Вы находитесь на странице: 1из 34



Hacking Blockchain

Konstantinos Karagiannis
Chief Technology Officer, Security Consulting
BT Americas

It all started Halloween 2008



Satoshis altruistic goals

Strong investmentmillion
dollar pizza
Widespread positioning
of cryptocurrency
Literally and figuratively
created the blockchain


Blockchain transaction and verification

Parties exchange data

Transaction verified or queued


Blockchain structure and validation

Each block identified by hash

Blocks must be validated to be added to chain


Blockchain mining and chain

Miners solve puzzle (proof of work)

Miners rewarded, block added to majority chain


Blockchain defense

Trying to submit an altered block would change hash

function of that block and all following blocksnodes
would detect and reject block.


Some proposed blockchain applications

Digital assets
Identity (black box)
Verifiable data
Smart contracts


Attacks past and present


Attacks against blockchain infrastructure

Mt. Gox first major bitcoin disaster

June 2011: $8 million stolen
Feb 2014: $460 million stolen
No version control software in Mt.
Goxbug fixes often delayed,
untested code pushed straight to
Gatecoin hacked May 2016 via a
server disruption and rebootmore
modest 250 BTC and 185,000 ETH


Attacks against code

DAO smart contract flaw

known of since May 2016
June 17, hacker used
recursive flaw to make
splits inside splits, moving
Ether repeatedly without
checking balance
Hard fork resulted


Attacks against blockchain sites

2013, payments processor Inputs.io

site compromisedfor $1 million
Steemit blockchain-based blogging
platform web site authentication
targeted July$85,000 funds stolen
by transactions (hard fork after)
Reports of Coinbase hacking
incidents appear on the net


Attacks against hot wallets

Dec 7, hacker compromises Bo Shens

phone, gaining access to $300,000 in
Ether from wallet
Ransomware obvious issue, but
malware that steals credentials like
Mokes.A can lead to transactions
Android phones more susceptible
than ever due to poor updating in all
but newest devices


Attacks against cold wallets

Bitfinex tried to remove risk
of security exposures by
adding an extra layer via
BitGo it seems could do
whatever it wished
Cold wallets turned hot Aug
Over $70 million swiped
Losses of 36% across all users
unlike FDIC


Attacks against nodes

Major node attack thwarted Aug
2010Bitcoin block 74638 flaw could
generate 184 Billion transactions!
Sept 18, Geth nodes (Ethereum) ran
out of memory and crashed on block
2283416 (Ethereum classic
Aug, Krypton and Shift hit by proof of
concept 51% attackoverpowered
by rented NiceHash hashpower
Scanning for nodes to target (e.g. TCP
port 8333) possible


Traditional risks to new applications

Digital assets
Black box interactions at risk
Verifiable data
Malicious transactions
Smart contracts
Code flaws, repudiation


Coming attacks against

blockchains biggest flaw

Remember Satoshis words?

August 2015: NSA publicly warned against using ECC, the type
of encryption in blockchain


Elliptic curve cryptography

Public key system, like RSA, El Gamal,

Based on algebraic structure of elliptic
curves over finite fields
Public key for encryption or sig validation
Private key for decryption or sig


ECC Bitcoin example

Bitcoin wallet addresses made of: Public key,
private key, and address
Public key derived from private key by elliptic
curve multiplication
Address derived by:
applying SHA256 hash function to public key
applying RIPEMD-160 hash function
adding checksum for error correction
Used bitcoin or other entities have public
keys exposed on blockchain


Quantum threat looming

Quantum computers can crack ECC

Machines exploit quantum
weirdness of superposition to
allow existence of qubits
Qubits can be a percentage of both
zero and one at the same time
Qubits and special algorithms allow
quantum computers to do things
classical computers cant do in
thousands of years


Worlds easiest explanation of superposition

Expected particle behavior or pooling


Worlds easiest explanation of superposition

Wave pattern without observation of which

slit a particle goes through

Worlds easiest explanation of superposition

Even one particle going through at a time

creates wave pattern

Worlds easiest explanation of superposition

Use a detector on either slit, and pooling

appears: particle-wave duality

Maintaining superposition

Observing either slit destroyed the

Quantum computers need to maintain
superposition among many qubits to
perform calculations
University of Maryland and others have
found new ways to chain together qubits


With enough stable qubits

A quantum computer can run Shors

algorithm (1994) and quickly crack any
public key encryption by finding
factors of large numbers
Likely answers interfere constructively,
unlikely ones destructively
Simple quantum computers run it with
two photonic qubits, showing 21=3*7
Within 3 years QCs may have
hundreds of qubits


Bitcoin example within 3 years

Bitcoin transaction includes a signature

and a public key to verify owner
That publicly available information is all a
quantum computer needs to get private
key and become another user
This type of attack can be done passively
(offline) by downloading any type of


Lamport signaturesa stopgap?

Public key consists of 320 hashes rather than an

elliptic curve point
Address is SHA256+RIPEMD-160 hash of public key
Transaction includes public key and signature
verifiers check if:
public key matches address
signature matches message and public key
Even with Grovers algorithm, it takes 2^80 steps to
construct a fraudulent transaction or 2^80 * 80
steps to crack all hashes (trillions of trillions)


Post-quantum crypto

Code based
Hash based
Lattice based
Multivariate quadratic equations
One time pad
liboqs, open source C library
have fork for SSL as well)


Apply these warnings!

As soon as possible, take a new look at any blockchain applications

youre developing or using in your company
Be sure any of these applications actually need to be blockchain
based, considering:
permanence of data (being able to make changes can be a good thing)
whether current technology may be superior (not everything should be bc)
Is your blockchain app an overlay to a proven blockchain and protocol,
or is it potentially too untested for critical applications?


Apply these warnings!

Within the next three months prioritize testing the security of

blockchain applications by their criticality to your business
Perform ethical hacking engagements against the implementation of
your platformremember all the basic flaws that undo even sound
Make sure your ethical hackers have actually worked with blockchain
protocols beforethis isnt the time for a vendor to learn on your


Apply these warnings!

Looking ahead, six months and on, what

can you do to ensure the future of
blockchain security
Its too late to develop applications that
are not post-quantum safe
Consider investing your dev resources to
give something back to blockchain
NIST has made call to arms to develop
post quantum crypto solutions for PK
working on this could improve bc going
forward (http://www.nist.gov/pqcrypto)


Questions? Please join me for a focus

on session (FON4-T11) today in
Moscone West 2024 from 3:45 to 4:15