The active introduction of blockchain technologies by financial organizations threatens their security, to the point of complete loss of control over critical resources. This was published in a report by the company Positive Technologies, which specializes in cybersecurity.
Half of the pilot projects of banks and over 70% of concluded smart contracts demonstrate vulnerabilities to hacker attacks. This is partly due to the novelty of technology for programmers, which leads to a large number of errors when writing code. Although, the largest banks surveyed by Russian "Izvestia" do not yet see significant risks in using the blockchain. The technology has not been sufficiently studied and the precedents with the theft of funds from crypto exchanges confirm its vulnerability. Half of the pilots and more than 70% of smart contracts (the most popular tool in the financial environment on the blockchain) contain vulnerabilities to hacker attacks.
Projects launched even in test mode are often in one way or another connected with the main corporate infrastructure of financial organizations. Because of this, it is possible to penetrate the main network of the bank using vulnerabilities in the system based on the blockchain. This may result in the abuser gaining full control over critical resources.
The use of blockchain technologies, even in pilot mode, is inseparable from the topic of security of the internal network of credit and financial organizations, analysts at Positive Technologies write. Through these systems, you can access the nodes from which ATMs are managed, interbank transfers, card processing or payment gateways.
The technology is vulnerable, especially against the background of the fact that programmers have not enough experience with systems based on a distributed registry.
Due to the lack of publicly available tools, timely detection of such incidents and response to them is still difficult, according to Positive Technologies. In fact, there are only two types of response: “rollback” the blockchain to the state that precedes the attack (but then all data entered into the system after it is lost), or “acceptance and humility,” analysts say. Therefore, while the most adequate method of protection is to prevent hacking in advance.
While the majority of high-profile cases that have leaked into the public plane are associated with alternative financial services on the blockchain, such as hacking into the wallets of companies that have conducted ICO, or cryptocurrency exchanges, said DeviceLock technical director Ashot Hovhannisyan. For example, in early July of this year, hackers stole $32 million from the Japanese exchange Bitpoint, two months earlier about $40 million from one of the wallets of the Binance exchange. According to Ashot Hovhannisyan, technology is becoming a favorite target for hacker attacks, since it is in a semi-legal position in most jurisdictions, so criminals feel certain impunity in their actions.