Blockchain from a security perspective

Security is one of the most important factors when it comes to online platforms. The issue has come up at the forefront of mainstream media attention numerous times. As Information Technology (IT) keeps developing so do hackers become more and more elaborate in their attacks. This can be anything starting from social engineering to full-blown port scanning, network infrastructure infections, injections, and whatnot. The financial sector is one of the most targeted out of the bunch as it contains all of the private information including payments, bank credentials, etc.

Cryptocurrency platforms have come under scrutiny numerous times. This can be largely attributed to the low level of security that some of the exchanges were having. Mt. Gox, a Tokyo based crypto exchange, was one of the biggest disasters for a good number of people. It was only post factum when the company found out that the cyberattack had been on-going for years straight ending with as much as $460 million worth of Bitcoin loss. Mind you this happened much earlier than the bitcoin price surge in 2017 meaning that potentially a good number of people have lost millions of dollars. Mt. Gox is only one example out of the bunch and there are a good number of others as well.

The Complexity of Cyber Security of Digital Assets

Blockchain technology in and out of itself is quite secure. The core problem comes when we have digital assets to take care of. Cybersecurity is multilayered protection. Imagine a bank that keeps all of its money in a secure room with an extremely robust door but on the top floor right above the vault, there is an office with just a thin blocky floor. If someone knew the architecture then they wouldn’t even try to break through the vault but just blow a hole in the ceiling and make an entrance through there. The same goes for blockchain-based exchanges. The problems arise due to other factors like the software or a website used to connect. The business logic side is usually the most vulnerable.

It is worth noting that these exchanges are immutable which means that once they are deployed bug fixes are not usually possible. This fact makes them much more vulnerable to front-running attacks, reentrancies, etc. What I am trying to say here is that most of the cyber attacks are utilizing more traditional ways rather than directly attacking the blockchain (which is basically that very same robust vault door). Unpatched vulnerabilities in databases or APIs that make it possible to do injections, accounts without two-factor authentication (2FA), bad key storage practices, or even incorrect use of cryptography methods. 2FA in particular is becoming basically mandatory to keep your account secure although it also has its pros and cons. There are different methods like SMS verification, email verification, and authenticator application based verification methods.

This is because of the fact that data breaches do happen and there is nothing an individual user can do about it. The recommended practice is to keep passwords in an encrypted manner in databases so that even if the hacker gets a hold of the hacker cannot view the actual clear text version. However, some companies, even though they claim to do this, do not. The issue arises once an individual starts reusing passwords. The human brain is not good at remembering multiple passwords. Thus, we usually associate them with something or use easy to remember passwords that are related to us. Unfortunately, hackers utilize this weakness in the human brain to brute force their way into certain accounts. Or in case of data breaches if there is a precedent of having clear text passwords they try to use it with other accounts associated with this or that person on other platforms. If the password is reused the access to the account is given to a malicious user.

The financial industry has been on top of the game for a very long time now. The foreign exchange market brokers were the ones vulnerable to this issue for a very long time. This is where most of the customer data is kept including their bank account information, their funds, and other valuable information. Cyberattacks are more prevalent in the developed parts of the world as this is where huge amounts of funds are concentrated in. IBM has reported that on average the cost of the Canadian finance industry’s data breaches is as much as $6.4 million higher than other fields. Forex trading being one of the most popular activities for people to make extra revenue has pushed this industry to make the necessary changes to their authorization protocol. This is why 2FA has become mandatory for all forex trading brokers in Canada and companies have started pouring huge amounts of funds into cybersecurity as well as educating their customers about possible threats. 2FA doesn’t mean that you are fully protected though and this is because of one more aspect that I have deliberately left out of the previous list and that is the human aspect.

It is Only Human to Make Mistakes

The statistics have shown that the biggest weakness for any security system are humans. This is why large corporations are putting a good amount of financial and human resources into the education of their employees. Some of the tips that seem obvious to more tech-savvy individuals are like a foreign language to others. You would be surprised how many financial institutions have suffered due to the intelligence of customers and individual employees. Things like not opening attachments or pressing links in spam emails and other ABC’s of internet usage. Infections of whole computer networks including intranets that are seemingly disconnected from the world wide web are happening due to these minor mistakes. Social engineering is a huge part of hacking. I remember one time when our Malware subject lecturer in the university had a lengthy presentation about not connecting random memory sticks into our computers. To test how well some of the students have understood the issue he left an obvious bait as a flash drive on a desk. One of the students picked it up thinking the flash drive would contain information about exams but to his surprise, he was met with a small malware that would change his desktop picture to a blank screen with the words “Do not plug unknown devices into your computers.”

This problem is one of the major concerns for even blockchain-based companies. Even though blockchain itself provides a good level of security if one of the accounts with administrator privileges gets compromised users across the whole platform will suffer the consequences.