This article concludes our four-part series on the basic differences between traditional IT security and blockchain security. Previous articles discussed the security differences critical for node operators, smart contract developers, and end users. In many ways, Security Operations Center (SOC) analysts and node operators face similar blockchain-related security challenges. The scale of SOC operations brings...

This article is the third in a four-part series exploring the differences between traditional IT security and blockchain security.  Check out the first two articles in the series exploring the differences for node operators and application developers. This article explores how user security differs between traditional IT and blockchain environments.  While identical products and services...

This article is the second in a four-part series discussing the differences between traditional IT security / cybersecurity and blockchain security.  Check out the first article in the series discussing the differences for node operators. This article focuses on the differences between application security (AppSec) for traditional applications and smart contracts.  While the first blockchains,...

Recent events like the FTX meltdown have sparked interest and conversations about how the incident could have been prevented.  In the case of FTX, the primary problem was that the platform did not hold sufficient assets to cover its user deposits and liabilities. What are Merkle Trees and Proofs? Proof of Reserves and Proof of...

Blockchain is a rapidly-evolving technology with a great deal of interest and investment. Decentralized Finance (DeFi), in particular, has a great deal of money invested in it as well as a growing number of high-profile and expensive hacks.  Beyond DeFi, many companies, both large and small, are investing heavily in blockchain technology. As blockchain increasingly...

The most comprehensive ranked list of the biggest DeFi and crypto hacks in history (Up until November 1, 2022. We suspect an even larger crypto hack is just behind the corner) It wasn’t easy digging through the entire history of cybercrime involving cryptocurrencies, but we wanted to get to the bottom of which crypto hacks...

Code reuse is considered best practice in software engineering.  Reusing high-quality, secure code can speed development processes and often results in higher-quality code than software developed entirely from scratch.  Additionally, the reuse of high-quality, audited libraries reduces security risks by decreasing the probability that new vulnerabilities will creep into the code base. In open source...

Proving knowledge of a secret is the basis of password-based authentication systems.  The assumption is that only you know your password.  If this is the case, entering your password into a system proves your identity and grants you access to your account. However, this approach doesn’t work as well on the blockchain, where everything stored...

What Are Blockchains Layers 0, 1, and 2? A blockchain is a complex, multi-layered system.  Bitcoin, the original blockchain, maintained a distributed and decentralized digital ledger on top of a peer-to-peer network.  Later blockchains, like Ethereum, added complexity by integrating smart contract functionality and the technology needed to support these programs that run on top...

In recent years, many organizations have adopted more modern development practices, including Agile, Scrum, and DevOps.  The goal of these new processes is to improve the pace and efficiency of development by streamlining the development process and using automation whenever possible. One of the main shortcomings of most DevOps programs is that they overlook security,...