Protecting Enterprise Blockchain: Key Attack Surfaces and Methods

As the adoption of decentralized technologies accelerates, so does the sophistication of attacks on blockchain systems. In Halborn's Top 100 DeFi hacks report, we categorized and provided statistics for major blockchain attack vectors. One of those attack vectors - total value lost from direct contract exploitation - was $212.7 million higher in 2023 than in 2020. With 37% fewer attacks over that time period, losses on a per-attack basis significantly increased. 

However, our report does offer some encouraging trends. Financial losses peaked in 2022 at over $3 billion, but the total value lost was cut in half in 2023. While it is possible that 2022 is an outlier, this data may indicate the beginning of a new trend where markets become more stable, with increasingly sophisticated security testing and methods. Regardless, it is clear that DeFi remains a sizable sector with notable attack vectors. Both a narrative and an ecosystem, DeFi has also experienced significant adoption since 2020. One on-chain analysis shows that over the month of September 2024, the number of unique addresses across decentralized exchanges (DEXs) grew from 12.5 million to 21.5 million. This equates to an astonishing increase of 72% since the end of August 2024 alone. 

As this space continues to grow, a growing number of Centralized Exchanges (CEXs), DEXs, and distributed ledger technology (DLT) protocols will become integrated by enterprise companies and blockchain startups. What makes a DeFi system a target is often the total value locked (TVL) on that chain, but what makes a DLT vulnerable can be very different. This is because DLTs can be used for non-financial transactions, and the assets which are exposed are materially different from those in DeFi. 

In DeFi systems, for example, losses are inherently financial in nature. However, as enterprise adoption of decentralized systems continues, infrastructure and data being passed to/from enterprise applications via blockchains all become vulnerable. Such system vulnerabilities often exist due to improper implementation, code auditing, security testing, and untested uses of related protocols across the entire ecosystem. What allows enterprise companies to take advantage of DLTs - and to transact in new ways with data and devices - are bridges and hubs.

Cross-Chain Bridge Vulnerabilities: A Unique Challenge in Blockchain Security

For example, cross-chain bridges present unique use cases for interoperability between DLTs and traditional IT infrastructure. Such bridges are often designed to be platform-agnostic with generalized communication protocols and rulesets. With a growing number of untested use cases, this open “permissionless” design carries inherent vulnerabilities and the potential for costly bugs. As blockchain white hats, one of the services Halborn provides to the public is disclosure reporting on Common Vulnerabilities and Exposures (CVE). Specifically, the scope of disclosure reporting commonly covers smart contracts written in Rust, Go, and Solidity. 

Importantly, smart contracts and bridges are frequently used in tandem, with both being regularly targeted by attackers. Increased adoption of interoperable chains does present challenges that require strategic security testing both for permissioned and permissionless technology integrations. That is, open-source and closed-source blockchain implementations can both communicate in a hybrid manner with the broader ecosystem, highlighting the importance of understanding emerging enterprise applications. 

Attack Vectors for Enterprise Blockchain Applications

Even though adoption is increasing, many use cases are still nascent or early-stage. What is clear is that enterprise firms continue to observe risks to traditional, centralized infrastructure that can be mitigated by blockchain. For example, a 2023 study on traditional supply chain management shows that:

The mean number of supply chain breaches increased to 4.16 incidents in 2023 from 3.29 incidents in 2022, according to the survey, “The State of Supply Chain Defense Annual Global Insights Reports 2023,” published December 11 by the supply chain threat monitoring company BlueVoyant.

Properly implemented blockchain solutions provide transparency and verifiability and can provide a solution for supply chain attacks. Because of this, sentiment around DLT adoption continues to rise across various enterprise sectors, extending well beyond DeFi, where risk vectors are not just financial in nature. 

