SlideShare uma empresa Scribd logo

Real Attacks on Blockchain Systems & Countermeasures

N
NUS-ISS

In this talk, the speaker will survey the security attacks on blockchain and compartmentalise attacks that are generic to IT systems, singling out real attacks specific to blockchain and their countermeasures.

Tecnologia
1 de 38
Baixar para ler offline
Real Attacks on Blockchain Systems & Countermeasures Ng Kok Leong #ISSLearningFest
“51% Attack on blockchain is Real” #ISSLearningFest https://www.investopedia.com/news/bitcoin-gold-hack-shows-51-attack-real/
Real Attacks on Blockchain #ISSLearningFest
List of Attacks on Blockchain (grouped by security domains) #ISSLearningFest Attack  Year Category Exploit Value Root Cause (1) Blockchain  Vulnerability (2) System  Vulnerability (3) Software  Vulnerability (4) Network  Vulnerability Unknown  Mt. Gox 2011 C1 Several thousand BTC Deficiencies in network protocols 1 Bitfloor  2012 C2 24,000 BTC ($250K) Bitfloor’s server was hacked to leak an  unencrypted backup of the wallet keys 1 Instawallet  2013 C4 35,000 BTC Instawallet was hacked 1 Bitcoin Foundation 2013 C6 A generation bug with old pseudo random number 1 Sheep Marketplace 2013 C4  5400 BTC  One site vendor exploited a vulnerability 1 Mt. Gox 2014 C4 650,000 BTC ($450M) A bug in software to allow users to modify transaction IDs 1 Dell SecureWorks 2014 C1 $83,000 BGP hijack 0.5 0.5 DAO 2016 C4 $50M  Code weakness: subtle game‐theoretic weaknesses 1 1 Bitfinex  2016 C2 & C4 119,756 BTC ($65M) Hackers stole BTC. 1 Ethereum network 2016 C1 & C4 DDoS attack: calling EXTCODESIZE opcode roughly 50,000 times per block 1 Gold HKG  2017 C4 A bug with contract code that read “=+” instead of “+=” 1 Parity Wallet  2017 C4 $30M Addresses were comprised (Delegate call+exposed self‐destruct) 1 SmartBillions  2017 C4 400 ETH ($120,000) Broke into smart contract Broken caching mechanism 1 Parity Wallet  2017 C4 $300M An undiscovered bug of not proper initialization (Delegate call+unspecified modifier) 1 Cryptojacking  2017 – 2018 C2 & C4 ‐ Hacked and inserted cryptomining script or cryptojacking code 1 PoWH 2018 C4 888 ETH a bug on Integer overflow 1 Spankchain 2018 C4 165.38 ETH Reentrancy attack 1 Bitcoin Gold (BTG) 2017 July $18m 51% attack 1 IOTA 2019 C2 $3.9M A phishing attack to collect the users' privacy keys 1 IOTA 2020 C4 Custom‐made hash‐function was broken 1 Cashaa 2020 C2 More than 336 BTC Suspect a piece of malware was installed onto the system 1 2gether 2020 C2 $1.3M 2gether's servers was hacked 1 Bitcoin Gold (BTG) 2020 Jan $70k 51% attack 1 Ethereum Classic (ETC) 2020 July $5.6m 51% attack 1 Bitcoin SV (BSV) 2021 Aug 51% attack 1
Attacks specific to Blockchain Vulnerability • 51% attack – cryptocurrency • Reentrancy attack – smart contract #ISSLearningFest
51% Attack #ISSLearningFest
Case: Attacker stole 807k ETC ($5.6 million) in Ethereum Classic 51% Attack, 31/Jul/2020 #ISSLearningFest Image - https://medium.com/hackernoon/ethereum-classic- attacked-how-does-the-51-attack-occur-a5f3fa5d852e
Double Spending #ISSLearningFest
Definition: Double-spending #ISSLearningFest Source - https://www.investopedia.com/terms/d/doublespending.asp
Definition: Double-spending > Double-spending problem #ISSLearningFest Double-spending is a potential flaw in a digital cash scheme in which the same single digital token can be spent more than once. This is possible because a digital token consists of a digital file that can be duplicated or falsified. Source - https://en.bitcoinwiki.org/wiki/Double-spending
Definition: Double-spending > Two Necessary Properties of Cryptocurrency 1. Unforgeability – achieved using digital signature 2. No double spending – achieved using blockchain (as public ledger, anyone can see the spending) #ISSLearningFest
Blockchain > The Block #ISSLearningFest
Bitcoin utilizes blockchain to achieve no double spending #ISSLearningFest Image - https://www.gemini.com/cryptopedia/what-is-bitcoin- and-how-does-it-work#section-understanding-bitcoin
