There has been a false belief within the community for many years that the transparency and balancing features of somehow was going to protect and prevent a technology, which carries significant amounts of currency value every day, to be successfully attacked.
Anybody that has worked long enough in cybersecurity knows that there is no such thing as ‘unhackable’ technology. Proof of that is that amount of breaches, successful compromises and unfortunately the lack of serious security efforts from many of the actors. This includes mysterious ‘hacks’, arrests, convictions and most of all, lack of compromise. An industry cannot progress without trust. The industry must embrace security in its technology and its operational values.
The thought of replacing mainstream technology of fiat currency disregarding the number of remarkable efforts and standards previously built throughout history in order to achieve trust and reliability is simply a losing proposition. It is also time to consolidate and focus on coin technologies that are popular and widespread, reducing the proliferation of ‘’ and the unfortunate speculation and fraud that usually surrounds them. Do you want to create a new coin?. Fine, go ahead and do it. However, there should be mechanisms that prevent fraudsters and criminals from taking advantage of the industry’s lack of standards and regulations, eventually abusing and damaging it further. The so called self spirit of the community has been proven to be vulnerable and malleable.
ERC-20 is now the prime candidate to become the main standard and bridge of into mainstream technologies, either by using it along with crypto currency or by adapting it into other technology uses. One of the key parts of technologies that can make this happen is the Smart Contract. The Smart Contract technology is a mechanism for auditing, monitoring and preventing fraudulent transactions.
This technology is not perfect, however it can be audited and tested before deployment in order to prevent possible vulnerabilities and future exploitation. This technology can as well be audited, monitored and even corrected post deployment. A number of are leading the way in developing security tools to protect technologies. The recent discovery and attribution of , otherwise known as Advanced Persistent Threat, shows it is possible to monitor and prevent damage from large scale attacks.
This effort can reach further into the smart contract attack killchain. Code review before deployment, security testing before production, situational awareness during deployment and execution and corrective actions before transaction becomes irreversible if necessary. These efforts can be reinforced as well with the use of big data and machine learning technologies.
Other factors that shows the importance of developing technologies to secure is the frequent use of payloads in malicious campaigns. These campaigns bring a number of origins and flows of transactions, as the earnings of these campaigns will have to go eventually through an exchange in order to be cashed or exchanged into a more widely acceptable coin such as , or even a stable coin. According to Kaspersky security company, the threat from miners, although affected by the decrease in value of , still presents a current and significant threat with numbers increasing overall during the year 2018.
Attacks against the ecosystem not only affect the community, but the financial and tech industry as well. It is time to approach security with same standards and protocols of the cybersecurity industry in order to track, disclose and apply fixes to any discovered bugs, vulnerabilities or exploitation.
By developing and applying new security technologies along with industry principles of trust and transparency, it is possible to have technologies with a higher level of trust, wider and most of all, with vision of all levels of the smart contract stages. The industry will then have a stronger security base instead of trusting on assumptions.
Published at Fri, 01 Mar 2019 18:15:07 +0000
