9.3 C
Tuesday, April 2, 2024

Cryptocurrency and Blockchain safety due diligence: A information to hedge danger

Blockchain know-how has skilled outstanding adoption lately, pushed by its use throughout a broad spectrum of establishments, governments, retail traders, and customers. Nevertheless, this surge in blockchain use and cryptocurrency funding has raised considerations amongst governments and regulatory our bodies. The decentralized nature and cross-border capabilities of blockchains, together with an increase in scams, hacking incidents, and different illicit actions have underscored the necessity for scrutiny. This concern is heightened by the absence of complete regulatory measures.

This weblog offers steering for each people and organizations on the necessities of danger due diligence when contemplating the adoption or funding in blockchains, cryptocurrencies, and tokens. It is very important notice this steering is not supposed as monetary recommendation. As an alternative, its important aim is to assist customers establish and avoid scams and investments that will entail substantial dangers. Nonetheless, for monetary recommendation that’s custom-made to particular person conditions, readers are inspired to hunt the counsel of a certified skilled.

The heightened danger related to blockchain and cryptocurrencies for adopters and traders could be attributed to a common lack of know-how and transparency in relation to their cybersecurity facets and dependability. Including to this danger is the rise of distinctive assault varieties particular to the blockchain surroundings, which differ from conventional safety points. Blockchain safety, by its very nature, typically diverges from normal cybersecurity practices originating from its decentralized, immutable, and cryptographic nature.

This divergence has led to the emergence of recent threats that aren’t generally identified amongst many customers. Examples embrace 51% assaults, sensible contract vulnerabilities, Finney assaults, and Vector76 assaults, which aren’t usually lined by typical cybersecurity measures. Most assaults on blockchains revolve round sensible contract and consensus mechanism exploitation which aren’t current in modern IT or OT centralized digital environments.

To higher emphasize the necessity for in-depth understanding of the safety and reliability options of blockchains and cryptocurrencies, we’ll look at two real-world blockchain assaults. These assaults led to appreciable monetary repercussions, serving as cautionary tales concerning the potential dangers concerned. These incidents embrace the Poly Community Cross Chain Contract Exploitation and Ethereum Traditional 51% assault.

Case 1: Poly Community Cross Chain Contract Exploitation

The Poly Community hack occurred on the August 10, 2021, with $600 million stolen in additional than 12 totally different cryptocurrencies. The hackers exploited a bug to mismanage entry rights between two sensible contracts dealing with token transfers between totally different bridged (linked) blockchains and divert the funds to a few malicious pockets addresses.

The attacker exploited the performance “EthCrossChainData,” which information a listing of public keys that authenticate the information coming from the blockchain, permitting the attacker to change the checklist to match its personal personal keys and redirect funds to the chosen malicious wallets. This type of hacking incident may need been prevented with the implementation of thorough vulnerability assessments of the supply code. A notable difficulty is the inadequate data offered to traders and adopters relating to the inherent dangers related to cross-chain transactions. These dangers stem from the advanced coding essential to execute such operations, typically not totally understood by these concerned.

Case 2: Ethereum Traditional 51% Assault

The Ethereum Traditional blockchain suffered 4 “51% assaults,” by which a single entity gained management over many of the community’s computing energy by introducing many community shoppers/nodes with excessive computational capability overshadowing the computational energy of legit nodes. This opened the door for adversaries to govern community transactions and steal Ethereum Traditional cash. Traders and adopters are sometimes unaware of the dangers entailed in proof-of-work consensus mechanisms that facilitate low hashrates.

The hashrate originates from the processing energy of validator nodes that lend their computational energy to validate and safe blockchain transactions. Within the case of a low hashrate, attackers can exploit the community by overpowering it. This will have a major impression for traders, as they’ll lose a major quantity of their cash. Such incidences could possibly be mitigated by monitoring the hashrate of the blockchain community to implement proactive measures as soon as the hashrate falls underneath a threshold, all whereas monitoring on-chain exercise for double spend makes an attempt.