What is the block in blockchain: Bitcoin transactions are grouped together into “blocks” #ISSLearningFest Image - https://www.gemini.com/cryptopedia/what-is-bitcoin- and-how-does-it-work#section-understanding-bitcoin
Blockchain > Chaining the blocks #ISSLearningFest
What is the chain in blockchain: Each block is chained onto previous block through hash function #ISSLearningFest Image - https://www.ig.com/en/trading-strategies/what-is-blockchain- technology--200710
Cryptographic One-Way Hashing Hash output is like a fingerprint in digital world #ISSLearningFest Image - https://www.freecodecamp.org/news/how-bitcoin-mining-really-works- 38563ec38c87/
Blockchain > Distributed Ledger (database) #ISSLearningFest
Any node in public ledger can create the block #ISSLearningFest Image - https://www.researchgate.net/publication/320127088_Blockchain_Implem entation_Quality_Challenges_A_Literature_Review/figures?lo=1
The first miner to solve the math puzzle get to create the block and receive bitcoin as reward #ISSLearningFest Image - https://forkast.news/proof-of-work-what-is-it-bitcoin-halving/
Blockchain > Resolving Blockchain Conflict #ISSLearningFest
Blockchain Conflict #ISSLearningFest In scenario where 2 different miners solve the math puzzle at the same time, and add their blocks to the last known block in the chain, would result in blockchain conflict. The two branches after Block 103 are valid. The next mined block may be added in either of the branches. Image - https://www.tutorialspoint.com/blockchain/blockchain_resolving_conflicts.htm
Resolving Blockchain Conflict #ISSLearningFest Suppose, the miner adds the newly mined block to Block 104-A, the branch containing Block 104-A will be longer than the branch containing Block 104-B. In Bitcoin architecture, the longest branch always wins, and the shorter ones are purged. So Block 104-B has to be purged. Image - https://www.tutorialspoint.com/blockchain/blockchain_resolving_conflicts.htm
How to double spend? #ISSLearningFest Alice has $10 Alice > Bob $10 Alice has $0 Alice has $10 Create a fake branch faster than the authentic branch
51% Attack #ISSLearningFest
Definition: 51% attack #ISSLearningFest Source - https://www.thebalance.com/what-is-a-51-attack-5207550
Mining Power measured by Hashrate #ISSLearningFest Source - https://bitflyer.com/en-eu/s/glossary/hashrate
Bitcoin Hashrate #ISSLearningFest Image - https://www.bitcoinmarketjournal.com/wp- content/uploads/2021/06/bitcoin-hashrate-chart.jpg
51% Attack > Ethereum Classic 51% Attack #ISSLearningFest
Case: Attacker stole 807k ETC ($5.6 million) in Ethereum Classic 51% Attack, 31/Jul/2020 #ISSLearningFest Image - https://medium.com/hackernoon/ethereum-classic- attacked-how-does-the-51-attack-occur-a5f3fa5d852e • Double-spent 807,260 ETC ($5.6 million) • Spent 17.5 BTC ($129k) to acquire the hash power for the attack. • Received 13K ETC as block mining reward
51% Attack > Countermeasures #ISSLearningFest
Countermeasures 1: Higher Hashrate #ISSLearningFest Source: BitInfoCharts
Estimate: Cost of 51% attack on Bitcoin is USD 15 billion #ISSLearningFest https://www.bitpanda.com/academy/en/lessons/what-is-a-51-attack-and-how-is- it-prevented/
Countermeasures 2: Truly Decentralized Network #ISSLearningFest “It’s almost impossible to pull that (51% attack) off in established blockchains like Bitcoin and Ethereum. This phenomenon has been experienced by some small chains that are not really decentralized” Avinash Shekhar, Co-CEO, ZebPay Source - https://economictimes.indiatimes.com/markets/cryptocurrency/what-are-51-attacks-in- cryptocurrencies/articleshow/85802504.cms?from=mdr
Global distribution of bitcoin nodes #ISSLearningFest Image - https://medium.datadriveninvestor.com/blockchain-getting- started-what-is-bitcoin-full-node-40460f3acafa
Countermeasures 3: ETC response on countermeasure #ISSLearningFest https://coingeek.com/ethereum-classic-rolls-out-51-attack-protection-plan/
Give Us Your Feedback #ISSLearningFest Day 1 Programme
Thank You! kokleong@nus.edu.sg #ISSLearningFest

