Blockchain is among the most secure technologies with data integrity, a decentralized system, and verifiability. However, new forms of security threats are emerging that are capable of causing enormous, irreparable damage. This article looks at the most common blockchain-related attacks that have challenged the technology’s security credentials and the top ledger vulnerabilities that enabled such attacks.
Through cryptocurrency attacks, the cybercriminal community amassed $4.25 billion last year, nearly three times the $1.49 billion in crypto assets looted in 2020. According to statisticsOpens a new window gathered by Comparitech, six of the top ten most expensive crypto breaches occurred in 2021. Another survey revealed that exploiting decentralized finance (DeFi) protocols was the fastest-growing way to steal crypto in 2021. DeFi is responsible for $1.4 billion of the overall crypto money lost alone in the previous year. The report stated that the technology is nascent, hence featuring many vulnerabilities that hackers routinely exploit.
2022 also began with a massive breach in Crypto.com’s infrastructure, indicating the emergence of a more complex pattern of crypto-attacks. The cryptocurrency exchange was plundered out of $30 million in crypto from 483 consumers’ digital wallets in January. The attackers seized 4,836.26 ETH ($13 million) 443.93 BTC ($16 million), and $66,200 in other currencies.Â
Zebpay, one of the oldest cryptocurrency exchanges, faces a minimum of two DDoS (Distributed Denial of Service) attacks in a month. Malicious hackers routinely try to overwhelm the company’s servers to interrupt services or scout for flaws in its network infrastructure.Â
These attempts and others suggest that it is high time for blockchain platforms to stop relying on their inherent security, begin implementing additional controls and safeguards and employ third-party auditors to assess their security. To understand the pattern of attacks and prevent future breaches, Toolbox has compiled a rundown of the top five hacks along with possible vulnerabilities to consider.Â
Top Five Blockchain Attacks
Wormhole, a cryptocurrency platform, was hacked in February 2022. The platform is a communication hub for Solana, an ethereum rival, and other self-driving financial networks. The corporation incurred a total loss of $326 million. According to reports, the problem was created by faulty account validation.
On Twitter, Wormhole also posted a chronology of the occurrence. The company fixed the vulnerability just six hours after the attack, and funds were returned early the next day. It also quickly restored the token key that hackers had knocked offline during the attack.
All funds have been restored and Wormhole is back up.
We’re deeply grateful for your support and thank you for your patience.
â€” WormholeðŸŒª (@wormholecrypto) February 3, 2022Opens a new window
Hackers were able to compromise the encryption of two hot wallets linked to the BitMart crypto exchange thanks to a hacked private key â€” a component of the cryptographic pair that is intended to be kept as a secret.
In a tweet reporting the discovery of the loss, the group indicated that $100 million of the heist was on the Ethereum blockchain, which was targeted the most in big cyberattacks last year.
1/3 We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets. At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 millions.
â€” Sheldon Xia (@sheldonbitmart) December 5, 2021Opens a new window
For a few days, the company terminated its transaction facilities until the time they declared a security improvement. Sheldon Xia, BitMart’s CEO, assured its users of finding solutions and paying impacted consumers with corporate funds.
Last year in August, Poly Network was targeted by a hacker who exploited flaws in the platform’s infrastructure and swindled more than $600 million in funds. The attacker approached the firm and offered to refund the bulk of the assets, except for $33 million in tether (USDT) that issuers had locked. But the saga didn’t end there: $200 million of the stolen funds were locked away in an account that needed a key from both the hacker and Poly Network.Â
The hacker first refused to pass out credentials from their end. Until Poly Network pleaded with them to reveal it, gave them a $500,000 reward for discovering the system flaw, and even guaranteed them an employment opportunity. Poly Network later reported that the private key had been handed to them by some anonymous â€œMr. White Hat.â€
The attack on MT Gox was the first significant exchange attack, and it remains the greatest Bitcoin exchange robbery to this day. The heist at MT Gox was not confined to a single incident. Instead, the site was losing money from 2011 till February 2014. Over a few years, hackers gained access to 100,000 bitcoins from the site and 750,000 bitcoins from its users. These bitcoins were valued at $470 million and are now worth approximately ten times more ($4.7 billion). MT Gox fell bankrupt shortly after the incident, with liquidators recovering about 200,000 of the stolen bitcoin.
Unauthorized users gained access to Liquid’s wallets in August 2021 and transferred cash worth more than $97 million, according to the Japanese cryptocurrency exchange. The hackers broke into Liquid’s hot wallet and stole Ether, Bitcoins, XRP, and 66 other cryptocurrencies. Over 78% of the damage was due to Ethereum-based assets.
A chunk of the hackers’ plunder was transferred using leading-edge platforms like UniSwap, whereas the funds sent to other major cryptocurrency exchanges were withheld at the company’s request. After transferring unaffected assets to cold wallets, the platform resumed trading and beefed its security by including secure vaults.
Also, the company assured its customers of â€œno impact on user balancesâ€ and later borrowed $120 million from the FTX crypto exchange to reimburse consumers and pay its losses.
Top Five DLT Vulnerabilities to Keep in Mind
As emerging technologies like blockchain become commonplace, hackers devise new tactics and techniques to bypass their security controls. They also implement fresh strategies to exclusively exploit known vulnerabilities in blockchain networks. Below are some successful exploits that have been carried out in recent years:
As exchanges improve their cloud security, attackers have shifted their focus to human users with social engineering hacks and persuasion tricks, emphasizing the significance of comprehensive security training for employees. The following are some examples of typical exchange attacks:
- Phishing accounts to get access to crypto accounts and transfer funds
- Exploiting software vulnerabilities to execute attacks
- Targeting unpatched software that the exchange platform usesÂ
A majority attack, also known as 51%, takes place when an individual or group of people gets control of more than 50% of the hashing power on a blockchain. This is often accomplished by renting crypto from a third party. Platforms like MonaCoin, ZenCash, Bitcoin Gold, Verge, and Shift, have all fallen victims to 51% attack.
Exitscams occur when a cryptocurrency exchange mysteriously leaves with user funds, restricting them from retrieving funds from their wallets. This is usually a consequence of one or more people on the executive team embezzling user funds. The attack can be premeditated or occur unexpectedly due to flaws in security of the blockchain platforms.
DeFi is a peer-to-peer system that uses smart contracts to make financial products accessible in a decentralized blockchain network without the involvement of intermediaries such as banks and brokers. According to DeFi Pulse, the overall value of DeFi contracts has increased to over $80 billion in August, up from $10 billion in September last year. Attackers frequently fund DeFi operations with flash loans, which need no collateral or Know-Your-Customer (KYC) information, making it more difficult to uncover rogue actors. While more trading platforms are auditing their contracts in the hopes of averting an attack, experienced hackers continue to find loopholes.
In crypto-space, spear-phishing activities are becoming more common. In these types of intrusions, the cybercriminal has access to more information about the victim, which they may use to customize their operations. The attackers typically seek information from more trustworthy sources.
Blockchain network flaws might be extremely costly, especially in peer-to-peer ecosystems where anybody can join anonymously. And it becomes too difficult to correct mistakes when one’s identity is hidden. Therefore, it becomes imperative to know about the security holes and the kinds of attacks that cybercriminals can attempt to spot and fix them beforehand. Due to the irreversible nature of blockchain, a detailed understanding of concepts, security audits, and extensive testing is required before its adoption.
Does your blockchain platform feature adequate security controls? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!