Blockchain Security: Preventing Fraud on Distributed Ledger Technology
In August 2010, a bug in the Bitcoin network that allowed large transactions to be added to the ledger without proper verification was identified by a hacker. The hacker generated and siphoned 184 billion Bitcoin (BTC) into three separate accounts. Fortunately, the bug was quickly identified and erased from the blockchain by developers. The existence of blockchain technology would indeed have been threatened if the hacker was successful.
Since the emergence of blockchain technology, numerous industries have adapted the technology to store and transfer chunks of data. The technology boasted of an iron-clad defense system that supposedly could not be hacked. The industry has boomed graciously; however, its secure, decentralized system has been threatened by hackers, frauds and different scams. According to the Wall Street Journal, more than $4 billion was lost to cryptocurrency scams in 2019.
What is blockchain security built on?
Blockchain technology is a digitized, decentralized ledger that boasts of a tightly secure, peer-to-peer encryption method of confirming transactions. By using a distinct protocol of verifying transactions, false operations are easily detected. Security in blockchain technology is built on:
Encryption: A method of wallet protection where each user is provided with a unique key called a "hash." Hashing is a mathematically generated process in public-key cryptography where a specific, fixed output is generated regardless of how many times the function is used. Simply put, it is a key to each user’s safety deposit box — their wallet.Mining: Mining is a complex, expensive process responsible for maintaining the integrity of the technology. Blockchain miners add new "blocks" of transactions to the chain, confirming that each part of the transaction is valid. In turn, they are rewarded in cryptocurrency.Immutability: Arguably the most crucial component of the technology, the distributed ledger remains unaltered. The immutability of the technology means information cannot be erased from the platform once the transaction is confirmed.How is the technology being manipulated by fraudsters?
Blockchain technology has suffered diverse forms of attacks since its release. Many of the attacks have been targeted against cryptocurrency wallets and exchanges. Here are some of the most notorious methods of manipulating blockchain technology.
51% attacks: Mining is a highly intensive process that requires high computing power. However, if a miner or group of miners were to hypothetically gain more than 50% of the computing network, they would be able to control and manipulate it. They would be able to add new transactions to the system without spending. This way, they would "double-spend" coins. Perhaps the most alarming of 51% attacks occurred in May 2018 when the Bitcoin Gold blockchain was attacked by a set of coordinated actions. A total of $70,000 in Bitcoin Gold (BTG) was double-spent, and in the aftermath, BTG was delisted from Bittrex. In January 2019, Ethereum Classic became the latest blockchain to suffer from a 51% attack.
Phishing: Phishing is a form of fraud where scammers send out emails that mimic emails from reputable companies. They send these to owners of wallet keys, asking them to provide their personal information on their make-believe links. Some phishing scams use the user’s computer as a host for illegal cryptocurrency mining. According to a report published by Chainalysis, blockchain investors lost more than $225 million to phishing scams in the first half of 2017 alone.
Sybil attacks: A Sybil attack involves creating multiple false identities on a peer-to-peer network. In the context of blockchain technology, various nodes are run at the same time, swarming the network with these false identities and causing the system to crash. The term is coined from the titular character of the book Sybil who was diagnosed with a dissociative identity disorder.
Routing: Blockchain technology relies on the upload and download of large volumes of information in real time. In a routing attack, hackers intercept data transferred to internet service providers. This way, the system is partitioned but appears to be functioning as usual. Meanwhile, the hackers are making away with currencies.
What are some measures of preventing cryptocurrency fraud?
As expected, exchanges, tokens and blockchain companies have realized the need to learn from the past and identify and counter fraud on the peer-to-peer network.
In an interview with Kevin Cheng, the chief operating officer of the exchange BigOne, he explained:
"For exchanges, security is their vitality, without which nothing makes sense. Every investor on the blockchain platform is interested in what keeps their investment safe. If loopholes are detected in any token offering, we will go the extra mile to address them before listing them on our exchange.”
Some of the measures of protecting cryptocurrency investments include:
Two-factor authentication: Also called two-step verification, 2FA is an increasingly familiar term in blockchain technology. It is an added layer of wallet security where the user not only provides the wallet key but provides a one-time password, or OTP, generated in real time to access the currency wallet. This way, if fraudsters maliciously gain access to the user’s password, they would have to own the pre-set OTP device to access the wallet. This guarantees an extra layer of security against phishing scams and key thefts. Google authenticator is a free 2FA software that can be used on multiple devices to secure crypto wallets.
Anti-phishing software: This is a software program specially designed to identify malicious links, email threats, fake websites and revoke access. In many cases, it also approves legitimate websites and links. Metacert’s anti-phishing software is capable of verifying web addresses on a mass scale and has protected users from both familiar and unknown forms of phishing threats.
Cold wallets: Typically, there are two types of wallets in cryptocurrency. A cold wallet is not connected to the internet and, therefore, is less vulnerable to hacking than a hot wallet. Although most hot wallets are free and more common, a cold wallet is much more secure and is available to the user in the form of a device.
Blacklisting: By identifying fraudulent initial coin offerings, phishing patterns and key/identity thieves and blacklisting them, cryptocurrency companies can protect themselves from falling victim to repeated patterns of fraud.
If there is any certainty in the midst of the COVID-19 pandemic the world is facing, it is the inevitability of digitized systems, particularly blockchain technology. However, the relevance of any technology is tied to security or the assurance of safety. To keep the integrity of the technology and preserve its growth, understanding and preventing fraud on the distributed ledger must be prioritized.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Joshua Esan is a freelance writer and editor passionate about blockchain technology and the health industry. He is a fourth-year medical student and has worked with various companies and blogs since the blockchain revolution began.