Recomendados

Crypto Wallet Types Explained
Crypto Wallet Types ExplainedCrypto Wallet Types Explained
Crypto Wallet Types Explained
101 Blockchains
 
Blockchain
BlockchainBlockchain
Blockchain
Frank Calberg
 
An Overview on Bitcoin
An Overview on Bitcoin An Overview on Bitcoin
An Overview on Bitcoin
Touroxy
 
Bitcoin
BitcoinBitcoin
Bitcoin
Joel John
 
The Future of Money: Decentralized Finance
The Future of Money: Decentralized FinanceThe Future of Money: Decentralized Finance
The Future of Money: Decentralized Finance
J. Scott Christianson
 
Introduction Bitcoin
Introduction BitcoinIntroduction Bitcoin
Introduction Bitcoin
Chitpong Wuttanan
 
Global Future of Blockchain
Global Future of Blockchain Global Future of Blockchain
Global Future of Blockchain
Melanie Swan
 
The Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityThe Blockchain and the Future of Cybersecurity
The Blockchain and the Future of Cybersecurity
Kevin Cedeño, CISM, CISA
 

Recomendados

Crypto Wallet Types Explained
Crypto Wallet Types ExplainedCrypto Wallet Types Explained
Crypto Wallet Types Explained
101 Blockchains
 
Blockchain
BlockchainBlockchain
Blockchain
Frank Calberg
 
An Overview on Bitcoin
An Overview on Bitcoin An Overview on Bitcoin
An Overview on Bitcoin
Touroxy
 
Bitcoin
BitcoinBitcoin
Bitcoin
Joel John
 
The Future of Money: Decentralized Finance
The Future of Money: Decentralized FinanceThe Future of Money: Decentralized Finance
The Future of Money: Decentralized Finance
J. Scott Christianson
 
Introduction Bitcoin
Introduction BitcoinIntroduction Bitcoin
Introduction Bitcoin
Chitpong Wuttanan
 
Global Future of Blockchain
Global Future of Blockchain Global Future of Blockchain
Global Future of Blockchain
Melanie Swan
 
The Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityThe Blockchain and the Future of Cybersecurity
The Blockchain and the Future of Cybersecurity
Kevin Cedeño, CISM, CISA
 
Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
Edureka!
 
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
Edureka!
 
Blockchain and Smart Contracts (Series: Blockchain Basics)
Blockchain and Smart Contracts (Series: Blockchain Basics)Blockchain and Smart Contracts (Series: Blockchain Basics)
Blockchain and Smart Contracts (Series: Blockchain Basics)
Financial Poise
 
Blockchain Explained | How Does A Blockchain Work | Blockchain Explained Simp...
Blockchain Explained | How Does A Blockchain Work | Blockchain Explained Simp...Blockchain Explained | How Does A Blockchain Work | Blockchain Explained Simp...
Blockchain Explained | How Does A Blockchain Work | Blockchain Explained Simp...
Simplilearn
 
Introduction to bitcoin
Introduction to bitcoinIntroduction to bitcoin
Introduction to bitcoin
Wolf McNally
 
How To Build A Career In Blockchain
How To Build A Career In BlockchainHow To Build A Career In Blockchain
How To Build A Career In Blockchain
101 Blockchains
 
Blockchain Technology And Cryptocurrency
Blockchain Technology And CryptocurrencyBlockchain Technology And Cryptocurrency
Blockchain Technology And Cryptocurrency
Eno Bassey
 
Bitcoin
BitcoinBitcoin
Bitcoin
ghanbarianm
 
Blockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis GuardaBlockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis Guarda
Dinis Guarda
 
Introduction To CryptoCurrency
Introduction To CryptoCurrencyIntroduction To CryptoCurrency
Introduction To CryptoCurrency
Sanjay Kumar
 
