As the blockchain grows in significance and myriad uses, new users need to attend to security as an important factor. We are concerned that events of the last year and a half have diverted attention away from this issue. 2022 and crypto winter brought a lot of damage to the crypto community. Most of the focus on crypto and other uses of blockchain has had to do with monetary loss, safety of financial assets, and even out and out fraud by some of the crypto robber barons. For anyone who is adopting blockchain technology for their business, think once and then twice. Is your blockchain secure? Anyone investing in cryptocurrencies or decentralized finances businesses needs to have the same concerns.
What Security Issues Come with the Blockchain?
Last year we wrote about the anatomy of a blockchain DeFi hack. Although such issues have taken a back seat recently to issues of crypto and DeFi regulation, they are still very important. The sorts of things to concern yourself with in this arena are 51% attacks, flash loan attacks, loopholes in coding, and centralization of information in what are supposed to be decentralized systems.
What Are 51% Attacks?
Decentralized design of a blockchain (as opposed to centralized design) can lead to what is called a 51% attack. Verification of information processed and stored in a blockchain relies on consensus throughout the system. In a system using a “proof-of-work” standard, anyone who controls more than half of the system (51%) can be totally in charge. In a permissionless blockchain system where hash rates are low this can be a particular issue. A successful 51% attack lets the hackers invalidate new transactions, modify new blocks and even reverse old transactions. Causing double spending in a system is a common goal of a 51% attack. The hackers collect crypto assets and never touch embedded wallets in the system. Even name players in crypto like Ethereum Classic, Bitcoin Cash and Bitcoin Cash ABC have been hit by this kind of attack. Methods that have been successful in blocking these sorts of attacks include using proof-of-work system blind signatures. On proof-of-stake systems a method that has worked is to lock a sufficient percentage of funds to make majority control practically impossible.
Beware of Flash Loan Attacks
Something that may be helped by upcoming anti-money-laundering rules are flash loan attacks. A problem with many DeFi systems is that their know-your-customer rules are lax and loosely enforced. This tends to let folks into the system that you would prefer were not there. Smart loan networks that are highly leveraged and provide non-collateralized loans can be prone to this problem. What the attackers do is find loopholes where they manipulate token values. They effectively do crypto arbitrage and make off with profits that they then transfer to other networks in an attempt to launder their ill-gotten gains. Such attacks have made off with millions of dollars in crypto assets. The most famous was the PancakeBunny hack which made off with close to $200,000,000 in crypto assets. The take home lesson for that one was to make sure that your coding is airtight before going into business with it!
Blockchain Coding Loopholes
The more centralized a blockchain is the more vulnerable it is when the coding is not airtight. They saw that problem at PancakeBunny but the issue exists with all blockchains. Hackers typically target those who have private keys for a system. They can then take assets from wallets within that system. Another issue with centralized systems is that they use external sources for some of their information and/or processing. In such cases they are not in charge of the code but rather the external source is and a hack of that entity can lead to access of the home blockchain causing significant losses.
Is Your Blockchain Secure? – SlideShare Version