Although the blockchain guarantees the traceability of transactions by shielding them from manipulation, networks are not completely shielded against the threat of cyberattacks and their exposure differs depending on the levels of access to them in an environment where cyberattacks are highly diversified, as analyzed by A3sec.
The blockchain is considered one of the most reliable technological infrastructures today, given its quality of maintaining an immutable record of the transactions that are carried out on its network, but it is not exempt from current cybersecurity threats that can affect the processes and generate millions in damages.
It is estimated that thefts associated with computer attacks against blockchain networks amounted to almost US$1.3 billion as a result of 78 events of this type only in the first quarter of 2022, according to the latest available numbers from Atlas VPN.
Blockchain is the infrastructure behind the operation of popular cryptocurrencies such as bitcoin, a market that has not been exempt from cybercriminal activity either, and in the first half of this year thefts from cryptographic projects approached US$2 billion as result of 175 hacks, which represents an increase of 94% compared to the same period of 2021.
Despite its reliability, the blockchain is not exempt from cybercrime and some of the best-known vectors have included code exploitation, key theft, as well as taking advantage of vulnerabilities in organizations' computers and not necessarily those of the central servers, as happened to the Bithumb exchange, which suffered a hack that compromised the data of 30,000 users and meant the theft of at least US$870,000 in bitcoin.
“While some of the underlying capabilities of blockchain provide data confidentiality, integrity and availability, like other systems, it is necessary to adopt cyber security controls and standards for organizations using blockchain within their technical infrastructure to protect their organizations from external attacks,” according to a Deloitte report.
Currently, it is believed that phishing is among the main vectors of attacks against the blockchain infrastructure and an event of this type resulted in a theft equivalent to 1.5 million euros in OpenSea, an online marketplace specializing in NFTs that lost 254 tokens in February as a result of this fact.
However, this traditional technique in the world of cybercriminals is not the only one that is wreaking havoc in the blockchain universe today, since other modalities such as routing or the Sybil Attack also stand out.
Other recognized attack vectors are the so-called 51% attacks, which occur when a cyber attacker has "sufficient mining power to intentionally exclude or modify the order of transactions", with the most vulnerable cryptocurrencies being those of the altcoin group, according to explains a report from Binance Academy.
Despite all its qualities, there are different types of access levels in the blockchain that can determine its degree of vulnerability to cybersecurity events. The two broad categories of this infrastructure are the private blockchain (which requires access permissions and is controlled by a single organization) and the public (which is available to any member of the network, as is the case with bitcoin).
IBM analyzes that public networks have certain disadvantages since in them "there is little privacy for transactions and security is weak", which should be considered in the business uses of this infrastructure.
Other types of blockchain include federated networks, in which a number of organizations have access to the network and manage it through certificates, keeping the code open so more people can work on it.
And a fourth category includes so-called blockchain networks as a service, which allow companies to access cloud tools offered by large software providers to take advantage of blockchain infrastructure without having to develop their own.
Some of the practices to strengthen security in the blockchain include, among others, improving network access management, which implies having established protocols for the different passwords and adopting technologies that allow anticipating risks, through identity verification and constant verification.
“Management risks arise primarily from the decentralized nature of blockchain solutions and require strong controls over decision criteria, management policies, and identity and access management,” IBM stresses.
In A3sec they see that oversight of network security is key to keeping processes optimized and identifying gaps, based on the learning that is generated through the data, for which it is key to have a technical infrastructure.
Finally, it is increasingly important that companies that operate with these networks find support in specialized cybersecurity firms that can offer this support, in a challenging environment in which it is essential that businesses know how to react to these breaches that are emerging and can generate on a day-to-day basis. Said security schemes must address the risks associated with the management and processes themselves, as well as prevent possible failures of the technologies by creating different response layers.
With different degrees of access to blockchain and security networks, companies are faced with the challenge of managing these threats with a more determined focus on detection and response, relying on other pioneering technologies such as automation and artificial intelligence to identify different practices. , breaches or specific failures that can influence the security of these networks, as recommended by A3sec.
Even more so when the new challenges come with solutions such as quantum computing, which, given its ability to solve complex problems that conventional computers cannot handle, is capable of revealing the vulnerabilities of "many of the public key cryptosystems currently in use." use,” which “would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere,” as warned by the National Institute of Standards and Technology (NIST).”
In addition, the whole wave of green technologies (Green IT), which could have impacts on cryptographic mining, will bring additional challenges and burdens in operational terms to keep the blockchain network in the mean that they have already been changing to be lighter, exposing the decentralized and anonymous model we know.