My Articles
How Blockchain Security Differs From Traditional Cybersecurity – 4 – Security Operations (SOC)
This article concludes our four-part series on the basic differences between traditional IT security and blockchain security. Previous articles discussed the security differences critical for node operators, smart contract developers, and end users.
In many ways, Security Operations Center (SOC) analysts and node operators face similar blockchain-related security challenges. The scale of SOC operations brings with it unique security challenges. Reduced telemetry from decentralized infrastructure hinders SOC detection, but additional information available on-chain could drive...
How Blockchain Security Differs From Traditional Cybersecurity – 3 – User Security
This article is the third in a four-part series exploring the differences between traditional IT security and blockchain security. Check out the first two articles in the series exploring the differences for node operators and application developers.
This article explores how user security differs between traditional IT and blockchain environments. While identical products and services may be hosted in traditional IT and blockchain environments, the differences between these ecosystems can have significant security implications for...
How Blockchain Security Differs From Traditional Cybersecurity – 2 – Smart Contract Developers
This article is the second in a four-part series discussing the differences between traditional IT security / cybersecurity and blockchain security. Check out the first article in the series discussing the differences for node operators.
This article focuses on the differences between application security (AppSec) for traditional applications and smart contracts. While the first blockchains, like Bitcoin, were not designed to support smart contracts, their invention dramatically expanded the capabilities of blockchain platforms. The ability...
Proof of Reserve vs. Proof of Liability vs. Proof of Solvency
Recent events like the FTX meltdown have sparked interest and conversations about how the incident could have been prevented. In the case of FTX, the primary problem was that the platform did not hold sufficient assets to cover its user deposits and liabilities. What are Merkle Trees and Proofs? Proof of Reserves and Proof of Liabilities can use Merkle trees to prove certain facts while keeping data anonymous. To understand how these schemes work, it is...
How Blockchain Security Differs From Traditional Cybersecurity – 1 – Node Operators
Blockchain is a rapidly-evolving technology with a great deal of interest and investment. Decentralized Finance (DeFi), in particular, has a great deal of money invested in it as well as a growing number of high-profile and expensive hacks. Beyond DeFi, many companies, both large and small, are investing heavily in blockchain technology.
As blockchain increasingly underpins major systems, securing this technology becomes increasingly vital. Financial systems built on the blockchain can suffer significant losses due...
The 12 Biggest Hacking Incidents in the History of Crypto
The most comprehensive ranked list of the biggest crypto hacks in history (Up until November 1, 2022. I suspect a larger one is just behind the corner)
It wasn’t easy digging through the entire history of cybercrime involving cryptocurrencies, but I wanted to get to the bottom of which ones were the biggest in terms of total value of the stolen digital assets at the time of the incident. Two of the entries occurred while...
How the Big Binance Bridge Hack Will Change the way People View Web3
$566M worth of BNB was stolen from Binance’s cross-chain bridge BSC Token Hub, but how they responded to the hack will be the most memorable part.
Decentralization is a hot button topic in web3, and Binance is (at the time of writing) the biggest crypto exchange by trading volume in the world.
The recent hack of Binance’s native cross-chain bridge BSC Token Hub revealed to the world what many early adopters of blockchain technology already knew:...
How a $1B Flash Loan Led to the $182M Beanstalk Farms Exploit
Understanding how flash loans and governance work in DeFi to demystify the Beanstalk Farms Hack
The only way to understand how the Beanstalk Farms decentralized credit-based stablecoin protocol exploit happened is to first understand flash loans, which are a little known financial tool unique to the DeFi (decentralized finance) space, as well as governance.
A flash loan is, like it sounds, a very fast loan. It happens within a single blockchain transaction and no collateral is...
The Top 4 Supply Chain Security Risks of Blockchain Smart Contracts
Code reuse is considered best practice in software engineering. Reusing high-quality, secure code can speed development processes and often results in higher-quality code than software developed entirely from scratch. Additionally, the reuse of high-quality, audited libraries reduces security risks by decreasing the probability that new vulnerabilities will creep into the code base.
In open source communities such as the blockchain and crypto community, code reuse is even more strongly encouraged. Open-source code released with permissive...
How the Nomad Bridge Hack can Help Us Explore the Potential Downsides of Decentralization
One attacker and hundreds of copycats looted the Nomad bridge for over $190 million; few did the right thing.
Decentralization is a hot-button topic in 2022.
To some, it seems like the solution to a variety of issues plaguing the so-called web2 ecosystem, such as the monopolization of social media, the centralized control over the flow of information, and bad data privacy and data monetization practices. Proponents of distributed blockchain technology offer web3 as the decentralized...