Stablecoin
StablecoinStablecoin
Stablecoin
Hu Kenneth
 
Bitcoin, Cryptocurrency, & Blockchain Presentation
Bitcoin, Cryptocurrency, & Blockchain PresentationBitcoin, Cryptocurrency, & Blockchain Presentation
Bitcoin, Cryptocurrency, & Blockchain Presentation
MaxWheelock
 
How does a blockchain work?
How does a blockchain work?How does a blockchain work?
How does a blockchain work?
Deloitte UK
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
Jordan Harris
 
Coin vs token
Coin vs tokenCoin vs token
Coin vs token
shira william
 
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
Edureka!
 
Blockchain
BlockchainBlockchain
Blockchain
Jaison Peter
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain Technology
Rashi Singh
 
Introduzione agli NFT
Introduzione agli NFTIntroduzione agli NFT
Introduzione agli NFT
Federico Bo
 
Bitcoin Blockchain - Under the Hood
Bitcoin Blockchain - Under the HoodBitcoin Blockchain - Under the Hood
Bitcoin Blockchain - Under the Hood
Galin Dinkov
 
Cryptocurrency-Bitcoin
Cryptocurrency-BitcoinCryptocurrency-Bitcoin
Cryptocurrency-Bitcoin
SatwikaHotwani
 
Bitcoin in general - presentation
Bitcoin in general - presentationBitcoin in general - presentation
Bitcoin in general - presentation
Michal Cisárik
 

Mais conteúdo relacionado

Mais procurados

Blockchain and Smart Contracts (Series: Blockchain Basics)
Blockchain and Smart Contracts (Series: Blockchain Basics)Blockchain and Smart Contracts (Series: Blockchain Basics)
Blockchain and Smart Contracts (Series: Blockchain Basics)
Financial Poise
 
Blockchain Explained | How Does A Blockchain Work | Blockchain Explained Simp...
Blockchain Explained | How Does A Blockchain Work | Blockchain Explained Simp...Blockchain Explained | How Does A Blockchain Work | Blockchain Explained Simp...
Blockchain Explained | How Does A Blockchain Work | Blockchain Explained Simp...
Simplilearn
 
Introduction to bitcoin
Introduction to bitcoinIntroduction to bitcoin
Introduction to bitcoin
Wolf McNally
 
How To Build A Career In Blockchain
How To Build A Career In BlockchainHow To Build A Career In Blockchain
How To Build A Career In Blockchain
101 Blockchains
 

Mais procurados (20)

Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
 
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
 
Blockchain and Smart Contracts (Series: Blockchain Basics)
Blockchain and Smart Contracts (Series: Blockchain Basics)Blockchain and Smart Contracts (Series: Blockchain Basics)
Blockchain and Smart Contracts (Series: Blockchain Basics)
 
Blockchain Explained | How Does A Blockchain Work | Blockchain Explained Simp...
Blockchain Explained | How Does A Blockchain Work | Blockchain Explained Simp...Blockchain Explained | How Does A Blockchain Work | Blockchain Explained Simp...
Blockchain Explained | How Does A Blockchain Work | Blockchain Explained Simp...
 
Introduction to bitcoin
Introduction to bitcoinIntroduction to bitcoin
Introduction to bitcoin
 
How To Build A Career In Blockchain
How To Build A Career In BlockchainHow To Build A Career In Blockchain
How To Build A Career In Blockchain
 
Blockchain Technology And Cryptocurrency
Blockchain Technology And CryptocurrencyBlockchain Technology And Cryptocurrency
Blockchain Technology And Cryptocurrency
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Blockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis GuardaBlockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis Guarda
 
Introduction To CryptoCurrency
Introduction To CryptoCurrencyIntroduction To CryptoCurrency
Introduction To CryptoCurrency
 
Stablecoin
StablecoinStablecoin
Stablecoin
 
Bitcoin, Cryptocurrency, & Blockchain Presentation
Bitcoin, Cryptocurrency, & Blockchain PresentationBitcoin, Cryptocurrency, & Blockchain Presentation
Bitcoin, Cryptocurrency, & Blockchain Presentation
 
How does a blockchain work?
How does a blockchain work?How does a blockchain work?
How does a blockchain work?
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
 
