Blockchain Security: Preventing Fraud on Distributed Ledger Technology

Published at: June 19, 2020

In August 2010, a bug in the Bitcoin network that allowed large transactions to be added to the ledger without proper verification was identified by a hacker. The hacker generated and siphoned 184 billion Bitcoin (BTC) into three separate accounts. Fortunately, the bug was quickly identified and erased from the blockchain by developers. The existence of blockchain technology would indeed have been threatened if the hacker was successful.

Since the emergence of blockchain technology, numerous industries have adapted the technology to store and transfer chunks of data. The technology boasted of an iron-clad defense system that supposedly could not be hacked. The industry has boomed graciously; however, its secure, decentralized system has been threatened by hackers, frauds and different scams. According to the Wall Street Journal, more than $4 billion was lost to cryptocurrency scams in 2019.

What is blockchain security built on?

Blockchain technology is a digitized, decentralized ledger that boasts of a tightly secure, peer-to-peer encryption method of confirming transactions. By using a distinct protocol of verifying transactions, false operations are easily detected. Security in blockchain technology is built on:

Encryption: A method of wallet protection where each user is provided with a unique key called a "hash." Hashing is a mathematically generated process in public-key cryptography where a specific, fixed output is generated regardless of how many times the function is used. Simply put, it is a key to each user’s safety deposit box — their wallet.Mining: Mining is a complex, expensive process responsible for maintaining the integrity of the technology. Blockchain miners add new "blocks" of transactions to the chain, confirming that each part of the transaction is valid. In turn, they are rewarded in cryptocurrency.Immutability: Arguably the most crucial component of the technology, the distributed ledger remains unaltered. The immutability of the technology means information cannot be erased from the platform once the transaction is confirmed.

How is the technology being manipulated by fraudsters?

Blockchain technology has suffered diverse forms of attacks since its release. Many of the attacks have been targeted against cryptocurrency wallets and exchanges. Here are some of the most notorious methods of manipulating blockchain technology.

51% attacks: Mining is a highly intensive process that requires high computing power. However, if a miner or group of miners were to hypothetically gain more than 50% of the computing network, they would be able to control and manipulate it. They would be able to add new transactions to the system without spending. This way, they would "double-spend" coins. Perhaps the most alarming of 51% attacks occurred in May 2018 when the Bitcoin Gold blockchain was attacked by a set of coordinated actions. A total of $70,000 in Bitcoin Gold (BTG) was double-spent, and in the aftermath, BTG was delisted from Bittrex. In January 2019, Ethereum Classic became the latest blockchain to suffer from a 51% attack.

Phishing: Phishing is a form of fraud where scammers send out emails that mimic emails from reputable companies. They send these to owners of wallet keys, asking them to provide their personal information on their make-believe links. Some phishing scams use the user’s computer as a host for illegal cryptocurrency mining. According to a report published by Chainalysis, blockchain investors lost more than $225 million to phishing scams in the first half of 2017 alone.

Sybil attacks: A Sybil attack involves creating multiple false identities on a peer-to-peer network. In the context of blockchain technology, various nodes are run at the same time, swarming the network with these false identities and causing the system to crash. The term is coined from the titular character of the book Sybil who was diagnosed with a dissociative identity disorder.

Routing: Blockchain technology relies on the upload and download of large volumes of information in real time. In a routing attack, hackers intercept data transferred to internet service providers. This way, the system is partitioned but appears to be functioning as usual. Meanwhile, the hackers are making away with currencies.

What are some measures of preventing cryptocurrency fraud?

As expected, exchanges, tokens and blockchain companies have realized the need to learn from the past and identify and counter fraud on the peer-to-peer network.

In an interview with Kevin Cheng, the chief operating officer of the exchange BigOne, he explained:

"For exchanges, security is their vitality, without which nothing makes sense. Every investor on the blockchain platform is interested in what keeps their investment safe. If loopholes are detected in any token offering, we will go the extra mile to address them before listing them on our exchange.”

Some of the measures of protecting cryptocurrency investments include:

Two-factor authentication: Also called two-step verification, 2FA is an increasingly familiar term in blockchain technology. It is an added layer of wallet security where the user not only provides the wallet key but provides a one-time password, or OTP, generated in real time to access the currency wallet. This way, if fraudsters maliciously gain access to the user’s password, they would have to own the pre-set OTP device to access the wallet. This guarantees an extra layer of security against phishing scams and key thefts. Google authenticator is a free 2FA software that can be used on multiple devices to secure crypto wallets.

