Recent Block Chain Attacks And Hacking

Introduction

Blockchain technology has been expanding and developing at a quick pace. Many new developments have happened, and the blockchain technology market has had many entrants. Many private institutions in the world are now utilising the blockchain technology in processes such as verifying records and recording transactions. Also, many governments and profit-based institutions are also investing in this technology to power future times. Companies traversing the International Monetary Fund, The European Union, and the United States have also invested in research initiatives for this technology (Boireau,2018,9). Moreover, most central banks and governments such as the Bank of Japan, Canada and Russia’s president; Vladimir Putin have been attracted in introducing the digital cryptocurrencies. Nearly, all multinational Companies from the Western Union to the Walmart Company have invested in this technology. Briefly, blockchain has enabled companies to remove brokers and other central parties in some processes, thus eliminating problems such as security risks, human error and time wastage. Nevertheless, the increased use of cryptocurrencies such as the bitcoin has made the blockchain technology be hacked and lots of US Dollars has been stolen. This paper will provide an analysis of recent hacks, hacking techniques and how these hacks can be counter measured.

Whatsapp

Critical Analysis

In many cases, the blockchain technology consumers, cryptocurrency companies and blockchain implementations that have become well adopted such as Ethereum and Bitcoin. Attackers have developed different methods to target businesses and consumers. These methods include;

Phishing Technology Malware (Crypto jacking, ransomware and miners) Implementation of Vulnerability.

In 2016, the number of ransomware families increased in number. This is because they were the primary tool that was used by attackers to acquire cryptocurrency. Cybercriminals had easy-access to tools most specifically the HideenTear which was perceived on being an educational tool. It was used by these actors to build many variants which required payment in the form of Bitcoins as ransom. Most of these variants required payments by Bitcoin with few exceptions such as Kirk and Monero ransomware. In the year 2017, developers of ransomware started broadening their interest in cryptocurrencies (Park, 2017,164) Bad actors began experimenting with different cyber currencies, commonly referred to as altcoins. The most preferred alternative was the Monero and lesser-known coins, for example, Dash, attracted considerable attention. The GandCrab discarded Bitcoin and favoured Dash, and it launched various attacks on Adobe Flash Player and the Microsoft Internet Explorer through the process of malvertising.

Before the year 2016, malicious coin mining was the primary methods of acquiring cryptocurrency. Although mining is less common that ransomware, cases of mining increased in 2017 and 2018. Old malware has been retooled as new miners have quickly appeared with mining capabilities. Ransomware families started to double their mining functionality. For instance, early this year, Black Ruby was discovered and demanded six hundred and fifty dollars in Bitcoin for ransom. This malware uses favourite open sources such as XMRig Monero software on devices that have been infected (Liang & Weller et.al,2018,23). Another mining activity that was discovered in January this year also uses the XMRig. Such open-source tools have contributed significantly to mining malware increasing dramatically.

Over the past six months, most malware developers have appeared to have shifted to cryptocurrency mining from ransomware. According to the Global Threat Intelligence data, ransomware attacks declined by thirty-two per cent in the first quarter in2018 from the last quarter in 2017(Atzei & Bartoletti et al, 2017,168). On the other hand, mining has increased by one thousand one hundred and eighty-nine per cent. Miners mainly target PCS and other devices. For instance, In China, the ADB exploited android phones to mine the Monero coin. The ADB miner runs over port 5555. The android phones were also infected with XMRig miner. The ABD Miner reused codes from Mirai botnet, which rose in 2016 and was seen in various global attacks. By February 2018, the attackers behind the malware had infected an approximate of seven thousand devices mostly in Korea and China. In multiple cases, such attacks did not use the blanket approach as they had specific target groups.

