This article concludes our four-part series on the basic differences between traditional IT security and blockchain security. Previous articles discussed the security differences critical for node operators, smart contract developers, and end users. In many ways, Security Operations Center (SOC) analysts and node operators face similar blockchain-related security challenges. The scale of SOC operations brings...

This article is the third in a four-part series exploring the differences between traditional IT security and blockchain security.  Check out the first two articles in the series exploring the differences for node operators and application developers. This article explores how user security differs between traditional IT and blockchain environments.  While identical products and services...

This article is the second in a four-part series discussing the differences between traditional IT security / cybersecurity and blockchain security.  Check out the first article in the series discussing the differences for node operators. This article focuses on the differences between application security (AppSec) for traditional applications and smart contracts.  While the first blockchains,...

Blockchain is a rapidly-evolving technology with a great deal of interest and investment. Decentralized Finance (DeFi), in particular, has a great deal of money invested in it as well as a growing number of high-profile and expensive hacks.  Beyond DeFi, many companies, both large and small, are investing heavily in blockchain technology. As blockchain increasingly...

The most comprehensive ranked list of the biggest DeFi and crypto hacks in history (Up until November 1, 2022. We suspect an even larger crypto hack is just behind the corner) It wasn’t easy digging through the entire history of cybercrime involving cryptocurrencies, but we wanted to get to the bottom of which crypto hacks...

Proving knowledge of a secret is the basis of password-based authentication systems.  The assumption is that only you know your password.  If this is the case, entering your password into a system proves your identity and grants you access to your account. However, this approach doesn’t work as well on the blockchain, where everything stored...

What Are Blockchains Layers 0, 1, and 2? A blockchain is a complex, multi-layered system.  Bitcoin, the original blockchain, maintained a distributed and decentralized digital ledger on top of a peer-to-peer network.  Later blockchains, like Ethereum, added complexity by integrating smart contract functionality and the technology needed to support these programs that run on top...

In recent years, many organizations have adopted more modern development practices, including Agile, Scrum, and DevOps.  The goal of these new processes is to improve the pace and efficiency of development by streamlining the development process and using automation whenever possible. One of the main shortcomings of most DevOps programs is that they overlook security,...

Table of ContentsCyber-Attack Strategies in the Blockchain Era – A Framework for Categorizing the Emerging Threats to the Crypto EconomyMarket attacksPump-and-dumpExit scamRug-pullInvestment scamFront runningEconomic attacksPhishingSpear phishingExtortionRansomwareChurningCelebrity-based scamsConsensus attacksFinney attackRace attackVector7651% majority attackNothing-at-stakeWeak subjectivityLiveness denialCensorshipPrecomputation attackSelfish miningBribery attacksLong-range PoS attacksSimplePosterior CorruptionStake BleedingNetwork-level attacksRouting attacksSybil attacksDDoS (Distributed Denial of Service)Eclipse attacksTransaction MalleabilityTimejackingWallet attacksSeizure of Private Keys (Hot...

The worlds of financial crime and cybercrime are colliding, converging into one. The biggest threat to businesses globally is the new cyber-enabled financial crime. Yet businesses and even financial institutions tasked with protecting our money continue to fight this combined threat with multiple separate defense systems and multiple separate defense teams. The situation is like...