New

Hacken is launching a monitoring tool. Get details and join our beta program

More

Blockchain Security Issues

Blockchain Security Issues
  • Discover
  • essential knowledge

26 Sep 2022

Blockchain-based systems are airtight. That said, hacking some of them can’t be called an impossible feat. Alarming news about crypto scammers draining the smart contracts of funds keeps scaring away cautious investors.

Can’t the developers just secure each potential entry point to guarantee zero successful hacking attacks in the future? Easier said than done. Besides, blockchain cybersecurity risks exist widely, with new threats emerging almost immediately.

Which blockchain risks currently represent the biggest challenges for web3.0 entrepreneurs and developers? It depends on whether the blockchain is public or private, but malicious actors often prefer using one of the following types of attacks: phishing, Sybil, 51% attacks, and routing. 

51% attacks

This attack occurs when a cybercriminal wields over 51% of the processing power. Typical targets include slow permissionless networks where proof-of-work is used to add new blocks of transactions (BCHA, BCH, and ETC). Once the control of the entire system is seized, an attacker can alter the order of transactions, thus preventing them from getting confirmed and possibly reversing already completed transactions. Centralized networks can also target these blockchain risks, but they are much less susceptible to them.

Phishing attacks

Rather than looking for loopholes in the code, phishers use old inelaborate tactics of pretending to be authentic-looking companies and stealing the user’s credentials, such as the private keys. Once the data gets stolen from the unsuspecting victim, the scammer easily accesses crypto wallets and sends out funds.  

As a rule, these criminals do not come up with elegant creative scams in the style of Saul Goodman. Blockchain phishing is typically done:

  • Via suspicious links in emails from fake DeFi protocols, trading platforms, etc. The email might notify users about unauthorized access attempts, asking them to enter their crypto wallet credentials. Real protocols and exchanges never request private keys over an email.
  • Via malicious popups with transaction alerts. For example, they might inform users about the failure of the last transaction, asking you to input your auth keys again.
  • Via fake MetaMask pop-ups, etc.

Sybil attacks

This blockchain cybersecurity risk was named after a female book character who was suffering from dissociative identity disorder. A successful Sybil attack allows a bad actor to generate and manage multiple fake identities at the same time using a single node in a peer-to-peer network. This type of cybersecurity risk is aimed at weakening the authority by acquiring a majority consensus to carry out unauthorized actions in a reputable blockchain system.

Issues brought about by Cybil attacks:

  • blocking legitimate users from using a network
  • controlling the data flow in a network
  • creating conditions for launching a 51% attack

Blockchain risks such as these exist because most peer-to-peer networks rely on the principle of anonymity and can’t implement identity-based validation.

Routing attacks

Sadly, Border Gateway Protocol is outdated and full of vulnerabilities that can be exploited.

A bad actor who controls an ISP can publish a bogus route, potentially splitting the blockchain network in half, which can cause dramatic consequences. During an attack, blockchain users have no clue that something bad is going on since data transmission continues as usual. To minimize such blockchain cybersecurity risks, there should be continuous monitoring of BGP and DNS. One more safeguard against routing attacks is a strict RPKI configuration.

Everything is hackable online as no system can be called perfect. Decentralized networks have their loopholes, too and some blockchain risks can’t be easily eliminated. Nevertheless, cyber security professionals can make a whale of a difference by minimizing them.

share via social

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email


    Interested in getting to know whether your systems are vulnerable to cyberattacks?

    Tell us about your project

    • This field is required
    • This field is required
      • whatsapp icon WhatsApp
      • telegram icon Telegram
      • wechat icon WeChat
      • signal icon Signal
    • This field is required
    • This field is required
    • This field is required
    • This field is required
    This field is required
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo

    1,070+ projects audited

    companies logos

    Apply for partnership

    • This field is required
    • This field is required
    • This field is required
    • This field is required
      • Foundation
      • VC
      • Angel investments
      • IDO or IEO platform
      • Protocol
      • Blockchain
      • Legal
      • Insurance
      • Development
      • Marketing
      • Influencer
      • Other
    This field is required
    This field is required
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo

    1,070+ projects audited

    companies logos

    Get in touch

    • This field is required
    • This field is required
    • This field is required
    • This field is required
    This field is required
    By submitting this form you agree to the Privacy Policy and information beeing used to contact you
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo