Blockchain Hacks: Can They be Prevented with Smart Contract Audits?

Blockchain Hacks: Can They be Prevented with Smart Contract Audits?
фото показано с : beincrypto.com

2022-8-26 08:10

Blockchain hacks will continue as long as cybercriminals keep easily discovering security vulnerabilities. Here is what happens if security is lacking, says Sumit Siddharth, founder of the SecOps Group.

With the exponential growth of cryptocurrencies, NFTs and other blockchain implementations, there has never been a better time for a cybercriminal to convert a vulnerability into easy and big money.

Blockchain Hacks and Security Audits

We see two different types of attacks involving crypto currencies. One of these is centred around the end user (the victim). The attack technique relies on social engineering tricks such as convincing a victim to send cryptocurrency to an attacker’s wallet.

The other type of hack we see is a bit more complicated and requires a deep understanding of blockchain smart contracts and associated components, such as side-chain, cross-chain, wallets, understanding of various protocols, and more.

The SecOps Group have now launched a blockchain smart contract security audit, to help blockchain developers identify and patch security issues before they get exploited in the wild.

Blockchain Hacks – Where They Start

Blockchain is a transaction record database that is distributed, validated and maintained around the world by a network of computers. Instead of a single central authority such as a bank, a large community oversees the records in Blockchain. No individual person has control over these records. Blockchain is based on decentralized technologies. Together these technologies function as a Peer-to-Peer (P2P) network.

Blockchain technology is being used in many different industries. The annual blockchain spending by companies will reach $16B by 2023, according to recent research by CBInsights. The rate of adoption of the technology is increasing.

Nowadays, there are various blockchain platforms in the market. Each platform uses its own technology. For example, the Ethereum platform uses Solidity language. Hyperledger platform uses the Go language. EOS platform uses Node.js. Multichain platform uses C++. Corda platform uses Java/Kotlin language, etc. The most famous cryptocurrency Bitcoin (BTC) was developed on the Bitcoin platform. The Ether (ETH) cryptocurrency was developed on the Ethereum platform.

When any of the above is compromised, huge hacks can result.  

Blockchain Hacks of Note Solana Wallets Attack – $7 Million – August 03, 2022

Solana is a blockchain-based platform. Many Web3 applications are deployed on the Solana blockchain as it is cost-effective in terms of deployment. Recently a wallet-based hack was observed in the Solana blockchain.

The root cause of the breach is unclear, but it appears to be due to a flaw in the wallet software used, which resulted in the private key and/or seed phrase compromise. A private key is unique and links a user to their blockchain address. A seed phrase is a fingerprint of all of a user’s blockchain assets that is used as a backup if a crypto wallet is lost. More than 7,000 wallets have been drained of more than $7m worth of SOL tokens.

Axie Infinity Ronin Bridge – $625 Million – March 28, 2022

The largest-ever crypto hack measured in fiat dollars came after hackers gained control over a majority of the cryptographic keys securing the play-to-earn game’s cross-chain bridge. Four of the nine keys were stolen when an Axie developer clicked on a fake job offer PDF.

Wormhole Cross Chain bridge attack – $325 Million – February 2, 2022

Wormhole is a Ethereum- and Solana-combined blockchain-based Web3 bridge. It uses an intermediate bridge to transfer tokens between two different networks. A blockchain bridge is a protocol connecting two economically and technologically separate blockchains to enable interactions between them.

A hacker exploited smart contracts on the Solana-to-Ethereum bridge to mint and cash out wrapped ether without depositing collateral. This allowed hackers to steal a total of $320 million combining Ethereum and Solana tokens. Wormhole renamed its bridge portal and currently holds over $480 million, according to crypto data firm DeFi Llama.

Smart Contract Audits

A smart contract audit is an extensive methodical examination and analysis of a smart contract’s code which is used to interact with a cryptocurrency or blockchain. This process is conducted to discover errors, issues and security vulnerabilities in the code, and suggest improvements and ways to fix them. Generally, smart contract audits are necessary, because most of the contracts deal with financial assets and/or valuable items.

The security audit of smart contracts has become important today. Thousands of decentralized finance projects and NFT projects have been developed in blockchain technology aka web 3.0, so securing them is equally important as building them.

