Blockchain technology will likely revolutionize the way we live and work. It has the potential to give us greater control over our healthcare and well-being, provide greater insight into the origins and quality of the food we eat and the products we buy, financial transactions will execute faster and be simultaneously more transparent and private, and business will be conducted with greater efficiency and less risk.
Blockchain’s unique attributes will provide a new infrastructure on which the next generation of streamlined business applications will be built. But it also creates unique security challenges.
High profile breaches promote the MYTH that blockchain has been hacked, yet at no point was the underlying blockchain technology broken. All occurred on permissionless platforms where a nefarious actor identified vulnerability within the ecosystems.
US $.5 billion
In 2014, nearly half a billion dollars’ worth of Bitcoin was stolen from Mt. Gox, the largest Bitcoin exchange in the world at the time.
US $60 million
Two years later, roughly US$60 million worth of Ether, a value transfer token, was redirected to a hacker’s account via the DAO, built on Ethereum.
US $72 million
The second largest Bitcoin attack occurred in 2017 at Hong Kong-based cryptocurrency exchange platform, Bitfinex. Hackers made off with US$72 million.
There is a full spectrum of touchpoints across an end-to-end blockchain-based solution. Taking that into consideration is imperative to securing the entire solution. The vulnerabilities outlined above illustrate the fact that, while at no point was the underlying blockchain technology hacked, and these hacks occurred on permissionless platforms, each nefarious actor identified a vulnerability within these blockchain ecosystems. And, while permissionless platforms are unlikely to be the basis of an enterprise solution, there are valuable lessons to be learned.
Vulnerabilities: Blockchain technology will be just one component of the new IT stack. Security needs to be baked into the entire architecture of any blockchain solution. There is quite a bit of confusion and hype around blockchain security, yet threats fall into three main buckets:
The most direct and potentially easiest method of attacking any technology solution is through the endpoint vulnerabilities. This is where humans and technology connect and, with blockchain-based solutions, can include digital wallets, devices, or the client-side of the application.
As new technologies enter the market, developers are incentivized to be first or early with the release of applications, often at the risk of deploying insufficiently tested code on live blockchains. Given the decentralized model of many blockchain solutions, the risks are often greater due to the irreversibility of the technology.
Ecosystem / Third-Party Risks
Organizations wishing to deploy third-party blockchain applications and platforms must be aware that the security of their blockchains is only as strong as its weakest link across all technology provided.
Blockchain implementations and solutions should consider security embedded in the blockchain technology stack. Security measures should be implemented at each layer with a risk-based approach.
Safeguarding for the future
There is an acceleration of enterprise applications with blockchain technology. Just as use cases are examined for their long-term potential, security must also be built to address increasingly sophisticated threats. There are a few hints today that can help uncover what security risks may exist in the future.
Soon, biometric identification will likely be a common method of identity verification, where multiple security protocols will create a unique identifier that can be indexed on a blockchain. No data will be kept on chain, but it will allow the user to prove they are who they say they are
Post-quantum cryptography has arisen as the study of quantum-resistant cryptographic algorithms. And quantum-secured blockchain networks are in early development with the potential to develop mining and private key cryptography that is safe from quantum attacks.
Blockchain is here, and the time to begin thinking about development and security implications for the entirety of a blockchain application is now.