For enterprise companies deploying a hybrid permissioned/permissionless model, this includes risks to any internal infrastructure, employee’s personally identifiable information (PII), as well as possible breaches to a company’s intellectual property. Relevant sectors also entering the DLT space here include healthcare, real estate, and insurance. Even governments have begun testing and integrating these technologies into their infrastructure. 

When introducing such technology into your stack, connected infrastructure(s) and related assets can become vulnerable. Current and future risks include the potential for loss during real world asset transfers (e.g., real estate transactions on-chain), the integrity of blockchain voting systems, global supply chain system disruptions, healthcare customer data exposure, and even hacks on nation-state networks built on Internet-of-Things (IoT) blockchains. 

Some of these risks include human oversight failures in centralized governance. In contrast to those traditional models of governance, many DLTs do also operate on decentralized governance models. Ethereum being the largest example, its model has been tested in production for some time, offering a possible path for enterprise companies seeking to augment traditional management and oversight infrastructures. 

Leveraging Decentralized Governance for Security and Efficiency

Decentralized governance - often termed DeGov - is a model where decision-making power is distributed among multiple participants rather than being concentrated in a single central authority. It not only provides a robust defense against various types of attacks, but it also offers cost efficiencies by reducing administrative overhead. In contrast to centralized governance models, this design ensures no single entity has complete control over network decisions which could potentially lead to coercion or collusion. Practically speaking, protocol-level hacks are highly improbable, and as such, protocols under DeGov models can take on an anti-fragility not often found in traditional networks. 

For example, decentralized blockchains do experience liveness protocol failures, whose effects are akin to a DDoS attack, but there is a rubber-band capability where they can bounce back with little-to-no oversight or intervention. 

Taking this intangible value-add from the chain, startups and enterprises alike are looking into leveraging these technologies to reduce infrastructure and administrative costs. By leveraging smart contracts and automated processes within DeGov models, organizations can effectively reduce administrative overheads associated with typical intervention measures.

As enterprise organizations look at all of these technologies for adoption, and begin to integrate them, critical infrastructure is at play. However, this doesn't mean that the enterprise cannot adopt these technologies safely and strategically. To mitigate the risks that remain, however, we must first recognize where and how they originate.

Strengthening Your Blockchain Ecosystem: Security Best Practices

One of our key findings for hacks in 2024 is that there is a common thread of poor development and testing practices. In spite of this, using extensible, open-source DLT protocols can be a boon to any company looking to scale horizontally. While decentralized protocols distribute attack surfaces and therefore risk, distributed protocols may utilize centralized validator nodes that are vulnerable. 

Given this proliferation of integrated systems, strenuous security testing is necessary across the entire ecosystem. With years of protocol hacks behind us, the blockchain industry has provided many lessons to be learned about security systems hardening. Strategies do exist that can significantly mitigate these risks:

• Ecosystem audits are just as vital as smart contract audits

• Better input validation and validation testing for web applications 

• Use of multi-signature schemes or multi-party computation (MPC) in protocol wallets

• Increased protocol decentralization or integration of (fully) decentralized protocols

To expand on these mitigation strategies, we provide some nuanced discussion using examples of hacks and vulnerability disclosures. 

Comprehensive Ecosystem Audits vs. Simple Smart Contract Audits

Ecosystem audits are vital and provide a more comprehensive review of all components interacting with the DLT. This could include permissioned chains and internal infrastructure, related web applications, extending out to hybrid chains, bridges, and/or hubs. 

Cross-chain bridges commonly use proofs to demonstrate that a transfer is valid; however, these and other protocols don’t always perform proper validation of a proof before trusting it. These errors are especially costly, accounting for 4.3% of attacks but 25.7% of total losses.

Strengthening Input Validation and Web Application Security

Implementing stringent input validation mechanisms can prevent unauthorized access or manipulation of data in web applications, which are frequently used to communicate or transact with the underlying blockchains. This also protects end-user machines from compromised private keys.

