Blockchain hacks: 5 mistakes to learn from

With aim of delivering innovation, organizations across a spectrum of industries are racing to adopt Blockchain technology. As with any technology, there are bad actors who seek to exploit blockchain systems for their own personal gain. 

Organizations looking to implement blockchain should carefully design and develop their system with this risk of cyber threats in mind. When considering blockchain security, make sure to take lessons from these 5 mistakes below. 

CoinDash ICO Hack

CoinDash, a startup delivering a tool to manage crypto assets, was having a strong initial coin offering (ICO) in July 2017, raising over $7 million, before a hacker changed the ethereum address for donations. 

The hack, which occured on CoinDash’s website, essentially re-routed donations intended for the startup to an unknown address. CoinDash honored those who attempted to donate before the ICO was shut down with its native token award, CDT, but all in all, the hacker still managed to siphon off over $10 million in donations.

How to prevent it:

Strong security on your ICO application or website can prevent this type of hack from occuring. Make sure to get a security audit for your ICO app before you launch.

Coincheck, Inc. Hack

Coincheck, a popular cryptocurrency exchange in Japan, lost more than $530 million worth of NEM coins in January 2018 after a hacker gained access to an employee’s computer and installed malware that captured the private keys from over 260,000 investors’ digital wallets.

Once the attacker obtained the private key of a hot wallet, the accounts were drained in an operation that proved to be one of the largest-ever exchange hacks.

How to prevent it:

Educate employees on cybersecurity fundamentals. Basic security practices like having a strong password for a work computer and the ability to spot phishing emails can prevent malicious actors from gaining privileged access to your blockchain systems.

Archive Poster Cryptojacking Plugin

Archive Poster, a browser extension that allows Tumblr users to reblog and repost from other blogs, gained unwanted attention in December 2017 when its plugin for Chrome was found to be compromised. 

Archive Poster’s Chrome plugin enabled secret cryptojacking, hijacking a browser to mine cryptocurrency, on consumers’ devices. While the plugin doesn’t damage devices, the mining script does slow down victims’ computers tremendously — something that damaged brand trust for Archive Poster.

How to prevent it:

Whether it’s an extension like Archive Poster or full application, any technology that’s client-facing should be tested by a third-party. Pen testing from an outside developer or team can help you uncover and resolve areas of code that could lead your product to be compromised.

IOTA Hack

The IOTA foundation was forced to disclose that $4 million in its IOTA cryptocurrency were lost after attackers exploited vulnerabilities to steal coins from wallets by creating hash collisions and forged signatures

A hard fork on the cryptocurrency resolved the issue, but the hack could have been avoided if the IOTA Foundation hadn’t used a custom-built cryptographic hashing function. 

How to prevent it:

Again, go with pen testing for your blockchain system. This will help you to identify and fix weak cryptography or logic flaws before a hacker finds them for you.

Parity’s Wallet Blunders

2017 was a bad year for Parity. Several companies’ ICOs were hacked thanks to a vulnerability in the contract used to create Parity’s multi-signature wallets, with at least 150,000 ethers stolen in total.

Then, in November 2017, it wasn’t a malicious hacker but a curious crypto newbie who triggered a bug in Parity’s multi-signature wallets that froze a whopping $150 million worth of Ethereum coins. The blunders ultimately caused industry experts and users to doubt the quality of Parity’s product offerings.

How to prevent it:

Perform a security audit on any third-party tools that you plan to leverage for your token or coin offerings. Bitcoin’s official tools, for example, may be heavily vetted, but smaller developer communities simply may not have the resources to audit their products. At the end of the day, any failure in your token and coin offerings will reflect poorly on your brand, regardless of if the problem came from your code or a third party’s script.

Keep up with blockchain hacks

Blockchain is still in its nascent stages, meaning this list of hacks and advice for avoiding these traps will be by no means exhaustive. You should expect that malicious actors may want to employ any combination of classic and innovative hacking techniques to compromise your system.

In a time where threats to blockchain systems are ever-evolving, the best way to prevent cyber attacks at your organization is to stay abreast with the latest blockchain hacks across industries. This knowledge can empower your organization to anticipate threats and update your technology systems accordingly — something you’ll want to do to avoid being on a list of mistakes like this one.


Want to avoid hacks at your organization? 

Get a security consultation to find out how.

Name *
Name