Here, Ralph Chammah, CEO at OwlGaze, outlines how fraudsters attack the blockchain and how organisations can overcome these threats.
The global financial crisis of 2008-09 resulted in the development of the Bitcoin whitepaper which introduced the world to the idea of blockchain technology and cryptocurrency. Within blockchain, information is stored in several databases (blocks) that are linked together chronologically through cryptographic hashes to form a distributed network (chain). Since its inception, the global blockchain market is expected to hit US$67.5 billion by 2026.
Within the realm of banking, financial services and insurance (BFSI) the evolution of cryptocurrencies as an asset class for investors has furthered the commercialisation of blockchain technology through decentralised finance (DeFi) services. As of 2021, over 6,000 cryptocurrencies are being traded freely with the global cryptocurrency market reaching US$990 billion. Serving investors’ needs are exchanges, lenders, asset managers, custodians, cross-border payment applications and clearing and settlement houses that all benefit from the surge in blockchain use cases.
However, despite the increasing penetration of blockchain and the astronomical valuations of related businesses, a lack of global regulations, standards and guidelines has put all players in a grey area. Moreover, the technology is still in its nascent stages where several design and development vulnerabilities place blockchain architecture at a higher risk of exploitation by bad actors. This security problem further extends to companies exclusively storing or transacting cryptocurrencies through digital wallets.
Vulnerabilities around blockchain
There are several known vulnerabilities and attacks facing the blockchain architecture that were discovered since its early days, including 51% attacks, time jacking, crypto-jacking, forking attacks, eclipse attacks and smart contract vulnerabilities such as re-entrancy attacks, overflow attacks and balance attacks to name a few. But what are the main exposure points?
Lack of regulatory intervention
With the rise of innovative business models leveraging blockchain technology, several billion-dollar organisations find themselves operating in a grey area resulting from an absent regulatory intervention. This is particularly true for organisations disrupting traditional industries by amalgamating legacy systems with blockchain infrastructure.
Social engineering attacks
Cybercriminals are choosing to attack organisations through their weakest point – the user. Users include employees, customers, shareholders and other stakeholders who have access to the enterprise environment. Cybercriminals will often steal credentials to gain access to user accounts and then try to escalate privileges to steal data or tokens. If a user doesn’t have the correct educational training, then they will be more likely to be a victim of a phishing attack and other forms of impersonation attacks.
Supply chain compromise
Cybercriminals can exploit age-old legacy systems and gain access to mission-critical blockchain facilities storing or processing digital asset transaction traffic in an inter-connect ecosystem.
Ransomware attacks
It is no secret that within the blockchain and crypto industry there remains a lack of guidelines. Yet companies in this sector are still required to abide by data privacy and protection regulations. Ransomware attacks can hamper data availability and result in long-drawn downtimes until data is available for business operations. The onset of remote working and lack of cyberawareness have paved the way for favourable conditions to launch ransomware attacks. Since cryptocurrencies are also used as an agent for ransom extortion, organisations in the blockchain space with reactive cybermaturity levels are soft targets for bad actors.
DeFi Protocol Hacks
In 2021, approximately US$12 billion invested in DeFi protocols was lost to scams and theft, out of which about US$2 billion was lost to malicious attack campaigns. That year also witnessed the single largest DeFi cryptocurrency hijack of $600 million. With nearly US$240 billion locked in, DeFi protocols are a certain target for adversaries.
Smart contract design vulnerabilities
Under the DeFi umbrella, smart contracts are largely used in interoperability protocols which link multiple blockchains together. Design flaws can allow adversaries to call privileged smart contracts controlling the flow of digital information between linked blockchains. The assets can then be directed into a cybercriminal-controlled address to be traded freely over an exchange. Organisations leveraging smart contract technology need a secure system development life cycle through DevSecOps considerations.
Crypto wallet attacks
Like wallets used to store cash, cryptocurrency is deposited in digital wallets which can be accessed through cryptographic keys. There are two sets of keys, first the public key, which can be used to deposit digital assets in an address just like a bank account number, and secondly, a private key, which can be used to withdraw money from the wallet like a PIN. Private key security is critical to safeguarding the digital assets stored within crypto wallets. Basic attacks on crypto wallets aim to locate files where private keys are stored. However, since 2018, attackers are re-constructing private keys by decoding electromagnetic signals emitted by devices in an attempt known as a side-channelling attack. Additionally, several attacks on crypto wallets leverage human error, pre-existing vulnerabilities and connection interception which eliminates the need for private keys to hijack a wallet.
There are some major vulnerabilities surrounding blockchain, however, there are systems that can be put in place to detect and limit cyber criminals attacking blockchain technology.
A step in the right direction
Past attacks faced by digital asset firms have often been reported only after an illicit transaction was successfully executed on or across blockchain(s). Detection of cyberattacks later in their life cycle can lead to adverse financial, reputational and/or regulatory impacts.
To address this gap, organisations should look to adopt software that can utilise AI and Machine Learning to detect threats before they even occur. Through this software, blockchain and crypto firms can collate suspicious on-chain and off-chain activities for enhanced visibility of their security posture, simplifying both threat detection and incident response activities. Having software that is built with native out-of-the-box compliance alerting and advanced analytics to identify and flag compliance breaches is also key. In an uncertain regulatory environment, this software will enable blockchain and crypto firms to monitor for compliance and cybersecurity under the same joint effort.
Further still, the identification of cyber-risks affecting blockchain-specific infrastructure is key to the development of proactive cybermaturity efforts. Having the right system can contextualise native intelligence monitoring, in turn, enriching threat detection with near real-time industry-specific intelligence feeds to identify bad actors and APT group campaigns.
It’s impossible to stop all cyberattacks, so when a breach occurs a cybersecurity team must be alerted as soon as possible. False-positive alerting generates tremendous noise for security teams globally. By utilising Machine Leaning, engines can observe historic true and false positives for similar events using enforced learning to decide whether an alert should be triggered – therefore alerting teams when a real threat is occurring.
What does the future hold?
Navigating a challenging environment and adopting the best practices can be overwhelming for business and function leaders. With the intertwining of blockchain and cybersecurity in an ever-evolving threats landscape, it is imperative that you continuously enhance your business to match the current landscape. Without proper thought, this implementation can be difficult or even impossible. Blockchain offers many benefits, such as efficiency, optimisation, cost reduction and better security. However, technology also introduces new risks to systems if not properly managed and monitored.