The global financial crisis of 2008-09 resulted in the development of the Bitcoin whitepaper which introduced the world to the idea of blockchain technology and cryptocurrency.
Within blockchain, information is stored in several databases (blocks) that are linked together chronologically through cryptographic hashes to form a distributed network (chain). Since its inception the global blockchain market is expected to hit $67.5 billion by 2026.
Within the realm of banking, financial services, and insurance (BFSI) the evolution of cryptocurrencies as an asset class for investors has furthered the commercialisation of blockchain technology through decentralised finance (DeFi) services. As of 2021, there are over 6,000 cryptocurrencies being traded freely with global cryptocurrency market capitalise reaching $990 billion. Serving investors’ needs are exchanges, lenders, asset managers, custodians, cross-border payment applications, and clearing & settlement houses that all benefit from the surge in blockchain use-cases.
However, despite the increasing penetration of blockchain and the astronomical valuations of related businesses, a lack of global regulations, standards and guidelines has put all players in a grey area. Moreover, the technology is still in its nascent stages where several design and development vulnerabilities place blockchain architecture at a higher risk of exploitation by bad actors. This security problem further extends to companies exclusively storing and/or transacting cryptocurrencies through digital wallets.
Vulnerabilities around blockchain
There are several known vulnerabilities and attacks facing the blockchain architecture that were discovered since its early days including 51% attacks, time jacking, crypto jacking, forking attacks, eclipse attacks and smart contract vulnerabilities such as re-entrancy attacks, overflow attacks, and balance attacks, to name a few. But what are the main exposure points?
Lack of regulatory intervention
With a rise of innovative business models leveraging blockchain technology, several billion-dollar organisations find themselves operating in a grey area resulting from an absent regulatory intervention. This is particularly true for organisations disrupting traditional industries by amalgamating legacy systems with blockchain infrastructure.
Social engineering attacks
Cyber criminals are choosing to attack organisations through their weakest points – the user. Users include employees, customers, shareholders, and other stakeholders who have access to the enterprise environment. Cyber criminals will often steal credentials to gain access to user accounts and then try to escalate privileges to steal data or tokens. If a user doesn’t have the correct educational training, then they will be more likely to be a victim of a phishing attack and other forms of impersonation attacks.
Supply chain compromise
Cyber criminals can exploit age-old legacy systems and gain access to mission critical blockchain facilities storing or processing digital asset transaction traffic in an inter-connect eco-system.
Ransomware attacks
It is no secret that within the blockchain and crypto industry there remains a lack of guidelines. Yet still, companies in this sector are still required to abide by data privacy and protection regulations. Ransomware attacks can hamper data availability and result in long-drawn downtimes until data is available for business operations. The onset of remote working and lack of cyber awareness have paved the way for favourable conditions to launch ransomware attacks. Since cryptocurrencies are also used as an agent for ransom extortions, organisations in the blockchain space with reactive cyber maturity level are soft targets for bad actors.
DeFi Protocol Hacks
In 2021, approximately $12 billion invested in DeFi protocols was lost to scam and theft, out of which about $2 billion was lost to malicious attack campaigns. That year also witnessed the single largest DeFi cryptocurrency hijack of $600 million. With nearly $240 billion locked in, DeFi protocols are a certain target for adversaries.
Smart contract design vulnerabilities
Under the DeFi umbrella, smart contracts are largely used in interoperability protocols which link multiple blockchains together. Design flaws can allow adversaries to call privileged smart contracts controlling the flow of digital information between linked blockchains. The assets can then be directed into a cyber criminal-controlled address to be traded freely over an exchange. Organisations leveraging the smart contract technology need a secure system development life cycle through DevSecOps considerations.
Crypto wallet attacks
Like wallets used to store cash, cryptocurrency is deposited in digital wallets which can be accessed through cryptographic keys. There are two sets of keys: first the public key, which can be used to deposit digital assets in an address just like a bank account number, and secondly, a private key, which can be used to withdraw money from the wallet like a pin number. Private key security is critical to safeguarding the digital assets stored within crypto wallets. Basic attacks on crypto wallets aim to locate files where private keys are stored. However, since 2018, attackers are re-constructing private keys by decoding electromagnetic signals emitted by devices in an attempt known as side-channelling attack. Additionally, several attacks on crypto wallets leverage human error, pre-existing vulnerabilities and connection interception which eliminates the need for private keys to hijack a wallet.
There are some major vulnerabilities surrounding blockchain, however, there are systems that can be put in place to detect and limit cyber criminals attacking blockchain technology.
A step in the right direction
Past attacks faced by digital asset firms have often been reported only after an illicit transaction was successfully executed on or across blockchain(s). Detection of cyberattacks later in their lifecycle can lead to adverse financial, reputational and/or regulatory impact.
To address this gap, organisations should look to adopt software that is able to utilise AI and machine learning to detect threats before they even occur. Through this software, blockchain and crypto firms can collate suspicious on-chain and off-chain activities for enhanced visibility of their security posture, simplifying both threat detection and incident response activities. Having a software that is built with native out-of-the-box compliance alerting and advanced analytics to identify and flag compliance breaches is also key. In an uncertain regulatory environment, this software will enable blockchain and crypto firms to monitor for compliance and cybersecurity under the same joint effort.
Further still, identification of cyber risks affecting blockchain specific infrastructure is key to the development of proactive cyber maturity efforts. Having the right system can contextualise native intelligence monitoring, in turn enriching the threat detection with near real-time industry specific intelligence feeds to identify bad actors and APT group campaigns.
It’s impossible to stop all cyber-attacks, so when a breach occurs it is vital the cyber-security team is alerted as soon as possible. False-positive alerting generates tremendous noise for security teams globally. By utilising Machine Leaning, engines are able to observe historic true and false positives for similar events using enforced learning to decide whether an alert should be triggered – therefore alerting teams when a real threat is occurring.
What does the future hold?
Navigating a challenging environment and adopting the best practices can be overwhelming for business and function leaders. With the intertwining of blockchain and cybersecurity in an ever-evolving threats landscape, it is imperative that you continuously enhance your business to match the current landscape. Without proper thought, this implementation can be difficult or even impossible. Blockchain offers many benefits, such as efficiency, optimisation, cost reduction and better security. However, technology also introduces new risks to systems if not properly managed and monitored.