zkSync 101: Everything you need to know about L2 blockchain
zkSync is a layer 2 solution for transferring Ether and ERC20 tokens. Let’s review it.
Hacken is launching a monitoring tool. Get details and join our beta program
Blockchain-based systems are airtight. That said, hacking some of them can’t be called an impossible feat. Alarming news about crypto scammers draining the smart contracts of funds keeps scaring away cautious investors.
Can’t the developers just secure each potential entry point to guarantee zero successful hacking attacks in the future? Easier said than done. Besides, blockchain cybersecurity risks exist widely, with new threats emerging almost immediately.
Which blockchain risks currently represent the biggest challenges for web3.0 entrepreneurs and developers? It depends on whether the blockchain is public or private, but malicious actors often prefer using one of the following types of attacks: phishing, Sybil, 51% attacks, and routing.
This attack occurs when a cybercriminal wields over 51% of the processing power. Typical targets include slow permissionless networks where proof-of-work is used to add new blocks of transactions (BCHA, BCH, and ETC). Once the control of the entire system is seized, an attacker can alter the order of transactions, thus preventing them from getting confirmed and possibly reversing already completed transactions. Centralized networks can also target these blockchain risks, but they are much less susceptible to them.
Rather than looking for loopholes in the code, phishers use old inelaborate tactics of pretending to be authentic-looking companies and stealing the user’s credentials, such as the private keys. Once the data gets stolen from the unsuspecting victim, the scammer easily accesses crypto wallets and sends out funds.
As a rule, these criminals do not come up with elegant creative scams in the style of Saul Goodman. Blockchain phishing is typically done:
This blockchain cybersecurity risk was named after a female book character who was suffering from dissociative identity disorder. A successful Sybil attack allows a bad actor to generate and manage multiple fake identities at the same time using a single node in a peer-to-peer network. This type of cybersecurity risk is aimed at weakening the authority by acquiring a majority consensus to carry out unauthorized actions in a reputable blockchain system.
Issues brought about by Cybil attacks:
Blockchain risks such as these exist because most peer-to-peer networks rely on the principle of anonymity and can’t implement identity-based validation.
Sadly, Border Gateway Protocol is outdated and full of vulnerabilities that can be exploited.
A bad actor who controls an ISP can publish a bogus route, potentially splitting the blockchain network in half, which can cause dramatic consequences. During an attack, blockchain users have no clue that something bad is going on since data transmission continues as usual. To minimize such blockchain cybersecurity risks, there should be continuous monitoring of BGP and DNS. One more safeguard against routing attacks is a strict RPKI configuration.
Everything is hackable online as no system can be called perfect. Decentralized networks have their loopholes, too and some blockchain risks can’t be easily eliminated. Nevertheless, cyber security professionals can make a whale of a difference by minimizing them.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email