Blockchain Evaluation Methodology

Adopters, traders, and enormous organizations are primarily involved with deciding on digital property which can be dependable and safe to safeguard towards the lack of worth, whether or not by means of fraud or different unexpected problems. Due to this fact, we’ll give attention to presenting an empirical methodology to mitigate related dangers. It goals to information the collection of dependable, and safe blockchains, cryptocurrencies and tokens, offering a framework for safer funding and adoption selections.

The proposed methodology facilities round 9 elementary pillars: Blockchain Kind, Consensus mechanism, Crew, Whitepaper, Supply code, Historic hacks and vulnerabilities, Pockets distribution, Governmental and Authorized Scrutiny and Liquidity. Though the attributes at present used to evaluate blockchains and cryptocurrencies are deemed sufficient, it is very important acknowledge that these standards are prone to evolve alongside the development of blockchain know-how and cryptocurrencies. Future adjustments and enhancements in these applied sciences could be inferred from new options that builders introduce to blockchain programs and cryptocurrencies which can be typically described of their whitepapers or on GitHub pages.

Blockchain Kind

Blockchain sort refers back to the entry rights and diploma of management that customers have over a selected blockchain. There are 4 important varieties of blockchains:

  • Public: Anybody can learn and write (transact) on a public blockchain equivalent to Bitcoin. That is essentially the most accepted sort of blockchain by way of safety and reliability as all stakeholders have visibility on all transactions and on-blockchain information. Normally, public blockchains have additionally a excessive diploma of decentralization, which minimizes assaults associated to high-influence nodes within the community.
  • Personal: Solely the proudly owning group(s) can learn and write on the blockchain and, normally, solely a handful of nodes can write on the ledger (e.g., Hyperledger). Though such networks are normally quicker than public blockchains, they don’t seem to be clear, and stakeholders can manipulate blocks at will to the extent that they’ll even impression the immutability of blockchain by altering earlier transactions or delete blocks.
  • Consortium: Like personal blockchains, consortium blockchains (e.g., Ripple) additionally provide little to no transparency and are sometimes extremely centralized. The one distinction is that consortium blockchains compromised of a number of organizations as a substitute of a single entity.
  • Hybrid: Hybrid blockchains inherit architectural designs from private and non-private blockchains (e.g., Komodo). The diploma to what traits a hybrid blockchain inherits depends upon a selected resolution and its goal. Normally, a big a part of the actions and transactions happen on the background as a part of a personal ledger (blockchain), the place the outcomes of these actions are broadcasted on a public blockchain. Whereas hybrid blockchains enhance efficiency, they compromise the trustless and totally clear nature of user-blockchain interactions. In these programs, customers are required to put full belief within the group(s) overseeing the personal elements of the transactions.

In evaluating blockchain danger ranges, public blockchains usually current the bottom danger. Their open-source nature fosters transparency of their operations, making their processes and transactions extra seen and accountable. Hybrid blockchains carry a reasonably increased danger because of their semi-transparent nature, the place not all components are publicly accessible or managed by customers.

Personal and consortium blockchains signify the very best danger class. These blockchains require customers to put full belief within the controlling entities, as they lack the transparency and decentralization of public blockchains. This heightened danger is as a result of potential for misuse or mismanagement by the controlling events.

To precisely decide the kind of blockchain and mitigate dangers, significantly in relation to token (creation of crypto tokens could be created with minimal effort making them excellent for scams), it’s advisable to undertake three methodologies:

  • Evaluation of the undertaking’s web site and related whitepaper describing the crypto undertaking to confirm its worth and reliability, an instance can be the Ethereum whitepaper.
  • Go to the GitHub web page containing the supply code of the cryptocurrency or token of curiosity to validate its opensource and clear nature, equivalent to Ethereum’s GitHub
  • Use blockchain explorers to be sure that transactions within the blockchain of curiosity are seen and clear to customers. Web sites like Blockchain.com can be utilized to discover transactions.

