Crypto, Blockchain and DeFi Security Articles

How Blockchain Security Differs From Traditional Cybersecurity – 3 – User Security

Blockchain User Security
This article is the third in a four-part series exploring the differences between traditional IT security and blockchain security.  Check out the first two articles in the series exploring the differences for node operators and application developers. This article explores how user security differs between traditional IT and blockchain environments.  While identical products and services may be hosted in traditional IT and blockchain environments, the differences between these ecosystems can have significant security implications for their users. IT vs. Blockchain Security for Users Traditional IT and the blockchain operate under very different philosophies.  Many traditional IT systems are centralized and try to control every aspect of the user experience.  In contrast, the ethos of blockchain technology focuses on decentralization and self-custody. These different...

How Blockchain Security Differs From Traditional Cybersecurity – 2 – Smart Contract Developers

Smart Contract Security Differences
This article is the second in a four-part series discussing the differences between traditional IT security / cybersecurity and blockchain security.  Check out the first article in the series discussing the differences for node operators. This article focuses on the differences between application security (AppSec) for traditional applications and smart contracts.  While the first blockchains, like Bitcoin, were not designed to support smart contracts, their invention dramatically expanded the capabilities of blockchain platforms.  The ability to deploy code on top of the blockchain has been one of the main drivers of blockchain’s widespread adoption and success. Traditional Development vs. Smart Contract Development Traditional applications and smart contracts can implement much of the same functionality.  Smart contract platforms are Turing complete, and, on...

How Blockchain Security Differs From Traditional Cybersecurity – 1 – Node Operators

Blockchain Security Traditional Cybersecurity
Blockchain is a rapidly-evolving technology with a great deal of interest and investment. Decentralized Finance (DeFi), in particular, has a great deal of money invested in it as well as a growing number of high-profile and expensive hacks.  Beyond DeFi, many companies, both large and small, are investing heavily in blockchain technology. As blockchain increasingly underpins major systems, securing this technology becomes increasingly vital.  Financial systems built on the blockchain can suffer significant losses due to blockchain hacks.  The use of blockchain for supply chain tracking and audit logging relies on the blockchain being immutable. However, the widespread adoption of blockchain technology is relatively recent, and security has not always kept up with the technology.  In many cases, traditional IT security...

The 12 Biggest Hacking Incidents in the History of Crypto

12 Largest Crypto Hacks
The most comprehensive ranked list of the biggest crypto hacks in history (Up until November 1, 2022. I suspect a larger one is just behind the corner) It wasn’t easy digging through the entire history of cybercrime involving cryptocurrencies, but I wanted to get to the bottom of which ones were the biggest in terms of total value of the stolen digital assets at the time of the incident. Two of the entries occurred while I was conducting my research; that’s how I know this will be the most accurate and up-to-date list of the top 12 hacking incidents in crypto’s history. 1. Poly Network: $611M At $611M, the Poly Network exploit of August 10, 2021 ranks as the largest crypto hack...

How the Big Binance Bridge Hack Will Change the way People View Web3

Binance Bridge Hack
$566M worth of BNB was stolen from Binance’s cross-chain bridge BSC Token Hub, but how they responded to the hack will be the most memorable part. Decentralization is a hot button topic in web3, and Binance is (at the time of writing) the biggest crypto exchange by trading volume in the world. The recent hack of Binance’s native cross-chain bridge BSC Token Hub revealed to the world what many early adopters of blockchain technology already knew: The BNB Smart Chain (formerly Binance Smart Chain) is not very "decentralized". How did the BNB Smart Chain bridge get hacked, how did Binance stop it, and what does this all have to do with decentralization? Let's go through this in order. How the BSC Token Hub was...

How a $1B Flash Loan Led to the $182M Beanstalk Farms Exploit

Beanstalk Farms
Understanding how flash loans and governance work in DeFi to demystify the Beanstalk Farms Hack The only way to understand how the Beanstalk Farms decentralized credit-based stablecoin protocol exploit happened is to first understand flash loans, which are a little known financial tool unique to the DeFi (decentralized finance) space, as well as governance. A flash loan is, like it sounds, a very fast loan. It happens within a single blockchain transaction and no collateral is needed. Instead, the borrower needs to set up a series of trades using smart contracts that can all be executed at once, and they must yield a profit. If the trade doesn’t yield a profit, the transaction is cancelled and the loan is not approved....

The Top 4 Supply Chain Security Risks of Blockchain Smart Contracts

Smart Contract Risks
Code reuse is considered best practice in software engineering.  Reusing high-quality, secure code can speed development processes and often results in higher-quality code than software developed entirely from scratch.  Additionally, the reuse of high-quality, audited libraries reduces security risks by decreasing the probability that new vulnerabilities will creep into the code base. In open source communities such as the blockchain and crypto community, code reuse is even more strongly encouraged.  Open-source code released with permissive licenses is intended to be reused in other projects. However, this can also create security risks.  Smart contracts and other software that reuses existing, open-source code can inherit vulnerabilities from these dependencies or introduce new ones.  These are the four most significant supply chain security risks...

Most popular articles this week