Demystifying blockchain security risks

As a decentralized distributed ledger technology, blockchain can add value as a platform that integrates a corporate’s operational processes with its treasury processes. This could drive treasury efficiencies and reduce cycle times. Also, compared to centralized systems, blockchain provides benefits of enhanced security. However, these benefits also have a downside. Recent reports of large-scale hacks and frauds involving hundreds of millions of dollars have shed light on the potential security risks associated with blockchain.

Phishing attacks

One of the most prevalent security risks are phishing attacks on crypto wallets. A crypto wallet is a software that securely stores and manages crypto assets, enabling users to send and receive digital assets. These attacks trick users into providing their private keys, a password to access the crypto funds, which can then be used to steal their crypto assets.

It’s worth noting that most successful phishing attacks are the result of incorrect user behavior, such as clicking on malicious links and providing login credentials. While this is a widespread IT security risk and not specifically related to the security of the blockchain technology itself, it remains a critical risk worthy of attention.

Options to protect against phishing are using a two-factor authentication system, having good security awareness trainings for users and/or using the security services of a reputable custodian.

Smart contracts exploits

Smart contracts are self-executing contracts with the terms of the agreement written directly into code and are run on a blockchain network such as Ethereum, Solana or Avalanche among others. They offer a high level of transparency and security, but they are also vulnerable to hacking and exploitation if not written correctly. A well-publicized example of this was the hack of a Compound smart contract, a blockchain protocol on the Ethereum network that enables algometric money markets, where a vulnerability in the code allowed the hacker to steal a large amount of Compound tokens.¹

To prevent such incidents, it’s crucial to have independent security audits performed on all smart contracts and to follow best practices for smart contract development. Another line of defense is to opt for insurance with a specialized blockchain insurance company which can provide coverage against losses caused by platform failures, smart contract exploits or other risks.

Bridge hacks

Approximately 50% of exploits in value terms in decentralized finance occur on bridges.² Bridges are connecting mechanisms that allow different blockchain networks to communicate with each other and are gaining popularity for their ability to facilitate seamless asset transfers and integrate the features provided by the different blockchains.

Two main types of bridges exists:

• Centralized Bridges: Use of central party, offers a straightforward solution but requires trust in the third party and often not transparent.
• Decentralized Bridges: Use of smart contracts provide increased transparency but may be prone to vulnerabilities due to the complexity of their design.

Due to the large amounts of funds locked in these bridges it made them attractive targets for hackers. Therefore it is advisable to conduct thorough research when selecting a bridge to work with and to regularly monitor the security measures in place.

Ponzi schemes & fraud

A Ponzi scheme is a type of crypto fraud that promises high returns with little to no risk. In this type of fraud, early investors are paid returns from the investments of later investors, creating the illusion of a profitable investment opportunity. Eventually, the scheme collapses when there are not enough new investors to pay the returns promised to earlier ones. Famous examples are Bitconnect and Plus tokens which caused multibillion losses and over two millions investors impacted.³ Another prevalent form of fraud in the blockchain industry is the misappropriation of customer funds by insiders or company leadership, as evidenced by the ongoing FTX case⁴, involving 8 billion dollars, where fraud allegations have been raised.

To avoid falling victim to Ponzi schemes or fraud, companies and retail investors dealing in cryptocurrency must perform due diligence before investing in any opportunity. This includes verifying the authenticity of the investment opportunity and the individuals behind it. Companies should also avoid investments that promise guaranteed high returns with little to no risk, as these are often warning signs.

Blockchain network security

Despite these challenges, blockchain technology as a whole is relatively secure. The decentralized nature of blockchain networks makes it more difficult for malicious actors to manipulate or attack the system, as there is no central point of control that can be targeted. Additionally, cryptographic techniques such as hashing, digital signatures, and consensus algorithms help to ensure the integrity and security of the data stored on the blockchain. The robustness of this technology is evident from the fact that popular and established networks such as Bitcoin and Ethereum have not faced any successful exploits or attacks over the years . However, there have been instances of successful hacks and attacks on less popular blockchain networks.

In conclusion

The utilization of blockchain technology in various industries has the potential to revolutionize the way we conduct transactions and manage data. However, it’s imperative to weigh the benefits against the potential security risks. From phishing attacks on wallets to Ponzi schemes and smart contract risks, organizations must take the necessary precautions to ensure their assets are protected including:

• Use two-factor authentication, have security awareness trainings, and/or use services from a reputable custodian to protect against phishing attacks on crypto wallets.
• Have independent security audits of your smart contracts and consider taking specialized insurance.
• Conduct thorough research when selecting a bridge and regularly monitor the security measures in place.
• Perform due diligence before investing and avoid promises of high returns with little risk.
• Be cautious when dealing with less popular blockchain networks.

Zanders Blockchain Consulting Services
For Treasurers, the need for reliable and real-time data is great when working with multiple (external) stakeholders on a single process. Blockchain offers valuable support in this regard. It can also help with the creation of smart contracts or the use of crypto within the payment process. Since recently, Zanders offers blockchain consulting services to support corporates, financial institutions and public sector entities in reaping the benefits of blockchain and managing its additional security risks. By focusing on understanding the why of its application, and drafting a blueprint of the preferred solution, we can help define the business case for using blockchain. Subsequently, we can help selecting the best technology platform and third parties.
If you would like to discuss how blockchain, digital assets or Web3 can impact your business, please reach out to our experts, Ian Haegemans, Robert Richter or Justus Schleicher via +31 88 991 02 00.

Sources
(1) https://www.coindesk.com/business/2021/10/03/66m-in-tokens-added-to-recently-hacked-still-vulnerable-compound-contract
(2) Report: Half of all DeFi exploits are cross-bridge hacks (cointelegraph.com)
(3) https://blockchain.news/news/chinese-police-arrest-kingpins-plus-token-bitcoin-scam-worth-5-7-billion
(4) https://www.ft.com/content/6613eadb-eea0-42f8-8d92-fe46ad8fcf8c