Blockchain seems to be one of the most highly secure networks conceived but yet, there are several Blockchain Wallet Vulnerabilities which were observed as recently called out by a group of researchers when general Blockchain vulnerabilities are being looked into.
The blockchain is a network of global online ledgers. But is it really secure? Its proponent responded by saying yes – Because it assigns smart contracts or transactions to an immutable ledger verifiable by multiple parties. However, a paper recently published reveals vulnerabilities which may subject blockchain entries to hacking, inefficiencies as well as other criminal activity. Published by Peng Jiang, Xiaoqi Li, and Xiapu Luo, the paper shows that blockchain has several vulnerabilities which users need to be aware of so that their cryptocurrencies can be stored safely.
As blockchain increasingly becomes part of the business operations, it is crucial to have a closer look so as to examine the potential security liabilities which comes along with this emerging technology. With an increase in the number of decentralized applications, the privacy leakage risk of blockchain will be more serious, said Li and his co-authors.
A decentralized application, as well as the process of communication between the internet and application, are both faced with privacy leakage risks. They urge greater adoption of techniques to address the challenge which include: “code obfuscation, application hardening and the execution of trusted computing.”
Experts from Huobi exchange, one of the largest Crypto Exchanges in Asia has also recently highlighted the need for education of Blockchain, especially on wallet handling. it is critical to be aware of potential threats in this space.
With market adoption of Blockchain a key goal of both institutions and governments (eg, Vietnam has encouraged Blockchain applications and education as described here). What we can do is to make sure we learn and understand about Blockchain Wallet Vulnerabilities that could come out of the insecurities of the Blockchain.
So we summarize and highlight them below.
For beginners, the efficiency of blockchain themselves may become overloaded with complex consensus mechanism as well as invalid data. Li and his companions noted that the consensus mechanism which was employed across the internet is computing resource hogs.
For example, most popular consensus mechanisms which are used in blockchain are proof of work, which is referred to as a “waste of computing resources” by the researcher. They usually say that there are efforts to develop more efficient and hybrid consensus mechanisms that combine PoW and Proof of Stake (PoS). In addition to that, blockchain will produce a lot of information, data, transaction data, contract bytecode which may be useless and outdated. “There are several smart contracts which contain no code or totally the same code in Ethereum, and many smart contracts won’t be executed after its deployment. An efficient data cleanup and detention mechanism can be used to enhance the execution efficiency of the blockchain systems.”
Blockchain “relies mainly on the distribution consensus mechanism to establish mutual trust. However, the level of vulnerability for attackers to control and exploit the entire blockchain in the consensus mechanism is 51%.
To be specific, in the PoW-based blockchain, if a single miner’s hashing power accounts for more than 50% of the total hashing power of the entire blockchain, then it can result to the launching of the 51% attack. Hence, the concentration of mining power in some mining pools may result in the fear of an inadvertent situation, such as a single pool controls more than half of all the computing power.”
Whenever you are using blockchain, the private key of the user is the identity and security credential. However the user generates and maintains these rather than a third-party agency. For instance, when creating a cold storage wallet in Bitcoin blockchain, it is a must for the user to import his or her private key.
An attacker can recover a user’s private key because it may not have enough randomness during the signature process. Once the user’s private key is lost, the user won’t be able to recover it again. Since blockchain does not depend on any centralized third-party trusted institutions, if the private key of the user is stolen, it would be very difficult to track the behavior of the criminal to recover the modified blockchain information.
Through some third-party trading platform which supports Bitcoin, the user can either buy or sell any product. Since there is a high level of anonymity in this process, it would be very difficult to track the behavior of the user, let alone the subject to legal sanctions. The frequent criminal activities with Bitcoin include ransomware, underground markets as well as money laundering.
The consensus mechanism of the blockchain can validate a transaction. But it is still possible to avoid double spending or using the same cryptocurrency numerous times for transactions. The attacker can exploit the intermediate time between the two transactions initiated and confirmation so that an attack can be launched quickly.
“The unfortunate thing here is that the privacy protection which is measured in blockchain is not very robust,” Li and his co-authors state. “Criminal smart contracts can facilitate the leakage of confidential information, theft of cryptographic keys, and other real-world crimes such as terrorism, arson, murder, etc.”
“During the running of programs in the blockchain, smart contracts may have security vulnerabilities which are caused by program defects.” For instance, a survey shows that 8,833 out of 19,366 Ethereum smart contracts are vulnerable to bugs like transaction-ordering dependence timestamp dependence, and mishandled exception.
Ethereum charges a certain amount of “gas” whenever a user has an interaction with a smart contract in Ethereum. Gas is exchangeable with “Ether,” which is the cryptocurrency in Ethereum. This would result in “useless-code related patterns,” and “loop-related patterns.” This consists of “dead code, opaque predicate, as well as expensive operations in a loop.”
“Ethereum sets the gas value based on the execution time, memory occupancy, bandwidth as well as other parameters. Generally, the gas value is proportional to the computing resources consumed by the operation. However, it is challenging to accurately measure the consumption of computing resources of an individual operation, and therefore some gas values are not set appropriately. For instance, some IO-heavy operation’s gas values are set too low, and hence these operations can be executed in quantity in one transaction. In this way, an attacker can initiate a Denial of Service attack on Ethereum.”
Do you keep updated on Blockcain Wallet Vulnerabilities in this surging new technology?