be mechanisms that prevent fraudsters and criminals from taking advantage of the industry’s lack of standards and regulations, eventually abusing and damaging it further. The so called self regulation spirit of the cryptocurrency community has been proven to be vulnerable and malleable by ill-intentioned third parties.
ERC-20 is now the prime candidate to become the main standard and bridge of blockchain into mainstream technologies, either by using it along with crypto currency or by adapting it into other tech uses. One of the key components of blockchain protocol that can make this happen is the Smart Contract. The Smart Contract is a mechanism for auditing, monitoring, and preventing fraudulent transactions.
This technology is not perfect, however it can be audited and tested before deployment in order to prevent possible vulnerabilities and future exploitation. A number of new companies are leading the way in developing security tools to protect blockchain technologies. The recent discovery and attribution of BAPT, otherwise known as Blockchain Advanced Persistent Threat, shows it is possible to monitor and prevent damage from large scale attacks.
This effort can reach further into the smart contract attack known as killchain. Code review, security testing before production, situational awareness during deployment, execution, and corrective actions before transactions become irreversible are all efforts that can be augmented by the use of big data and machine learning.
Other factors that show the importance of developing technologies to secure blockchain is the frequent use of cryptocurrency mining payloads in malicious campaigns. These campaigns bring a number of origins and flows of transactions, as the earnings of these campaigns will have to go eventually through an exchange in order to be cashed or exchanged into a more widely acceptable coin, such as Bitcoin, Ethereum or even a stable coin. According to Kaspersky security company, the threat from cryptocurrency miners, although affected by the decrease in value of cryptocurrency, still presents a current and significant threat with numbers increasing overall during the year 2018.
Attacks against the blockchain ecosystem affect not only the cryptocurrency community, but the financial and tech industry as well. It is time to approach blockchain security with same standards and protocols of the cybersecurity industry at large in order to track, disclose and apply fixes to any discovered bugs, vulnerabilities, or exploitation.
By developing and applying new security technologies along with industry principles of trust and transparency, it is possible to have blockchain technologies with a higher level of trust, wider adoption, and most of all, with vision of all levels of the smart contract stages. The blockchain industry will then have a stronger security base built on intelligence rather than assumptions.
A member of AnChain.ai’s advisory board, Rod Soto has over 15 years of experience in information technology and security. He is a Security Researcher and the president of Pacific Hackers Conference. He has spoken at ISSA, ISC2, OWASP, DEFCON, Hackmiami, BSides, RSA, Black Hat Arsenal in addition to being featured in Rolling Stone Magazine, Pentest Magazine, Univision, and CNN. Rod Soto was the winner of the 2012 BlackHat Las Vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll/NoQrtr competitive hacking Tournament series.
About AnChain.AI
A blockchain data analytics firm providing intelligence, indicators, and investigative resources for clients to enhance their security, risk, and compliance strategies.
Feel free to reach out to us directly at: info@anchain.ai
With extensive experience in cybersecurity, artificial intelligence, cloud computing, and big data AnChain is continuously securing top-tier crypto exchanges, protocols, investors, custodians, and enterprise with our Blockchain Ecosystem Intelligence.
