I notice it has been another month since my last blog post... time really does fly! Here in Belgium, we are in yet another (semi, for now) lockdown. I am stuck at home with the kids and they need my full attention. It is physically, mentally, emotionally pretty draining to say the least. But hey you: I wish you happy Christmas holidays 🎄, and a fabulous 2022 🎆!
When I started this blog I originally wanted to zoom in on the entire spectrum of possible attacks on blockchains and the corresponding defenses, because the blockchain sphere is just vast.
Just like everywhere else, you need to sufficiently secure the whole eco-system, with all its (moving) parts. And this becomes quickly, quite complex.
You not only need blockchain security (or backend security). Or frontend web security. Or application security in general. Or anti-malware software on endpoints for that matter. No, you need all of them, and much more. Security is the sum of all parts.
Zero risk or one hundred percent security is a myth
Think your money is perfectly safe in a DeFi smart contract? Because it already contains millions of dolllars/euros/ether worth of value? Consider, as an example, the (often anonymous) dev team behind the scenes. They often wield the keys to these contracts (i.e. the keys to the kingdom). If they make a mistake, then these contracts get drained and money is lost.
It is a bit disheartening to see, but over the last year, the main culprit of many blockchain related hacks were not smart contract exploits, but plain old phishing attacks. The high-profile smart contract exploits have all but disappeared, but cyber criminals now seem to focus on low effort-high return types of attacks.
The article, at last
Anyway, here is a nice Medium piece that zooms in on (some) attack vectors with regards to public-private key cryptography.
It is one of the areas of blockchain security that I do not worry too much about. I consider cryptography a well-known and mature mathematics field, where there are enough smart people to keep us secure in the arms-race between attackers and defenders. Plus, cryptography is fundamental to the non-blockchain world as well, so that is an additional relief 😅.