Modern blockchains security issues, hacks & solutions

Modern blockchains security issues, hacks & solutions

Category: About

Title image, read title

Current existing blockchains suffer numerous problems. The main ones are scalability options and security issues. The ICOs and crypto exchanges are being targeted quite often, and many high-profile attacks are being conducted on these grounds.

The investors in the digital economy sector proved to be vulnerable to hackers and fraudsters last year as never before. Many factors benefited from that point.

Moreover, none of the fraudsters has been caught or even identified so far, and it’s a good question whether most of these funds can be ever found or returned at all.

According to a recent report put out by Ernst & Young, more than $500 million has been either lost or stolen during ICO stages of projects. However, ICO’s are becoming less popular and less profitable for fundraisers with only 25% of ICO’s meeting their fundraising goals in November 2017 as opposed to 90% in June of the same year.

Anyway, this can be partially attributed to the numerous scams which have kept investors on high alert plus several warnings from many governments regarding the risks involved in ICO investing.The largest hacks should be mentioned here.

1)Coincheck hack– NEM token worth of $530 Million stolen.

The most known and reputable Asian cryptocurrency exchange had quite recently shocked the world with the news of the record-breaking theft.Unidentified hackers had stolen $530 million from the Japanese exchange. It’s officials, of course, promised to partially refund almost 260,000 cryptocurrency investors affected by the theft –, no timeframe is established for so far, and it is unknown where would the platform get such amount of money anyway.The hack occurred at the end of January, eclipsing the estimated $400 million in stolen from Mt.Gox in 2014.

Coincheck reported the hackers stole customer deposits of NEM, a less well known digital currency. The exchange promised to use cash from its own funds to pay out ¥46.3 billion ($426 million) towards covering its user’s losses. Sadly for users, but that makes 20% less than the total value of the virtual tokens that had been stolen.

The price of NEM plunged almost 20% after the theft came to the light of the public, but it had since recovered those losses.

2) Mt. Gox — 744,408 Bitcoins (nearly $400,000 million in 2014) stolen.

No doubt, the most famous theft case and the biggest loss in the history of crypto exchanges in an infamous Mt. Gox hack which led to the largest known loss of Bitcoins so far.

The Mt. Gox, also based in Japan, had been the world’s biggest cryptocurrency exchange in 2014 when hackers had stolen an estimated $400 million worth of Bitcoin back in the days. Mt. Gox went bankrupt shortly afterward, and affected users still haven’t been compensated. The theft of top coin had been a result of a group of high-skilled black-hat hackers attack who had used certain security vulnerabilities to get an unbelievable number of BTC from the exchange.

Later it became known to state officials that MT. Gox ended up working without a license in the US, which naturally attracted the attention of the feds.

Coinlab company had also filed a $ 75 million lawsuit for contract breach. The subsequent investigation led to the seizure of another $ 5 million, which caused a significant blow to the reputation of the company.Unfortunately, it was only the tip of the iceberg — it turns out that the organization had deeper problems. Serious troubles began when the company has ceased to create a healthy culture of development for their software. Since the Director General had to give his approval before approving most of the innovations and processes, platform developers had to spend a lot of time implementing technical solutions.

Like with any extremely valuable asset, vultures are always circling — hackers took advantage of weaknesses on the stock platform to gain access to Bitcoins — within a few minutes there was a large-scale sale of coins for millions of dollars, most of which were sold literally for cents. In General, world prices for Bitcoin have stabilized soon after the incident, but the damage done has already been tremendous.

In the end, it became evident that Mt. Gox lost about an equivalent of about $ 400 million. The stock company was supposed to declare bankruptcy and hundreds of thousands of people have lost money. Japanese authorities arrested the General Director for fraud, later he pleaded not guilty and was released.

3) BitGail — $170 Million stolen

Here is another excellent example of the high-profile cyber-attack happened– the official statement from Italian BitGail crypto exchange confirmed $170 million worth of token missing after the exchange hit.

This is another record-breaking exchange hack during early 2018, following the Coincheck token theft.

At this time the company behind the exchange had not revealed the exact date of the incident, but the legal authorities had been informed, and all transactions had been frozen. According to the official statement, “internal company checks revealed unauthorized transactions which led to 17 million Nano tokens shortfall, an amount forming part of the wallet managed by BitGrail”.The company, however, also states on its website that it doesn’t believe any other tokens were affected by this hack.