About the Author:

Sumit Siddharth is the founder of the SecOps Group. He is a serial cyber entrepreneur and a well-known security professional. He has been a speaker and trainer at many international conferences such as Black Hat, Defcon, HITB, Owasp Appsec etc. During his days as a pentester he authored a number of books, articles, exploits and whitepapers on various topics related to application security. Sid’s first business (NotSoSecure) was acquired in 2018 by the Claranet Group. He now runs a boutique security consultancy (pentesting) firm called The SecOps Group. He is also an advisor and angel investor in multiple niche cyber security start-ups such as Red Hunt Labs (Attack Surface Management), PureID (Passwordless Authentication), VulnMachines (free pentesting lab platform) and RankedRight (vulnerability triaging platform).

Got something to say about blockchain hacks or anything else? Write to us or join the discussion in our Telegram channel. You can also catch us on Tik Tok, Facebook, or Twitter.

The post Blockchain Hacks: Can They be Prevented with Smart Contract Audits? appeared first on BeInCrypto.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

High Performance Blockchain (HPB) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $0.0064459
Капитализация $0 Rank 99999
Цена в час новости $ 0.0910131 (-100%)

hacks blockchain smart contract audits prevented happens

hacks blockchain → Результатов: 126


Фото:

CertiK Achieves $2B Valuation After Latest Funding Round And This Growth Paints A Grim Picture For Cryptos

Blockchain watchdog, CertiK, is now valued at $2 billion after completing a funding round. The steep rise in value for the firm could be the foreboding of the impending crisis for cryptocurrencies. Hacks and exploits have threatened the survival of the nascent industry with billions of investors’ money lost to criminals. In Q1 of 2022, […]

2022-4-12 14:43


Фото:

Breakdown: How the hacker stole 80k ETH from the Solana Wormhole bridge

One of the worst hacks against the Solana blockchain happened on Wednesday when a hacker managed to transfer 80,000 ether (ETH), over $214 million at the moment of writing, out of the Solana system and into the Ethereum blockchain through the Wormhole bridge – a service providing the ability to transfer funds between the different […] The post Breakdown: How the hacker stole 80k ETH from the Solana Wormhole bridge appeared first on CryptoSlate.

2022-2-3 16:00


How Intellectual property could be Transferred through the Blockchain Ecosystem

While the world has evolved from storing and transferring information from paper to cloud storage, data is still not entirely protected. The existing cloud storage system used for sharing information while encrypted is centralized, and centralized systems have the inherent disadvantage of being vulnerable to hacks and attacks.

2021-10-17 15:43


Фото:

Ciphertrace Report Shows Crypto Crime Moving to Defi

Ciphertrace, a blockchain analytics company, has announced that crypto-related crimes have moved to the realm of decentralized finance (defi) apps and protocols. Now, the impact these hacks and exploits represent is way bigger than the one classic hacks to centralized exchanges and other scams do, according to their latest “Cryptocurrency Crime and Anti-Money Laundering Report.” […]

2021-5-15 03:30


Chainlink Acquires Cornell University’s DECO Project, to Enhance the Privacy of Data on Oracles

Chainlink, the decentralized oracle provider, has acquired Cornell University-based project DECO meant to enhance the privacy of oracles used on blockchain networks. Oracle-based data plays a critical role in maintaining the blockchain network, and with growing cases of hacks and ransomware, strengthening the accuracy, security, and privacy of the Oracle systems would eventually enhance the […] The post Chainlink Acquires Cornell University's DECO Project, to Enhance the Privacy of Data on Oracles first appeared on BitcoinExchangeGuide.

2020-8-31 16:26


This Crypto Startup Hacks Its Own Users’ Wallets to Rescue $13 Million

By CCN: Better the thief you know than the one you don’t. Cryptocurrency platform Komodo has had to hack its users after discovering a serious security flaw in one of its wallets. According to a press statement by the blockchain startup, Komodo’s cybersecurity team was able to ‘sweep’ in and retrieve 8 million Komodo coins (KMD) and 96 Bitcoin before hackers got hold of the exposed loot.

2019-6-7 15:19


Cryptopia Hacker’s Ill-Gotten Ethereum (ETH) Funds Still On The Move Per Blockchain Trackers Working Magic

Cryptopia Hacker Still Moving Stolen Funds Around Recently, Cryptopia hit the news officially announcing that it had chosen Grant Thornton as official liquidators to begin its liquidation process. This was as a result of the hacks suffered by the New Zealand crypto currency exchange, causing it to lose at least $16 million. About a week […]

2019-5-22 18:44