Info@NationalCyberSecurity
Info@NationalCyberSecurity

Fireblocks warns about on-chain hacking | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


What is on-chain hacking and what factors play into it becoming more of a concern?

On-chain activity is experiencing a renewed wave of retail institutional and retail capital allocation, which has pushed its total value to over $100bn for the first time since May 2022. We’re seeing this play out on our own platform, with institutional on-chain volume rising by more than 75% in 2024 alone, to almost $4.5bn in monthly volume.

This is exciting for the industry, but it’s not without drawbacks. The influx of capital to on-chain applications has drawn the attention of threat actors looking to take advantage of the obscurity and complexity of on-chain transactions.

Phishing websites, for example, are a leading threat within DeFi, with seemingly legitimate websites prompting inexperienced users to grant attackers access to their wallets, which are subsequently drained. Additionally, smart contracts, which are used for all DeFi transactions, are not human readable, allowing malicious actors to easily trick newer users into harmful trades.

Are there robust enough security standards to address rising levels of institutional investment in digital assets?

The early months of 2024 have already seen attackers exploit a range of vulnerabilities to drain over $500m from DeFi wallets, whilst 2023 saw a total of just over $1bn lost to DeFi hacks. This highlights that not only are hacks becoming more prevalent due to the increase in attention from institutions, but attacks are also becoming more sophisticated. Security standards in the space need to match the increasing threat of bad actors, ensuring that institutions and retail investors can hold digital assets safely.

What kind of technology defence mechanisms are most effective in addressing the problem?

To prevent on-chain hacking, we need to create a way for users to safely navigate the space and minimise interactions with malicious actors. At Fireblocks, we’ve recently introduced a new dApp protection feature that automatically detects suspicious smart contracts, phishing websites, and compromised dApps, alerting users before they interact with a potential threat. By preventing user interaction with threat actors, we’re able to stop harmful transactions from taking place.

The illegibility of smart contracts is another key issue. DeFi players need to introduce technology that can translate complex code into an understandable format. This is something that we’ve also recently introduced at Fireblocks. Our new Transaction Simulation feature translates complex contract call information into a human-readable message, allowing users to validate the contract’s intent and preview the impact on their wallet balance before signing.

Access the most comprehensive Company Profiles
on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free
sample

Thank you!

Your download email will arrive shortly

We are confident about the
unique
quality of our Company Profiles. However, we want you to make the most
beneficial
decision for your business, so we offer a free sample that you can download by
submitting the below form

By GlobalData

Country *
UK
USA
Afghanistan
Åland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint
Eustatius
and
Saba
Bosnia and Herzegovina

Botswana
Bouvet Island
Brazil
British Indian Ocean
Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Cape Verde
Cayman Islands
Central African Republic

Chad
Chile
China
Christmas Island
Cocos Islands
Colombia
Comoros
Congo
Democratic Republic
of
the Congo
Cook Islands
Costa Rica
Côte d”Ivoire
Croatia
Cuba
Curaçao
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern
Territories

Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard Island and
McDonald
Islands

Holy See
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
North Korea
South Korea
Kuwait
Kyrgyzstan
Lao
Latvia
Lebanon
Lesotho
Liberia
Libyan Arab Jamahiriya

Liechtenstein
Lithuania
Luxembourg
Macao

Macedonia,
The
Former
Yugoslav Republic of
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia
Moldova
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands

Norway
Oman
Pakistan
Palau
Palestinian Territory
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Réunion
Romania
Russian Federation
Rwanda
Saint
Helena,
Ascension and Tristan da Cunha
Saint Kitts and Nevis
Saint Lucia
Saint Pierre and Miquelon

Saint Vincent and
The
Grenadines

Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South
Georgia
and The South
Sandwich Islands
Spain
Sri Lanka
Sudan
Suriname
Svalbard and Jan Mayen

Swaziland
Sweden
Switzerland
Syrian Arab Republic
Taiwan
Tajikistan
Tanzania
Thailand
Timor-Leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkey
Turkmenistan
Turks and Caicos Islands

Tuvalu
Uganda
Ukraine
United Arab Emirates
US Minor Outlying Islands

Uruguay
Uzbekistan
Vanuatu
Venezuela
Vietnam
British Virgin Islands

US Virgin Islands
Wallis and Futuna
Western Sahara
Yemen
Zambia
Zimbabwe
Kosovo

Industry *

Academia & Education
Aerospace, Defense &
Security
Agriculture
Asset Management
Automotive
Banking & Payments
Chemicals
Construction
Consumer
Foodservice
Government, trade bodies
and NGOs
Health & Fitness
Hospitals & Healthcare

HR, Staffing &
Recruitment
Insurance
Investment Banking
Legal Services
Management Consulting
Marketing & Advertising

Media & Publishing
Medical Devices
Mining
Oil & Gas
Packaging
Pharmaceuticals
Power & Utilities
Private Equity
Real Estate
Retail
Sport
Technology
Telecom
Transportation &
Logistics
Travel, Tourism &
Hospitality
Venture Capital

<!–

–>

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

On the on-chain protocol and apps side, trust with newcomers can be built by prioritising proactive security measures, intuitive interfaces, and with ongoing education. Mitigating risks is crucial for fostering rapport. Following security best practices like the Rekt Test can help builders focus on the essentials first.

What is the feedback from your institutional customers about how much of the problem on-chain hacking is and how they are addressing it?

The rise of on-chain activity has attracted attention from sophisticated attackers, resulting in over $500m being drained from wallets through various methods like phishing websites and dApp takeovers. This calls for heightened caution.

For institutional investors navigating onchain transactions, the risks are significant. They manage significantly more funds than the average consumer trader, and the risks of unknown and unpredictable onchain engagements is something they have to consider within their risk portfolio, which is essentially what holds them back.

The more heavily-resourced, security-oriented businesses are assigning the responsibility of onchain security assessment to specific individuals and sometimes entire teams. That function within the organisation is essentially an extension of the concept of business analysts who would assess trading opportunities, with the main difference being that these onchain security teams are now examining protocols and dApps. However, this is not something that every organisation is willing to invest in, or is able to set up.

To address this, Fireblocks introduced new threat detection features in our onchain suite: dApp Protection and Transaction Simulation. dApp Protection offers real-time alerts to prevent interactions with suspicious smart contracts and phishing sites, while Transaction Simulation allows users to preview token balance changes before signing, ensuring transparency and security. Simplifying the security context of onchain activity enables easy and secure operations for all businesses.

Finally, what are the potential consequences if companies do not address the problem?

Our suite of DeFi protection tools moved to early access at the end of 2023 and since then customers have been using our transaction simulation feature to easily verify the impact of a contract call before signing. They’ve highlighted that this is a game changer, providing teams with much more clarity into on-chain operations and adding another layer of protection against DeFi threats.

The influx of funds moving into the space means that high security standards are not just a nice-to-have but are absolutely critical and any business looking to be taken seriously needs to show that they can protect customer funds.

Fireblocks new DeFi Security features are aimed to elevate the level of security on our platform for onchain asset management. Organisations that ignore security best practices and do not use proper security tools to protect themselves, especially in times when the number of attacks are increasing, do so at their own peril.

<!– –>


!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window, document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1175064750058523’);
fbq(‘track’, ‘PageView’);

!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window, document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘501151668227761’);
fbq(‘track’, ‘PageView’);

——————————————————–


Click Here For The Original Story From This Source.

.........................

National Cyber Security

FREE
VIEW