4) NiceHash — $70 Million stolen

The Slovenia-based company NiceHash is specialized in helping crypto currency miners in the purchase or sale of computer capacities and provides its transactions in Bitcoins. The miners are not exposed to third-party threats, and the main feature of the platform is an absence of prepayments, the buyers also are paid in BTC.

On December 6, 2017, there had been a severe breach in the servers’ security. Reddit users had reported that they are unable to log in to their accounts or make any transactions — when they tried to log in, everyone had been notified of technical works performed on the platform. The service platform had undergone a powerful cyber-attack resulting in as many as 4,736,42 (at the rate of 6.12.2017 the losses amounted to almost $ 70 million) of Bitcoins had been stolen.

Despite the incredibly high losses, NiceHash was able to continue its operations and provide services on crypto currency mining.CEO and founder Marco Kobal left his post to the project got a new management team. However, with it, the company managed to restore the investor confidence quite fast and began to strengthen its protection and defense systems against future intrusions.

5) Bifinex — 119,756 Bitcoins ($72,000 million in 2016) stolen

The Bifinex was regarded as the world’s largest cryptocurrency exchange until it was later consumed by ANX.On August 4, 2016, an unknown group of hackers stole 119,756 Bitcoins (almost $72 million at the exchange rate of an incident date) from users’ accounts. The attackers had been able to withdraw tokens from their wallets even despite the multi-layer security system. The hacking occurred through the procedure of execution of the multi-entry signature, which allows the transfer of funds. Nevertheless, BitGo announced its social networks, which the violation was not recorded on any of the servers.In consequence, Bitfinex was transparent about the entire trial and reassured its understandably angry customers that they had been working hard to establish compensation. The company purchased back some of its assets from ICO to pay up the users, but the stolen money was never tracked. Bitfinex managed the transfer of BTC, LTC, ETH, and even Fiat money.

6)Tether — $30,9 million lost

Created by the Tether company with a market capitalization of $673 million, the particular service combined the best features of fiat currency and blockchain technology, to provide a form of digital money known as USD Tokens (USDT).

Tether is used as a common platform to transfer cryptocurrencies to other exchanges in other countries without using the dollar, fiat currencies at large and without using the bank institutions. One can use USDT for trading “real world” fiat money for Bitcoin, Litecoin, or Ethereum.

Basically, when you deposit $1 into your Tether account, you are given 1 USDT. The user can also use Tether to convert the cryptocurrency assets into cold, hard cash.

On November 19, 2017, an external attacker gained access to a Tether Treasury Wallet and managed to siphon off nearly $30.9 million in tokens. This attacker used a Bitcoin address for the transaction, so the theft was basically irreversible. However, even before the breach, Tether had severe problems thanks to Bitfinex — a fellow exchange company that had lost lots of investors’ money. Severe allegations had been thrown around — including that Bitinfex used Tether’s assets to commit fraud.

To remedy the situation, Tether company put some strict measures in place, including usage of the Omni blockchain which made it impossible for the attacker to redeem the stolen stash by turning it into fiat currency or Bitcoins. Unfortunately, at the end of the day, there was a widespread panic, which led to the value of Bitcoin dropping.

7)Ethereum — $31 million lost

Initially launched in 2014, Ethereum even since had grown to be the second-biggest digital currency.

At noon on July 20, a hacker drained $31 million (153,037 ETH) out of three huge wallets, which belonged to Swarm City, Edgeless Casino, and æternity. The anonymous hacker managed to change the ownership of the wallets by exploiting a parity-enhanced, multi-signature vulnerability. Developers from Swarm City were among the first to notice the theft — they quickly notified Ethereum Devs, who reached out to white-hat hackers for assistance in the possible recovery of the stolen money.

Moreover, what happened next was so extraordinary that it deserves a spot in the hacker hall of fame: The white-hat hackers established funds that could not be recovered, and swiftly started to secure other compromised accounts. They followed the criminal’s methodology: stealing from similarly compromised wallets. However, instead of keeping the money for themselves, they kept it safe from the attacker. All these events occurred in less than one day.

