Cyber Security and Blockchain. Is Blockchain really as secure as everyone says?

There is a common misconception, that Blockchain technology automatically guarantees high security because of its cryptography and inalterability. Despite these definite strengths of the technology, the Blockchain ecosystem is not necessarily a safe haven. Even small security gaps can have a big influence.

What gaps or risks could apply, can be showcased by two fatal incidents, where hackers exploited weaknesses in the code of the particular organizations with the help of the underlying Blockchain Smart Contract technology.

In june 2016 the venture capital fund organization “Decentralized Autonomous Organisation (short “DAO”) has been deprived of approximately $ 50 Mio. in form of Ether during a business operation. DAO is a decentralized virtual organization, where members decide via votes, which company receives suitable risk capital – represented by a Smart Contract based on the Ethereum Blockchain. At the end of the voting the gathered Ether will be transferred to the elected wallet. An additional feature, the “split DAO” function, was the downfall of the organization. This function allowed to split the transfer of Ether onto multiple wallets, so called “child DAO”. It was possible via a Smart Contract, which worked technically flawless, but enabled participants to request multiple splits simultaneously, despite not yet balanced ledgers. The attackers were able to request a split up to 200 times and almost completely empty the DAO wallet. The weakness was in the DAO Smart Contract, the Ethereum Blockchain worked faultless and even to the attackers advantage.

To prevent this hack a simple review and testing before publishing the Smart Contract would most likely have been sufficient.

In August 2016 the cryptocurrency exchange Bitfinex in Hong-Kong has been compromised. 120,000 Bitcoins have been stolen from user wallets. To increase security, Bitfinex introduced a so called “Multi-Signature Key Management System”, where private keys of users were stored by Bitfinex itself and third party provider BitGo. The exact cause of the attack has never been confirmed, but the hackers were able to access all three necessary keys to perform a transaction on the accounts. Again the security gap was in the organizations concept and not the Blockchain technology itself.

Both examples show that the underlying Blockchain technology worked reliably and safe, but the applications built upon showed a lack of security and missing risk assessment, which enabled the hacks.

Twitter
Telegram
LinkedIn
Facebook

You might also be interested in these posts

ETH Merge

Tax implications of the Ethereum Merge

In terms of taxes, the most significant event related to the merge is the announced hard fork introducing the Ethereum PoW (ETHW) chain, but also the transition to Proof of Stake on the main chain introduces new variables in terms of potential taxable events.

Disclaimer: The information provided in this blog post is for general information purposes only. The information was completed to the best of our knowledge and does not claim either correctness or accuracy. For detailed information on crypto regulations, we recommend contacting a certified legal advisor in the respective country. If any questions occur, feel free to contact us on our social media channels.

Portfolio tracking and tax filing made easy

We’ll help you handle taxes on Bitcoin & co
The Big Blockpit Easter Giveaway
The Easter Bunny and Blockpit are giving away exclusive prizes with a total value of over 2500 Euro. Only until April 19th