You are here
Blockchain users should work together to beat hackers
The world of blockchain and cryptocurrency is one of excitement and intrigue, as both continue to grow in popularity and value. Yet, is it too good to be true?
Reports of scams, hacks, and security threats have become the order of the day. While blockchain's core technology has earned an excellent reputation for strong security, cryptocurrency assets continue to be stolen on a daily basis. In fact, over US$700 million worth of cryptocurrencies were stolen from crypto exchanges in just the first six months of 2018. Yet, the irony is that hackers and scammers are fair (in a way) - any crypto owner is fair game, be it an individual or an organisation.
Many users have thus lost confidence in the security of the crypto market. However, given the scale and acceleration of the issue, what can cryptocurrency users do about it?
To answer that, we must first understand the biggest security challenges in blockchain and cryptocurrency. The average cryptocurrency user today faces three major cybersecurity issues - exposure, anonymity, and lack of ownership.
The first issue is that ordinary blockchain users are exposed to phishing, malware, fraud and scams far too easily. Hackers and scammers are using a variety of malware to infect and infiltrate computers. From cryptojacking, which enables an attacker to use your computer's resources to mine cryptocurrencies such as Bitcoin or Monero, to ransomware, which locks a victim out of their device, malware comes in many different forms and can be distributed in lots of different ways. The most successful attack vector thus far has been spear phishing - using spoofed emails to gain unauthorised access to wallets - through socially engineered emails that appear genuine.
Secondly, while attackers can easily identify potential victims, the same cannot be said of the reverse. This is because transactions are often done anonymously, with neither party knowing the real identity of the other party - the transaction only goes through by leveraging consensus algorithms. This also means that that there is no way to stop hackers from transferring stolen funds through exchanges, with no way of retrieving stolen cryptos which are already in the full possession of hackers.
Finally, the victims of these attacks, who have already suffered loss, are generally solely responsible for resolving the damages. Due to the anonymity of cryptocurrency transactions, and the limited capabilities of crypto exchanges and wallet services in preventing users from transacting crypto funds to malicious addresses, the responsibility of ensuring a safe transaction often falls on the user alone. Furthermore, there currently exists no organisation that provides cybersecurity tools specifically in the area of the protection and recovery of crypto assets.
Looking at the three cybersecurity issues, we can attribute the fundamental problem to decentralisation, ie the lack of any centralised control or authority. Without such a body or organisation, the responsibility of solving any security issues lies with every single user, and it's practically impossible for any individual to come up with a solution for every threat.
However, could decentralisation also be the key to tackling today's growing crypto threats? Blockchain's distributed peer-to-peer nature could also be used to fight back against hackers.
TACKLING THE PITFALLS OF DECENTRALISATION - WITH DECENTRALISATION
It is essential to relook at our current security ecosystem, as many conventional security practices are inherently too reactive, leaving wallet services and exchanges scrambling to play catchup. While an individual might not be able to solve every issue, having a community of volunteers and advocates that come together to share collective intelligence can create a secure cybersecurity ecosystem.
Crowdsourced intelligence is hence the next step to making cyberspace safer. By leveraging the community to stand guard against instances of hacking and attacks, a crowdsourced threat intelligence platform could be created - which will collect, analyse, and validate any information related to malicious activities. This information, once verified, can then be shared with crypto exchanges, custodians, wallet services, and more, thereby protecting users while maintaining the fundamental autonomy of decentralisation and helping to protect the crypto world.
With bad actors constantly finding new ways to attack their targets, it is no longer enough to be reactionary, and only plug security holes as they appear. Instead, it is time for blockchain users to be proactive and work together as a community to stay ahead of hackers.
- The writer is head of operations at Uppsala Security