By Lior Lamesh, CEO of GK8
Since its inception, blockchain has been hailed as a generally safer way to conduct financial transactions, and it is. There is no doubt that distributed ledger technology, which requires a consensus among a large number of parties to approve each transaction, provides a level of security in financial transactions that did not exist before the beginnings of Bitcoin, as well as ” greater efficiency, effectiveness and cost. -effective than current computer systems.
However, the blockchain has vulnerabilities that need to be addressed, which largely come from endpoints using wallets to create and sign transactions before being sent to the blockchain. These wallets are prime targets for pirates. What is the purpose of the secure blockchain if the applications allowing people to communicate transactions are vulnerable?
In early 2019, Ethereum Classic (ETC), one of the cryptocurrencies that people can buy and sell on the popular exchange platform of Coinbase, faced a sophisticated cyber attack. A hacker took over more than half of the network’s computing power and used it to rewrite transaction history, wresting nearly $ 1.1 million from Ethereum Classic from other users. Among other hacks that took place at the time, the ETC attack marked a turning point in the history of cryptocurrency, and the media headlines that followed reflected that reality.
“Formerly hailed as non-hackable, blockchains are now hacked,” was one such headline, prominently featured in MIT Technology Review a month after the attack. Analysts everywhere were beginning to reconsider whether the technology of the distributed ledger was really as secure as its cronies claim.
Interestingly, Coinbase caught the attack in time to warn the ETC community and prevent hackers from stealing funds from its users. Fortunately, the San Francisco Stock Exchange, whose reputation for first-rate trust and security has earned it the reputation of being some sort of standard for crypto trading, has gained ground. Among other hacks that took place at the time, the ETC attack was a turning point in the history of blockchain, exposing the importance of blockchain engineering in a way that takes advantage of its security advantages and avoids the compromise of its network. While the initial hacking headlines were nightmarish, Coinbase avoided what could have been a much worse PR disaster.
This does not mean that its users have always been safe.
While it is extremely difficult to hack a blockchain – it is a process that requires a single miner to control more than 50% of the network computing capacity – it is quite simple for even less sophisticated hackers to hack into wallets which facilitate blockchain transactions. And, as has been documented, such attacks against Coinbase users, including, like Fortune, technology CEOs and blockchain supporters, have been successfully hacked into their accounts.
The method of targeting endpoints, as opposed to whole blockchains, reached new heights in May 2019 when hackers stole $ 40 million from Bitcoin in exchange for Binance in a single transaction. , in a huge security breach that rocked the world of cryptography. The transaction was limited to Binance’s BTC hot wallet, which contains around 2% of the company’s Bitcoin holdings. But not only do hot wallets risk being compromised by bad actors. Most crypto wallets on the market today, including cold wallets, are connected to the Internet at some point and are therefore completely hackable. Each portfolio can be violated, given the good return on investment for the attacking party.
This vulnerability costs businesses. About $ 4.26 billion in digital assets were stolen in the first six months of 2019 alone, mostly from trade. The vulnerability of blockchain endpoints needs to be addressed if companies are to avoid such heavy and unnecessary financial losses, as hackers are only becoming more sophisticated. In addition, the damage inflicted by a cyber attack is far from being solely financial. Collateral damage inflicted includes damage to reputation and the time required to restore confidence, as well as the downtime required to identify the vulnerability during the attack.
A report released in late 2019 by Akamai, one of the biggest names in cybersecurity, predicts many more armed cyberattacks by 2020. An overlap between criminal developers and nation state actors creates a very dangerous reality for all financial institutions of the new decade, creating an abundance of zero-day tools to target specific organizations.
But we must not let them succeed. In medieval times, the weakest point of a castle was its drawbridge, since it was built as an entry point, and an entry point is more vulnerable than a 40 foot. stone wall with archers. The lords and kings of the time therefore found innovative ways to defend their drawbridges, with moats, traps and other devices. It is high time that businesses and crypto exchanges defend their own weaknesses against attack. Blockchain as a database is secure, of course. Let’s make sure that blockchain as a service is too.
