Final month, a cryptocurrency blockchain platform constructed for a well-liked “play-to-earn” on-line online game was hacked. The hackers stole greater than $600 million in digital foreign money from the blockchain, known as Ronin (it’s technically a “sidechain,” that means a blockchain that acts as a bridge to different blockchains), in what has been described because the second-largest cryptocurrency heist to date.
As extra industries make use of so-called blockchains, that are actually simply digital ledgers for storing information, the high-profile theft has raised new issues about simply how efficient present blockchain safeguards and protocols are at defending the digital wallets of hundreds of thousands of merchants.
“Proper now, it’s the wild west,” Alan Mislove, professor of laptop science at Northeastern, says of the blockchain-based crypto commerce.
Alan Mislove, professor of laptop science at Northeastern. Picture by Matthew Modoono/Northeastern College
Not all blockchains are used for the aim of buying and selling cryptocurrencies. However as a result of they successfully decentralize buying and selling—or take away the middleman—blockchain know-how has been pitched as a technique to transfer past conventional banking towards a extra democratized system based on the ideas of inclusion, transparency, and security. Whereas conventional ledgers in banks require particular permission or entry to be audited, blockchains may be permissionmuch less and wholly clear (or public). Transactions are verified by individuals within the blockchain, as a substitute of a government, who’re in flip rewarded within the foreign money.
How safe is that this course of? It relies upon. Blockchain corporations usually depend on a public-private key pair encryption, Mislove says. Blockchain customers have a public key and personal key that they use to carry out sure duties. Solely the proprietor is aware of what the personal secret’s, however everybody else is aware of the general public key.
“The problem turns into maintaining these personal keys personal,” Mislove says. “As quickly as they grow to be public, there’s nothing stopping a hacker from getting ahold of them.”
Some blockchain customers retailer their personal key on a bodily gadget to maintain it secure. Others use cryptocurrency exchanges, equivalent to Coinbase, that safe the personal keys on customers’ behalf.
However Coinbase, the business’s largest trade, has seen an uptick in hacking of accounts. As soon as criminals achieve entry, they will drain a customers’ account of its cryptocurrency in a matter of minutes, in response to CNBC.
Ravi Sarathy, professor of worldwide enterprise and technique at Northeastern. Picture by Alyssa Stone/Northeastern College
“Sometimes the way it occurs is any individual would break right into a crypto trade, like Coinbase, for instance,” Mislove says. “However one other frequent approach is that the hacker would try to phish customers to trick them into giving up their password.”
Within the case of the Ronin blockchain theft, hackers have been capable of get entry to so-called “validator nodes,” that are computer systems tasked with authorizing blockchain transactions. By hacking these computer systems, the attacker was capable of approve faux withdrawals from accounts valued at greater than $600 million.
Mislove says he doesn’t know the main points of the Ronin hack, however speculates it might have occurred by way of conventional hacking.
“Oftentimes the way in which they break into these servers is thru phishing, malware, and so forth.,” he says. “In different phrases, social engineering.”
However different cryptocurrencies, equivalent to Bitcoin (additionally the business’s first), are proving to be unhackable, says Ravi Sarathy, professor of worldwide enterprise and technique at Northeastern.
“Bitcoin, one of many very first blockchains to enter public utilization, has by no means been hacked,” Sarathy says.
Sarathy says he thinks the Ronin hack, whereas an unlucky occasion, may help corporations fortify their servers and rethink how transactions get permitted.
“I feel it simply implies that individuals are going to should be extra cautious about how they arrange validation, significantly on permission blockchains,” Sarathy says.
Sarathy says he’s a “blockchain optimist.”
“I feel blockchains’ worth is broader than cryptocurrency when you consider issues like decentralized voting and monetary inclusion, for instance,” Sarathy says. “The functions are just about limitless.”
For media inquiries, please contact media@northeastern.edu.