Usually, all of the talked about sources needs to be accessible for public blockchain initiatives. If any of those sources is unavailable, the related dangers notably escalate.

Consensus mechanism

A consensus mechanism is a fault-tolerant algorithm utilized in blockchains to realize agreements on a single state of the community amongst distributed processes or multi-agent programs, equivalent to cryptocurrencies. Consensus mechanisms in cryptocurrencies are utilized by validating nodes (e.g., miners) to validate and settle for transactions originating from decentralized computing brokers. 4 varieties of consensus mechanisms exist:

  • Proof-Primarily based (Pox): There are two important varieties of proof-based algorithms, proof-of-work (PoW) and proof-of-stake (PoS).
    • Proof-of-Work: A decentralized consensus mechanism that requires miners to make use of their computational energy to validate transactions and mine new tokens in a blockchain community. That is achieved by fixing an arbitrary mathematical puzzle that forestalls fraud on the community. Proof-of-work is extensively utilized in cryptocurrency and is usually a safe technique for validating blockchain transactions. Nevertheless, the safety and reliability of such networks are closely reliant on the computational energy (hash-rate) and decentralization diploma of mining nodes. If the aggregated computation energy of miners is low or extremely centralized, it’s potential that attackers overpower the safety of the community and harm the integrity and reliability of a blockchain by manipulating transactions which may incur important disruptions together with lack of cash.
    •  Proof-of-Stake: Like proof-of-work, mining nodes in proof-of-stake blockchains validate block transactions in a decentralized method. Nevertheless, as a substitute of verifying transactions in proportion to the processing energy a miner holds on this case is relative to the proportion of the overall cash {that a} miner holds. Though, this improves vitality consumption and lowers mining prices, it poses important safety dangers within the case the place a small variety of mining nodes personal the biggest proportion of cash in a community or the place the biggest holders collude to govern the blockchain for revenue, equivalent to value manipulation or apply insurance policies in a blockchain that may finally profit the most important stakeholders.
  • DAG: Directed Acyclic Graphs (DAG) is a substitute for conventional consensus blockchain mechanisms that goals to enhance velocity, scalability and scale back prices. The primary distinction from different blockchains is on the information construction. As an alternative of storing information/transactions on a blockchain and passing this data to all of the nodes within the community, DAG networks can carry out point-to-point transactions with out broadcasting it to the community for verification because of their tree-like construction and high-connectivity between nodes. Though DAGs are more practical than legacy blockchains, they’re additionally susceptible to a number of assaults that may harm the integrity of a community as a result of low quantity of authentications and transactions on the community, together with manipulating nodes within the community, leaving them prone to varied conventional networking, and blockchain-specific assaults.
  • PBFT (Sensible Byzantine Fault Tolerance): The primary goal of PBFT algorithms is to determine whether or not to simply accept a chunk of data that’s submitted to a blockchain or not. Every node within the community maintains an inside state. When a node receives a transaction, they use the message along side their inside state to carry out a computation. This computation will outcome into the choice concerning the message. The choice is then shared with different nodes within the community. The ultimate choice is set primarily based on the overall selections from all nodes. In comparison with proof-of-work, a excessive hash fee isn’t required for verification as PBFT depends on the variety of nodes confirming a transaction. As soon as adequate responses are reached, the transaction is verified as a sound transaction. Like proof-of-work, PBFT generally is a safe medium for verification solely when adequate nodes exist within the community which can be operated by totally different events.

The collection of a consensus mechanism Is a posh process, as every has its benefits and downsides by way of safety and reliability. In precept, proof-of-work is safe when a blockchain community is populated with many miners sustaining a excessive hash fee for verifications, making it restrictive for adversaries to make use of their very own hash fee towards the legit customers and take over blockchain transactions.

Web sites equivalent to Blockchain.com can present data on the hash fee of varied blockchains. When it comes to proof-of-stake blockchains, they’ll solely keep their safe operations when there’s a wholesome distribution of the cryptocurrencies or tokens to varied wallets and customers (the strategy to audit crypto distributions is visited later within the paper). DAG mechanisms are very prone to man-in-the-middle assaults aiming to govern the integrity and availability of transactions. PBFT mechanisms are usually protected, however prone to assaults when small variety of nodes function in a blockchain community, permitting potential adversaries to implement assaults that may affect many of the community stakeholders, equivalent to Sybil assaults, and make selections for the complete community.


This issue evaluates the openness of the workforce behind a blockchain, cryptocurrency or token. Whereas blockchain and cryptocurrencies basically assist decentralized and semi-anonymous transactions, the anonymity of the event workforce can markedly increase the chance of financial loss because of a scarcity of accountability. This anonymity heightens the hazard of fraudulent actions equivalent to rug-pulls or value manipulation.

Respected digital forex initiatives usually disclose their workforce’s identities and credentials, offering assurance to customers and traders concerning the legitimacy of their undertaking. It needs to be simple to analysis a crypto undertaking’s workforce. Elevated problem find details about the workforce considerably raises the chance related to investing in or adopting the undertaking. Fundamental analysis on a crypto workforce could be carried out utilizing the next sources:

  • Social Networks (LinkedIn, X, Instagram, Fb, Reddit, and so forth.).
  • YouTube
  • Cryptocurrency-related boards and communities equivalent to Bitcointalk and CryptoCompare.
  • Podcasts and interviews with the operators.

It is usually vital to contemplate how lengthy the workforce has been operational. A shorter operational historical past suggests the next danger. For example, if all social media and YouTube content material associated to the workforce have been created throughout the previous 5 days, and there may be little proof of serious undertaking growth, this might point out a possible rug-pull state of affairs.


Whitepapers and roadmaps are essential, serving because the bedrock for comprehending, assessing, and partaking in numerous crypto initiatives. A whitepaper serves because the foundational doc, providing an in-depth exposition of the undertaking’s technical underpinnings, its mission, the issue it intends to handle. It covers the cryptocurrency’s technical facets, consensus mechanism, safety features and tokenomics, thus equipping potential traders and builders with a deeper understanding of the undertaking. These paperwork are instrumental in fostering transparency, which in flip cultivates belief and credibility — necessities in a sector brimming with innovation and funding prospects. For traders, whitepapers and roadmaps are crucial instruments for evaluating dangers and making selections.

As regulatory scrutiny escalates within the crypto world, whitepapers can signify a undertaking’s dedication to regulatory compliance, an more and more important issue for long-term viability. A well-crafted whitepaper and roadmap thus empower traders and customers to make knowledgeable selections, distinguish real initiatives from fraudulent ones, and interact with the crypto neighborhood extra responsibly and knowledgeably.

Whitepapers needs to be simply accessible in a undertaking’s web site, such because the whitepaper for Avalanche. A whitepaper that’s not simply understandable or seems swiftly assembled, a state of affairs now extra believable with generative AI, would possibly point out a doubtful undertaking.

Supply Code (GitHub)

Checking a cryptocurrency undertaking’s GitHub repository is significant for a number of causes. It provides perception into the undertaking’s growth exercise and the competence of its growth workforce. By inspecting the frequency and high quality of code commits, pull requests and difficulty discussions on GitHub, potential traders and customers can gauge the undertaking’s dedication to ongoing growth and the workforce’s potential to ship on their guarantees. A repeatedly up to date and lively GitHub repository is a constructive signal, indicating that the undertaking is actively maintained and progressing in the direction of its targets.

