Blockchain hacks are on the rise, warns Cambridge IT security expert

Sumit ‘Sid’ Siddharth, the founder of Cambridge-based IT security firm The SecOps Group, discusses how cybercriminals are exploiting the rise in cryptocurrency use and what can be done about it.

Sumit 'Sid' Siddharth, Founder of The SecOps Group (58719874)
Sumit ‘Sid’ Siddharth, Founder of The SecOps Group (58719874)

While cybercriminals have quickly picked up the latest security vulnerabilities and exploits, with the exponential growth of cryptocurrencies, NFTs and other blockchain implementations, there has never been a better time for a cybercriminal to convert a vulnerability into easy and big money.

We see two different types of attacks involving cryptocurrencies. One of these is centered around the end user (the victim), and the attack technique relies on social engineering tricks such as convincing a victim to send cryptocurrency to an attacker’s wallet.

The second type of hack we see is a little more complicated and requires a deep understanding of blockchain smart contracts and related components, such as sidechain, crosschain, wallets, understanding of various protocols and more.

At SecOps Group, which currently offers security consulting services such as cloud security assessments, web and network testing, we have now launched a blockchain smart contract security audit, to help blockchain developers identify and patch security issues before they are exploited in the wild.

To break this down in layman’s terms, I will first explain what blockchain is, and then discuss applications of blockchain and some common problems.

Blockchain is a transaction record database that is distributed, validated and maintained worldwide by a network of computers.

Instead of a single central authority like a bank, a large community oversees the records in the Blockchain, and no single person has control over these records.

Blockchain is based on decentralized technologies. Together, these technologies work as a Peer-to-Peer (P2P) network.

Blockchain technology is used in many different industries. Annual blockchain spending will reach $16 billion by 2023, according to recent research from CBinsights. The speed of adopting the technology is increasing.

Today there are various blockchain platforms on the market and each platform uses its own technology. For example, Ethereum platform uses Solidity language, Hyperledger platform uses Go language, EOS platform uses Node.js, Multichain platform uses C++, Corda platform uses Java/Kotlin language, etc.

The most famous cryptocurrency, Bitcoin (BTC), was developed on the Bitcoin platform. Ether (ETH) cryptocurrency was developed on the Ethereum platform. Major blockchain applications are built on the Ethereum platform, which uses solidity as a language for writing code called “smart contracts”.

A smart contract audit is a comprehensive methodical examination and analysis of a smart contract’s code used to interact with a cryptocurrency or blockchain.

This process is performed to detect errors, problems and security vulnerabilities in the code to suggest improvements and ways to fix them. In general, smart contract audits are necessary, because most contracts deal with financial assets and/or valuable objects.

Blockchain hacks are on the rise
Blockchain hacks are on the rise

Here are some of the big attacks this year:

$7 Million Solana Wallet Attack – August 3, 2022

Solana is a blockchain-based platform. Many web3 applications are deployed on Solana blockchain as it is cost effective in terms of deployment. Recently, a wallet-based hack was observed in the Solana blockchain. The root cause of the breach is unclear, but it appears to be due to a bug in the wallet software used, which resulted in the compromise of the private key and/or seed phrase. A private key is unique and links a user to their blockchain address.

A seed phrase is a fingerprint of all of a user’s blockchain resources that is used as a backup if a crypto wallet is lost. More than 7,000 wallets have been tapped for more than $7 million worth of SOL tokens.

$625M Axie Infinity Ronin Bridge Strike – March 28, 2022

Ethereum is a blockchain-based platform. It is the first blockchain platform to use smart contracts and it is the most trusted platform of all blockchain platforms.

The largest ever crypto hack in fiat dollar terms came after hackers gained control of a majority of the cryptographic keys securing play-to-earn game Axie Infinity’s cross-chain bridge. Four of the nine keys were stolen when an Axie developer clicked on a fake job offer PDF.

$325M Crosschain Bridge Wormhole Attack — February 2, 2022

Wormhole is an Ethereum and Solana combined blockchain-based web 3.0 bridge, which uses an intermediate bridge to transfer tokens between two different networks. A blockchain bridge is a protocol that connects two economically and technologically separate blockchains to enable interactions between them. A hacker exploited smart contracts on the Solana-to-Ethereum bridge to create and pay out wrapped ether without posting collateral. The hack allowed hackers to steal a total of $320 million in Ethereum and Solana tokens. Wormhole renamed its bridge portal and currently has over $480 million, according to crypto data firm DeFi Llama.

The security audit of smart contracts has become important today, because as we can see, thousands of decentralized finance and NFT projects have been developed in blockchain technology AKA web 3.0, so securing them is as important as building them.

Visit


You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *