With just three hacks causing damage of almost $1 billion so far this year, the pressure is on for blockchain developers to identify and patch security issues before they get exploited in the wild. Fortunately, the security consultancy The SecOps Group (https://secops.group) has launched a blockchain smart contract security audit to help them do just that.
There are two main methods of successful attack: one relies on social engineering tricks such as convincing a victim to send crypto currency to an attacker’s wallet; the second, and more complicated, type of hack requires a deep understanding of blockchain smart contracts and associated components, such as side-chain, cross-chain, wallets, understanding of various protocols, and more.
Three of the most recent and significant attacks on blockchain were:
Solana Wallets Attack - $7 Million- August 03, 2022
Blockchain based platform, Solana, on which many web3 applications are deployed, experienced a wallet based attack. It appears that the cause was a flaw in the wallet software used, resulting in the unique private key which links a user to their blockchain address, and/or seed phrase (the fingerprint of all of a user’s blockchain assets) being compromised. The result was that more than 7,000 wallets were drained of more than seven millions dollars’ worth of SOL tokens.
Axie Infinity Ronin Bridge - $625 Million - March 28, 2022
The largest-ever crypto hack took place on the play-as-you-earn game Axie Infinity, which is deployed on the Ethereum blockchain platform. Despite being the most trusted blockchain platform and the first to use smart contracts, hackers gained control over the majority of the cryptographic keys securing the game’s cross-chain bridge. Four of the nine keys were stolen when an Axie developer clicked on a fake job offer in PDF.
Wormhole Cross Chain Bridge Attack - $325 Million - February 2, 2022
Wormhole is a Ethereum and Solana combined blockchain based web 3.0 bridge, which uses an intermediate bridge to transfer tokens between two different networks. A hacker exploited smart contracts on the Solana-to-Ethereum bridge to mint and cash out on wrapped ether without depositing collateral. This hack allowed hackers to steal a total of $320 million in Ethereum and Solana tokens.
With smart contracts playing a key role in automating several processes within a blockchain, running an audit to examine and analyse its code is now crucial for preventing attacks. Implemented effectively, it will help to discover errors, issues and security vulnerabilities in the code and suggest ways to fix them.
Commenting on the launch, Sumit ‘Sid’ Siddharth, the founder of The SecOps Group, said, “With the exponential growth of crypto currencies, NFTs and other blockchain implementations, there has never been a better time for cybercriminals to convert a vulnerability into easy and big money.
“We can see that thousands of decentralised finance projects and NFT projects have been developed in blockchain technology aka web 3.0, and securing them should be just as important as building them.”