Digital currencies and the software developed to track them have become attractive targets for cybercriminals while also creating a lucrative new market for computer-security firms.
In less than a decade, hackers have stolen $1.2 billion worth of Bitcoin and rival currency Ether, according to Lex Sokolin, global director of fintech strategy at Autonomous Research LLP. Given the currencies’ explosive surge at the end of 2017, the cost in today’s money is much higher.
“It looks like crypto hacking is a $200 million annual revenue industry,” Sokolin said. Hackers have compromised more than 14 percent of the Bitcoin and Ether supply, he said.
Super-Secure?
Blockchain records are shared, making them hard to alter, so some users see them as super-secure. But in many ways they are no safer than any other software, Matt Suiche, who runs the blockchain security company Comae Technologies, said in a phone interview.
And since the market is immature, blockchains may even be more vulnerable than other software. There are thousands of them, each with its own bugs. Until the field is winnowed to a few favorites, as happened with web browsers, securing them all will be a challenge.
“Each implementation is going to have its own problems,” Suiche said. “The more implementations, the harder it is to cover all of them.”
Exploiting Forks
Many blockchains started as forks that diverged from existing crypto ledgers, and as Taiwanese security researchers have pointed out, every fork gives hackers a new way to try to falsify data.
In a Dec. 25 paper, researchers at the Institute of Electrical and Electronics Engineers outlined ways hackers can spend the same Bitcoins twice, the very thing blockchains are meant to prevent. In a Balance Attack, for instance, hackers delay network communications between subgroups of miners, whose computers verify blockchain transactions, to allow for double spending.
‘Sensitive Data’
A researcher from Cisco Talos, a security group, found vulnerabilities in Ethereum clients, including a bug that “can lead to the leak of sensitive data about existing accounts.” A security hole in the Parity wallet resulted in losses of $155 million in November.
In December, Youbit, an exchange in South Korea, said it would file for bankruptcy following an attack in which it lost 17 percent of its assets. The same month, mining service NiceHash said hackers stole as much as $63 million in Bitcoin from its virtual wallet.
Opportunity Knocks
But Ma sees an opportunity. In March, Quantstamp will release an automated tool that scours smart contracts for bugs. Established security firms such as McAfee Inc. may also repurpose their wares for the blockchain crowd.
“In many cases, our existing products can help secure the ecosystem,” Steve Grobman, chief technology officer of McAfee, said in a phone interview. “In general, it will be vulnerable to threats just like any other software system.”
Let’s hope they put all that money somewhere safe.
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://www.bloomberg.com/news/articles/2018-01-18/hackers-have-walked-off-with-about-14-of-big-digital-currencies