Blockchain isn’t secured after all!

Photo by André François McKenzie on Unsplash

When Satoshi Nakamoto’s revolutionary paper Bitcoin: A Peer-to-Peer Electronic Cash System hit the world, it took the stage by storm. It introduced the concept of Blockchain: a trustless and fully decentralized peer-to-peer immutable data storage.

Blockchain has been hailed as the most secure system for recording information by the tech and the security community. Getting into the details of the working of blockchain is beyond the scope of this article but here’s the gist:
Being decentralized gives blockchain a better line of defence. To alter a chain, a hacker or criminal would need control of more than half of all the computers in the same distributed ledger.

So theoretically it is next to impossible to manipulate a blockchain network. It is indeed the perfect solution or is it?

The last few weeks have seen a lot of action in this regard. A crypto platform Polychain was a victim of a $600 million heist.
Cross-chain DeFi platform pNetwork has been robbed off of $12M worth of bitcoin. These are a few of many instances where the most secured decentralized network has come under attack.

So what’s going on here? Have these hackers figured out a loophole in the system that all of the good-smart folks in the security and tech world missed out on? Or is it Satoshi Nakamoto himself who intentionally left a vulnerability and is now exploiting it !! Nah, that’s too dramatic.

Turns out blockchain is susceptible to the same risk that any other system, that was built by man is. It’s the cliched Human-error. Blockchain is still good and does exactly what it claims to be, however, the problem is with the implementation of the blockchain network.

If observed closely all the attacks on the network have exploited bugs in the codebase. And this is a difficult problem to solve because today 90% of the source code is black-box to the developers themselves.

Developers rely heavily on the use of 3rd-party libraries, and there are 2 major problems with that:

  • The internal implementation of these libraries is intricate to understand in some cases since these are highly optimised functionalities.
  • Lack of bandwidth/motivation to have a deeper understanding of the internal workings.

In an ideal world, you would write your custom libraries for every requirement, but that’s just not feasible, heck even FAANG uses a bunch of open-source.

As the world moves closer to adopting cryptocurrencies and using blockchain technology, the risk due to the implementation error will continue to remain the biggest bottleneck. It won’t be too far-fetched to say that the next biggest threat to cryptocurrency after government policies is its source code.

I did mention that this is a difficult problem to solve and we at SecOps Solution are passionate about it and working to solve this specific use case using our enhanced rule-engines and deep-neural network.

To schedule a demo, drop us a note at hello@secopsolution.com

Identifying top 1% Vulnerabilities in enterprise tech stack