Posted: August 15, 2018 -
The art markets are becoming crowded with cryptocurrencies: Bitcoin, Ether, CodexCoin, Bitchcoin, ART, CLIO, and many more. Technology ventures intend the digital currencies to act as a tender for Blockchain applications.
The creators of Blockchain intended the technology to be a distributed ledger of linked records for which every user in the Blockchain receives updates to the records. Each record is immutable, unchangeable. Bitcoin — considered the first cryptocurrency — was born in a Blockchain environment as a counterpoint to the control that central banks exerted over economies.
However, hackers have seen Blockchain wallets of digital currency as a new source of funds to steal. For instance, the Decentralized Autonomous Organization (DAO) was a kind of crowdsourced venture capital fund that allowed people to make investments using Ether. DAO had raised over US$150m in May, only to have more than US$50m drained by cyber criminals in June 2017. The theft reduced the value of the currency by a third. Bitfinex, a Hong Kong-based digital currency exchange, lost about $65m in a cyber attack in August. In the first half of 2018, cybercriminals stole more than US$1 billion from Blockchain wallets.
Ironically, the EU’s General Data Protection Regulation (GDPR) may undermine cybersecurity investigations into Blockchain thefts. The law came into force on May 25, 2018. Companies and institutions incorporated in EU countries will be responsible for the proper protection of personal data they collect and maintain. The intent of the GDPR is to give persistent control to consumers over personal data, including their transactions.
The regulation includes censoring the public databases that lead cybersecurity investigators to the origins of cyber thefts and the entities behind them. If hackers steal digital currencies and private data from Blockchain networks, GDPR may penalize Blockchain companies and benefit hackers.
The most popular kinds of hacks on Blockchain projects include:
- Routing Attacks
- Sybil Attacks
- 51% Attacks
- Direct Denial of Service (DDoS) Attacks
- User Negligence
FORM OF ATTACK
There are actually very few Internet Service Providers (ISPs) that host Blockchains. Though Blockchain is meant to be decentralized, the traffic within and between Blockchain networks is actually bottlenecked and easily diverted. Hackers have in many instances attacked ISPs to divert and siphon cryptocurrency transactions into the repositories of bad actors.
GDPR, however, would make it very difficult for internet forensic investigators to trace the origins of attacks to fortify defenses against future intrusions.
In Sybil attacks hackers invest in a large number of nodes in a Blockchain to essentially isolate legitimate nodes in the network. Nodes are Important members of the network that validate and pass around transaction data (like payments) and block data (additions to the ledger). However, the intention of the fraudulent nodes is to subvert transactions with legitimate users on the Blockchain. Fraudsters may falsify or interrupt transactions to steal cryptocurrency.
Hackers in several instances have gained majority stakes (at least 51%) in creating cryptocurrencies on some Blockchains. The power they gain means that criminals can mine cryptocurrency faster than anyone else on the Blockchain. Having majority control in the network also enables them to defraud cryptocurrency exchanges through ‘double spending’. Double spending involves committing to a transaction and receiving the goods or service associated with that transaction. Before the transaction completes on the majority holder’s side, though, hackers “fork” or cleave the Blockchain so they do not have to pay in kind for the transaction.
Direct Denial Of Service
Blockchains do not exist separate from the internet. They are just as susceptible to being crippled as any website. Direct Denial of Service (DDoS) attacks involve hackers transmitting a flood of requests and traffic to the servers that host a Blockchain network. The high volume data of seizes up the server and takes the Blockchain offline.
The Real Threat To Users? Users Themselves
Finally, Blockchain users are their own worst enemies. They use simplistic passwords or reuse passwords to guard their Blockchain wallets from attack. However, hackers have become expert over the years at stealing user credentials through email phishing attacks. Phishing involves users clicking on unsolicited links and divulging credentials. Also, hackers have developed software programs to figure out simplistic passwords. Breaking into a Blockchain network with hijacked credentials puts other users at risk. Criminals can perform all manner of fraud on the Blockchain, including stealing the private data of others.
Blockchain technology for the art market is still in its infancy. GDPR, however, while meant to protect computer users, actually encourages hackers to attack Blockchain networks. In some ways, GDPR makes it more difficult to keep the bad guys from enacting more crimes while punishing the companies that were hacked. Nevertheless, Blockchain users must be cautious in the stakes they take on Blockchain platforms, or lose more than just a night’s sleep.