About Lior: Lior Lamesh is the co-founder and CEO of GK8, a cybersecurity company that offers high security depository technology for the management and backup of digital assets. Lior acquired his expertise in the field of cybersecurity while being part of an elite team that responded directly to the Office of the Prime Minister of Israel on matters of protection of strategic state assets.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
By Lior Lamesh, CEO of GK8
Since its inception, blockchain has been hailed as a generally safer way to conduct financial transactions, and it is. There is no doubt that distributed ledger technology, which requires a consensus among a large number of parties to approve each transaction, provides a level of security in financial transactions that did not exist before the beginnings of Bitcoin, as well as ” greater efficiency, effectiveness and cost. -effective than current computer systems.
However, the blockchain has vulnerabilities that need to be addressed, which largely come from endpoints using wallets to create and sign transactions before being sent to the blockchain. These wallets are prime targets for pirates. What is the purpose of the secure blockchain if the applications allowing people to communicate transactions are vulnerable?
In early 2019, Ethereum Classic (ETC), one of the cryptocurrencies that people can buy and sell on the popular exchange platform of Coinbase, faced a sophisticated cyber attack. A hacker took over more than half of the network’s computing power and used it to rewrite transaction history, wresting nearly $ 1.1 million from Ethereum Classic from other users. Among other hacks that took place at the time, the ETC attack marked a turning point in the history of cryptocurrency, and the media headlines that followed reflected that reality.
“Formerly hailed as non-hackable, blockchains are now hacked,” was one such headline, prominently featured in MIT Technology Review a month after the attack. Analysts everywhere were beginning to reconsider whether the technology of the distributed ledger was really as secure as its cronies claim.
Interestingly, Coinbase caught the attack in time to warn the ETC community and prevent hackers from stealing funds from its users. Fortunately, the San Francisco Stock Exchange, whose reputation for first-rate trust and security has earned it the reputation of being some sort of standard for crypto trading, has gained ground. Among other hacks that took place at the time, the ETC attack was a turning point in the history of blockchain, exposing the importance of blockchain engineering in a way that takes advantage of its security advantages and avoids the compromise of its network. While the initial hacking headlines were nightmarish, Coinbase avoided what could have been a much worse PR disaster.
This does not mean that its users have always been safe.
While it is extremely difficult to hack a blockchain – it is a process that requires a single miner to control more than 50% of the network computing capacity – it is quite simple for even less sophisticated hackers to hack into wallets which facilitate blockchain transactions. And, as has been documented, such attacks against Coinbase users, including, like Fortune, technology CEOs and blockchain supporters, have been successfully hacked into their accounts.
The method of targeting endpoints, as opposed to whole blockchains, reached new heights in May 2019 when hackers stole $ 40 million from Bitcoin in exchange for Binance in a single transaction. , in a huge security breach that rocked the world of cryptography. The transaction was limited to Binance’s BTC hot wallet, which contains around 2% of the company’s Bitcoin holdings. But not only do hot wallets risk being compromised by bad actors. Most crypto wallets on the market today, including cold wallets, are connected to the Internet at some point and are therefore completely hackable. Each portfolio can be violated, given the good return on investment for the attacking party.
This vulnerability costs businesses. About $ 4.26 billion in digital assets were stolen in the first six months of 2019 alone, mostly from trade. The vulnerability of blockchain endpoints needs to be addressed if companies are to avoid such heavy and unnecessary financial losses, as hackers are only becoming more sophisticated. In addition, the damage inflicted by a cyber attack is far from being solely financial. Collateral damage inflicted includes damage to reputation and the time required to restore confidence, as well as the downtime required to identify the vulnerability during the attack.
A report released in late 2019 by Akamai, one of the biggest names in cybersecurity, predicts many more armed cyberattacks by 2020. An overlap between criminal developers and nation state actors creates a very dangerous reality for all financial institutions of the new decade, creating an abundance of zero-day tools to target specific organizations.
But we must not let them succeed. In medieval times, the weakest point of a castle was its drawbridge, since it was built as an entry point, and an entry point is more vulnerable than a 40 foot. stone wall with archers. The lords and kings of the time therefore found innovative ways to defend their drawbridges, with moats, traps and other devices. It is high time that businesses and crypto exchanges defend their own weaknesses against attack. Blockchain as a database is secure, of course. Let’s make sure that blockchain as a service is too.
About Lior: Lior Lamesh is the co-founder and CEO of GK8, a cybersecurity company that offers high security depository technology for the management and backup of digital assets. Lior acquired his expertise in the field of cybersecurity while being part of an elite team that responded directly to the Office of the Prime Minister of Israel on matters of protection of strategic state assets.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.