Another malicious miner targeted gamer on a Russian forum. In this case, the unsuspecting gamers were tricked and made to download the malicious software which utilised their computer resources with the aim of making profit. The miner watched open windows such as Process Hacker and Window Task Managers with the intention of not arousing suspicion and maintained persistence. The suspected attacker is also alleged to be behind other game software and the attacker posts malware on different Russian forums. It is both time and cost consuming for attackers to write malware of their own. As opposed to research and writing own exploits, most malware authors choose to state vulnerabilities that are known and disclose their exploits publicly assuming that most machines are always ready for attacks and they remain unpatched. This assumption is entirely correct as in 2017, Smmominru an illegal miner was estimated to create more than three million dollars in Monero coins. The EternalBlue Exploit that was leaked by the hacking group; Shadow brokers publicly, made headlines with the WannaCry malware being highly successful and impacted machines around the world. This exploit took advantage of a Server Message Block vi flaw in Microsoft Windows. Smominru was among the families that greatly profited from the EternalBlue. The WannaMine also used the EternalBlue in propagating through its network.

This method entails browsers being hijacked to mine cryptocurrencies. Just like ransomware, campaigns associated with crypto jacking dealt with altcoins. Later last year, the Archive Poster was found mining Monero coins without permission. Victims to this incidence discovered the issue when they started complaining that they were using high CPU. By that time, more than a hundred thousand individuals had downloaded the miner (Yli-Hummo, 2016,11). Various versions from the application included the process of crypto jacking JavaScript from the Monero Coinhive and this entrenched easily into tools and websites. Most organisations usually implement the Coinhive and other people particularly miners, monetise the resources for their visitor’s devices. Mining is then considered as not malicious if the parties reach an agreement.

Nevertheless, most sites leave visitors uncertain about various issues such as slow performance since they do not disclose information on mining. Website owners might not be responsible for adding crypto jacking codes; this was the scenario with YouTube. The popular video-sharing website had a flaw, and this gave malicious advertisers a chance to inject crypto jacking codes into advertisements for mining cryptocurrencies such as Ethereum and Bitcoins. This matter was however resolved after the removal of malicious advertisers from the YouTube site and blocking the ads. Most cybercriminals have taken malvertising lessons and use the knowledge in suiting their campaigns. An approximate of thirty thousand sites have been found hosting the Coinhive mining code with and without their consent.

This type involves attacks that are against the implementation of the blockchain and its supporting tools. Nevertheless, as people get closer to the blockchain technology’s core, the harder it is to succeed with attacks. Typically, such threats are web applications and exploiting traditional software. The Bitcoin wiki has maintained a list that includes common exposures and vulnerabilities that are related to their tools. Such vulnerabilities have led to denial in coin theft, data exposure and service attacks. Even though such vulnerabilities are very impactful, they are typically fixed and discovered after being released. It is therefore hard to maintain and build secure codes mainly due to the explosive and popularity of the blockchain technology (Bohme & Christin et.al,2015,220). The vulnerabilities related to the Bitcoin tools have significantly reduced, and this has made consumers gain a sense of confidence in the cryptocurrencies. In February this year, an exploit by PyBitmessage zero-day struck. This is a tool for transferring messages that mirrors the Bitcoin’s block transfer and transaction system. The tool uses the concept of blockchain proof to reduce spam and for message transfers. Attackers utilised this exploit with the aim of executing codes on devices by sending messages that were specially crafted. They then ran scripts that were automated so that they could look for Ethereum wallets and created reverse shells for access.

Third-party bitcoin tools are more accessible targets as they have fewer resources and small communities to respond to problems and to secure codes. It is very rare to see a compromise in implementation. Such a case was disclosed in July 2017 against lota. Vulnerabilities allowed the attackers to create forged signatures, hash collisions and this enabled them to steal coins from many wallets (Hong, 2017, 164). This flaw was fixed, but it required a hard fork on the network to remove using Curl, a cryptographic function that is custom built. Such a problem came into being due to the cryptography rule that states that no one should create their crypto. Cryptography is indeed a problematic technology to make it right. All changes or customised codes to functions related to crypto should be vetted heavily before being produced. Even technologies that have been established can have issues, as it was witnessed by the migration of the industry from MD5 hashing to SHA-256 hashing. Insecure blockchain has brought so many problems. For instance, the Verge development was inadequately equipped to dealing with the many vulnerabilities that it faced during its implementation when it was attacked in April 2018. The attackers mined new coins without spending mining power and this created adverse effects of forking the coin. In other words, it created the problem of having a new coin that is separate from the first coin. The impact on the coins’ value remains to be witnessed.

