Blockchain User Security

How Blockchain Security Differs From Traditional Cybersecurity – 3 – User Security

This article is the third in a four-part series exploring the differences between traditional IT security and blockchain security.  Check out the first two articles in the series exploring the differences for node operators and application developers. This article explores how user security differs between traditional IT and blockchain environments.  While identical products and services may be hosted in traditional IT and blockchain environments, the differences between these ecosystems can have significant security implications for...
Smart Contract Security Differences

How Blockchain Security Differs From Traditional Cybersecurity – 2 – Smart Contract Developers

This article is the second in a four-part series discussing the differences between traditional IT security / cybersecurity and blockchain security.  Check out the first article in the series discussing the differences for node operators. This article focuses on the differences between application security (AppSec) for traditional applications and smart contracts.  While the first blockchains, like Bitcoin, were not designed to support smart contracts, their invention dramatically expanded the capabilities of blockchain platforms.  The ability...
Blockchain Security Traditional Cybersecurity

How Blockchain Security Differs From Traditional Cybersecurity – 1 – Node Operators

Blockchain is a rapidly-evolving technology with a great deal of interest and investment. Decentralized Finance (DeFi), in particular, has a great deal of money invested in it as well as a growing number of high-profile and expensive hacks.  Beyond DeFi, many companies, both large and small, are investing heavily in blockchain technology. As blockchain increasingly underpins major systems, securing this technology becomes increasingly vital.  Financial systems built on the blockchain can suffer significant losses due...
12 Largest Crypto Hacks

The 12 Biggest Hacking Incidents in the History of Crypto

The most comprehensive ranked list of the biggest crypto hacks in history (Up until November 1, 2022. I suspect a larger one is just behind the corner) It wasn’t easy digging through the entire history of cybercrime involving cryptocurrencies, but we wanted to get to the bottom of which ones were the biggest in terms of total value of the stolen digital assets at the time of the incident. Two of the entries occurred while...
Binance Bridge Hack

How the Big Binance Bridge Hack Will Change the way People View Web3

$566M worth of BNB was stolen from Binance’s cross-chain bridge BSC Token Hub, but how they responded to the hack will be the most memorable part. Decentralization is a hot button topic in web3, and Binance is (at the time of writing) the biggest crypto exchange by trading volume in the world. The recent hack of Binance’s native cross-chain bridge BSC Token Hub revealed to the world what many early adopters of blockchain technology already knew:...
Beanstalk Farms

How a $1B Flash Loan Led to the $182M Beanstalk Farms Exploit

Understanding how flash loans and governance work in DeFi to demystify the Beanstalk Farms Hack The only way to understand how the Beanstalk Farms decentralized credit-based stablecoin protocol exploit happened is to first understand flash loans, which are a little known financial tool unique to the DeFi (decentralized finance) space, as well as governance. A flash loan is, like it sounds, a very fast loan. It happens within a single blockchain transaction and no collateral is...
Smart Contract Supply Chain Security

The Top 4 Supply Chain Security Risks of Blockchain Smart Contracts

Code reuse is considered best practice in software engineering.  Reusing high-quality, secure code can speed development processes and often results in higher-quality code than software developed entirely from scratch.  Additionally, the reuse of high-quality, audited libraries reduces security risks by decreasing the probability that new vulnerabilities will creep into the code base. In open source communities such as the blockchain and crypto community, code reuse is even more strongly encouraged.  Open-source code released with permissive...
Nomad Bridge Hack

How the Nomad Bridge Hack can Help Us Explore the Potential Downsides of Decentralization

One attacker and hundreds of copycats looted the Nomad bridge for over $190 million; few did the right thing. Decentralization is a hot-button topic in 2022. To some, it seems like the solution to a variety of issues plaguing the so-called web2 ecosystem, such as the monopolization of social media, the centralized control over the flow of information, and bad data privacy and data monetization practices. Proponents of distributed blockchain technology offer web3 as the decentralized...
Poly Network Hack

How Crypto’s Biggest Hacker was Found but Never Identified

The $611M Poly Network exploit is the largest crypto hack to date in terms of mark-to-market value and all the stolen funds were returned, but the identity of the hacker is still unknown. Dubbed “Mr. White Hat” by the Poly Network security team, the anonymous perpetrator of the biggest crypto hack to date gave all the stolen crypto assets back within 15 days of the incident. But how was the hack carried out? Why did they...
Wintermute Hack

The $160M Wintermute Hack: Inside Job or Profanity Bug?

