{"id":2303,"date":"2022-11-30T11:44:39","date_gmt":"2022-11-30T09:44:39","guid":{"rendered":"https:\/\/aiternalex.com\/?p=2303"},"modified":"2022-12-13T20:16:29","modified_gmt":"2022-12-13T18:16:29","slug":"blockchains-security","status":"publish","type":"post","link":"https:\/\/aiternalex.com\/en\/blockchain-en\/blockchains-security\/","title":{"rendered":"Blockchains and Security"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2303\" class=\"elementor elementor-2303\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4817103f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4817103f\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-447414cd\" data-id=\"447414cd\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5e3c21ad elementor-widget elementor-widget-text-editor\" data-id=\"5e3c21ad\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.9.2 - 21-12-2022 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#818a91;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#818a91;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p class=\"p1\"><span class=\"s1\"><b>Blockchain is a digital ledger that records transactions across many computers.<\/b> It is a distributed database, meaning there are many copies of it and new information can be added only if all participants in the network agree.<\/span><\/p><p class=\"p2\"><span class=\"s1\">Blockchain technology is a powerful tool for improving security and reliability: however, it is not without its risks and dangers.<\/span><\/p><h3 class=\"p2\"><span class=\"s1\"><b>EXPLOITS<\/b><\/span><\/h3><p class=\"p2\"><span class=\"s1\"><b>The most prominent risk in blockchain technology is the vulnerability to exploits. <\/b>These are threats to the blockchain that arise because of bugs or violations of assumptions in the system&#8217;s design. There are two types of exploits: those that exploit bugs (e.g., denial-of-service attacks) and those that take advantage of flaws in the system&#8217;s design (e.g., reentrancy). For example, an attacker can use a denial-of-service attack to make a node go offline by sending it an overwhelming number of messages or queries that it cannot handle.<\/span><\/p><h3 class=\"p2\"><span class=\"s1\"><b>REENTRANCY <\/b><\/span><\/h3><p class=\"p2\"><span class=\"s1\"><b>A reentrancy exploit happens when an attacker sends two different transactions at the same time, one after another, with each transaction making changes on behalf of the attacker without waiting for the other transaction to finish executing first.<\/b> The second transaction will be able to carry out its changes even before the first transaction returns a response. If a blockchain\u2019s transactions are not atomic, that means that if an attacker sends two transactions at once, and the second transaction executes before the first one finishes executing, it can carry out its changes without waiting for the first transaction to finish. This is called reentrancy and is considered to be a major problem for blockchains like Ethereal due to its reliance on smart contracts.\u00a0<\/span><\/p><h4 class=\"p1\"><span class=\"s1\"><b>Other types of security concerns<\/b><\/span><\/h4><p class=\"p3\"><span class=\"s1\">Security in blockchains is a key concern for many investors and companies who are looking at ways to use blockchain technology in their business model. In addition to the ones stated above, <em>there are various other risks that need to be addressed such as human errors, phishing attacks, and code vulnerabilities<\/em> (especially in smart contracts enabled chains).<\/span><\/p><h3 class=\"p3\"><span class=\"s1\"><b>CODE VULNERABILITIES <\/b><\/span><\/h3><p class=\"p3\"><span class=\"s1\"><b>Code vulnerabilities are a direct consequence of the smart contracts, a form of code supported by many Blockchains.<\/b> Smart contracts are computer protocols that execute the terms of a contract. The best way to think about them is as a self-operating computer program that automatically executes when certain conditions are met.<\/span><\/p><p class=\"p3\"><span class=\"s1\">The vulnerabilities in smart contracts are caused by poor coding and bugs in the code. There is a lot of risk within them, due to the difficulty of editing after they have been deployed. Bugs can be exploited by hackers, who can use them to steal money or data from the blockchain, eg. accessing functions of the code that shouldn\u2019t have been executable.\u00a0<\/span><\/p><p class=\"p1\"><span class=\"s1\">In the blockchain world, smart contracts are used to automate some of the processes that are usually done manually, but as always, automation increases the level of risk.<\/span><\/p><p class=\"p1\"><span class=\"s1\">One of the most typical vulnerabilities is the reentrancy risk stated above, which affects smart contracts in a very common way due to their method based structure with self assessed access control.<\/span><\/p><h3 class=\"p1\"><span class=\"s1\"><strong>PHISHING ATTACKS<\/strong><\/span><\/h3><p class=\"p3\"><span class=\"s1\">On the other side, phishing is<b> when someone steals your credentials for a service such as logging into your bank account or social media account, by pretending to be another person <\/b>who you know from an email, text message, phone call, etc. Private keys are used to sign transactions on a blockchain which means that if someone were able to steal your private key, they would have access to your funds and to all the functions of the smart contracts you deployed.<\/span><\/p><p class=\"p3\"><span class=\"s1\">Phishing scams are, in general, the most common type of cyberattack. Malicious actors use social engineering to gain access to your private key in order to take control of your account.<\/span><\/p><p class=\"p1\"><span class=\"s1\">It\u2019s usually a pattern comprised of four steps:<\/span><\/p><ol class=\"ol1\"><li class=\"li1\"><span class=\"s1\">Fraudsters will create a <b>fake website<\/b> that looks identical to the legitimate one;<\/span><\/li><li class=\"li1\"><span class=\"s1\">They will send<b> spam emails<\/b> or messages on social media sites like Facebook, Twitter, etc.;<\/span><\/li><li class=\"li1\"><span class=\"s1\"><b>They will then trick you<\/b> into entering your private key or mnemonic phrase on their site;<\/span><\/li><li class=\"li1\"><span class=\"s1\">And finally, they will steal the information they need from you and <b>use them to act on your behalf<\/b>.