KyberSwap’s $47M Reentrancy Attack: A Deep Dive into the Exploit
Let’s take a closer look inside a $47M reentrancy attack on KyberSwap.
🇺🇦 Hacken stands with Ukraine!Learn more
The internet revolution has presented the world with Web3, the third iteration of a constantly evolving ecosystem. Also known as decentralized web, Web3 ecosystems are designed to replace centralized infrastructure and allow every user to maintain complete control over the data, irrespective of whether they are interacting with an application or another user. The Web3 ecosystem is made possible by cryptocurrency’s underlying blockchain technology advancements that promote transparency, decentralization, and immutability within a secure environment.
The use of blockchain solutions is not limited to web3 platforms, as many assume. Plenty of traditional organizations of all sizes have started incorporating blockchain-based solutions into their operations for a good reason. Decentralized, secure, transparent, and immutable blockchain combined with smart contract capabilities enable the automation of various operations while maintaining data integrity throughout the process. Let’s review what companies adopt blockchain and identify use cases for cybersecurity.
81 of the top 100 public companies that use blockchain technology, by Industry
Almost every industry sector actively explores blockchain technology’s potential to streamline operations, reduce cost overheads and improve efficiency. Finance/Banking, Technology, Pharmacy, & Telecom are the fastest adopters of blockchain technology.
Implementing blockchain entails cybersecurity issues with smart contracts, digital wallets, regulatory compliance, data management, and p2p transactions. Dozens of established and reputable organizations with $1 billion in revenue and 1,000+ employees will not tolerate the current level of risks in Web3.
The vast traditional finance sector leads the race. Banks and financial institutions that considered cryptocurrencies worthless at one time are the very ones who are working on multiple blockchain implementations to address many real-world issues.
Blockchain use cases: Blockchain-based systems speed up the clearing and settlement times and maintain immutable consolidated audit trails for conventional assets. Blockchain-based systems also have the potential to improve capital markets.
Cybersecurity issues: Direct operational and financial impact due to damage caused by successful cyberattacks or indirect impact due to reputational risks and financial penalties from regulators who are increasingly adding to the infrastructure and compliance requirements around cybersecurity.
Context: Insurance is well-known for having multiple middlemen and multi-step processes for everything from purchasing a policy to raising a claim and getting them approved. Incidentally, attempts to commit insurance fraud continue to be very high, increasing the burden on insurers to verify each claim for its validity and authenticity. It has led to wrong claims being approved at times and, worse, many genuine claims being rejected without the customer ever knowing the reason behind it.
Blockchain use cases: A blockchain-based system brings transparency and maintains a complete, immutable record of customers’ history to make the verification and claim process much easier. The insurance industry is counting on smart contracts to make interactions between customers and insurers much easier. Few insurance products like travel and trip delay insurance can be completely automated with smart contracts and oracles.
Cybersecurity issues: Insurance companies have such a broad reach of personal information that it’s the perfect starting point for identity theft. Failing to implement security controls to counter those attacks could lead to companies in the industry needing insurance of their own.
The insurance industry faces cyber-attacks that exceed the complexity of those in many other sectors.
Context: For trade financing, institutions require documentation about the cargo, origin, destination, customs clearance, bill of lading, and more before extending credit to concerned businesses. Many of these documents originate from different entities and must be handled and processed at multiple points, making it a highly resource-intensive task. Further, the processes and practices may change across geographies, adding to the burden and delaying loans, creating easily verifiable documentation trails that can be transmitted and accessed across jurisdictions without any risk of manipulation.
Blockchain use cases: With blockchain implementation, international and cross-border payment processors can drastically reduce the time and costs associated with the entire process. Depending on the infrastructure setup, they will be able to settle payments at the recipient’s end within minutes of it being initiated for no more than the transaction fee charged by the underlying protocol.
Using hashed addresses for transaction processing also helps platforms ensure better customer privacy and security standards, reducing the risk of hacking attempts or other cyber threats. In recent days, banking institutions have started exploring the use of smart contracts to manage collateralized lending with the contracts designed to automatically trigger events like periodic installment payments, full payments, partial or full liquidation of collateral in case of default or under-collateralization risk, and more. All the capabilities envisioned for traditional lending are already realized by DeFi projects, and it is only a matter of time before the goals are realized.
Institutions involved in cross-border transactions in trade financing, international payments processing, and peer-to-peer payment services have come to terms with the benefits of blockchain technology. Crypto technology and tokenization help these industries operate on a unified standard architecture in all geographies without worrying about the impact of local infrastructure in each geography or jurisdiction.
While most blockchain use cases are developed in the financial sector, other industries are not lagging.
governments are developing and implementing decentralized solutions for voting, taxation, licensing, records management, and other regulatory activities. Blockchain solutions gain prominence in these fields as it reduces the associated costs and brings in the much-needed transparency in governance, something everyone has been demanding for so long.
Shipping goods involves multiple parties, including senders, receivers, carriers, and regulators. With so many entities involved — each often with a different records system — blockchain can help keep track of the location and condition of the cargo.
The gaming industry was among the early adopters of cryptocurrencies and blockchain technology as it allows them to cater to a much larger audience across geographies. Since then, the utilization of blockchain has grown beyond just crypto assets to create smart contract-based games that are decentralized and transparent, with provably fair characteristics from day one. A new breed of Play-to-Earn games is pushing the limits with NFTs and other in-game assets offering a rewarding experience where users can derive monetary benefits by playing them.
Hyperledger Fabric, Ethereum, Quorum, and Corda are the most popular DLP for Enterprises. Some enterprises use several blockchain platforms. Ethereum is the second most popular DLT, with at least 18 major use cases by PayPal, McDonald’s, Coca-Cola, Microsoft, Visa, and Shell.
Any use of DLT makes them subject to threats common for all Web3 businesses, but conventional industries are even more lucrative targets for cyberattacks, because they operate with immense funds and confidential information. It’s no wonder companies invest directly in Web3 cybersecurity, including Microsoft, GoldmanSachs, and HSBC.
Failure to implement security controls could lead to a huge loss of funds, customer data, and reputation, hurting the operations and the organization’s future. The diverse applications of blockchain technology across different industries also eliminate the possibility of adopting a one size fits all approach.
Instead, depending on the purpose of the smart contracts and business goals, each smart contract, and the codebase need to be scrutinized accordingly to find any anomalies or vulnerabilities in the early stages. This is where cybersecurity audits come into the picture. Subjecting the smart contracts and dApps to audits helps identify vulnerabilities early on, so appropriate fixes can be implemented before use.
Recognizing the need for custom security audits for blockchain implementations, many reputed cybersecurity companies have developed specialized audit processes specific to each use case.
Cybersecurity firms like Hacken have already established a good track record in performing security audits for web3 and DeFi projects and blockchain solutions in mainstream sectors. After understanding the goals, the audit process for each project or solution is designed from scratch. Tests are conducted according to automated and manual tools to identify the slightest flaw that could potentially create a security issue. As a result, those working on any blockchain project can easily reach out to the Hacken team and arrange for necessary security audits.
Traditional banking, investment, finance, fintech, and insurance want to use blockchain. For them, the only way forward is to improve the appalling state of ethics and cybersecurity in Web3. As they inevitably adopt blockchain technology, traditional enterprises will pour billions into Web3 cybersecurity because they cannot afford the risks.
Hacken is well-equipped to deliver confidence to traditional enterprises adopting blockchain. We can undertake security checks at all levels – check for vulnerability in smart contracts and L1 protocols (if you’re creating a new chain) and test all methods of unauthorized entry into your systems. Our know-how is the Bug Bounty platform, where you can actively search for bugs with the hands of 10,000+ external security experts.