Getting to the bottom of the exploit that led to one of the biggest hacks in the history of decentralized finance.  In order to understand the $160M Wintermute hack, we first need to understand algorithmic market makers and how they work in DeFi (decentralized finance), since that’s what Wintermute is. Imagine you’re the developer of a crypto project and you expect to get your token listed on a large exchange, even a top 10 such as...
Blockchain Layers Security

Introduction to Blockchain Layers 0, 1, and 2 Security

What Are Blockchains Layers 0, 1, and 2? A blockchain is a complex, multi-layered system.  Bitcoin, the original blockchain, maintained a distributed and decentralized digital ledger on top of a peer-to-peer network.  Later blockchains, like Ethereum, added complexity by integrating smart contract functionality and the technology needed to support these programs that run on top of the blockchain. In addition to these various layers within a blockchain, there is now the concept of Layer 0, 1,...
BitMart Hack

Trying to Solve the Mysterious $200M BitMart Hack

A missing pile of Safemoon and other cryptocurrencies, accusations of broken promises, and then nothing. When a high-profile cyber attack takes place and hundreds of millions of dollars are lost, usually a healthy balance is struck between safeguarding information to protect ongoing investigations and maintaining a level of transparent communication with the public. In the case of BitMart’s security breach, they chose to keep a lot under wraps. We can still get a general idea of...
DevSecOps Blockchain

Why DevSecOps is Essential for the Blockchain Ecosystem

In recent years, many organizations have adopted more modern development practices, including Agile, Scrum, and DevOps.  The goal of these new processes is to improve the pace and efficiency of development by streamlining the development process and using automation whenever possible. One of the main shortcomings of most DevOps programs is that they overlook security, focusing on getting software released as quickly as possible.  As a result, tens of thousands of vulnerabilities reach production each...
Coincheck Hack

What the $534M Coincheck Hack Taught Us All About Safe Storage of Digital Assets

The biggest crypto heist in history at the time it occurred in 2018 was an eye-opener for many reasons, not least of which for the way the stolen assets were being stored.  Seasoned crypto enthusiasts and early adopters of the disruptive new technology know now that safely storing your digital assets is half the battle, but it wasn’t always so. Insufficiently secured storage was the norm for almost a decade after Bitcoin’s creation, with many...
Blockchain and Crypto Security Book

Blockchain and Crypto Security Training – Free

I’ve been providing blockchain security and crypto compliance training awareness sessions since 2013. I’m sharing my latest blockchain security training material under the Creative Commons Attribution-NonCommercial 4.0 International License. Free download - PDF - No registration required Copyright © Marin Ivezic 2022 This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. This is a comprehensive introduction to blockchain technology and its implementations, together with related cyber risks and vulnerabilities. The material presents a number of...
Crypto Wallet Attacks

Security Threats to Blockchain Networks – 6 – Wallet Attacks

Wallet Attacks: A Deep-dive Wallets are a logical target for cyber-attacks, along with the emerging institutions that hold custody of them on users’ behalf. While secured with technically unbreakable code, hackers have found numerous ways to gain illicit access to user wallets, whether by deception, theft, or ingenuity. In responding to this threat, the crypto-industry must consider whether to opt for traditional KYC-based measures or to seek crypto-native solutions to this perennial issue. If the...
Axie Infinity

What the Biggest Blockchain Game’s Hack Reveals about the Future of Crypto Adoption

Axie Infinity’s Ronin Bridge Hack for $551M worth of crypto assets could paradoxically lead to higher rates of blockchain adoption by showing that it’s a lot easier to track stolen cryptocurrency than people think. The popular misconception that cryptocurrencies are private and untraceable fuels the equally popular misconception that it’s impossible to track and recover stolen crypto assets. In fact, even some of the most high-profile and sophisticated crypto theft operations have been exposed through the...
Blockchain Consensus Attacks

Security Threats to Blockchain Networks – 5 – Consensus Attacks

Consensus Attacks: A Deep-dive Where centralized systems operate on the basis of centralized permission, blockchain protocols proceed on the basis of decentralized consensus. While this is more secure in theory, the system is not flawless. All blockchains are susceptible to consensus hacking, thanks to the ability to simulate, force, or circumvent majority consent for a nefarious aim. Solutions can be found for some of these attacks, but ultimately, the only solution to the consensus problem...
Blockchain Network Attacks

Security Threats to Blockchain Networks – 4 – Network Attacks

Network Attacks: A Deep-dive Network attacks are a class of exploits that focus on the isolation and manipulation of individual nodes or groups of nodes. While blockchain networks are theoretically robust against such attempts, both hackers and academics have found loopholes that can be used not only to defraud and damage individuals, but also scale up to take down entire exchanges. While easily overlooked, the list of network attacks is likely to grow in the...
Smart Contract Security

Security Threats to Blockchain Networks – 3 – Smart Contracts

Smart Contract Risk and How to Mitigate It: A Deep-dive The strengths of smart contracts are also the source of its weaknesses, and will always present opportunities for hackers to exploit. So far, the pace of innovation in counter-measures is struggling to keep pace with innovation in the methods of attack. It’s reasonable to assume that as the Web3 environment stabilizes, an equilibrium will be achieved. However, the threat cannot be eliminated, and vigilance will...