8)The Bitcoin hack

One of the oldest and most fine examples is the famous Bitcoin hack itself. In 2010, an attacker spotted a bug in Bitcoin’s software and exploited it. This attacker was able to create a single block (#74638) that would create a transaction of 184 billion BTC. Yes, you read that right: It was 183,958,000,000 BTC more than was ever supposed ever to exist. The transaction was split into three parts — 2 equal output values of around 92 billion of Bitcoins and 3 showed a transaction fee. It was instantly apparent that someone had taken advantage of the software bug, which would later be on the list of common vulnerabilities and exposure.

The blackhat-hacker or a group tried to make massive profits out of the blockchain, but members of the community sounded an alarm about the error. They forced the creation of a hard fork, and soon everything ran normally again. Well, it involved more than that — a patch creation to correct the error, which meant the transaction was rendered invalid, and everything rolled back to normal.

If occurred, that would have been a quadrillion-dollar transaction. Anyway, nowadays all of Bitcoin’s investors are aware that there is a hard cap of 21 million BTC.Despite numerous cases of hacker attacks and breaches in even top-notch security systems, leading to frequent money loss, cryptocurrencies continue to attract new supporters, and courses are steadily growing.

The tomorrow’s solutions for today

No doubt, thefts of all cryptocurrencies happen from time to time. However, there’s a significant difference: when someone steals money from your bank account by hacking directly into the bank, it is responsible for the client’s account security and manages problems from this point. When someone hacks into a cryptocurrency, no one covers the losses. The existing blockchains security problems need to be solved as soon as possible before the problems had not gone out of the leash due to imminent quantum computers threat.

The upcoming Cellframe Project is aimed to come up with solutions to many existing and accumulated problems of the blockchain industry such as scalability, security, and variability.

The Cellframe project itself represents a quantum resistant blockchain of the new generation based on 100% original C-code, optimized for high load and merged all the modern features of blockchain technologies to become the real long-term solution and for many industries. One of the essential features are variative Post-quantum algorithms, which will ensure Cellframe quantum resistance against the power of the quantum computing and survive the so-called “Quantum Apocalypse.”

The specific features announced to be implemented from the start — such as ring signatures, encryption variability and different wallet types, multichain & sharding support, enhanced speed, Smart Contracts and Open API for 3rd party coins and projects and so on.

Cellframe project offers flexible to implementing cryptographic algorithms which will make it one of the safest blockchains ever existed with 10+ signature available from the launch already.The multichain technology allows creating almost an unlimited potential for speed and productivity. Cellframe can launch up to 2⁶⁴ parallel subchains, and the transactions can be placed in any block the parallel chain. More subchains — more tx throughput as a result. Every subchain can have its own attributes (a type of consensus, size, and speed of block, etc.).

The use cases

1)Multiple blockchains will allow it to combine a convenient means of payment function (PoS, thousands TX per second) and a value storage means (classic PoW). It will not become less safe or reliable with time because of blockchain’s flexibility and ability to adapt to any cryptography innovations. With popularity growing, we’ll have more and more different coins, and tokens that all would be processed by one wallet. One wallet for different currencies.

2)Smart contracts will become an instrumental part of a genuinely decentralized world computer. Several services will be launched on the blockchain right after a specific progress milestone. The main aim of the company’s blockchain lab is to bring technological value and convenience to people’s everyday lives. Also, we’re planning to extend Etherium EVM machine for work with non-standard tokens. That should attract people excited to run ICO for Post-Quantum blockchain projects, CryptoNote coins, and other non-ERC20 tokens.

Also, because the multiple blockchains are supported and open API that should motivate people to make a new coin to be included in the project’s multiple blockchain sets.

3) Performance and anonymous networking. With Post-Quantum anonymous transactions support and “garlic” routing like I2P, it would be the perfect decision for fast and anonymous networking.

4)Classic currency storage. Because of the flexible structure, one could create a wallet secured with a few different key types. Clients values could be reliably protected with 3–4 different key types. Later on, a client can just forget about it without worries — as the savings will be safe.

5) Truly anonymous transactions. Classic ring signature that is being used by Monero and ZCash right now (ZCash uses hashes but possible to obtain public key as well) are vulnerable to Quantum Computers as well. So, to prevent quantum deanonymization, one should use Cellframe — the currency will be available with Post-Quantum zero-knowledge ring signature for the first time.