Coin vs token
Coin vs tokenCoin vs token
Coin vs token
 
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
 
Blockchain
BlockchainBlockchain
Blockchain
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain Technology
 
Introduzione agli NFT
Introduzione agli NFTIntroduzione agli NFT
Introduzione agli NFT
 
Bitcoin Blockchain - Under the Hood
Bitcoin Blockchain - Under the HoodBitcoin Blockchain - Under the Hood
Bitcoin Blockchain - Under the Hood
 

Semelhante a Real Attacks on Blockchain Systems & Countermeasures

The Blockchain - The Technology behind Bitcoin
The Blockchain - The Technology behind Bitcoin The Blockchain - The Technology behind Bitcoin
The Blockchain - The Technology behind Bitcoin
Jérôme Kehrli
 

Semelhante a Real Attacks on Blockchain Systems & Countermeasures (20)

Cryptocurrency-Bitcoin
Cryptocurrency-BitcoinCryptocurrency-Bitcoin
Cryptocurrency-Bitcoin
 
Bitcoin in general - presentation
Bitcoin in general - presentationBitcoin in general - presentation
Bitcoin in general - presentation
 
Blockchain technology
Blockchain technologyBlockchain technology
Blockchain technology
 
Blockchain Fundamentals - Day 3 - PoW consensus and ICOs (new style)
Blockchain Fundamentals - Day 3 - PoW consensus and ICOs (new style)Blockchain Fundamentals - Day 3 - PoW consensus and ICOs (new style)
Blockchain Fundamentals - Day 3 - PoW consensus and ICOs (new style)
 
create your own cryptocurrency
create your own cryptocurrencycreate your own cryptocurrency
create your own cryptocurrency
 
Blockchaintech
BlockchaintechBlockchaintech
Blockchaintech
 
Bitcoin Explained
Bitcoin ExplainedBitcoin Explained
Bitcoin Explained
 
Blockchain & Cryptocurrencies Intro - July 2017
Blockchain & Cryptocurrencies Intro - July 2017Blockchain & Cryptocurrencies Intro - July 2017
Blockchain & Cryptocurrencies Intro - July 2017
 
The Blockchain - The Technology behind Bitcoin
The Blockchain - The Technology behind Bitcoin The Blockchain - The Technology behind Bitcoin
The Blockchain - The Technology behind Bitcoin
 
BLOCKCHAIN PPT.pptx
BLOCKCHAIN PPT.pptxBLOCKCHAIN PPT.pptx
BLOCKCHAIN PPT.pptx
 
Block chain by harsh biltu agarwal
Block chain by harsh biltu agarwalBlock chain by harsh biltu agarwal
Block chain by harsh biltu agarwal
 
Bitcoin- Technology beyond Politics
Bitcoin- Technology beyond PoliticsBitcoin- Technology beyond Politics
Bitcoin- Technology beyond Politics
 
Bitcoin : A fierce decentralized crypto currency - Report
Bitcoin : A fierce decentralized crypto currency - ReportBitcoin : A fierce decentralized crypto currency - Report
Bitcoin : A fierce decentralized crypto currency - Report
 
Introduction to Blockchain Web3 Session
Introduction to Blockchain Web3 SessionIntroduction to Blockchain Web3 Session
Introduction to Blockchain Web3 Session
 
The Basic Theories of Blockchain
The Basic Theories of BlockchainThe Basic Theories of Blockchain
The Basic Theories of Blockchain
 
Komodo Blockchain Security Service Brochure
Komodo Blockchain Security Service BrochureKomodo Blockchain Security Service Brochure
Komodo Blockchain Security Service Brochure
 
BITCOIN GLOSSARY
BITCOIN GLOSSARYBITCOIN GLOSSARY
BITCOIN GLOSSARY
 
Blockchain 101 - public, tokenized blockchains
Blockchain 101 - public, tokenized blockchainsBlockchain 101 - public, tokenized blockchains
Blockchain 101 - public, tokenized blockchains
 
Bitcoin and blockchain engineering
Bitcoin and blockchain engineeringBitcoin and blockchain engineering
Bitcoin and blockchain engineering
 
An Introduction to Blockchain
An Introduction to BlockchainAn Introduction to Blockchain
An Introduction to Blockchain
 

