There is a full spectrum of touchpoints across an end-to-end blockchain-based solution. Taking that into consideration is imperative to securing the entire solution. The vulnerabilities outlined above illustrate the fact that, while at no point was the underlying blockchain technology hacked, and these hacks occurred on permissionless platforms, each nefarious actor identified a vulnerability within these blockchain ecosystems. And, while permissionless platforms are unlikely to be the basis of an enterprise solution, there are valuable lessons to be learned.
Vulnerabilities:
Blockchain technology will be just one component of the new IT stack. Security needs to be baked into the entire architecture of any blockchain solution. There is quite a bit of confusion and hype around blockchain security, yet threats fall into three main buckets:
- Endpoints
The most direct and potentially easiest method of attacking any technology solution is through the endpoint vulnerabilities. This is where humans and technology connect and, with blockchain-based solutions, can include digital wallets, devices, or the client-side of the application. - Untested Code
As new technologies enter the market, developers are incentivized to be first or early with the release of applications, often at the risk of deploying insufficiently tested code on live blockchains. Given the decentralized model of many blockchain solutions, the risks are often greater due to the irreversibility of the technology. - Ecosystem / Third-Party Risks
Organizations wishing to deploy third-party blockchain applications and platforms must be aware that the security of their blockchains is only as strong as its weakest link across all technology provided.
Embedded Security:
Blockchain implementations and solutions should consider security embedded in the blockchain technology stack. Security measures should be implemented at each layer with a risk-based approach.