One of the hallmark features of blockchain is that it is supposedly much more secure, adding remarkable levels of transparency that can quickly identify and mitigate cyber threats. But, at a time when we’re approaching 2,000 blockchain projects in development worldwide, watching thousands of crypto miners do their thing each day, and seeing billions of investment dollars pouring in each year, are we taking threats seriously? Has the greater community taken aspects of blockchain’s security for granted? The hard truths reveal affirmatives to both questions.
There are multiple ways that users can contribute to their favorite blockchain projects — whether that’s mining, staking or operating nodes (which can include masternodes, full nodes or lightweight nodes). Regardless of what they’re doing, these private deployments require an investment of time, money and effort to set up, so the last thing anyone wants is to fall victim to hackers. Unfortunately, people often don’t invest as much energy in securing their blockchain deployments as they do in getting their different features to work and scale, making the hacker threat very real.
Various attacks have already been seen on mining software, and there have been multiple high-profile thefts that were worth a lot of money. Tokens in staking wallets make very attractive targets. Malicious actors have successfully infected enterprise infrastructures with sneaky mining malware, called cryptojacking; and in 2016, Hong Kong-based exchange platform Bitfinex was hacked, resulting in more than $60 million (at the time) of crypto losses. The fact is that a victim may not even realize they’ve been hacked until it’s too late. Savvy hackers are careful to cover their tracks and siphon only a portion of tokens at a time.
Another emerging security hole in the crypto community is the potential for sensitive metadata to be exposed through common actions like checking balances, initiating transactions or just receiving block updates. This was recently called out by Ethereum Core Developer Peter Szilagyi. While metadata may seem harmless, it can lead to exposing the physical location of a blockchain deployment, which is something most would prefer to avoid. Why is it important to call out some of these threats?
The Difficulty of Securing Blockchain Projects with Traditional Security Applications
Addressing these and other threats today can lead you down the proverbial rabbit hole. Some of the chatter on BitcoinTalk forums reveals sage advice — often learned the hard way — about using virtual private networks (VPNs) and firewalls to secure deployments. However, these discussions are often light on details, especially on adequately configuring protective applications. As you dig deeper, you can get lost in threads upon threads detailing which ports need to be opened for each blockchain and which should be locked down. The point is that solutions like traditional VPNs and firewalls for protecting blockchain networks are possible solutions, but it’s difficult, messy and surprisingly fragile. I’m not saying fragile in the sense of penetrable, but more so in that one misstep or misconfiguration could open the door to vulnerabilities. What you’re left with is a security fig leaf: a false sense of safety actually covering for a gaping hole.
Then there is the centralised nature of network traffic management itself, as it is largely managed by a few centralised internet service providers (ISPs), which are vulnerable to threats like routing attacks. In fact, research previously suggested that just 13 ISPs host 30 percent of the Bitcoin network, while just three ISPs route 60 percent of the transaction traffic.
Making Blockchain Work for Blockchain
So how can we make sure that the networks blockchain developers and crypto miners use are secure? One possible solution is to build on the Marconi Protocol. This way for example, secure channels for data transport via packet-level encryption are enabled by default for any deployment. This is in contrast to using a separate solution such as a VPN, which not only requires specialised knowledge to set up and maintain, but also introduces a central authority and central point of failure into an otherwise decentralised system.
It’s essential that peers establish these secure connections between all nodes in a network so that traffic is safely transported. And with features like network layer virtualisation and traffic proxying built-in, protecting traffic becomes much easier.
Essentially a blockchain protecting the blockchain, this enables management of routing and packet processing with rules stored in blockchain-based smart contracts. This simplifies deployment and maintenance of what often become complex rule sets. Furthermore, with this setup you can allow developers to define their own network traffic rules, such as conditioning on packet-level features to spot a common phishing strategy where a misleading website, similar to a trusted one, is sent to lure in a user. And these framework ideas are just the beginning, especially with an enthusiastic blockchain developer community. Developers can now take the initiative to build their own decentralised security applications for anti-phishing, anti-malware, intrusion detection and distributed VPNs to deploy on the global blockchain.
Trust and Transparency
The bottom line is that it’s not enough to just trust in blockchain security because there is usually more transparency than other technological data security and privacy methods. Developers, miners and even enterprises need to look at the entire digital ecosystem when considering security, as every single point provides savvy hackers with a weak leak to exploit.
As blockchain investment continues to skyrocket and the crypto markets continue to diversify — even with the recent slowdown — we will see more unique and sophisticated examples of cyber criminals penetrating blockchain’s security veneer. That’s the paradoxical ratio of technology: for as many positive innovations that tech brings up, there almost is an equal amount of sinister efforts to match it. The trick is to keep discussing the threats to blockchain while also inspiring and enabling the community to secure it.
e27 publishes relevant guest contributions from the community. Share your honest opinions and expert knowledge by submitting your content here.