Mais de NUS-ISS

Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
NUS-ISS
 
How the World's Leading Independent Automotive Distributor is Reinventing Its...
How the World's Leading Independent Automotive Distributor is Reinventing Its...How the World's Leading Independent Automotive Distributor is Reinventing Its...
How the World's Leading Independent Automotive Distributor is Reinventing Its...
NUS-ISS
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
NUS-ISS
 
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
NUS-ISS
 
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng TszeDigital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
NUS-ISS
 
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
NUS-ISS
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
NUS-ISS
 
Product Management in The Trenches for a Cloud Service
Product Management in The Trenches for a Cloud ServiceProduct Management in The Trenches for a Cloud Service
Product Management in The Trenches for a Cloud Service
NUS-ISS
 
Overview of Data and Analytics Essentials and Foundations
Overview of Data and Analytics Essentials and FoundationsOverview of Data and Analytics Essentials and Foundations
Overview of Data and Analytics Essentials and Foundations
NUS-ISS
 
Feature Engineering for IoT
Feature Engineering for IoTFeature Engineering for IoT
Feature Engineering for IoT
NUS-ISS
 

Mais de NUS-ISS (20)

Designing Impactful Services and User Experience - Lim Wee Khee
Designing Impactful Services and User Experience - Lim Wee KheeDesigning Impactful Services and User Experience - Lim Wee Khee
Designing Impactful Services and User Experience - Lim Wee Khee
 
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
 
How the World's Leading Independent Automotive Distributor is Reinventing Its...
How the World's Leading Independent Automotive Distributor is Reinventing Its...How the World's Leading Independent Automotive Distributor is Reinventing Its...
How the World's Leading Independent Automotive Distributor is Reinventing Its...
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
 
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
 
Understanding GenAI/LLM and What is Google Offering - Felix Goh
Understanding GenAI/LLM and What is Google Offering - Felix GohUnderstanding GenAI/LLM and What is Google Offering - Felix Goh
Understanding GenAI/LLM and What is Google Offering - Felix Goh
 
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng TszeDigital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
 
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
 
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
 
Future of Learning - Yap Aye Wee.pdf
Future of Learning - Yap Aye Wee.pdfFuture of Learning - Yap Aye Wee.pdf
Future of Learning - Yap Aye Wee.pdf
 
Future of Learning - Khoong Chan Meng
Future of Learning - Khoong Chan MengFuture of Learning - Khoong Chan Meng
Future of Learning - Khoong Chan Meng
 
Site Reliability Engineer (SRE), We Keep The Lights On 24/7
Site Reliability Engineer (SRE), We Keep The Lights On 24/7Site Reliability Engineer (SRE), We Keep The Lights On 24/7
Site Reliability Engineer (SRE), We Keep The Lights On 24/7
 
Product Management in The Trenches for a Cloud Service
Product Management in The Trenches for a Cloud ServiceProduct Management in The Trenches for a Cloud Service
Product Management in The Trenches for a Cloud Service
 
Overview of Data and Analytics Essentials and Foundations
Overview of Data and Analytics Essentials and FoundationsOverview of Data and Analytics Essentials and Foundations
Overview of Data and Analytics Essentials and Foundations
 
Predictive Analytics
Predictive AnalyticsPredictive Analytics
Predictive Analytics
 
Feature Engineering for IoT
Feature Engineering for IoTFeature Engineering for IoT
Feature Engineering for IoT
 
Master of Technology in Software Engineering
Master of Technology in Software EngineeringMaster of Technology in Software Engineering
Master of Technology in Software Engineering
 
Master of Technology in Enterprise Business Analytics
Master of Technology in Enterprise Business AnalyticsMaster of Technology in Enterprise Business Analytics
Master of Technology in Enterprise Business Analytics
 
Diagnosing Complex Problems Using System Archetypes
Diagnosing Complex Problems Using System ArchetypesDiagnosing Complex Problems Using System Archetypes
Diagnosing Complex Problems Using System Archetypes
 

Último

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Real Attacks on Blockchain Systems & Countermeasures