One such example is the Demonic vulnerability (CVE-2022-32969) discovered and disclosed by Halborn. To help the community remediate this issue, we worked with MetaMask, Phantom, Brave, xDefi, and others to help the community remediate the issue. 

The Halborn report suggests some strategies to mitigate the risk of unauthorized access to secret recovery phrases. Some of these suggest UI/UX design changes to web application input fields where others suggest more secure code. The goal of the following is to reduce the probability of full key exposure on local devices:

• Break down the recovery phrase input into separate fields for each word.

• Use word selection methods to confirm wallet creation instead of typing out full phrases.

• Clear memory quickly by removing/dereferencing code variables storing phrases.

• Spoof attackers by replacing recovery phrase words with fakes. 

• Design UI to avoid users copying/pasting their recovery phrase directly into browsers.

• For wallet recovery, individual password inputs should be used for each word rather than one large text area.

These measures enhance security protocols around sensitive information like recovery phrases within decentralized applications and web wallets. They also have significant implications for enterprise companies who may implement wallets for data or money transactions. 

Mitigating Risks with Multi-Sig and MPC in Protocol Wallets

Strong encryption is the fortress comprising protocol security on the blockchain, both for end-user confidentiality and the integrity of on-chain activity itself. Any DLT protocol with pools of money in treasuries (think staking or lending protocols) should utilize a multi-sig or MPC protocol wallet. For the security of funds at-stake, these methods require multiple parties' approval before executing transactions. 

In March 2022, the Ronin bridge was subjected to a sophisticated phishing attack, resulting in approximately $615 million worth of cryptocurrency stolen from the platform’s treasury wallet which used a multi-signature setup. 

Here, custodians had redundancies in its multi-party signature schemes, defeating the purpose of the encryption method. To be clear, it is not the encryption itself that is compromised here. Rather, the trust in the individual(s) or entities bearing those keys was broken. Where encryption breaks down is in the attacker's ability to expose improper MPC implementations or poor private key custodianship. In choosing administrations for any multi-sig or MPC configuration, proper key custodianship is therefore vital. 

How Decentralization Reduces Attack Vectors in Blockchain Security

If multiple nodes with security permissions are owned by the same firm (as was the case with the Ronin bridge attack above), this represents a single point of failure in any security model, blockchain or not. Multi-sig and MPC effectively distribute or decentralize such privileges by requiring transaction signatures from multiple stakeholders. 

By increasing decentralization, or integrating decentralized protocols into enterprise systems, the enterprise could observe a sizable reduction in attack vectors when compared to traditional IT infrastructures. 

"Decentralized protocols account for a little under half (44%) of the top 100 hacked protocols. However, they make up only a bit over a quarter (28.2%) of losses, indicating that decentralization seems to have security benefits for DeFi protocols."

Furthermore, Halborn shows in the same report that governance attacks (i.e., attacks against the protocol's rule-making and enforcement arms) are among the smallest attack vectors with no such attacks in 2023 (reference: Figures 29, 30 in the Halborn Top 100 DeFi Hacks report). 

The question for every enterprise company or blockchain startup becomes this: how can we securely integrate this technology into our stack for safe adoption?

How Halborn Can Help Secure Your Enterprise Blockchain

Enterprise companies who leverage decentralized protocols are effectively pioneers of a public "cloud" infrastructure with multi-faceted use cases. Much like the early days of the Internet, however, the unique value proposition here is that this technology is commonly open-source. This attribute provides transparency but also introduces risk, as the rate of development far exceeds the ability to adequately test emergent open-source systems. 

DLTs are indeed part of a new digital frontier, and with this increased access comes known and unknown risks. That's where Halborn comes in with its regular audits, reporting, and vulnerability disclosures. Whether your company is new to the DLT space, or already integrating these technologies into your stack, vigilance in security testing is key. To secure your enterprise’s blockchain initiatives and stay ahead of emerging threats, contact Halborn today for a consultation on customized security solutions.