Blockchain Vulnerabilities: How to Reduce Security Risks?
Oct 18, 2019
Cosmos, the blockchain-based interoperability platform, announced about its security vulnerability that was found in the consensus engine last week. This vulnerability affected all versions of Tendermint, on which Cosmos platform is built. All validators and service providers on Tendermint-powered networks were advised to update their software.
Cosmos is one of the top projects in the crypto space, which blockchain is being utilized by numerous projects. With this situation within the Cosmos blockchain, there is a question in mind: how to reduce risks in the blockchain-based products?
There is quite a lot of confusion and hype around blockchain security and such high-profile breaches causes a misperception that blockchain technology is not as secure as it’s claimed. In fact, all the threats are well-known and fall into several main categories, not related to blockchain technology:
- Endpoint Protection
The vulnerabilities that occur at the endpoint are those areas, where users and technology connect: digital wallets, private keys, passwords, or physical access to the end device. To overcome the endpoint vulnerabilities, developers should implement identity solutions and two-factor or multi-factor authentication.
- Third-Party Products/Services Risks
Security of any solution, based on the blockchain, depends upon the entire app ecosystem. For example, Ethereum ecosystem consists of several clients (Geth, Parity, Harmony, etc) and EVM (Ethereum Virtual Machine) implementations (Solidity, EWasm, Exthereum). Any vulnerability in some of multiple realizations makes vulnerable whole ecosystem. Here works the old principle such as: “Security of the entire system equals to security of its weakest part”. Hence, remember it when partnering with solution providers, including blockchain integration platforms, payment solutions, wallets, smart contracts and fintech platforms, etc.
- Code Vulnerabilities
Blockchain projects, same as all software solutions, are vulnerable to internal developers mistakes, called “code vulnerabilities”. If the project source code is open, there is a high probability that someone would find a mistake and will make a correction, which might lead to further fixes. Obviously, the more experienсed and qualified is a team of developers - the smaller can be the chance of code vulnerability. In the history of blockchain development there were issues when startups lost all money funded from the start or even before the start of development due to security negligence. That’s why investors are so meticulous while evaluating project team from founders to developers.