# Is blockchain really 100% safe? *Learning about security in the blockchain* By [The lisa's notes](https://paragraph.com/@marga_lisa) · 2024-04-11 blockchain, tech --- [Blockchain technology](https://www.chainalysis.com/blog/what-are-blockchains/) runs on a distributed digital ledger system. A blockchain network is made up of a worldwide network of computers, known as nodes, validating and recording transactions. Every participant maintains a copy of the ledger, so there is no centralized authority or single point of failure. Each time a transaction occurs — such as sending or receiving cryptocurrency — it is recorded on a block. **But who is responsible for the security of the blockchain?** -------------------------------------------------------------- Maybe Vitalik Buterin or Satoshi Nakamoto? ![](https://storage.googleapis.com/papyrus_images/21db48269a76c38cc3b260afbd19680d.png) Self-proclaimed Satoshi Nakamoto (Craig Wright) and Vitalik Buterin There are different types of blockchain, as the public blockchain and private blockchain each has different functions and characteristics, the best known are the public blockchain as Bitcoin or Ethereum. ### **Public blockchain security** The founders are responsible for the initial source code and often inform the progress of the network through active participation, the overall **responsibility for securing a public blockchain like Ethereum is distributed among all participants in the network across the world.** This includes validators and node operators who maintain the network, and hundreds of thousands of developers who write code. **Since a public blockchain is a decentralized system, no single entity can claim sole responsibility for its security,** making it resilient against various types of attacks.  #### **Maintenance and development of public blockchains** Public blockchains often have associated organizations dedicated to advancing development and community engagement. By example Bitcoin has a dedicated team of maintainers responsible for the [Bitcoin Core](https://bitcoin.org/en/bitcoin-core/) software. **Any proposed changes must still be accepted by consensus, this is known as a Bitcoin Improvement Proposal or BIP**. Anyone — not just maintainers — can propose a BIP.  ![](https://storage.googleapis.com/papyrus_images/906d937a2c738a4c451eff8f3f553f4b.png) ### **Private blockchain security** Are exclusive networks with limited access, making them more centralized. This centralized control potentially enhances their resistance to certain external threats. But this means that there is a single point of failure, making it crucial for the institution to implement strong security measures. They are faster and more efficient due to less computational work required for consensus algorithms. However, because the entity granting permission also has authority over the network, there is a theoretical risk of the network being shut down or manipulated, a security risk that is not typically found in public blockchains. ### **What is Blockchain Consensus?** **_Before a block (made up of a group of transactions that occurred during a given time frame) is added to the chain, it must be verified by consensus._** That’s where consensus mechanisms come into play. There are several different consensus mechanisms, but the two most popular methods are Proof-of-Work and Proof-of-Stake. With blockchain, every participant has a role in maintaining its integrity. This technology is the foundation of popular cryptocurrencies like bitcoin and ether, and holds immense potential for the future of digital transactions and beyond. ![](https://storage.googleapis.com/papyrus_images/5e6c3a2eb835fc0db38389b09b572145.png) ![](https://storage.googleapis.com/papyrus_images/03374722a6b762fddd8b4d708cd5b4ed.png) Cointelegraph ### **Features of blockchain:** **Cryptography:** Every transaction on the blockchain is secured with cryptographic principles, ensuring data integrity and authentication. **Decentralization:** Blockchains operate across a network of computers (nodes). If a node or a group of nodes are compromised, the entire system remains largely unaffected.  **Consensus:** These algorithms ensure that all nodes in the network agree on the validity of a transaction. Common consensus algorithms include Proof-of-Work (PoW) and Proof-of-Stake (PoS). **Immutability:** Once a block is added to the blockchain, its content becomes immutable, meaning it cannot be changed or altered. **Transparency:** Since many blockchains are public ledgers, any change or transaction can be viewed by anyone, making malicious activity easily detectable. ### **Types of blockchain security breaches** Blockchain vulnerabilities and security breaches can be broadly broken down in three distinct categories: ecosystem vulnerabilities, attacks on smart contracts and protocols that operate on top of the blockchain. #### **Blockchain ecosystem vulnerabilities** A blockchain with a small number of nodes is more susceptible to ecosystem attacks than a large, well-distributed network. **Sybil attack **A Sybil attack occurs when a bad actor targets the peer-to-peer layer of the network in order to gain control of multiple nodes. * Targets the consensus layer of Proof-of-Work blockchains. * If an entity controls more than 50% of the network’s mining hashrate, they can disrupt the network by double-spending coins and halting the addition of new blocks.  ![](https://storage.googleapis.com/papyrus_images/b14003b3baaabb8f4c80208e972e481c.png) **The centralization of infrastructure** Many blockchain nodes that validate transactions are run on centralized cloud services like AWS. If centralized cloud infrastructure was targeted and a large portion of nodes were taken down, a network could become increasingly centralized and thus more vulnerable to other types of attacks. **Blockchain network congestion** Not enough validators to confirm the amount of proposed transactions, leading to delays in transaction processing and an increase in fees. In the worst cases, this can lead to downtime and instability, affecting confidence in the resiliency of a network. #### **Attacks on protocols and smart contracts that run on top of blockchain networks** **Bridge attacks **Tools that connect and allow seamless transfer of assets between different blockchain networks, enhancing the decentralized finance (DeFi) ecosystem. * Less secure than the blockchains * [70% of crypto cyber attacks](https://www.chainalysis.com/blog/cross-chain-bridge-hacks-2022/). **Layer2 vulnerabilities** These layer 2 systems, such as side-chains or Rollups, interact with the main-chain, imposing a load on it, and sacrificing decentralization and security for higher throughput . Blockchain security threats include attacks on the network, smart contracts, and privacy breaches. **Protocol hacks and exploits** **_Protocols are basic sets of rules that allow data to be shared between computers_**. For cryptocurrencies, they establish the structure of the blockchai * By example an attacker pass a malicious market contract address, bypassing the permit check, and executing a malicious deposit function to steal assets deposited by users. * BadgerDAO incident, where a hacker compromised a Cloudflare API key and was able to steal $120M in funds. * Approximately $7.3M were stolen from Exactly Protocol. The hackers then bridged 1,490 ETH using the Across Protocol and 2,832.92 ETH to the Ethereum network via Optimism Bridge. Exactly is one of the crypto lenders on the Optimism network. ![](https://storage.googleapis.com/papyrus_images/9c59f05a7aea699f485b319562099128.png) **Other smart contract vulnerabilities **Coding flaws in smart contracts can be exploited in various ways. * DAO incident on Ethereum an attacker exploited a vulnerability in its smart contract, draining around a third of The DAO’s funds (valued at about $50 million at the time). This event led to a contentious hard fork in the Ethereum community, resulting in the creation of Ethereum (ETH) and Ethereum Classic (ETC). #### **Attacks on popular infrastructure and users** **Popular software attacks **One notable example was an exploit on Solana mobile wallet Slope, enabling an attacker to steal over $8M worth of SOL. For a time, it was thought that the Solana blockchain itself was compromised. **Centralized exchange hacks** Centralized platforms where users trade digital assets, have always been targets for hackers. One of the most famous incidents is the [Mt. Gox hack](https://www.chainalysis.com/blog/ftx-vs-mt-gox-collapse/) in 2014, where approximately 850,000 bitcoins were stolen. **Malware **When the hacker infect a user’s computer with malware designed to steal wallet keys or perform unauthorized transactions. * This can be as subtle as malware detecting when a cryptocurrency address is copied, and substituting that address with a bad actor’s wallet address when pasted. ![](https://storage.googleapis.com/papyrus_images/a40c9429551bae14b00734edc83dfe8a.png) **Phishing attacks **Exploit individuals by fooling them into divulging sensitive information, such as private keys or passwords, typically through a bogus website or message that appears authentic. **SIM swap attack **This happens when an unauthorized individual gains access to your SIM card details and transfers them to their own device, gaining control over accounts linked to your phone number. Some of these attacks have been carried out by scammers simply calling the service provider and pretending to be the account owner. ![](https://storage.googleapis.com/papyrus_images/5014b771c6fa5502a71cdcabe1eee2f0.png) **Social engineering scams **This occurs when an attacker convinces someone to send them cryptocurrency or divulge private keys and passwords under false pretenses. **User error **Losing private keys, accidentally revealing private keys, and sending assets to the wrong address are all risks that crypto users face, but these aren’t flaws in the blockchain itself. --- *Originally published on [The lisa's notes](https://paragraph.com/@marga_lisa/security-on-blockchain)*