This week's giveaway is in the JDBC forum.
We're giving away four copies of Java Database Connections & Transactions (e-book only) and have Marco Behler on-line!
See this thread for details.
Win a copy of Java Database Connections & Transactions (e-book only) this week in the JDBC forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

Building Ethereum DApps: The cyber crime is a real thread ?  RSS feed

 
Ranch Hand
Posts: 122
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Sir,

As a developer interested en the Ethereum technology something that concerns me it is the security of such platforms and the fraud caused by others,
by that I mean the cyber crime that consist in stealing bit currency by gangs of hackers -not sure what to call it-. As a consequence, developers working in
block chain can suffer job loss, reputation damage and even prosecution.

Do you think that today's block chain currency are safe or there is room for improvement ? Today are these kind of frauds real threads  ?


Thanks.
 
Author
Posts: 6
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ludoviko,

you are right, there have been many cases of hacking, theft and malicious behaviour in the blockchain space by many parties: developers, crypto-exchange owners, etc. As it happens in other industries, the community is formed of a majority of good people and a minority of bad people that cause pain and damage to the rest. Not many people are probably aware of the Bitcoin MT GOX hack that in 2014 ended with the theft of $450M in bitcoin. And not too many people know about the hack to the Ethereum DAO, the first big scale Dapp, which in 2015 cost around $150M in investment losses and required a major blockchain fork to roll back the damage. These hackings happened before the big-boom of December 2017, when cryptocurrencies and blockchain became mainstream. In the last few months you might have heard other episodes, such as the suspicious death of the CEO of a Canadian crypto-exchange that was alledgedly the only person to own the private keys of the exchange accounts, with a loss for his customers of around $200M. These news definitely contribute to damage the reputation of cryptocurrencies and also to the blockchain industry. And I believe, given the hype on the technology and the economic value involved, it is very easy new episodes will happen again.
I believe most of the hackings are due to the general inexperience of the whole industry. You would think that the developers of the crypto-exchanges should be so experienced in cryptography that hacking should be very unlikely. Yet the fact that these hacking episodes have been relatively frequent, proves that the industry is learning "the hard way" because good practice has yet to be defined. For example, the famous Ethereum DAO hacking was launched against a project developed by some of the most experienced Ethereum developers at the time, who obviously did not forsee all the possible "bad scenarios" that could have happened.

In the last couple of years Ethereum and other blockchain technologies have become more robust. For example, Solidity, the main EVM smart-contract language, has phased out some of the most vulnerable features which were being exploited by attackers.

In my book I cover security extensively, especially in chapter 14, which is entirely dedicated to the topic. I explain the most common attack strategies and I recommend how you should defend against them. I also give many pointers for further learning.

Hopefully going forward smart-contract languages and tools will become more robust and hacking cases will become less frequent.
 
Would you turn that thing down? I'm controlling a mind here! Look ... look at the tiny ad ...
how do I do my own kindle-like thing - without amazon
https://coderanch.com/t/711421/engineering/kindle-amazon
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!