Lynn Johannson, Advisor, Sustainability and ESG
January 4th, 2024
Lynn Johannson, President of E2 Management Corporation and Catalyst for THE Collaboration
In a care[...]
Blockchain Vulnerabilities, Forensics And Legal Challenges
McCarthy Tetrault | | Nov 19, 2021
It is often assumed that blockchain based digital currencies and applications are safe and secure. In fact, blockchain ecosystems including cryptocurrencies such as bitcoin and Ether, smart contracts that power a plethora of transactions, and blockchain exchanges have many vulnerabilities.
Like many other financial systems, blockchain based systems are subject to all manner of hacks, frauds scams, and vulnerabilities. They happen at the speed and anonymity of the Internet.
There are, understandably, numerous legal challenges when it comes to obtaining civil remedies for these Internet based crimes. This is as true, and perhaps even more so, for blockchain hacks, scams, and frauds as it is for a whole host of other Internet crimes and wrongs.
Blockchain vulnerabilities, hacks, frauds and scams
There are trillions of dollars invested in blockchain based digital currencies. Bloomberg recently estimated that the cryptocurrency market is now worth more than U.S. $3 trillion. There are well recognized financial risks associated with cryptocurrencies volatility. But, this has not seemed to have dampened the market for these items.
See: Crypto fraud and breaches on pace to exceed $3 billion in 2021
While losses from hacks and vulnerabilities are hard to estimate, by one account hackers have stolen nearly $2 billion worth of cryptocurrencies in the two year period between 2017-2019. Some hacks are by lone hackers, but many are by sophisticated cybercrime organizations. According to a recent article In the MIT Security review, the hype that these assets are unhackable are “dead wrong”. According to the article:
In short, while blockchain technology has been long touted for its security, under certain conditions it can be quite vulnerable. Sometimes shoddy execution can be blamed, or unintentional software bugs. Other times it’s more of a gray area—the complicated result of interactions between the code, the economics of the blockchain, and human greed. That’s been known in theory since the technology’s beginning. Now that so many blockchains are out in the world, we are learning what it actually means—often the hard way. [ii]
As with every other financial system, there are opportunities for fraud. One vector is fraud associated with online marketplaces.
Private key security attacks are also a known means of allowing malicious actors to steal cryptocurrencies. A private key allows individuals to access funds and verify transactions. An attacker who has discovered a vulnerability in an elliptic curve digital signature algorithm, for example, can recover a user’s private key. If a private key is stolen, it is difficult to track any related criminal activity and recover the relevant blockchain asset.[viii]
See: Decentralized Finance—Risks, Regulation, and the Road Ahead
Hackers have also been known to steal the keys to cryptocurrency wallets.[ix]
Of course marketplaces, like almost every other organization in Canada are subject to data breaches from a myriad of sources.
Despite all the security features blockchain offers, individuals and organizations are still susceptible to phishing attacks.
SIM swap attacks are also not uncommon.
Hackers have also been known to exploit technical weaknesses in blockchain systems.
Hackers can also engage in Routing Attacks. Blockchains rely on real-time, large data transfers. Hackers can intercept real-time large data transfers such as by hijacking IP prefixes or dropping connections momentarily, preventing the system from reaching consensus.
See:
Crypto scams, DeFi hacks, and rug pulls: Why the crypto industry needs insurtech
CipherTrace August 2021 Crypto Crime Report: Crypto Fraud Dips as DeFi Hacks Grow
Other examples of technical weaknesses were a cryptographic flaw in the cryptocurency Zcash that could have been exploited to make unlimited counterfeit Zcash and in bitcoin’s main client, Bitcoin Core, that had a flaw that could have let attackers mint more bitcoins than the system was supposed to allow. [xviii]
Research shows that there are also many other security vulnerabilities associated with in smart contracts. [xxi] Other types of attacks include the “Balance Attack” and “Sybil Attacks”. [xxii]
Continue to the full article --> here
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
 |  |  |
Support NCFA by Following us on Twitter!Follow @NCFACanada  |
Related Posts
Wealthsimple Crypto launches after 130,000 signed up to waitlist- BIS Report: Inside the Regulatory Sandbox: Effects on Fintech Funding
- After Shanghai Upgrade, ETH Passes $2k
- In less than 10 minutes I bought a half-kilowatt of solar energy
- The Evolving Digital Identity Landscape
- OSC TestLab selects 7 businesses to help improve new capital markets testing environment
Leave a Reply