  • 1. Real Attacks on Blockchain Systems & Countermeasures Ng Kok Leong #ISSLearningFest
  • 2. “51% Attack on blockchain is Real” #ISSLearningFest https://www.investopedia.com/news/bitcoin-gold-hack-shows-51-attack-real/
  • 3. Real Attacks on Blockchain #ISSLearningFest
  • 4. List of Attacks on Blockchain (grouped by security domains) #ISSLearningFest Attack  Year Category Exploit Value Root Cause (1) Blockchain  Vulnerability (2) System  Vulnerability (3) Software  Vulnerability (4) Network  Vulnerability Unknown  Mt. Gox 2011 C1 Several thousand BTC Deficiencies in network protocols 1 Bitfloor  2012 C2 24,000 BTC ($250K) Bitfloor’s server was hacked to leak an  unencrypted backup of the wallet keys 1 Instawallet  2013 C4 35,000 BTC Instawallet was hacked 1 Bitcoin Foundation 2013 C6 A generation bug with old pseudo random number 1 Sheep Marketplace 2013 C4  5400 BTC  One site vendor exploited a vulnerability 1 Mt. Gox 2014 C4 650,000 BTC ($450M) A bug in software to allow users to modify transaction IDs 1 Dell SecureWorks 2014 C1 $83,000 BGP hijack 0.5 0.5 DAO 2016 C4 $50M  Code weakness: subtle game‐theoretic weaknesses 1 1 Bitfinex  2016 C2 & C4 119,756 BTC ($65M) Hackers stole BTC. 1 Ethereum network 2016 C1 & C4 DDoS attack: calling EXTCODESIZE opcode roughly 50,000 times per block 1 Gold HKG  2017 C4 A bug with contract code that read “=+” instead of “+=” 1 Parity Wallet  2017 C4 $30M Addresses were comprised (Delegate call+exposed self‐destruct) 1 SmartBillions  2017 C4 400 ETH ($120,000) Broke into smart contract Broken caching mechanism 1 Parity Wallet  2017 C4 $300M An undiscovered bug of not proper initialization (Delegate call+unspecified modifier) 1 Cryptojacking  2017 – 2018 C2 & C4 ‐ Hacked and inserted cryptomining script or cryptojacking code 1 PoWH 2018 C4 888 ETH a bug on Integer overflow 1 Spankchain 2018 C4 165.38 ETH Reentrancy attack 1 Bitcoin Gold (BTG) 2017 July $18m 51% attack 1 IOTA 2019 C2 $3.9M A phishing attack to collect the users' privacy keys 1 IOTA 2020 C4 Custom‐made hash‐function was broken 1 Cashaa 2020 C2 More than 336 BTC Suspect a piece of malware was installed onto the system 1 2gether 2020 C2 $1.3M 2gether's servers was hacked 1 Bitcoin Gold (BTG) 2020 Jan $70k 51% attack 1 Ethereum Classic (ETC) 2020 July $5.6m 51% attack 1 Bitcoin SV (BSV) 2021 Aug 51% attack 1
  • 5. Attacks specific to Blockchain Vulnerability • 51% attack – cryptocurrency • Reentrancy attack – smart contract #ISSLearningFest
  • 7. Case: Attacker stole 807k ETC ($5.6 million) in Ethereum Classic 51% Attack, 31/Jul/2020 #ISSLearningFest Image - https://medium.com/hackernoon/ethereum-classic- attacked-how-does-the-51-attack-occur-a5f3fa5d852e
  • 9. Definition: Double-spending #ISSLearningFest Source - https://www.investopedia.com/terms/d/doublespending.asp
  • 10. Definition: Double-spending > Double-spending problem #ISSLearningFest Double-spending is a potential flaw in a digital cash scheme in which the same single digital token can be spent more than once. This is possible because a digital token consists of a digital file that can be duplicated or falsified. Source - https://en.bitcoinwiki.org/wiki/Double-spending
  • 11. Definition: Double-spending > Two Necessary Properties of Cryptocurrency 1. Unforgeability – achieved using digital signature 2. No double spending – achieved using blockchain (as public ledger, anyone can see the spending) #ISSLearningFest
  • 13. Bitcoin utilizes blockchain to achieve no double spending #ISSLearningFest Image - https://www.gemini.com/cryptopedia/what-is-bitcoin- and-how-does-it-work#section-understanding-bitcoin
  • 14. What is the block in blockchain: Bitcoin transactions are grouped together into “blocks” #ISSLearningFest Image - https://www.gemini.com/cryptopedia/what-is-bitcoin- and-how-does-it-work#section-understanding-bitcoin