GitHub additionally offers a stage of transparency and accountability that’s important within the cryptocurrency area. The open nature of GitHub permits anybody to scrutinize the codebase, which may reveal any vulnerabilities or safety points. It additionally permits the neighborhood to take part in code critiques, provide stories and bug fixes, and recommend enhancements. This collaborative strategy enhances the undertaking’s safety and reliability. Conversely, initiatives with closed or inactive repositories increase crimson flags, as they might be much less clear, or worse, probably deserted, or fraudulent. Acquiring entry to GitHub repositories needs to be a easy as a google search. The best the variety of customers interreacting with the code and the longer the time of existence for a undertaking the very best the boldness needs to be.

Historic hacks and vulnerabilities

This attribute considers if a blockchain, cryptocurrency or token was compromised or is susceptible to assaults. It’s regular to search out {that a} crypto undertaking has been compromised at some extent of time, nevertheless, the exploitation methodology used for these assaults and susceptible code needs to be revised to make sure that the supply code is patched and secured. Within the case {that a} undertaking isn’t involved with vulnerability administration and greatest safety practices, it renders the undertaking elevated danger because of a excessive chance of a future compromise.

To find out if a undertaking has a historical past of vulnerabilities and threats, an easy strategy is to seek the advice of information retailers specializing in reporting on these points throughout the cryptocurrency sector. A primary useful resource for this data is Rekt, masking all reported exploitation throughout totally different blockchains and platforms. Extra sources that may additionally show helpful embrace Cointelegraph, CryptoSlate and Substack.

Pockets Distribution

The pockets holder distribution describes the variety of cash or tokens held by every pockets for a selected undertaking. This metric solely applies for cryptocurrencies or tokens which can be leveraging public or hybrid blockchains the place the transactions are publicly accessible. If a pockets holds a big distribution of a cryptocurrency or token, there’s a important danger for community manipulation.

Such data could be discovered within the respective blockchains of curiosity (e.g., Etherscan for Ethereum) or in cryptocurrency and token value monitoring instruments equivalent to CoinMarketCap. It’s vital to keep in mind that, in some instances, adversaries could cut up their holdings of tokens throughout a number of wallets to offer the looks of decrease token accumulation in a community. It needs to be famous that addresses holding important quantities of cryptocurrencies are sometimes related to exchanges or sensible contracts. It is a typical state of affairs, and these addresses normally shouldn’t be factored into analytical assessments, until there may be motive to consider that an alternate or sensible contract tackle is working with malicious intent. Such nuances are essential in precisely decoding the distribution and focus of tokens inside a community.

Governmental and Authorized Scrutiny

The exponential adoption of blockchain has seen extreme scrutiny by governments and regulators across the globe. Such case is the lawsuit from the U.S. Securities and Trade Fee towards Ripple, accusing the defendant of conducting an $1.3 billion unregistered securities providing.

Authorized and governmental scrutiny can considerably enhance the dangers of investing and adoption because of potential lack of worth. Such losses could be partial or full within the case the place a authorities orders an organization to stop operations (within the case of a centralized crypto undertaking). To reduce such dangers, adopters and traders alike should warrant that their crypto undertaking of curiosity isn’t a goal of governmental and authorized scrutiny. When vetting a cryptocurrency undertaking, it’s essential to contemplate the affect of sure governmental entities and organizations that play a major position in shaping international authorized frameworks and insurance policies for cryptocurrencies. These key entities usually set the requirements and rules that impression the crypto business, and consulting their pointers and insurance policies is a necessary step within the analysis course of. These outstanding our bodies embrace:

One other helpful supply to assist the reader higher perceive the present efforts on cryptocurrency regulation in numerous jurisdictions is the cod3x, crypto council for innovation and Atlantic Council.


Liquidity performs a crucial position in assessing the reliability of cryptocurrency and token initiatives. Low liquidity can considerably impede an investor’s potential to commerce, significantly when attempting to exit their place (promote). Moreover, it leaves the crypto undertaking prone to cost manipulation, as even a small quantity of capital can drastically have an effect on the worth. This surroundings is ripe for schemes like pump-and-dump or rug-pulls. Excessive liquidity, conversely, makes value manipulation more difficult, requiring substantial capital to impression the market meaningfully.

