Nowadays, it is very common to hear a corporate breach or data leak every day, which reminds every organization and corporate executive that their business can be next on the list of breached organizations. And blockchain companies are no exception; blockchain and cryptocurrency organizations are attracting more security threats with the growing popularity and value of cryptocurrencies.
For instance, IOTA was compromised on February 12, 2020. Hackers exploited a third-party integration of Trinity, a mobile and desktop cryptocurrency wallet by the IOTA Foundation. According to ZDNet, "it is believed that hackers targeted at least 10 high-value IOTA accounts and used the Trinity exploit to steal funds. While the IOTA team has not confirmed the value of the stolen funds, open-source reportings has the total at around $1.6 million worth of IOTA coins. IOTA is currently ranked #24 on the CoinMarketCap based on the currency's market cap size. The IOTA price fell from $0.35 per IOTA coin on Wednesday to $0.24 today."
That is not all, unfortunately; and that is why security validation is getting more important than ever for blockchain and cryptocurrency organizations. Whether an organization is a cryptocurrency maker, a cryptocurrency exchange, or any service provider in the blockchain ecosystem, it is susceptible to security threats every day. That said, let’s get to know the solution to their security problems.
What is Security Validation All About?
The entire process of validating the security controls of an organization by continuous testing its security infrastructure against probable attack vectors is referred to as security validation.
It is essential — especially nowadays — because organizations must complete scenario-based tests to confirm that the installed security controls work properly against the known and unknown threats.
Nowadays, organizations do not just need to confirm that the security controls are installed in place, but they also need to verify if they are working properly against potential threats. Also, they must confirm that the ongoing investments made into the cybersecurity infrastructure are guarding the organization. That said, let’s understand the problem that is solved using security validation.
The problem: there are a myriad of security products in the industry. So, any corporate executive or security professional can find the "best" security solution for their organization, but after installing the solution, the question becomes whether the product is expectedly working or not. Also, if an organization works with multiple security solutions, they may not necessarily integrate or work well together, doing more bad than good.
The solution: security validation.
"Security leader should engage in a continuous security posture and assessment applied to its highest risk threat vectors", according to Cymulate, a risk validation and breach and attack simulation platform.
If cybercriminals are attacking the security infrastructure of an organization every day, the organization must challenge its defenses every day as well, right? It is called continuous security validation — one of the most useful types of security validation — that tests and validates the security solutions every now and then, making sure that the installed security defenses are ready to fight off any type of cybersecurity attack or threat.
How Blockchain Organizations are At Risk?
All blockchain and cryptocurrency organizations work on one novel technology behind cryptocurrencies: blockchain. Though blockchain or distributed ledger technology seems powerful enough to change the pillars of societal economics, it does not come without its issues. First of all, this technology is new, and it is subject to change. And scalability and security issues are also to be considered. With the changing technology, the associated risks will shift as well, creating or changing cybersecurity issues for the end-users as well as organizations.
Moreover, many of the blockchain organizations directly deal with money (in terms of cryptocurrencies), so they prove to be lucrative targets for attackers. If they can compromise and steal wallets — even just one wallet — of such an organization, they may get lucky with millions of dollars in cryptocurrencies. Also, blockchain technology — being a peer-to-peer network technology — faces significant security issues from its nodes as well. Even if one of the nodes of the network is compromised, it may help the hackers to do harm. Then, there is an issue of 51% attack on the network as well, which involves controlling 51% of a blockchain network that allow hackers to mine their own cryptocurrencies.
For instance, Binance — one of the biggest cryptocurrency exchanges on the planet — faced a large-scale security breach in August 2019, allowing the hackers to steal more than $40 million in Bitcoins. Being one of the most reputed and used exchanges, Binance must have heavily invested in cybersecurity controls, but then too, hackers were able to compromise its systems. This is enough to understand the risks for blockchain and cryptocurrency organizations.
Though it went alright for Binance since the stolen money was just 2% of its holdings, it may not go fine for all other organizations. For example, Altsbit — one of the new cryptocurrency exchanges — got hacked in February 2020, losing more than $72.5 million in multiple cryptocurrencies including Bitcoin (BTC) and Ethereum (ETH). Unlike Binance, Altsbit lost most of its cryptocurrency holdings in the hack, and so it had to shut down due to insufficient funds to continue operations — just four to five months after it was launched for the traders.
Binance CEO Zhao Changpeng announced "hackers were able to obtain a large number of user API keys, 2FA codes and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used." And Altsbit was launched as a rebranded service with "adding user security functions" as one of its roadmap items.
That said, hackers compromised a not-so-secured exchange with a tweet saying "we assure that @altsbit didn’t had (sic) proper security to stop Lulz Canon. Many others to follow. Better Stack up the Security – Note to other Exchanges," according to CoinDesk. But hackers also compromised one of the most trusted and secured exchanges on the planet — Binance, proving that the existing security controls at many of the blockchain and cryptocurrency organizations are at risk, sadly.