An Empirical Analysis of Blockchain Cybersecurity Incidents

Alkhalifah, Ayman; Ng, Alex; Chowdhury, Mohammad Jabed Morshed; Kayes, A. S. M.; Watters, Paul A.

doi:10.1109/csde48274.2019.9162381

Cited by 10 publications

(7 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If a preimage attack is successful, then it compromises the integrity and security of the hash function. 64,[87][88][89] Cryptographic hash functions used in Blockchain, such as SHA-256 (Bitcoin) and Keccak-256 (Ethereum), are designed to have a high level of collision resistance but are theoretically vulnerable to different cybersecurity threats including collision and preimage. 64,90 Quantum computing 91 has the potential to significantly impact the security of many cryptographic algorithms, including hash functions.…”

Section: Walletmentioning

confidence: 99%

“…64,[87][88][89] Cryptographic hash functions used in Blockchain, such as SHA-256 (Bitcoin) and Keccak-256 (Ethereum), are designed to have a high level of collision resistance but are theoretically vulnerable to different cybersecurity threats including collision and preimage. 64,90 Quantum computing 91 has the potential to significantly impact the security of many cryptographic algorithms, including hash functions. Quantum computers [92][93][94] have the potential to break certain asymmetric cryptographic algorithms, such as RSA and Elliptic Curve Cryptography (ECC), which are commonly used in blockchain systems.…”

Section: Walletmentioning

confidence: 99%

“…Labazova et al 63 put their effort into the application and use cases of Blockchain concerning 21 technical characteristics. Moreover, Alkhalifah et al 64 investigated 65 cybersecurity incidents to build a taxonomy of blockchain threats and vulnerabilities that cover most of the vulnerabilities in blockchain services. Their work was no different from other researchers; rather, they divided threats and vulnerabilities into five categories.…”

Section: Related Literaturementioning

confidence: 99%

See 2 more Smart Citations

A taxonomy of endpoint vulnerabilities and affected blockchain architecture layers

Noor,

Mustafa

2024

Concurrency and Computation

View full text Add to dashboard Cite

Blockchain technology has gained significant attention and adoption due to its decentralized nature, and promising secure and immutable transactions. The interpretation of Blockchain's components has been presented in an innovative manner, illustrating the features they enable or manage. However, its networks do not appear so immune to vulnerabilities like any other technological system. Among the typical weaknesses, endpoint vulnerabilities refer to weaknesses in the endpoints that interact with the blockchain network. They pose a significant risk to the security and integrity of the entire system. These vulnerabilities can affect blockchain networks including smart contract vulnerabilities, wallet vulnerabilities, and communication vulnerabilities. In view of the absence of any viable taxonomic description and associated value, we attempted a novel comprehensive classification of endpoint vulnerabilities. The proposed taxonomy is designed to logically categorize and classify the various endpoint vulnerabilities through a pictorial representation. It encompasses wallet vulnerabilities, malware, cryptojacking and human negligence. Additionally, this paper proposes a novel approach to mapping endpoint vulnerabilities to the blockchain abstract layer. It gives a unique way to study the vulnerabilities and layers' relation. Finally, the corresponding violated principles behind the vulnerabilities have been identified and indicated. By providing a structured taxonomy of endpoint vulnerabilities, this paper aims to enhance the understanding of the security challenges associated with blockchain applications. By understanding and addressing the taxonomy of endpoint vulnerabilities, blockchain practitioners and researchers can enhance blockchain networks' overall security and trustworthiness, paving the way for broader adoption and utilization of this transformative technology. It may have implications in terms of identifying, linking, developing control, and finally mitigating endpoint vulnerabilities in the rapidly changing environment.

show abstract

Section: Walletmentioning

confidence: 99%

Section: Walletmentioning

confidence: 99%

Section: Related Literaturementioning

confidence: 99%

See 1 more Smart Citation

A taxonomy of endpoint vulnerabilities and affected blockchain architecture layers

Noor,

Mustafa

2024

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…It identified four main risks (privacy exposure issues, cross-organizational access issues, cross-chain access control problems, and performance optimization issues). [S102] An empirical analysis of Blockchain cybersecurity incidents [ 170 ] Security-incident analysis study that summarises and analyses 65 cybersecurity incidents related to Ethereum and Bitcoin BCs. Vulnerabilities are divided to Ethereum Virtual Machine bytecode, solidity, and BC network.…”

Section: Table A1mentioning

confidence: 99%

Cybersecurity Risk Management Framework for Blockchain Identity Management Systems in Health IoT

Alamri

Crowley

Richardson

2022

Sensors

View full text Add to dashboard Cite

Blockchain (BC) has recently paved the way for developing Decentralized Identity Management (IdM) systems for different information systems. Researchers widely use it to develop decentralized IdM systems for the Health Internet of Things (HIoT). HIoT is considered a vulnerable system that produces and processes sensitive data. BC-based IdM systems have the potential to be more secure and privacy-aware than centralized IdM systems. However, many studies have shown potential security risks to using BC. A Systematic Literature Review (SLR) conducted by the authors on BC-based IdM systems in HIoT systems showed a lack of comprehensive security and risk management frameworks for BC-based IdM systems in HIoT. Conducting a further SLR focusing on risk management and supplemented by Grey Literature (GL), in this paper, a security taxonomy, security framework, and cybersecurity risk management framework for the HIoT BC-IdM systems are identified and proposed. The cybersecurity risk management framework will significantly assist developers, researchers, and organizations in developing a secure BC-based IdM to ensure HIoT users’ data privacy and security.

show abstract

“…Since 2015, when Ethereum smart contracts were introduced, there have been several incidents in which the operation of smart contracts that held an amount of Ether resulted in conflicts or issues (Alkhalifah et al, 2019). Two of these incidents were caused by reentrancy vulnerability.…”

Section: Introductionmentioning

confidence: 99%

A Mechanism to Detect and Prevent Ethereum Blockchain Smart Contract Reentrancy Attacks

Alkhalifah¹,

Watters

et al. 2021

Front. Comput. Sci.

View full text Add to dashboard Cite

In Ethereum blockchain, smart contracts are immutable, public, and distributed. However, they are subject to many vulnerabilities stemming from coding errors made by developers. Seven cybersecurity incidents occurred in Ethereum smart contracts between 2016 and 2018, which led to financial losses estimated to be over US$ 289 million. Reentrancy vulnerability was the cause of two of these incidents, and the impacts went far beyond financial loss. Several reentrancy countermeasures are available, which are based on predefined patterns that are used to prevent vulnerability exploitation before the deployment of a smart contract; however, several limitations have been identified in these countermeasures. Motivated by all these issues, the objective of this article is to help developers improve the cybersecurity of smart contracts by proposing a solution that calculates the difference between the contract balance and the total balance of all participants in a smart contract before and after any operation in a transaction that changes its state. Proof-of-concept implementations show that this solution can provide a detection and prevention mechanism against reentrancy attacks during the execution of any smart contract.

show abstract

An Empirical Analysis of Blockchain Cybersecurity Incidents

Cited by 10 publications

References 14 publications

A taxonomy of endpoint vulnerabilities and affected blockchain architecture layers

A taxonomy of endpoint vulnerabilities and affected blockchain architecture layers

Cybersecurity Risk Management Framework for Blockchain Identity Management Systems in Health IoT

A Mechanism to Detect and Prevent Ethereum Blockchain Smart Contract Reentrancy Attacks

Contact Info

Product

Resources

About