Nevertheless, it’s price noting that low liquidity doesn’t at all times signify a scarcity of potential. Whereas it typically factors to a newly conceived undertaking missing substantial backing, some main crypto initiatives started with restricted liquidity and organically grew over time. Due to this fact, liquidity needs to be thought of alongside different undertaking options for a extra complete analysis.

To evaluate the liquidity of a crypto undertaking, CoinMarketCap is a great tool. Key metrics to give attention to embrace the totally diluted market cap, which displays the overall worth of the cryptocurrency if all cash have been in circulation, and the circulating provide, indicating the at present accessible cash out there. Extraordinarily low values in both metric may pose important dangers. Moreover, if the circulating provide is a small fraction of the totally diluted market cap, it might point out potential danger, as giant releases of cash into circulation may result in substantial value fluctuations and manipulation. Such particulars are sometimes outlined in a undertaking’s whitepaper and web site and needs to be fastidiously reviewed.

Auditing Use Instances

To higher exhibit using the proposed auditing methodology and the necessity for due diligence in evaluating crypto initiatives, we’ll apply this framework to a few hypothetical examples of cryptocurrencies and tokens. These instances will give attention to public blockchains, as personal or hybrid blockchains typically perform as “black containers.” In such blockchains, there may be restricted transparency relating to their inside workings, thus requiring the next diploma of belief.

Token “X” Coin “Y” Coin “Z”
Blockchain Kind Public Public Public
Consensus Mechanism Proof-of-Work (excessive hash fee) Proof-of-Stake (low distribution) Proof-of-Work (low hash fee)
Crew Unknown Identified Identified
Whitepaper Sure – Low high quality, rushed, restricted worth Sure – good high quality Sure – good high quality
Supply Code

(Git hub)

Sure – Challenge created 10 days in the past with solely two accounts linked to the undertaking Sure – greater than 1,000 lively customers and builders Sure – greater than 500 customers and builders
Historic hacks & Bugs No Sure – however vulnerabilities fastened Sure – 51% assaults
Pockets Distribution 80% belongs to 2 personal pockets addresses 40% belongs to a personal pockets tackle Wholesome distribution, first 40 addresses maintain 11% of crypto
Governmental and Authorized Scrutiny N/A N/A N/A
Liquidity $90,000 $ 6,000,000 $ 100,000,000
  • The workforce is unknown.
  • Whitepaper reveals no innovation and no substance.
  •  Restricted monetary backing.
  • GitHub web page exists for simply two weeks with little following.
  • Majority of the tokens are distributed in simply two addresses, owned by the creators.


A high-risk funding that may be prone to cost manipulation or a rug-pull.

  • Low liquidity mixed with a consensus mechanism tied to stake possession can permit menace actors to realize management over the community with a comparatively small funding.





The undertaking seems dependable and promising, but its low liquidity poses a danger to the safety of its consensus mechanism.

  • The community stays susceptible to assaults because of its historical past of 51% hacks and ongoing low hash fee, with earlier problems with adversaries overpowering the community not but resolved.





The undertaking seems dependable; nevertheless, 51% assaults are nonetheless potential that may result in lack of cryptocurrency.


The fast enlargement of blockchain know-how has garnered consideration and concern from governments because of its decentralized nature and regulatory challenges. There’s nonetheless a necessity for corporations to pay attention to the dangers posed by these applied sciences, together with the specter of scams and distinctive blockchain vulnerabilities. We hope this put up serves as a information for protected adoption and funding, stressing the significance {of professional} recommendation for monetary selections. The purpose is to coach a large viewers on navigating the advanced panorama of blockchain know-how safely and responsibly. At all times search skilled steering, keep up to date with the most recent developments, and prioritize safety in your blockchain endeavors.

We’d love to listen to what you assume. Ask a Query, Remark Under, and Keep Linked with Cisco Safety on social!

Cisco Safety Social Channels



Latest news
Related news


Please enter your comment!
Please enter your name here