Exploiting vulnerabilities in Blockchain
Blockchain is a set of emerging technologies that are presented as alternatives to centralized systems. A notable example is that they seek to replace traditional banking systems through the use of cryptocurrencies without centralized control, as in the case of the well-known Bitcoin. They also have other important applications, such as in the traceability of assets, the control of corruption, and even democratic systems. Some of these capabilities are implemented through "smart contracts", basically software that runs on blockchains.
Being a relatively new technology, in full swing of research and development, it also presents security problems that can be exploited by attackers. As mentioned before, some of the systems that blockchains seek to replace are critical. Any security problem can have catastrophic consequences in money and continuity of the organizations.
In this talk we will talk about the main security problems that affect blockchains, especially with a focus on smart contracts. We will show how these flaws can be exploited and we will give some practical examples. We will also talk about some famous hacks in which attackers have been able to steal millions of dollars from some blockchain-based systems. Finally we will explain how these failures can be avoided. We will especially focus on EOSIO technology.
As mentioned above, no system is 100% secure. Therefore, it is necessary to take into account that attackers can steal information in one way or another, so it is important to know how to avoid these attacks and learn from them to improve the security of our systems and thus avoid future threats.
We have witnessed some attacks first-hand in which attackers have been able to steal information over even user funds, such as the attack on (EOS SX Vault). In this case, the attacker found some vulnerabilities in the smart contract running on the blockchain. For this attack our team conducted an investigation to analyze and learn from the vulnerability, you can follow up on this complete analysis on Analysis of the Vulnerability Found in the vaults.sx Smart Contract.