Vulnerabilities of Blockchain, Wallets and Exchanges
In 2019, enterprises were finally moving from blockchain testing to installations. Goldman Sachs, formerly skeptical of the blockchain, has launched a crypto-investing product for its clients. Beyond investing and finance, major blockchain projects have been released in many other industries, including cybersecurity, healthcare, and agriculture.
Enterprises no longer question blockchain value and are now proactively seeking new ways of incorporating blockchain in their legacy systems. Henri Arslanian, head of the fintech and crypto department at PwC, said that 2019 would be when big players enter the crypto world. Large companies have signed off new partnerships with blockchain startups in early 2019, including ING Bank and R3; invested in blockchain projects (Nasdaq and Symbiont), and new consortium partnerships emerged (Wall Street Blockchain Alliance and R3).
We should see more enterprise-level decentralized ledger technologies (DLTs) emerging on the market in 2019 as well. Amazon, IBM, and Oracle now offer enterprise-grade blockchain solutions. With the advent of enterprise blockchain, quantum-level security is of prime importance. Quantum Finance is leading the way with the most advanced quantum secure blockchain solutions globally.
Blockchain works by storing multiple copies of all transactions within a distributed architecture. The blockchain is built around nodes. These nodes provide redundancy in confirming the validity of transactions before they go through. The nodes also compete to package new, valid transactions into blocks and add them to the blockchain. “Miners,” or individuals who win the bid to add new blocks to the chain, are rewarded since the computation time to perform this operation is extensive and highly mathematically complex.
Blockchain is perceived (falsely) to be secure because:
A unique “hash” is associated with each block in the blockchain. If a block is modified, a new hash is generated. Since all other nodes check that the hash matches its partnership before adding this block to their copies of the chain, there is a robust validation process to guard against tampering.
The chain itself is complicated to modify. If someone were to change a block further upstream in the chain, new hashes would need to be generated for each subsequent block, faster than the speed at which other nodes add new blocks. Moreover, other nodes would recognize the difference between their chains and the compromised chain and reject that change.
However, there are ways in which the blockchain can be attacked and breached. Techniques used to breach blockchain vary significantly and have typically focused on: breaching the identities of wallet owners, exchange administrators, communication channels, and data mining. For example, one node can trick other nodes into spending valuable computation time on irrelevant or already-solved problems, effectively buying it time to make changes upstream in the blockchain. Additionally, someone can take over communications for a node and hack it to verify fake transactions. Finally, hackers can access internet-connected data storage to steal wallet keys or subvert automated transactions. Especially for blockchain-based applications, the onus of encrypting sensitive data is on the user. Many hackers capitalize on this security flaw to decrypt this data via the end-user algorithmically.
In 2018, hackers stole over $927 million from exchanges and other cryptocurrency platforms within nine months. All these exchanges and platforms operated on public blockchains.
Some significant hacks include:
At the beginning of 2018, a breach in which $500 million in cryptocurrency was stolen from a Japanese exchange called Coincheck Inc. The alleged reason was that customer asset were kept in a “hot wallet” connected to other networks. There was no multi-factor authentication in place to approve the removal of funds.
Suppose a Japanese cryptocurrency exchange had $60 million stolen from its hot wallets in September 2018. Other Japanese businesses have been similarly vulnerable.
A 51% hack of the Ethereum Classic, a cryptocurrency on Coinbase’s exchange. A 51% hack means that one user could control over 50% of mining power, which could allow them to prevent new transactions, reverse transactions, and use their coins to double spend. In this particular instance, the hacker was able to spend over $1.1 million.
The first two examples are related to the issue of “hot wallets” being accessible over multiple networks. In contrast, the third example is based on illegal ownership and asset control associated with control of node communications. Blockchain has already proven to be vulnerable in these ways, and it has the potential to be subverted in many other creative ways. The examples above and many others documented online necessitate immediate preventative action in blockchain security. The hacks discussed thus far can be conducted by classical computers. Unfortunately, quantum computers and quantum algorithms threaten blockchain security even more nefarious.
The result is that your wallet and associated blockchain are not secure. If they were, the breaches above would not have occurred. It is imperative to add significant quantum resilient security to the entire wallet-blockchain system to ensure the most protection for coin holders and blockchain users.
#technology, #cybersecurity, #cyberdefense #ciso, #quantumcomputing, #cyberattacks, #quantum, #cto, #cisos, #technologynews, #quantumtechnology, #quantumphysics, #cybersecuritythreats, #ctos, #quantumtechnologies, #cyberresiliency, #quantumtech, #quantumsecurity, #quantumcommunication, #quantumsoftware, #quantumiscoming