#RSAC

SESSION ID: PDAC-T10F

Hacking Blockchain

Konstantinos Karagiannis
Chief Technology Officer, Security Consulting
BT Americas
@konstanthacker
 #RSAC

It all started Halloween 2008

2
 #RSAC

Bitcoin

Satoshis altruistic goals

met
Strong investmentmillion
dollar pizza
Widespread positioning
of cryptocurrency
Literally and figuratively
created the blockchain
movement

3
 #RSAC

Blockchain transaction and verification

Parties exchange data

Transaction verified or queued

4
 #RSAC

Blockchain structure and validation

Each block identified by hash

Blocks must be validated to be added to chain

5
 #RSAC

Blockchain mining and chain

Miners solve puzzle (proof of work)

Miners rewarded, block added to majority chain

6
 #RSAC

Blockchain defense

Trying to submit an altered block would change hash

function of that block and all following blocksnodes
would detect and reject block.

7
 #RSAC

Some proposed blockchain applications

Digital assets
Identity (black box)
Verifiable data
Smart contracts

8
 #RSAC

Attacks past and present

 #RSAC

Attacks against blockchain infrastructure

Mt. Gox first major bitcoin disaster

June 2011: $8 million stolen
Feb 2014: $460 million stolen
No version control software in Mt.
Goxbug fixes often delayed,
untested code pushed straight to
production
Gatecoin hacked May 2016 via a
server disruption and rebootmore
modest 250 BTC and 185,000 ETH

10
 #RSAC

Attacks against code

DAO smart contract flaw

known of since May 2016
June 17, hacker used
recursive flaw to make
splits inside splits, moving
Ether repeatedly without
checking balance
Hard fork resulted

11
 #RSAC

Attacks against blockchain sites

2013, payments processor Inputs.io

site compromisedfor $1 million
Steemit blockchain-based blogging
platform web site authentication
targeted July$85,000 funds stolen
by transactions (hard fork after)
Reports of Coinbase hacking
incidents appear on the net
regularly

12
 #RSAC

Attacks against hot wallets

Dec 7, hacker compromises Bo Shens

phone, gaining access to $300,000 in
Ether from wallet
Ransomware obvious issue, but
malware that steals credentials like
Mokes.A can lead to transactions
Android phones more susceptible
than ever due to poor updating in all
but newest devices

13
 #RSAC

Attacks against cold wallets

Bitfinex tried to remove risk
of security exposures by
adding an extra layer via
BitGo
BitGo it seems could do
whatever it wished
Cold wallets turned hot Aug
2016
Over $70 million swiped
Losses of 36% across all users
unlike FDIC

14
 #RSAC

Attacks against nodes

Major node attack thwarted Aug
2010Bitcoin block 74638 flaw could
generate 184 Billion transactions!
Sept 18, Geth nodes (Ethereum) ran
out of memory and crashed on block
2283416 (Ethereum classic
sabotage?)
Aug, Krypton and Shift hit by proof of
concept 51% attackoverpowered
by rented NiceHash hashpower
Scanning for nodes to target (e.g. TCP
port 8333) possible

15
 #RSAC

Traditional risks to new applications

Digital assets
Ownership
Identity
Black box interactions at risk
Verifiable data
Malicious transactions
Smart contracts
Code flaws, repudiation

16
 #RSAC

Coming attacks against

blockchains biggest flaw
 #RSAC

Remember Satoshis words?

August 2015: NSA publicly warned against using ECC, the type
of encryption in blockchain

18
 #RSAC

Elliptic curve cryptography

Public key system, like RSA, El Gamal,

Rabin
Based on algebraic structure of elliptic
curves over finite fields
Public key for encryption or sig validation
Private key for decryption or sig
generation

19
 #RSAC

ECC Bitcoin example

Bitcoin wallet addresses made of: Public key,
private key, and address
Public key derived from private key by elliptic
curve multiplication
Address derived by:
applying SHA256 hash function to public key
applying RIPEMD-160 hash function
adding checksum for error correction
Used bitcoin or other entities have public
keys exposed on blockchain

20
 #RSAC

Quantum threat looming

Quantum computers can crack ECC

Machines exploit quantum
weirdness of superposition to
allow existence of qubits
Qubits can be a percentage of both
zero and one at the same time
Qubits and special algorithms allow
quantum computers to do things
classical computers cant do in
thousands of years

21
 #RSAC

Worlds easiest explanation of superposition

Expected particle behavior or pooling

22
 #RSAC

Worlds easiest explanation of superposition

Wave pattern without observation of which

slit a particle goes through
23
 #RSAC

Worlds easiest explanation of superposition

Even one particle going through at a time

creates wave pattern
24
 #RSAC

Worlds easiest explanation of superposition

Use a detector on either slit, and pooling

appears: particle-wave duality
25
 #RSAC

Maintaining superposition

Observing either slit destroyed the

superposition
Quantum computers need to maintain
superposition among many qubits to
perform calculations
University of Maryland and others have
found new ways to chain together qubits

26
 #RSAC

With enough stable qubits

A quantum computer can run Shors

algorithm (1994) and quickly crack any
public key encryption by finding
factors of large numbers
Likely answers interfere constructively,
unlikely ones destructively
Simple quantum computers run it with
two photonic qubits, showing 21=3*7
Within 3 years QCs may have
hundreds of qubits

27
 #RSAC

Bitcoin example within 3 years

Bitcoin transaction includes a signature

and a public key to verify owner
That publicly available information is all a
quantum computer needs to get private
key and become another user
This type of attack can be done passively
(offline) by downloading any type of
blockchain

28
 #RSAC

Lamport signaturesa stopgap?

Public key consists of 320 hashes rather than an

elliptic curve point
Address is SHA256+RIPEMD-160 hash of public key
Transaction includes public key and signature
verifiers check if:
public key matches address
signature matches message and public key
Even with Grovers algorithm, it takes 2^80 steps to
construct a fraudulent transaction or 2^80 * 80
steps to crack all hashes (trillions of trillions)

29
 #RSAC

Post-quantum crypto

Code based
Hash based
Lattice based
Multivariate quadratic equations
One time pad
liboqs, open source C library
(https://openquantumsafe.org/
have fork for SSL as well)

30
 #RSAC

Apply these warnings!

As soon as possible, take a new look at any blockchain applications

youre developing or using in your company
Be sure any of these applications actually need to be blockchain
based, considering:
security
permanence of data (being able to make changes can be a good thing)
whether current technology may be superior (not everything should be bc)
Is your blockchain app an overlay to a proven blockchain and protocol,
or is it potentially too untested for critical applications?

31
 #RSAC

Apply these warnings!

Within the next three months prioritize testing the security of

blockchain applications by their criticality to your business
Perform ethical hacking engagements against the implementation of
your platformremember all the basic flaws that undo even sound
crypto
Make sure your ethical hackers have actually worked with blockchain
protocols beforethis isnt the time for a vendor to learn on your
dime

32
 #RSAC

Apply these warnings!

Looking ahead, six months and on, what

can you do to ensure the future of
blockchain security
Its too late to develop applications that
are not post-quantum safe
Consider investing your dev resources to
give something back to blockchain
NIST has made call to arms to develop
post quantum crypto solutions for PK
working on this could improve bc going
forward (http://www.nist.gov/pqcrypto)

33
 #RSAC

Questions? Please join me for a focus

on session (FON4-T11) today in
Moscone West 2024 from 3:45 to 4:15

@konstanthacker