Security in Blockchain
Introduction
Back in 2022, Chainanalysis reported that over $2 billion had been exploited by attackers on over thirteen DeFi protocols; these include over $570 Million stolen on Binance, $600 from a bridge protocol behind the popular gamefi project, Axie Infinity, and over $35 million from the Wormhole network.
The repetition of blockchain attacks has led many to doubt the ability of blockchain to operate as a highly secure alternative to traditional technology despite its adoption and claimed features. This article explores the different types of blockchain, the fundamental security offered to users by blockchain technology, the nature of the possible attack, and how users can protect assets better on the blockchain.
Types of blockchain technology
Here, we categorized blockchain into three broad types based on access restriction feature.
- Public Blockchain
Public blockchain refers to a permissionless blockchain with no access restriction. By implication, anybody can participate in the ecosystem once the required threshold and hardware configuration are met. Public blockchain implies that access is open to the public; hence, anyone can view transaction details and chain interactions.
Notably, public blockchain is not generally unsecured because anyone can access it. Usually, users enjoy a reasonable level of anonymity, which ordinarily protects users' data when transacting. However, details like public wallet address, amount transacted, and wallet sent to are available, making transactions susceptible to MEV attacks. For instance, the BSC scan is open-source, where anyone can view transaction details, confirmation, and block validation.
- Private Blockchain:
Private blockchain is a permissioned ecosystem where access is only granted to selected individuals through special endorsement. These features naturally enhanced the security of the blockchain, even when it is not exclusively resistant to attack. Since access is restricted, it eliminates the occurrence of random attacks.
Additionally, private blockchain enjoys the extensive security of a regular blockchain, making it suitable for an ecosystem where transactions must be monitored and regulatory compliance must be ensured.
- Hybrid Blockchain
This type of blockchain combines the features of public and private blockchains. Usually, the term hybrid is used to describe interoperable public and private blockchains.
The fundamental security features of a blockchain
- Cryptography
The backbone of blockchain security is cryptography. It covers the use of the hash function, the creation of cryptographical keys, and the requirement for digital signatures to protect assets stored on the blockchain.
The hash function transforms blockchain data into a string of characters to secure information stored in blocks. Blockchain-based exchanges leverage the cryptographical keys to create public and private keys for users. While wallet holders use the public keys (wallet address) to receive digital assets, the private keys grant users exclusive access to their funds and must be stored securely by holders. Private keys are also used to create digital signatures for wallet holders, and the signature can be used to approve pending transactions.
The combination of these three components of cryptography allows users to protect their wallets. It further ensures protection against the wallet provider's access, ensuring that users enjoy non-custodial access to their funds.
- Decentralization:
Following a series of system compromises (attack and mismanagement), crypto investors became aware of the nature of security offered by decentralized and centralized networks and exchanges. Blockchain, by its original nature, is decentralized because it is a system that is designed to eliminate the instance of a single point of failure compromising the integrity of blockchain data.
By ensuring that blockchain data is validated and managed by diverse participants, blockchain eliminates the inherent problem, i.e., over-reliance on a central authority that can easily manipulate or tamper with data. This makes blockchain a more secure technology than regular tech tools.
- Consensus Mechanism
The need to ensure that network participants don't get to compromise a blockchain takes security to another level. Historically, blockchain was invented to resolve the Byzantine Generals' Problem. The problem revolves around creating a way for Generals at war to communicate information from different locations while ensuring traitors do not manipulate or change the information disseminated to the General's army, leading to the army acting in manners that contradict the original instruction and consequently being defeated at war.
Two major consensus mechanisms are adopted to verify transactions in the blockchain space. The Bitcoin blockchain uses the Proof-of-Work consensus mechanism where network participants (miners) are required to solve complex mathematical problems for rewards. From the first to the most recent block in the network, a validation process is repeated each time someone attempts to execute a transaction.
The other consensus mechanism is the Proof-of-Stake mechanism adopted by the Ethereum blockchain to confirm the validity of transactions. Under this approach, participants (validators) must stake their assets on the ecosystem (32 $ETH) before they are allowed to operate as validators. The staked asset acts as collateral that can be slashed when a validator acts maliciously.
- Immutability
A notable feature of blockchain that allows it to offer advanced security is the fact that data stored on a blockchain is tamper-proof. Hence, when a transaction is validated, a block is generated and added to the blockchain. The information in that block cannot be edited or tampered with because a chain of connection is maintained between all the blocks. Hence, tampering with one block requires adjusting the previous blocks, which is not logically feasible.
Vulnerabilities in Blockchain
The presence of these above features does not completely take blockchain away from the shadow of attacks. Hence, bad actors in the blockchain space frequently explore the inherent vulnerabilities in this technology to launch an attack, compromise system integrity, delay usage, or steal users' funds.
- The 51% Attacks: Blockchains that utilize the Proof-of-Work consensus mechanism are susceptible to this attack. When a group of attackers gains 51% of the controlling power, they can launch an attack, validate invalid or malicious transactions, or manipulate the blockchain.
- Phishing Attack: An attack can be launched against a network through socially engineered tactics like sending malicious links to users. When users click the link, it may connect to their wallets, reveal their private keys, and grant attackers access to their funds.
- Software Bugs: The former CEO of Binance acknowledged the fact that no matter how prepared a system is, software codes are not 100% resistant to bugs. However, several projects offer bug bounty, which allows them to get a third party perspective on system's security strength, detect possible vulnerabilities and take necessary actions.
- Sybill Attack: This happens when attackers gain proportional access to a blockchain, allowing them to manipulate the network.
- Smart Contract Vulnerabilities: It is essential to mention that blockchains run on self-executing contracts that may become susceptible to attack if not properly created. The DAO attack in 2016 is an example of this occurrence.
How to Protect Assets on Blockchain
- Use strong cryptographic standards.
- Conduct regular system audits and code review.
- Organize periodic bug bounty to get third-party perspectives on system vulnerabilities.
- Use a multi-signature wallet for an extra layer of protection.
- Educate users on possible attacks like phishing to help them take proper care.
- Adopt DAO to eliminate the central decision-making process.
- Create a threat or attack response plan.
Conclusion
While blockchain is an extensively secured technology, usage is still prone to some of the discussed vulnerabilities. Hence, even when a particular platform may offer decentralized features, the existence of a central decision-making process may compromise users' and assets' safety. Similarly, despite the cryptographical elements put in place to ensure security, wallet holders have a large share of duty in protecting their wallets from public access.