Introduction to Zero-Knowledge Proofs
Proving knowledge of a secret is the basis of password-based authentication systems. The assumption is that only you know your password. If this is the case, entering your password into a system proves your identity and grants you access to your account.
However, this approach doesn’t work as well on the blockchain, where everything stored on the digital ledger is publicly visible. Any password or other secret included within a blockchain transaction would be revealed...
How Crypto’s Biggest Hacker was Found but Never Identified
The $611M Poly Network exploit is the largest crypto hack to date in terms of mark-to-market value and all the stolen funds were returned, but the identity of the hacker is still unknown.
Dubbed “Mr. White Hat” by the Poly Network security team, the anonymous perpetrator of the biggest crypto hack to date gave all the stolen crypto assets back within 15 days of the incident.
But how was the hack carried out? Why did they...
The $160M Wintermute Hack: Inside Job or Profanity Bug?
Getting to the bottom of the exploit that led to one of the biggest hacks in the history of decentralized finance.
In order to understand the $160M Wintermute hack, we first need to understand algorithmic market makers and how they work in DeFi (decentralized finance), since that’s what Wintermute is.
Imagine you’re the developer of a crypto project and you expect to get your token listed on a large exchange, even a top 10 such as...
Introduction to Blockchain Layers 0, 1, and 2 Security
What Are Blockchains Layers 0, 1, and 2?
A blockchain is a complex, multi-layered system. Bitcoin, the original blockchain, maintained a distributed and decentralized digital ledger on top of a peer-to-peer network. Later blockchains, like Ethereum, added complexity by integrating smart contract functionality and the technology needed to support these programs that run on top of the blockchain.
In addition to these various layers within a blockchain, there is now the concept of Layer 0, 1,...
Trying to Solve the Mysterious $200M BitMart Hack
A missing pile of Safemoon and other cryptocurrencies, accusations of broken promises, and then nothing.
When a high-profile cyber attack takes place and hundreds of millions of dollars are lost, usually a healthy balance is struck between safeguarding information to protect ongoing investigations and maintaining a level of transparent communication with the public.
In the case of BitMart’s security breach, they chose to keep a lot under wraps. We can still get a general idea of...
Why DevSecOps is Essential for the Blockchain Ecosystem
In recent years, many organizations have adopted more modern development practices, including Agile, Scrum, and DevOps. The goal of these new processes is to improve the pace and efficiency of development by streamlining the development process and using automation whenever possible.
One of the main shortcomings of most DevOps programs is that they overlook security, focusing on getting software released as quickly as possible. As a result, tens of thousands of vulnerabilities reach production each...
What the $534M Coincheck Hack Taught Us All About Safe Storage of Digital Assets
The biggest crypto heist in history at the time it occurred in 2018 was an eye-opener for many reasons, not least of which for the way the stolen assets were being stored.
Seasoned crypto enthusiasts and early adopters of the disruptive new technology know now that safely storing your digital assets is half the battle, but it wasn’t always so. Insufficiently secured storage was the norm for almost a decade after Bitcoin’s creation, with many...
Security Threats to Blockchain Networks – 6 – Wallet Attacks
Wallet Attacks: A Deep-dive
Wallets are a logical target for cyber-attacks, along with the emerging institutions that hold custody of them on users’ behalf. While secured with technically unbreakable code, hackers have found numerous ways to gain illicit access to user wallets, whether by deception, theft, or ingenuity. In responding to this threat, the crypto-industry must consider whether to opt for traditional KYC-based measures or to seek crypto-native solutions to this perennial issue. If the...
What the Biggest Blockchain Game’s Hack Reveals about the Future of Crypto Adoption
Axie Infinity’s Ronin Bridge Hack for $551M worth of crypto assets could paradoxically lead to higher rates of blockchain adoption by showing that it’s a lot easier to track stolen cryptocurrency than people think.
The popular misconception that cryptocurrencies are private and untraceable fuels the equally popular misconception that it’s impossible to track and recover stolen crypto assets.
In fact, even some of the most high-profile and sophisticated crypto theft operations have been exposed through the...
Security Threats to Blockchain Networks – 5 – Consensus Attacks
Consensus Attacks: A Deep-dive
Where centralized systems operate on the basis of centralized permission, blockchain protocols proceed on the basis of decentralized consensus. While this is more secure in theory, the system is not flawless. All blockchains are susceptible to consensus hacking, thanks to the ability to simulate, force, or circumvent majority consent for a nefarious aim. Solutions can be found for some of these attacks, but ultimately, the only solution to the consensus problem...