Let’s talk about blockchain security, an essential discussion between technology users and enthusiasts.
Blockchain is no doubt a revolutionary technology for distributed and decentralized systems, especially when immutability of transactions and trust through consensus is critical in a wide ecosystem. Blockchain opens up new dimensions in business security and transparency in various industries, but especially so in the financial sector.
However, every innovation attracts bad actors who look for ways to find loopholes, security gaps, and innocent victims. What can you do to protect yourself? We will see how prevalent the problem is, how scammers operate, and how to protect yourself.
Introduction
Blockchain and cyber security are topics that demand attention, especially when technology can evolve so fast.
The numbers are startling. According to several reports, blockchain-related scams resulted in losses of about $2 billion globally in 2023, with losses on Ethereum alone accounting for about half of those losses.
These losses are not just numbers, but represent hard-earned money of individuals who got duped while exploring and investing in blockchain-related projects. This alarming statistic underlines the need for heightened awareness and education about blockchain security.
Innovations in Deception: issues with blockchain security
Every innovative technology brings with it corresponding innovation in deception. Blockchain transactions themselves are very secure, especially in the most widely distributed networks such as Bitcoin and Ethereum.
Hacking into and modifying transactions in such blockchains is economically infeasible. However, it is much easier to exploit the endpoints which are the ‘last mile’ of blockchain technology. The endpoints that are most susceptible to scams are people’s accounts and wallets. These scams target the account holder, not the technology directly.
Here are some of the common scenarios:
- A scammer creates a fake website that mimics a well-known crypto exchange. Unwary users log into it (the authentication is faked) and conduct transactions, thereby losing their holdings.
- Another method is the phishing scam. The user receives an email from what looks like a legitimate wallet provider or a crypto exchange. The email asks the user for their private key for security verification. Or, the email gives the user a fake story about the account being compromised and that the user’s private key is required to recover the stolen funds.
- Exit scams were quite common in the early days of the wild west cryptocurrencies. The perpetrator creates a project that attracts investment from unsuspecting users. The scammer collects the funds and then disables the website and vanishes with the stolen funds.
Other exploits are more sophisticated and exploit security gaps in the blockchain technology itself, such as the batch overflow bug and improperly coded smart contracts .
The irony of blockchain scams is that once the scam is pulled off successfully, it is virtually impossible to reverse it and recover the funds because blockchain transactions are immutable! In this sense, blockchain security is a double-edged sword.
Public Chains vs. Permissioned Chains: A Security Perspective
The situation with blockchain security can change dramatically between public and permissioned blockchains.
Permissioned chains are restricted to known participants. They require the participants to register and even go through detailed verification procedures that may include KYC. This makes them inherently more secure.
This controlled access in permissioned chains significantly reduces the risk of scams, particularly in financial transactions. The environment under which permissioned chains operate is usually regulated.
Some of the types of participants may require regulated licenses to operate. They may also have fiduciary responsibilities and run reputational risk.
As a user, you may participate in both public and private chains. What are some of the ways in which you can protect yourself from scams on public chains and ensure that the private chain is also secure?
3 steps to protect yourself now
- Educate Yourself: Knowledge is your first line of defense, not just for blockchain technology, but in general. You cannot remain ignorant and operate on the blockchain as if it is an ‘idiot box’. Invest some time to understand the basics of blockchain technology, how different chains operate, and the common scams in blockchain. Be alert to unsolicited requests for your private keys or pitches for investment opportunities that seem too good to be true.
- Use Only Trusted Platforms: Always use reputable and well-established platforms for your blockchain transactions. Investigate who is operating these platforms. A red flag is the absence of any names of the management team, their pictures, and their social media links (especially LinkedIn). Check for reviews, the platform’s history, and its security measures. If the platform is not familiar, stay away, no matter how attractive their offers might seem.
- Secure Your Private Keys: Your private keys are named ‘private’ for a reason. Your private keys are meant to keep your hard-earned money secure. Never give your private key to a third party. Never share them with anyone. These measures are easy to follow. However, it is much more difficult to store them securely. Don’t store them online without adequate protection or in places that could be easily accessed. Consider using hardware wallets, which are offline and provide an extra layer of security.
In many cases, especially with Bitcoin and other cryptocurrencies, the platforms ask you to write down your private key or passphrases on paper. Needless to say, keep this paper locked away very securely; for good measure, make a copy and store it in a safe-deposit box at the bank.
Blockchain security: Actionable Knowledge is Power
Blockchain is a revolutionary technology with its full potential yet to be realized. You will most likely use it increasingly as it matures and more use cases emerge. As in all innovation, knowledge is critical. However, just theoretical knowledge is not enough. You should know how to use it. The more you study how scammers operate, the better equipped you will be to spot them and avoid their tactics.
Finally, remember that scams evolve; new ones emerge, the old ones become refined. This is especially true with the power of AI. So, you must continually educate yourself. With education, awareness, and self-defense techniques, you will be able to navigate the world of blockchain confidently and safely.