CAMBRIDGE, England, Aug. 23, 2022 /PRNewswire/ — The number of cyber attacks centred around Blockchain technology, a transaction record database commonly used for crypto currency exchange, is on the rise, according to Cambridge based IT security firm, The SecOps Group.
With just three hacks causing damage of almost $1 billion so far this year, the pressure is on for blockchain developers to identify and patch security issues before they get exploited in the wild. Fortunately, the security consultancy The SecOps Group (https://secops.group) has launched a blockchain smart contract security audit to help them do just that.
There are two main methods of successful attack: one relies on social engineering tricks such as convincing a victim to send crypto currency to an attacker’s wallet; the second, and more complicated, type of hack requires a deep understanding of blockchain smart contracts and associated components, such as side-chain, cross-chain, wallets, understanding of various protocols, and more.
Three of the most recent and significant attacks on blockchain were:
- Solana Wallets Attack – $7 Million– August 03, 2022
- Blockchain based platform, Solana, on which many web3 applications are deployed, experienced a wallet based attack. It appears that the cause was a flaw in the wallet software used, resulting in the unique private key which links a user to their blockchain address, and/or seed phrase (the fingerprint of all of a user’s blockchain assets) being compromised. The result was that more than 7,000 wallets were drained of more than seven millions dollars’ worth of SOL tokens.
- Axie Infinity Ronin Bridge – $625 Million – March 28, 2022
- The largest-ever crypto hack took place on the play-as-you-earn game Axie Infinity, which is deployed on the Ethereum blockchain platform. Despite being the most trusted blockchain platform and the first to use smart contracts, hackers gained control over the majority of the cryptographic keys securing the game’s cross-chain bridge. Four of the nine keys were stolen when an Axie developer clicked on a fake job offer in PDF.
- Wormhole Cross Chain Bridge Attack – $325 Million – February 2, 2022
- Wormhole is a Ethereum and Solana combined blockchain based web 3.0 bridge, which uses an intermediate bridge to transfer tokens between two different networks. A hacker exploited smart contracts on the Solana-to-Ethereum bridge to mint and cash out on wrapped ether without depositing collateral. This hack allowed hackers to steal a total of $320 million in Ethereum and Solana tokens.
With smart contracts playing a key role in automating several processes within a blockchain, running an audit to examine and analyse its code is now crucial for preventing attacks. Implemented effectively, it will help to discover errors, issues and security vulnerabilities in the code and suggest ways to fix them.
Commenting on the launch, Sumit ‘Sid’ Siddharth, the founder of The SecOps Group, said, “With the exponential growth of crypto currencies, NFTs and other blockchain implementations, there has never been a better time for cybercriminals to convert a vulnerability into easy and big money.
“We can see that thousands of decentralised finance projects and NFT projects have been developed in blockchain technology aka web 3.0, and securing them should be just as important as building them.”
For more information on The SecOps Group’s blockchain smart contract security audit, visit https://secops.group.
Notes to editors:
- Email: [email protected]
- LinkedIn: https://www.linkedin.com/company/secops-group/
- Twitter: @TheSecOpsGroup
Blockchain is a transaction record database that is distributed, validated and maintained around the world by a network of computers. Instead of a single central authority such as a bank, a large community oversees the records in Blockchain and no individual person has control over these records.
There are numerous blockchain platforms in the market, with the most famous crypto currency “Bitcoin (BTC)” being developed on the Bitcoin platform while the Ether (ETH) crypto currency was developed on the Ethereum platform. Additionally, each platform uses its own technology. The Ethereum platform uses Solidity language, Hyperledger platform uses Go language, EOS platform uses Node.js, Multichain platform uses C++, Corda platform uses Java/Kotlin language, etc. Major blockchain applications are built on Ethereum Platform which use solidity as a language for writing code called “smart contract”.
A blockchain bridge is a protocol connecting two economically and technologically separate blockchains to enable interactions between them.
About The SecOps Group:
Founded by industry veterans, The SecOps Group helps enterprises identify & eliminate security risks on a continuous basis with security consultancy services such as cloud security assessments, web/API, and network pentests, and DevSecOps assessments.
About Sumit ‘Sid’ Siddharth:
Sumit ‘Sid’ Siddharth is a serial cyber entrepreneur and a well-known security professional. He has been a speaker and trainer at many international conferences such as Black Hat, Defcon, HITB, Owasp Appsec etc. During his days as a pentester, he authored a number of books, articles, exploits and whitepapers on various topics related to application security. Sid’s first business (NotSoSecure) was acquired in 2018 by the Claranet Group. He now runs a boutique security consultancy (pentesting) firm called The SecOps Group. He is also an advisor and angel investor in multiple niche cyber security start-ups such as Red Hunt Labs (Attack Surface Management), PureID (Passwordless Authentication), VulnMachines (free pentesting lab platform) and RankedRight (vulnerability triaging platform).