Hackers Target Enterprise Blockchains

Published at: May 20, 2020

When blockchain technology was first brought to the public’s attention, it was lauded on many fronts as “unhackable.” While there are many benefits to blockchain worth noting already, we probably still haven’t seen what its ultimate potential will be. One thing is certain though: It is not unhackable. That reality has been illustrated with increasing clarity to the tune of around $2 billion in cryptocurrency stolen by hackers since 2017.

Recent attacks have seen a shift in focus from public networks, such as the Bitcoin and Ethereum blockchains, to private networks built for the use of large corporations. In theory, the latter should be a more difficult target for a hacker due to their nature as smaller ecosystems where everyone knows one another and intruders have a harder time hiding.

Related: Crypto Exchange Hacks in Review

The reality has been a different matter. As more private enterprise blockchain networks come online, cybercriminals have focused intently on proving that the technology is, in fact, quite hackable. Here’s what they’re doing and how to keep them from getting into yours.

Blockchain basics

Before we dive into the particulars of recent attacks on private blockchain networks, let’s make sure our terminology is straight. A blockchain simply means a decentralized cryptographic database that exists on linked computers called nodes. Each node keeps an up-to-date copy of the entire database. All nodes have to verify and approve a transaction before it is added to the database.

Thanks to a design based on cryptography, economics and game theory, node owners have a financial incentive through a process called mining to play a straight game rather than try to subvert the system. A correctly designed blockchain database is easy to verify and add transactions to but hard and, more importantly, expensive in computing resources to defraud.

Companies engaged in a variety of activities such as cross-border transactions, digital record storage, and tracking goods and information have had their eye on blockchain for a while now. Blockchain application-building has been a high priority project for some truly massive operations, such as Fidelity Investments and the New York Stock Exchange to name a couple.

What sometimes goes overlooked in the rush to take advantage of the allure of blockchain security and ease of use is that they are essentially trying to tame a Wild West technology and make it play nice in the most corporate of environments.

Easing into the real world

While it is true that one would be hard pressed to recall a single private blockchain network hack that resulted in a real loss, there are reasons for this, and these reasons are in the process of changing. First of all, enterprise-level blockchain apps have been under feverish development the past few years, and only now are a few starting to be rolled out for public use.

In some cases, blockchain has allowed developers to put a new twist on an old idea. The Ethereum-backed security app called Orchid is in the process of taking the traditional idea of a virtual private network, throwing it on top of a blockchain and presto, you’re looking at the next generation of privacy technology.

Expect to see an increasing pace of familiar products and services receiving a similar blockchain boost.

To the average hacker, there was previously nothing on these networks worth stealing, but that is changing. New apps are moving from the research and development stage into production, which means there is now a profit motive. Like detestable flies, hackers are attracted to this new prey. They see it as both a challenge to their skills and an opportunity for easy money.

As time has passed, a few strategies have arisen that allow the unhackable blockchain protocol to be penetrated.

Control 51% and you control the game

The 51% Rule is an inherent drawback to most blockchain networks. The feature that allows this kind of attack is based on the proof-of-work concept in which a transaction must be approved by a majority of nodes, or 51%, in order to be approved and added to the database. If a single entity, in this case an entity with a propensity toward fraud, could somehow summon the computing resources that gave it control of 51% of the nodes, then it’s simply a matter of sending payments and then creating an alternate version of the database in which the payments did not happen.

This type of divergence is called a “fork” in blockchain terminology. Continuing with our assumption that a single hacker controls a majority of the nodes, they could designate the fork as the legitimate database version and continue to spend the same cryptocurrency again and again. As mentioned, collecting together the computing power needed to take over a major currency such as Bitcoin (BTC) or Ether (ETC) works out to a cost of thousands of dollars per hour, according to the site Crypto51.

However, if a hacker decides to go after a smaller, more lightly traded coin, the cost to take over the network drops considerably.

Corporate insider attacks

When it comes to private networks of the kind currently being deployed by major corporations, the most severe danger posed is from those already within the system. In other words, employees, vendors or others that have been invited to the network immediately have access to all the confidential data stored there. This is one design flaw when compared with public networks that needs to change.

On the public side, such as with Bitcoin, developers deploy zero-trust and other security tools to keep sensitive data from falling into the wrong hands and often off the chain entirely. As with traditional private networks, too many companies delving into their first blockchain project think that the main threat is from the outside. Their energy and focus go toward keeping outsiders on the outside, forgetting that insiders can be a threat too.

Philosophical action tip for blockchain design: Trust no one, especially those on the inside. A disgruntled ex-employee with an ax to grind and knowledge of where the nodes are could sell out your network to the highest dark web bidder. One denial-of-service attack and it’s all over. Design for safety from the outside and inside.

Final thoughts

Perhaps the biggest danger posed to private blockchain networks is the fact that they don’t have a dedicated community full of members from all over the world that spend their days and nights testing, tweaking and improving the network. By its very nature of being smaller and private, there is no equivalent process in place for vigorous testing. There’s no easy solution here. It’s hard for a single company to generate the same kind of enthusiasm and support as a massively popular cryptocurrency such as Bitcoin.

One current approach is to take advantage of a company such as Kaspersky, which has developed a process for conducting blockchain security audits. Since Kaspersky is Russian-owned, some companies are understandably cautious about letting it take a look behind the curtain, but the idea is still sound. As time goes on and more corporate blockchains come online, expect the auditing and support industry to become more robust.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Sam Bocetta is a freelance journalist specializing in United States diplomacy and national security, with an emphasis on technology trends in cyber warfare, cyber defense and cryptography. Previously, Sam was a contractor for the U.S. Department of Defense, working in partnership with architects and developers to mitigate controls for vulnerabilities identified across applications.

Tags
Related Posts
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …
Adoption / Feb. 26, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Overview of Software Wallets, the Easy Way to Store Crypto
Similar to a bank account for fiat currency, a crypto wallet is a personal interface for a cryptocurrency network that provides reliable storage and enables transactions. Whether a cryptocurrency is securely stored or not, much depends on the wallet, which is only as secure as its private keys. Wallets are generally either hot or cold. The funds in a hot wallet can be spent at any time, online. A cold wallet functions in contrast: not intended for regular cryptocurrency transactions, but funds can be received at any time. Wallets can also be divided into three groups: software, hardware and paper. …
Blockchain / March 29, 2020
Easy-to-use DeFi protocols will become the new gatekeepers to crypto
It has arguably never been easier to participate in the crypto ecosystem. After centralized exchange powerhouse Coinbase recently began allowing its users to deposit part of their fiat paychecks into the exchange in the form of crypto, more people are beginning to realize the potential of the industry and participate in this ever-growing ecosystem. But, crypto is commonly perceived as fundamentally intricate or lacking the proper interfaces, and whether this is right or wrong, this has been the perception for some time. To some people, the premise of digital currencies will always seem far too complicated. More recently, however, there …
Adoption / Feb. 5, 2022
Germany outlines favorable tax guidelines, gains on BTC and ETH sold after a year tax-free
The Federal Ministry of Finance (BaFin) published a 24-page document on Tuesday outlining clear income tax rules for cryptocurrency and virtual assets. Tax practitioners, businesses and individual taxpayers now have clear direction on the tax requirements for acquiring, trading and selling cryptocurrencies. The key takeaway is that individuals who sell BTC or ETH more than 12 months after acquisition will not be liable for taxes on the sale if they realize a profit. Parliamentary State Secretary Katja Hessel also addressed questions around the long-term staking of cryptocurrencies: “For private individuals, the sale of purchased Bitcoin and Ether is tax-free after …
Technology / May 12, 2022