Globally, over three billion dollars were lost to cyber-attacks on blockchain technology in the first ten months of 2022 alone. While this is a far cry from the attributed cost of cyber-crimes in web 2.0 technologies, it is a cause for concern for early adopters of this truly revolutionary technology and here’s why.
First, most cyber-crimes are financially motivated and blockchain is currently being explored by innovators across the world, to potentially disrupt, particularly, the financial industry. Also, blockchain’s main sales pitch has included improved security, transparency, immutability, efficiency and disintermediation. However, in many quarters, the first value proposition has been mistaken to mean absolute security – and blockchain is sometimes perceived by end users as impregnable. Publicly available data on cyber-attacks shows web3 technologies are also fraught with cyber-risks.
Here are a few blockchain technology security predictions and thoughts on what the industry can do differently to address these security challenges in 2023:
Blockchain is as secure as the underlying code: Code exploitation in vulnerable smart contracts will be a leading cause of blockchain cyber-attacks in 2023. Smart contracts’ security audits should not only focus on known vulnerabilities but also include proactive threat modeling, blockchain vulnerability assessment and penetration testing activities to identify both known and unknown vulnerabilities. Where possible, this should be carried out by at least two blockchain-security consulting companies. 2022 gave us a peak into what the devastating cost of malicious hackers exploiting unknown bugs could cost blockchain companies. For example, in October this year, a major cryptocurrency exchange temporarily halted its blockchain network in response to a cyber-attack caused by a bug that led to the theft of over $600 million.
With great power comes shared responsibilities: With scams, phishing, admin social network accounts hijacking and stolen private keys or personal digital signatures, leading to losses of millions of dollars in blockchain projects, reorienting users on cyber hygiene best practices has become pertinent. While promoting products and services in digital communication channels, it is important to include cybersecurity advisories for users including safe private key storage practices, anti-phishing awareness, etc.
If the ecosystem is to be trusted, it is time for mass awareness to be created about scams in cryptocurrency and NFT projects and how people can escape being victims. For example, this year, the owners of a DeFi project transferred to the ETH chain using a cross-chain bridge, took down the project’s website, GitHub, and Twitter accounts, and made away with over $10,000,000 in investor funds. My prediction is that scams like this will be on the rise in 2023 if not curbed with sufficient actionable awareness for users in the blockchain ecosystem and some form of regulation.
Third party and vendor risk, materialising: From data leaks to compromises of large blockchain marketplaces, third party risk will spiral into large scale cybersecurity incidents and consequent significant financial losses to the blockchain ecosystem in 2023. It remains to be seen to what degree blockchain technology will be adopted to either supplement or overhaul how transactions are performed across industries in the next five years. One thing is clear, however: The blockchain ecosystem will need to mainstream cybersecurity best practices to address its infrastructure/protocols/human/code vulnerabilities and security fraud to shore-up confidence on its journey to out-innovating and revolutionising every industry on earth.
Confidence Staveley is Africa’s most celebrated female cybersecurity leader, talent developer, global speaker, blockchain security professional and inclusion advocate. She has achieved numerous professional certifications and industry recognitions. Confidence is an official member of the Forbes Technology Council, an invitation-only community for world class CIOs, CTOs and technology executives.