Note: This content is originally published by our partner DGC in their blog, the copyright belongs to DGC.
Cyberattacks are a real risk even in the blockchain environment. The Ronin Bridge Hack shows just how large the scale can be: this 51% attack stole crypto assets worth more than $600 million. Blockchain providers are called to action – but how exactly can vulnerabilities and security gaps in digital infrastructures be identified, closed, and thus risks minimized? We talked about this with our expert Julian Sauer, Software Developer for Blockchain/DLT at DGC.
Table of Contents
51% attack: blockchains are considered particularly secure – why should they still be continuously monitored?
Since the global transfer activities and processes of a digital blockchain are organized in a decentralized manner on millions of computers and run without instances such as banks, the technology is indeed considered particularly resistant to forgery and manipulation. But even here, there are vulnerabilities and attack vectors through which cybercriminals can gain access to financial flows and confidential data.
Especially since innovation projects are often introduced under pressure to benefit as quickly as possible from the potential for use and transformation and to gain a competitive advantage. In this context, it is enormously important to think about the topic of blockchain security from the very beginning. When identifying the current security situation and necessary further protection, it is important to distinguish between two blockchain variants: Public Blockchains and Enterprise Blockchains.
Public blockchains such as Bitcoin or Ethereum have a large number of participants and up to 400,000 validator nodes, each of which manages a large number of cryptocurrencies and must always be online due to its monitoring function.
On Ethereum, for example, each Validator Node manages cryptocurrency currently worth around $80,000. This makes the validator nodes an ideal target for hackers. Public blockchain operators should strive to ensure high-security standards: due to the size of the infrastructure, these must be optimized above all in specific areas.
In comparison, a private enterprise blockchain offers more security per se due to its restricted group of participants: Each operator of an associated network node must be officially admitted to the network – this limits the visibility of the shared data considerably. Providers can also ensure the level of security by using a suitable IT security tool such as cyberscan.io to specifically examine and optimize the security situation across the few nodes. This effectively secures the entire network against external attacks.
All-round protection is so important because the nodes of an enterprise blockchain are usually directly connected to the internal (payment) systems of their operators. As such, they represent a vulnerable point of attack for cyberattacks. Blockchain providers should address this real danger with a well-thought-out cybersecurity concept.
What exactly is a 51% attack?
Experts use the term 51 percent attack to refer to an attack variant on the blockchain in which the attacking hacker group gains control over most of the validator nodes located there. This can happen through the unnoticed takeover of these validator nodes, which, as an important security instance within a blockchain, preserve large amounts of crypto assets.
In this way, the attackers manage to change the consensus or resolution of the entire blockchain. They take over the function of hijacked validator nodes and decide on their own authority which transactions on the blockchain are valid and which are not. Thus, during a 51 percent attack, it is possible to redirect financial transactions and manipulate other confidential processes such as smart contracts in one’s own favor – with massive consequences for affected companies and blockchain operators.
The Ronin Bridge Hack shows how costly a 51% attack can be – what happened?
In the case of the Ronin Bridge Hack, which took place on March 23, 2022, and is one of the largest blockchain attacks to date, five of the total nine validator nodes of Ronin Bridge were hacked. Thus, cybercriminals managed to take over most signatures and steal large amounts of cryptocurrencies with a total value of more than $600 million.
More specifically, the attack took place on those validation nodes that form a bridge between the Ronin network and the Ethereum network to securely convert and validly transfer crypto assets to the other blockchain. At this point, the hacker group diverted 173,600 Ether and 25.5 million USDC tokens in two transactions, which converted to the amount in US dollars.
The loss was only noticed six days later – which illustrates that at the time of the attack, no cyber security such as vulnerability monitoring was in place that would have reported any anomalies early on. The network operator responded in the aftermath by publishing a security roadmap outlining steps to increase cybersecurity. Nevertheless, the damage to its image will be great – not to mention the sheer amount of damage.
How exactly does a cyberattack happen on the blockchain?
Whether blockchain or internal corporate IT infrastructure: cyberattacks generally take place in four phases. In the first step, the Exploration Phase, the attacker gathers information and looks at systems and infrastructures from the outside – with the aim of identifying existing vulnerabilities and security gaps.
Once a promising attack target has been identified, the hacker attempts to exploit the vulnerabilities using technical tools and penetrate the network in the following Penetration Phase. If this attempt is successful, the third Breakthrough Phase searches for assets – such as crypto assets or sensitive company data. In the final Execution Phase, the hacker then executes a script that encrypts data or, in the case of a blockchain attack, steals cryptocurrencies and transfers them to another wallet.
In the process, the stolen crypto assets are usually immediately “laundered” through a protocol to disguise the transaction paths. This is also the reason why cyber-attacks are difficult to trace.
How does the DGC avoid a cyberattack like a 51% attack in four steps?
Companies ideally act analogously to the cybercriminals’ four-phase approach to proactively close security gaps to minimize the risk of security incidents like a 51% attack. At DGC, we assist with this from the very beginning: First, we scan systems and infrastructures for vulnerabilities using our IT security tool cybercan.io to identify where potential points of attack lie. In the process, we also determine the criticality of the security gaps to define a prioritized approach to remediation. In the second step, we protect our customers’ data – regarding blockchains, especially crypto assets and confidential data – and support them in closing vulnerabilities quickly and comprehensively.
Furthermore, our IT security experts in the Cyber Defense Operation Center (CDOC) obtain an overview of the security situation by continuously monitoring the entire infrastructure. This means that unusual activities, such as those occurring during the penetration phase of the attacking hacker, are noticed immediately. We pass on this information around the clock so that our customers can take steps to contain or prevent damage. In blockchain infrastructures, for example, it is possible to pause smart contracts to prevent any transactions until the vulnerability has been closed.
Complementing this, it pays for blockchain providers to simulate common attack scenarios such as DDoS attacks as part of pentests. Here, the attacker floods a network with requests and traffic to cripple it and extort ransom from the operator or damage the blockchain’s reputation. Our pentesters play through these attacks with clients to establish system stabilizing measures.
Whether public or enterprise blockchain, providers are not on their own when it comes to optimizing existing security standards but can rely on the expertise and tools of experienced IT security service providers like DGC.