Anti-phishing software: This is a software program specially designed to identify malicious links, email threats, fake websites and revoke access. In many cases, it also approves legitimate websites and links. Metacert’s anti-phishing software is capable of verifying web addresses on a mass scale and has protected users from both familiar and unknown forms of phishing threats.

Cold wallets: Typically, there are two types of wallets in cryptocurrency. A cold wallet is not connected to the internet and, therefore, is less vulnerable to hacking than a hot wallet. Although most hot wallets are free and more common, a cold wallet is much more secure and is available to the user in the form of a device.

Blacklisting: By identifying fraudulent initial coin offerings, phishing patterns and key/identity thieves and blacklisting them, cryptocurrency companies can protect themselves from falling victim to repeated patterns of fraud.

If there is any certainty in the midst of the COVID-19 pandemic the world is facing, it is the inevitability of digitized systems, particularly blockchain technology. However, the relevance of any technology is tied to security or the assurance of safety. To keep the integrity of the technology and preserve its growth, understanding and preventing fraud on the distributed ledger must be prioritized.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Joshua Esan is a freelance writer and editor passionate about blockchain technology and the health industry. He is a fourth-year medical student and has worked with various companies and blogs since the blockchain revolution began.

Tags
Related Posts
US Blockchain Investor Terpin Awarded Over $75 Million in SIM Swapping Case
United States blockchain and crypto investor Michael Terpin has won $75.8 million in a civil case against 21-year-old Nicholas Truglia, who reportedly defrauded him of crypto assets. Reuters reported the news on May 10. Per the report, the California Superior Court last week ordered Manhattan resident Truglia to pay the amount above in compensatory and punitive damages. The amount is reportedly one of the largest court judgments awarded to an individual in the crypto space thus far, Reuters notes. As previously reported, Terpin filed the complaint against Truglia in particular in late December, after first filing a lawsuit against AT&T …
Blockchain / May 11, 2019
Blockchains Are an Excellent Solution for Privacy, Part 3
Some entrepreneurs have been trying to increase data privacy by combining encryption and blockchain technology. There are projects like Oasis Labs and Enigma that focus entirely on preserving users’ privacy. Meanwhile, others have been focusing on preventing data retention by companies. Thus, there is no way to guarantee that personal data is deleted in a company’s data system. Blockchain technology’s reliable consensus ensures that people’s data is used correctly. Protection against software and hardware attacks Companies like Oasis Labs, which designed the Ekiden system, run smart contracts outside the blockchain within a Trusted Execution Environment, or TEE, node to enable …
Blockchain / June 22, 2020
Wallet Creator Offers $250K to Anyone Who Can Crack the ‘Hack-Proof’
Offline cold storage cryptocurrency wallet service provider GK8 is offering a bug bounty of up to $250,000 to the first person who can hack its product. GK8 — which presents its solution as a “hack-proof digital vault” that needs no direct or indirect connection to the internet — will place 14 Bitcoin (BTC) (over $125,000 at press time) in its wallet. Anyone who succeeds in breaking into the wallet will pocket its proceeds, plus an additional $125,000 prize. The bounty program will run from Feb. 3 (9:00 a.m EST) through February 4, 2020 (9:00 AM EST). Mitigating state-sponsored attacks and …
Blockchain / Jan. 28, 2020
Binance Falls From Top 10 in CryptoCompare’s New Crypto Exchange Rankings
London-based crypto data provider CryptoCompare has updated its crypto Exchange Benchmark, removing Binance cryptocurrency exchange from the list of the top 10 exchanges. Binance, the second biggest crypto exchange by daily trade volume to date, is not included in the CryptoCompare’s list as the rankings do not rely on aggregate volume data in its analysis, the firm said in a press release to Cointelegraph on Nov. 19. In order, the top 10 crypto exchanges in CryptoCompare’s second Exchange Benchmark are: Gemini, Paxos’ itBit, Coinbase, Kraken, Bitstamp, Liquid, OKEx, Poloniex, bitFlyer and Bitfinex. Binance was ranked seventh in the first Exchange …
Blockchain / Nov. 20, 2019
Main hacker in Transit Swap exploit agrees to return remaining funds
On Monday, decentralized finance (DeFi) protocol Transit Swap announced that it had reached an agreement with its biggest hacker for the return of funds. Approximately one week prior, a hacker exploited an internal bug on a swap contract within the protocol and caused other individuals to imitate the security breach, leading to a loss of over $23 million in user funds. However, the main hacker has since returned approximately 70% of exploited funds thanks to the help of security companies such as Peckshield, SlowMist, Bitrace, and TokenPocket. They quickly tracked down the hacker by identifying their IP address, email address, …
Blockchain / Oct. 10, 2022