One of blockchain-based tech’s big selling points is that it’s extremely secure. In theory, at least. The immutable nature of the data, the strict authorization process, and the decentralization of data all look good on paper.
Unfortunately, in reality, setting up a truly secure system is a little harder. Many of the cryptos currently on the market run in a way similar to Bitcoin. And, as we’ve seen, Bitcoin has proven that technology can work. In fact, the success of Bitcoin is one of the reasons that the world has sat up and taken notice of the tech.
The big concern for cybersecurity experts is where these systems need to interact with real-world systems. If we look at the most spectacular hacks, the failures are usually at the junctures between third-party apps and blockchain apps.
Personal Computers and Hot Wallets are Prime Targets
Part of what makes cryptos so secure is that you get along the cryptographic key. In theory, that’s a good thing. In practice, if you’re using hot storage it can be hacked. It was a hard-won lesson for the Japanese exchange Coincheck.
In January of this year, the exchange admitted to being hacked. The hackers stole in the region of $534 million worth of cryptos. As if that wasn’t enough, it now appears that the hackers gained access via employee’s personal computers.
The virus responsible for giving hackers access is said to have been delivered via email. And, while we’d like to give the employees some leeway here, the virus wasn’t even unique – it’s one that has been used before.
Someone at Coincheck slipped up badly. Had the staff been given basic security awareness training, this hack might not have happened at all. They did just about everything wrong:
- They either didn’t use an effective anti-virus program or they didn’t bother updating it
- The employees had access to the exchange’s network on their personal computers
- The coins were obviously not stored in cold storage
- Employees weren’t trained to detect potentially risky emails
It’s a lesson for investors – be careful which exchanges you trust with your coins. And, for safety’s sake, be sure to take out coins that you don’t need and use cold storage to protect them.
Smart contracts, though, are potentially the worst weakness in the system. The DAO hack exploited a loophole in the code. This loophole allowed them to get away with 3.6 million Ether coins.
Now, most people would think it would be simple enough to reverse the fraudulent transfers as they had to sit in a child account for a fixed period before they could be used. That highlights another big flaw when it comes to blockchain-based tech – you can’t reverse transactions.
To deal with this issue, the DAO had to create a hard fork. In this case, they reverted the chain to a time before the hack took place. Users could vote to upgrade or stay on the same chain.
That’s why there are now two Ethereum blockchains operating more or less independently of one another.
This hack highlighted a very serious problem when it came to smart contracts. These contracts are only as good as the code they’ve been based on.
What’s the Solution?
It appears that the tech that has been billed as “unhackable” has some kinks to be worked out. In all fairness, considering that it’s only about a decade old, there were bound to be teething problems. It is possible to hack the tech, but why bother when personal computers and hot storage give you access to such a vast sum in coins?
Growth Marketing & Blogger
More about Cyber Security: https://www.everycloud.com/cyber-security-facts