Building a secure blockchain: are they free from cyber attack?
Advocates of blockchain technology have long touted it as the answer to our security woes, but how secure is it by default? Implement blockchain tech poorly, and you could lull yourself into a false sense of (cyber) security.
Conventional wisdom says that blockchains are secure. Consensual trust is the blockchain’s unique selling proposition, after all. Multiple participants see all transactions on the blockchain, and use cryptographic algorithms to verify them, sealing them into blocks that are immutable. The concept eliminates a single point of weakness that would allow a rogue party to tamper with the records.
In reality, while blockchain technology is theoretically secure, its implementations have their own weaknesses. There are several attack categories that threaten secure blockchain operation.
Attacks on the blockchain
One of the best known blockchain threats is the Sybil attack, in which one attacker controls a large number of network nodes and manipulates them to influence transactions.
One example of what critics called a Sybil attack came in 2015, when Bitcoin forensics company Chainalysis created a collection of fake bitcoin nodes to harvest information from the bitcoin network, angering core developers and some wallet coders.
Another potential threat, called the eclipse attack, involves simply blocking legitimate nodes from each other. A malicious node could send a transaction to another and then block it from the rest of the network while it communicates a different transaction to everyone else.
This could enable double spending attacks. Researchers have already explored theoretical attacks on the bitcoin network, and on Ethereum. Flaws such as these can enter the blockchain through human error and shoddy code. All it takes is an implementation error, and the results can be disastrous.
Blockchains that have been hit
In April 2018, privacy-focused cryptocurrency Verge reportedly lost 250,000 coins to an attacker who compromised the integrity of its blockchain. The malicious actor used several bugs in the blockchain code to capture more than 51% of the mining power, which required a hard fork to fix.
Ethereum software developer Parity saw 513,774 ether frozen in 2017 after a rookie user inadvertently triggered a bug in its wallet that the company had apparently known about for months. The bug locked up the ether, worth millions of dollars, in what Parity founder Gavin Wood jokingly called a “long-term savings account”.
Bitcoin Cash, a rival to bitcoin that uses a version of its software, has the fourth largest capitalization of any cryptocurrency. Yet it, too, nearly ended up scuppered by a simple software bug.
Bitcoin Core developer Corey Fields found that someone on Bitcoin Cash’s development team had changed the rules in the software that verifies transactions before including them on the blockchain. The rule change made it possible to introduce transactions that only the buggy version of the software would accept, creating a fork. The developers fixed the bug in May, but only after Fields fought to find someone to talk to on the team.
Another cryptocurrency called pigeoncoin was not so lucky. An attacker fraudulently produced 235 million coins on its blockchain, equal to a quarter of all publicly-traded pigeoncoins, by exploiting a bug that had been fixed in bitcoin’s core software but which the pigeoncoin developers had not yet patched.
The attacker walked off with the equivalent of $15,000. It could have been far worse if the bug had not been discovered in bitcoin and patched in several other cryptocurrencies that derive their code from it.
As blockchains become more complex and functional, the bugs will keep coming. EOS, the Ethereum rival that officially went live in June, suffered a bug less than 48 hours after it flicked the switch. The flaw halted the blockchain’s operation until it could release an update. This is in spite of the bug bounty program it launched in May via crowdsourced security auditing firm HackerOne, through which it awarded $120,000 to a single security researcher.
Attacks on the ecosystem
Bugs like these expose weaknesses in the code that operates the blockchain itself, but attackers need not find these to compromise blockchain users. In many cases, they can use weak spots in the surrounding infrastructure supporting a blockchain.
Server breaches were the number one cause of blockchain and cryptocurrency compromise, as documented by the Blockchain Graveyard, a record of over 60 security incidents.
Cloud account takeover was another popular attack vector, in which a privileged account was stolen using something as simple as a phishing attack.
Attackers can sometimes also compromise an account using credential stuffing, in which they find access credentials that the account holder has used for other services leaked online. They can then use them to access blockchain-related accounts.
Some attacks compromise blockchain users by exploiting fundamental issues with the protocols underpinning the Internet itself. In April, many MyEtherWallet users lost their funds after trying to visit the wallet’s online site.
The perpetrators mounted a complex attack using the Border Gateway Protocol (BGP) that redirected Internet traffic to its own Russian server, where unwitting victims entered their details.
Securing the blockchain
So, how can we secure blockchains from attack? A defence-in-depth approach, with protections at multiple layers, can help to mitigate the threats.
Secure development lifecycles are as important now as they have always been, but they need discipline and communication. The decentralized development teams behind many of today’s public blockchain efforts may suffer from a lack of cohesion.
Creating secure devops processes, in which code cannot be pushed to release unless it has undergone a battery of automated tests, can help to reduce errors earlier on in the development pipeline.
Another important step is to secure other parts of the infrastructure surrounding and supporting the blockchain, including the computers and accounts used to access and manipulate its data. This is a particularly important step because so many blockchain implementations rely on private keys to grant access.
These credentials really are the keys to the kingdom, and must be properly protected. In an enterprise context, hardware security modules (HSMs) are useful way to safeguard digital keys.
We’ll leave smart contracts, which open up yet another attack vector for users and service providers, for another article, but together with blockchain bugs and errors in operational security they promise to cause headaches for many more people yet.
The same problems that plague us in traditional computing will become more acute and problematic in a decentralized world. To protect our blockchain implementations, we must introduce more rigour – and perhaps new ways of developing code and securing the surrounding infrastructure – sooner rather than later.