These scams are the most common attacks on blockchains as they have high success rates and are quite prevalent. For instance, the lota cryptocurrency caused victims to lose more an approximate of four million in a phishing scam that lasted for a few months. The attacker was registered as iotaseed[.]io, provided the working seed generator for Lota’s wallet. This service was successful as it advertised and made victims create wallets successfully, and this provided a false sense of trust and security. The attacker then waited patiently and took the advantage to build trust from the victims. For six months, the attacker collected logs and then started his attack, In January 2018, using the stolen information, the attacker transferred all the funds that were in the victims’ wallets.

Order Now
  • Recommendations on how the blockchain attacks can be counteracted Introducing harsh and strict laws to punish blockchain technology attackers. The introduction of policies and laws to punish attackers such as long sentences in prison
  • Having the two-factor authentication If individuals keep their cryptocurrencies on exchanges so that they can have active trading or any reason, they ought to understand what the currencies are and how to use them.
  • Not leaving cryptocurrencies on the exchanges for more than what is sufficient for trading It is important to note that if one is not trading the cryptocurrencies actively, then one should take it off the exchanges. Even if one’s account is safe and secure, even exchanges can be hacked as we witnessed in Mt. Gox hack.

Conclusion

The use of blockchain technology; the technology that underpins cryptocurrencies such as Ethereum and Bitcoin has dramatically increased in the world. People everywhere and news have talked about how people are investing and trading using cryptocurrencies mostly the Bitcoins and the advantages that they have. However, just like how any network can be attacked, the Blockchain technology is not an exception, and when it comes to matters regarding security, blockchain is prone to attacks and hacks. Many hacks have occurred and have caused victims to lose much money. It is therefore important that blockchain technology users become extra careful while dealing with cryptocurrencies.

References

  • Atzei, N., Bartoletti, M. and Cimoli, T., 2017. A survey of attacks on ethereum smart contracts (sok). In Principles of Security and Trust (pp. 164-186). Springer, Berlin, Heidelberg.
  • Böhme, R., Christin, N., Edelman, B. and Moore, T., 2015. Bitcoin: Economics, technology, and governance. Journal of Economic Perspectives, 29(2), pp.213-38.
  • Boireau, O., 2018. Securing the blockchain against hackers. Network Security, 2018(1), pp.8-11.
  • Hong, S., 2017. Development of a Secure and Intelligent IoT System based on a Consortium Blockchain.
  • Liang, G., Weller, S.R., Luo, F., Zhao, J. and Dong, Z.Y., 2018. Distributed blockchain-based data protection framework for modern power systems against cyber-attacks. IEEE Transactions on Smart Grid.
  • Park, J.H. and Park, J.H., 2017. Blockchain security in cloud computing: Use cases, challenges, and solutions. Symmetry, 9(8), p.164.
  • Yli-Huumo, J., Ko, D., Choi, S., Park, S. and Smolander, K., 2016. Where is current research on blockchain technology? —a systematic review. PloS one, 11(10), p. e0163477.

Sitejabber
Google Review
Yell

What Makes Us Unique

  • 24/7 Customer Support
  • 100% Customer Satisfaction
  • No Privacy Violation
  • Quick Services
  • Subject Experts

Research Proposal Samples

It is observed that students take pressure to complete their assignments, so in that case, they seek help from Assignment Help, who provides the best and highest-quality Dissertation Help along with the Thesis Help. All the Assignment Help Samples available are accessible to the students quickly and at a minimal cost. You can place your order and experience amazing services.


DISCLAIMER : The assignment help samples available on website are for review and are representative of the exceptional work provided by our assignment writers. These samples are intended to highlight and demonstrate the high level of proficiency and expertise exhibited by our assignment writers in crafting quality assignments. Feel free to use our assignment samples as a guiding resource to enhance your learning.

Live Chat with Humans
Dissertation Help Writing Service
Whatsapp