<\/span><\/li><\/ol><p class=\"p2\"><span class=\"s1\">Phishing is not a new phenomenon but it has become more sophisticated with the advent of social media and other online tools. It can be difficult for people to recognize phishing attempts because they are made to look like legitimate messages from trusted sources.<\/span><\/p><h3 class=\"p1\"><strong><span class=\"s1\">Human Errors<\/span><\/strong><\/h3><p class=\"p3\"><span class=\"s1\">Last but not least, there are many types of human errors that can lead to security breaches in blockchain networks. <b>The most common type of human error is social engineering, which is an attack that uses deception to gain access to private information or data.<\/b> Human error is a big risk in blockchain security because of its complexity. Social engineering is a type of human error that can be mitigated by ensuring people are well trained in what to do and what not to do when interacting with blockchain technology. Social engineering attacks can occur when humans are given organizational information that they&#8217;re not supposed to have access to, like passwords or keys (as stated before). We just talked about the most common type of social engineering attack &#8211; phishing &#8211; but as stated before it doesn\u2019t stop there: other vectors of attacks are:<br \/><\/span><\/p><ul class=\"ul1\"><li class=\"li1\"><span class=\"s2\"><b>spoofing<\/b>, which is when someone pretends to be someone else through email or phone, usually with matching geographical location;<\/span><\/li><li class=\"li2\"><span class=\"s2\"><b>vishing<\/b>, which is when hackers call a victim on the phone and persuade them to give information for something that doesn&#8217;t exist.<\/span><\/li><\/ul><h3 class=\"p1\"><span class=\"s1\"><b>Malicious actors: scams and rug pulls<\/b><\/span><\/h3><p class=\"p3\"><span class=\"s1\">The crypto world is full of scam projects. It is important to be able to spot them before investing in a project.<\/span><\/p><ul class=\"ul1\"><li class=\"li4\"><span class=\"s1\"><b>A scam is an intentional deception or fraud<\/b>, typically involving the use of false or misleading information designed to take advantage of others.<\/span><\/li><li class=\"li3\"><span class=\"s1\"><b>A rugpull is a tactic used by market manipulators that involves convincing investors into buying tokens often by issuing positive statements about the project\u2019s prospects<\/b>, while having the only intention to pull (as to remove) all the value injected by users to steal it.<\/span><\/li><\/ul><p class=\"p1\"><span class=\"s1\">The crypto market is not a safe place and there are many people who want to take advantage of the lack of knowledge and experience. Scam projects are often launched by developers with the intention to steal from investors. They promise unrealistic returns in order to get more attention for their project, but in most cases, they fail miserably or just disappear without a trace. Some other ways scammers try to take advantage of inexperienced investors are:<\/span><\/p><ul class=\"ul1\"><li class=\"li2\"><span class=\"s1\">Promising guaranteed profits that cannot be achieved in reality<\/span><\/li><li class=\"li2\"><span class=\"s1\">Selling tokens at a discounted rate<\/span><\/li><li class=\"li2\"><span class=\"s1\">Creating fake ICOs<\/span><\/li><li class=\"li1\"><span class=\"s1\">Promising free tokens in return for major assets<\/span><\/li><\/ul><p class=\"p1\"><span class=\"s1\"><b>Scams are a major problem in the crypto space. With so many projects launching and tokens being distributed, it is becoming more and more difficult for the average user to distinguish between a scam and a legitimate project.<\/b><\/span><\/p><p class=\"p1\"><span class=\"s1\">To defend yourself from those risks, you should only invest in tokens with liquidity lock-ups. This prevents the token from being sold on the market before its release date, which reduces the chance of a scam or rugpull happening. With locked liquidity, nobody is able to pull the invested value from the project. Is also very important to be aware of the circulating supply of the token you are invested in and of the distribution of the same (tokenomics).<\/span><\/p><p class=\"p1\"><span class=\"s1\">Having actors with unlocked high percentages of the total supply is a concrete risk.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Blockchain is a digital ledger that records transactions across many computers. It is a distributed database, meaning there are many copies of it and new information can be added only if all participants in the network agree.<\/p>\n","protected":false},"author":7,"featured_media":2305,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[56],"tags":[],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/aiternalex.com\/wp-content\/uploads\/2022\/11\/BLOCKCHAIN-AND-SECURITY.jpg","_links":{"self":[{"href":"https:\/\/aiternalex.com\/en\/wp-json\/wp\/v2\/posts\/2303"}],"collection":[{"href":"https:\/\/aiternalex.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aiternalex.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aiternalex.com\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/aiternalex.com\/en\/wp-json\/wp\/v2\/comments?post=2303"}],"version-history":[{"count":6,"href":"https:\/\/aiternalex.com\/en\/wp-json\/wp\/v2\/posts\/2303\/revisions"}],"predecessor-version":[{"id":2355,"href":"https:\/\/aiternalex.com\/en\/wp-json\/wp\/v2\/posts\/2303\/revisions\/2355"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aiternalex.com\/en\/wp-json\/wp\/v2\/media\/2305"}],"wp:attachment":[{"href":"https:\/\/aiternalex.com\/en\/wp-json\/wp\/v2\/media?parent=2303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aiternalex.com\/en\/wp-json\/wp\/v2\/categories?post=2303"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aiternalex.com\/en\/wp-json\/wp\/v2\/tags?post=2303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}