  • 15. Blockchain > Chaining the blocks #ISSLearningFest
  • 16. What is the chain in blockchain: Each block is chained onto previous block through hash function #ISSLearningFest Image - https://www.ig.com/en/trading-strategies/what-is-blockchain- technology--200710
  • 17. Cryptographic One-Way Hashing Hash output is like a fingerprint in digital world #ISSLearningFest Image - https://www.freecodecamp.org/news/how-bitcoin-mining-really-works- 38563ec38c87/
  • 18. Blockchain > Distributed Ledger (database) #ISSLearningFest
  • 19. Any node in public ledger can create the block #ISSLearningFest Image - https://www.researchgate.net/publication/320127088_Blockchain_Implem entation_Quality_Challenges_A_Literature_Review/figures?lo=1
  • 20. The first miner to solve the math puzzle get to create the block and receive bitcoin as reward #ISSLearningFest Image - https://forkast.news/proof-of-work-what-is-it-bitcoin-halving/
  • 21. Blockchain > Resolving Blockchain Conflict #ISSLearningFest
  • 22. Blockchain Conflict #ISSLearningFest In scenario where 2 different miners solve the math puzzle at the same time, and add their blocks to the last known block in the chain, would result in blockchain conflict. The two branches after Block 103 are valid. The next mined block may be added in either of the branches. Image - https://www.tutorialspoint.com/blockchain/blockchain_resolving_conflicts.htm
  • 23. Resolving Blockchain Conflict #ISSLearningFest Suppose, the miner adds the newly mined block to Block 104-A, the branch containing Block 104-A will be longer than the branch containing Block 104-B. In Bitcoin architecture, the longest branch always wins, and the shorter ones are purged. So Block 104-B has to be purged. Image - https://www.tutorialspoint.com/blockchain/blockchain_resolving_conflicts.htm
  • 24. How to double spend? #ISSLearningFest Alice has $10 Alice > Bob $10 Alice has $0 Alice has $10 Create a fake branch faster than the authentic branch
  • 26. Definition: 51% attack #ISSLearningFest Source - https://www.thebalance.com/what-is-a-51-attack-5207550
  • 27. Mining Power measured by Hashrate #ISSLearningFest Source - https://bitflyer.com/en-eu/s/glossary/hashrate
  • 28. Bitcoin Hashrate #ISSLearningFest Image - https://www.bitcoinmarketjournal.com/wp- content/uploads/2021/06/bitcoin-hashrate-chart.jpg
  • 29. 51% Attack > Ethereum Classic 51% Attack #ISSLearningFest
  • 30. Case: Attacker stole 807k ETC ($5.6 million) in Ethereum Classic 51% Attack, 31/Jul/2020 #ISSLearningFest Image - https://medium.com/hackernoon/ethereum-classic- attacked-how-does-the-51-attack-occur-a5f3fa5d852e • Double-spent 807,260 ETC ($5.6 million) • Spent 17.5 BTC ($129k) to acquire the hash power for the attack. • Received 13K ETC as block mining reward
  • 32. Countermeasures 1: Higher Hashrate #ISSLearningFest Source: BitInfoCharts
  • 33. Estimate: Cost of 51% attack on Bitcoin is USD 15 billion #ISSLearningFest https://www.bitpanda.com/academy/en/lessons/what-is-a-51-attack-and-how-is- it-prevented/
  • 34. Countermeasures 2: Truly Decentralized Network #ISSLearningFest “It’s almost impossible to pull that (51% attack) off in established blockchains like Bitcoin and Ethereum. This phenomenon has been experienced by some small chains that are not really decentralized” Avinash Shekhar, Co-CEO, ZebPay Source - https://economictimes.indiatimes.com/markets/cryptocurrency/what-are-51-attacks-in- cryptocurrencies/articleshow/85802504.cms?from=mdr
  • 35. Global distribution of bitcoin nodes #ISSLearningFest Image - https://medium.datadriveninvestor.com/blockchain-getting- started-what-is-bitcoin-full-node-40460f3acafa
  • 36. Countermeasures 3: ETC response on countermeasure #ISSLearningFest https://coingeek.com/ethereum-classic-rolls-out-51-attack-protection-plan/
  • 37. Give Us Your Feedback #ISSLearningFest Day 1 Programme