Attack on Cryptographic Systems:
Cryptocurrency and the blockchain
Which types of attacks on cryptographic systems do you think are of the most concern to contemporary IT security practitioners, and why?
I think attacks on cryptocurrency and the blockchain are of most concern to contemporary IT security practitioners because it undermines the confidence and trust to transact money and anything of value in the digital realm. Cryptocurrency, according to Google Dictionary, is “a digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank.” According to American Banker, “The original blockchain was created to track the movement of bitcoin, a digital currency, without the need to trust a centralized third party.” (Crosman, 2017) Bitcoin was invented by Satoshi Nakamoto. (Hackett, 2017) Blockchain has evolved to several distributed ledger technologies. Several different blockchain consortiums, such as Ethereum, R3, Digital Asset Holdings, Hyperledger Project, Ripple, have attracted big banks, investment banks, central banks, stock exchanges, financial services companies, big technology companies such as Goldman Sachs, Morgan Stanley, Citigroup, JP Morgan, Wells Fargo, BBVA, ING, ANZ, HSBC, RBC, the Bank of England, the Federal Reserve Bank of Boston, American Express, Credit Suisse, London Stock Exchange, CME Group, Accenture, Bank of America, IMB, Microsoft, Cisco, SWIFT. Hyperledger has 122 members. (Crosman, 2017) (Trivedi, 2017) JP Morgan, in addition to participating in consortiums, trying to establish common standard(s) is also developing its own blockchain in-house called Quorum. “Quorum is based on the Go Ethereum client, a software program that supports the Ethereum network.” (Crosman, 2017) Unlike and aside from the headline news of hack attacks that stole tens of millions, hundreds of millions, and even billion customer account information from across industries and across the world that victim institutions and account holders don’t know what ramifications and to what extent actual dollar value damages will incur, cryptocurrency hack attack dollar value impact damages are immediately known. Cryptocurrency heists have happened several times. “Bitcoin worth $72 million stolen from Bitfinex exchange in Hong Kong” (Reuters, 2016) An estimated $650 million worth of customers’ bitcoins were stolen from MtGox, a Tokyo-based bitcoin exchange, forced MtGox to file for bankruptcy in early 2014. (Reuters, 2016) “But hackers have never breached Coinbase’s own virtual fortress, and that impenetrability has earned it a reputation as the safest place to buy Bitcoin, helping it attract more than 9 million customers who store at least $3 billion in cryptocurrency there, and who have traded $25 billion to date on its retail brokerage as well as its institutional exchange, GDAX” (Wieczner, 2017) until now, the CEO of artificial intelligence startup Prome, Sean Everett got robbed of his Coinbase bitcoin wallet. It only took a few minutes. He witnessed it real time and couldn’t do anything about it. Fortune described his experience. He received a call:
​
It was T-Mobil ringing him to confirm that it was switching his phone number to a different device. It was a suspicious move that Everett had most certainly not requested. But even as he pleaded with the agent to block the switch, it was too late. Less than five minutes later, Everett’s cell service abruptly shut off, and as he rushed to his computer, he saw himself being robbed in real time. A raft of email notifications confirmed that someone had taken control of his main Gmail account, then broken into his Coinbase “wallet.” They’d gotten in with the help of his switched-over phone number. Everett’s account required him to log in with a two-factor authentication code sent by text message, as a second safeguard – and now the text had gone straight to the thief. It took only two minutes for the attacker to clean Everett out of what was then a few thousand dollars’worth of digital coins. From Everett’s perspective, the even more painful heist was what came next: Ethereum’s price quadrupled over the next three weeks [That could’ve been his gain from the holdings of Bitcoin and Ethereum using Coinbase] “I’m not only still out my money, I also didn’t get the rise in price,” he lamented (Wieczner, 2017)
Has security improved since 2017? Based on Bloomberg article, it hasn’t:
​
The 2018 selloff in cryptocurrencies deepened, wiping out about $42 billion of market value over the weekend and extending this year’s slump in Bitcoin to more than 50 percent.
Enthusiasm for virtual currencies has waned partly due to a string of cyber heists, including the nearly $500 million theft from Japanese exchange Coincheck Inc. in late January. While the latest hacking target -- a South Korean venue called Coinrail -- is much smaller, the news triggered knee-jerk selling, according to Stephen Innes, head of Asia Pacific trading at Oanda Corp. in Singapore. (Lam, Lee, & Robertson, 2018)
​
Source:
​
Crosman, P. (2017, April 28). JPMorgan defection underscores tough blockchain choices. Retrieved from American Banker:
https://www.americanbanker.com/news/jpmorgan-defection-underscores-tough-blockchain-choices
​
Hackett, R. (2017, Feb 27). Big Business Giants From Microsoft to J.P. Morgan Are Getting Behind Ethereum. Retrieved from Fortune:
http://fortune.com/2017/02/28/ethereum-jpmorgan-microsoft-alliance/
​
Lam, E., Lee, J., & Robertson, J. (2018, June 10). Cryptocurrencies Lose $42 Billion After South Korean Bourse Hack. Retrieved from Bloomberg:
​
Reuters. (2016, Aug 3). Bitcoin worth $72 million stolen from Bitfinex exchange in Hong Kong. Retrieved from CNBC:
https://www.cnbc.com/2016/08/03/hong-kong-bitcoin-exchange-says-it-was-hacked-trading-suspended.html
​
Trivedi, A. (2017, Apr 20). Navigating the Maze of Blockchain Consortia. Retrieved from Let's Talk Payments:
https://letstalkpayments.com/navigating-the-maze-of-blockchain-consortia/
​
Wieczner, J. (2017, Aug 21). Hacking Coinbase: The Great Bitcoin Bank Robbery. Retrieved from Fortune: