Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Independence Now and Forever: How to Grow Blockchain Securely

Blockchain Security

Blockchain Security

Any technological innovation these days – whether it’s IoT, artificial intelligence or another trend that impacts users’ lives on a broad scale – comes with its own inherent security risks and considerations. Take, for example, blockchain, the digital ledger that provides a record of transactions, most notably those made in bitcoin or another cryptocurrency.

Once thought of as a fringe currency used by hackers and coders, cryptocurrencies like bitcoin have steadily gained prominence to the point where they are considered legitimate financial resources. Blockchain as a technology has also grown beyond cryptocurrency usage into transaction verification and identity management use cases. But with this new prominence comes a responsibility to consider the security implications as blockchain continues to grow.

One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack. This aspect led many to once consider blockchain virtually “unhackable;” however, several incidents over the past few years have proven that that is far from the case. Numerous incidents, most famously the Mt. Gox catastrophe in 2014, have led to the loss of millions of dollars as a result of hackers stealing bitcoin in a variety of ways.

As blockchain continues to become more mainstream, significantly more attention must be paid to its security requirements and implications. Below are a few areas that need to be considered to ensure blockchain continues to grow in a secure way.

As in all security issues, you are only as safe as your weakest link

The inherent structure of blockchain means there are many locations where data is stored, each of which are permanently marked with that data’s presence. When, say, a bitcoin is transferred from one location to another, it follows a chain that leaves a public ledger of where it has been and where it is going; this ledger cannot be altered without leaving another mark on the ledger, which makes it exceedingly difficult for the bitcoin to be stolen.

If the bitcoin could live solely on this chain, it’s quite likely that it would be just as secure as many initially thought, but there are many other necessary components to financial transactions that could introduce added vulnerabilities. For instance, the mere act of storing bitcoin in a “hot wallet” – one that is connected to the internet – introduces added risk of hacking. It’s recommended for users to keep their bitcoin in a “cold wallet” to remove this risk – but that doesn’t allow them to buy, sell or even know how much their bitcoins are worth. Despite the inherent security of the blockchain itself, if the blockchain structure is not completely retained – such as with the usage of a hot wallet in order to make bitcoin more transaction-friendly — the attack surface increases accordingly.

Advertisement. Scroll to continue reading.

Hardware vulnerability and dependency despite software strength

Truly secure systems require hardware and software working together to combat complex threats and prevent future attacks. But no matter how secure the software is, security starts with the architecture – and blockchain is no exception.

Blockchain works by first achieving consensus on its ledger, then vetting a list of transactions and finally communicating with nodes to write and approve new transactions. But what happens when nodes become unresponsive or go offline? The network must be designed to accommodate offline nodes and be able to quickly bring them up to speed once they go back online.  The nodes are by definition a peer-to-peer network and need to be accessible through the network. The redundancy and resiliency of nodes being physically available and uncompromised is an important design element for businesses implementing a private blockchain project.

Utilizing a public or consortium blockchain may be the cost of doing business, but it essentially assumes the nodes and network will fail. This approach utilizes a large enough network as its resiliency mechanism, which leads us to the crux of blockchain: trust and transparency. The issues with a public or consortium blockchain similar to bitcoin are essentially the size of the blocks and ledger, as well as the eventual consumption of resources on the nodes. The bigger the ledger, the more resources will be consumed.

Trust and transparency

The most appealing thing about blockchain is actually the trust and transparency within its design. The idea is quite provocative if you think about it; in order to be secure, blockchain must distribute all of its information and provide only the owner or originator the ability to change and/or reassemble it. The freedom of data to be stored anywhere in “plain sight” seems dangerous, yet the hoarding of data for storing, processing, accessing and protecting seems to be an impossible long-term strategy.

Imagine the possibilities for all businesses if they could operate in the freedom of a blockchain world. A world where data could be distributed everywhere and be recalled in real-time whenever needed while also being completely protected. This is the way we need to think about security and the ability to trust and leverage a socialistic networked digital entity.

In summary, despite its somewhat up and down history, blockchain is only increasing in popularity an
d prominence among both the technology and financial industries. As it continues to gain prominence, the security implications of adopting blockchain on a widespread scale need to be top of mind for businesses to ensure that users, transactions and data are all continually protected. With this approach, blockchain can help evolve businesses into the digital economy of today and the future.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.