It’s likely that everyone in the Bitcoin community remembers where they were when they heard about Mt.Gox. It was perhaps the lowest of the lows for Bitcoin, and for a time threatened to derail the ascent of cryptocurrencies. Suddenly, the shining beacon of the cryptocurrency movement, the untouchable, unhackable blockchain was fragile. For the first time, Bitcoin on a large scale had been stolen. And the largest bitcoin exchange, which fueled the first pricing boom of bitcoin, had in an instant disappeared.
Suddenly the Silk Road associations, the taxation questions and all the other controversies were suffused with this new reality. The frailty of the blockchain.
Over the time that bitcoin has been in existence and software services have existed to support the use, trading and storage of bitcoin, there have been quite a few different breaches. Some were small, whilst others were almost catastrophic. The early days of bitcoin saw a large amount of development, providing opportunities for security breaches.
Estimates by magoo.github.io broke down the root cause estimates of the security breaches by the blockchain. Basing its information on publicly available data from 47 known incidents, it showed that the most common threat was by server breach, with 16 incidents. Application vulnerability and cloud account takeover had 8 breaches a piece. Protocol related breaches were the cause of 3, whilst insider access accounted for 2. There was one other category of incident labelled as unknown, indicating that it was not possible to determine from the public reports the cause of the issue.
As a result of these exposed vulnerabilities, coins or tokens were stolen or the product was shut down for a period of time. In several cases this signaled the end of the product, whilst many companies, like Mt Gox, were unable to recover.
Sadly, in many cases the breaches were actually preventable. Some of the examples provide a sobering example of the price that can be paid for by even small mistakes.
As recently as mid-2017, Nicehash suffered the loss of 4700 Bitcoin in the space of several hours. Nicehash is a cryptocurrency marketplace which also offers mining services. It maintained a wallet of customer’s funds from which the coins were stolen. Based on information from a Facebook livestream, it was indicated that there was “lateral movement from a remote IP address, gaining access to a VPN, possibly through an employee computer, and moving laterally into production systems”. The hack was undertaken within a few hours, using an engineer’s credentials.
In November, Tether had $31 million of tokens stolen from its treasury wallet. It was inferred that this occurred through a breach of its high risk server, but specific confirmation of this inference has not been provided. The website indicated that they have found the cause of the breach.
A programming error allowed an attack to generate multiple spends that could be sent to an exchange. The attackers then sold and withdrew the subsequent funds.
Despite the new walls that the blockchain has erected to protect funds and ensure that transactions are accurate and verified, human history has shown that when there is something worth stealing, people will find a way, even for the seemingly impossible. Companies need to arm themselves and remain vigilant to prevent any issues in their software. Because as we have seen, just one breach can be all it takes.