The number of blockchain hacks on the rise
CAMBRIDGE, England, 23 August 2022 /PRNewswire/ — The number of cyberattacks centered around Blockchain technology, a transaction record database commonly used for cryptocurrency exchange, is on the rise, according to Cambridge based IT security firm, The SecOps Group.
With only three hacks that cause damage to almost 1 billion dollars So far this year, the pressure is on blockchain developers to identify and patch security issues before they are exploited in the wild. Fortunately, security consulting firm The SecOps Group (https://secops.group) has launched a blockchain smart contract security audit to help them do just that.
There are two main methods of successful attack: one relies on social engineering tricks such as convincing a victim to send cryptocurrency to an attacker’s wallet; the other, and more complicated, type of hack requires a deep understanding of blockchain smart contracts and associated components, such as sidechain, crosschain, wallets, understanding of various protocols, and more.
Three of the most recent and significant attacks on blockchain were:
- Solana Wallets Attack – 7 million dollars– 3 August 2022
- Blockchain-based platform, Solana, on which many web3 applications are deployed, experienced a wallet-based attack. It appears that the cause was a bug in the wallet software used, which resulted in the unique private key linking a user to their blockchain address, and/or the seed phrase (the fingerprint of all of a user’s blockchain resources) being compromised. The result was that more than 7,000 wallets were drained of more than seven million dollars worth of SOL tokens.
- Axie Infinity Ronin Bridge – 625 million dollars – March 28, 2022
- The biggest crypto hack ever took place on the play-as-you-earn game Axie Infinity, which is distributed on the Ethereum blockchain platform. Despite being the most trusted blockchain platform and the first to use smart contracts, hackers gained control of most of the cryptographic keys securing the game’s cross-chain bridge. Four of the nine keys were stolen when an Axie developer clicked on a fake job offer in PDF.
- Wormhole Cross Chain Bridge Attack – 325 million dollars – February 2, 2022
- Wormhole is an Ethereum and Solana combined blockchain-based web 3.0 bridge, which uses an intermediate bridge to transfer tokens between two different networks. A hacker exploited smart contracts on the Solana-to-Ethereum bridge to create and pay out wrapped ether without posting collateral. This hack allowed hackers to steal total 320 million dollars in Ethereum and Solana tokens.
With smart contracts playing a key role in automating several processes in a blockchain, it is now essential to conduct an audit to examine and analyze the code to prevent attacks. Implemented effectively, it will help detect errors, problems and security vulnerabilities in the code and suggest ways to fix them.
Commenting on the launch, Sumit ‘Sid’ Siddharth, founder of The SecOps Group, said, “With the exponential growth of cryptocurrencies, NFTs and other blockchain implementations, there has never been a better time for cybercriminals to convert a vulnerability into easy and big money .
“We can see that thousands of decentralized finance projects and NFT projects are developed in blockchain technology aka web 3.0 and securing them should be as important as building them.”
For more information on SecOps Group’s blockchain smart contract security audit, visit https://secops.group.
Notes to editors:
About BlockChain
Blockchain is a transaction record database that is distributed, validated and maintained worldwide by a network of computers. Instead of a single central authority like a bank, a large community oversees the records in the Blockchain, and no single person has control over these records.
There are many blockchain platforms in the market, with the most famous cryptocurrency “Bitcoin (BTC)” developed on the Bitcoin platform while Ether (ETH) cryptocurrency was developed on the Ethereum platform. In addition, each platform uses its own technology. The Ethereum platform uses the Solidity language, the Hyperledger platform uses the Go language, the EOS platform uses Node.js, the Multichain platform uses C++, the Corda platform uses the Java/Kotlin language, etc. Major blockchain applications are built on the Ethereum Platform which uses solidity as a language for writing code called “smart contract”.
A blockchain bridge is a protocol that connects two economically and technologically separate blockchains to enable interactions between them.
About SecOps Group:
Founded by industry veterans, SecOps Group helps businesses identify and eliminate security risks on an ongoing basis with security consulting services such as cloud security assessments, web/API and network testing, and DevSecOps assessments.
About Sumit ‘Sid’ Siddharth:
Sumit ‘Sid’ Siddharth is a serial cyber entrepreneur and a renowned security expert. He has been a speaker and trainer at many international conferences such as Black Hat, Defcon, HITB, Owasp Appsec etc. During his days as a pentester, he authored a number of books, articles, exploits and whitepapers on various topics related to application security. Sid’s first business (NotSoSecure) was acquired in 2018 by Claranet Group. He now runs a boutique security consulting (pentesting) firm called The SecOps Group. He is also an advisor and angel investor in several niche cyber security start-ups such as e.g Red Hunt Labs (Attack Surface Management), PureID (Passwordless Authentication), VulnMachines (free pentesting lab platform) and RankingRight (vulnerability triaging platform).
SOURCE SecOps Group