The older the project — the better: how to protect yourself from scams in blockchain

Blockchain is known for its security. However, they also say the industry is full of scammers and frauds.

Security Analyst at NN group,  Sudhanshu Kadre, explains how these two sides of blockchain are mixed and what a common user can do to avoid becoming a cyberattack victim.

Is blockchain really as secure as they say?

In very simplistic terms, blockchain is based on three services:

1. decentralization;
2. security;
3. access.

So, security is one of the critical services that blockchain offers. But how is it achieved? Let’s take Bitcoin as an example.

Bitcoin is a public blockchain, which means anybody can look at its source code. As for the structure, Bitcoin is a massive database of many nodes, and to make a transaction via this database, most nodes should agree on it. This is called consensus and helps provide transactions without intermediaries (banks, etc.) like in traditional financial systems.

Bitcoin’s consensus algorithm is called Proof of Work (PoW), which means you have to show an amount of work through computation power. In other words, you have this much amount of processing power to prove your stake. Given that, currently, to control the majority of nodes, the hacker needs to crack the hash functions which add security to the layer.

Compared to PoW, Proof of Stake (PoS), which is used in Ethereum, has a lower entry barrier. People can participate more easily, as they just need an amount of stake rather than possessing a specific amount of processing power. 

This low barrier increases participation and makes the system more vulnerable to security threats. Even when this is the case, every blockchain is much safer than any traditional system.

Does that mean nobody can hack into the blockchain?

The most important rule of cybersecurity is that no system is 100% secure. Meaning, blockchain can be hacked, even Bitcoin blockchain.

For example, the most common cybersecurity attack in the blockchain is a 51% attack. Because the consensus algorithm requires the majority of nodes — more than 51% — to confirm the transaction, hackers try to have access to this number. It is nearly impossible to achieve in Bitcoin but possible in other blockchains.

Other attacks also target nodes because they are the entry to the blockchain system. But you have to understand that doing it is very hard and expensive. That is why it is much easier for hackers to hack a system not on the technical level but on the human one.

No matter how secure the system is, if the user gives you a password to open it, you will be in very easily and quickly. Hackers take advantage of it every time. This method of hacking is called social engineering.

How to protect yourself from social engineering?

The most important thing for common users is researching before any crypto action, purchase, etc. It is crucial because many scammers create a project, hype it up, get investments and then drop it off.

That is one of the downsides, because blockchain allows bad actors to start a project — and they can stay anonymous. You can monitor the transaction then, but you will not be able to know to whom the wallet belongs. That’s why, in terms of cybersecurity, the older the project — the better.

If you want to invest in cryptocurrency, you can check it on CoinMarketCap and CoinDesk. Compare it with Bitcoin and Ethereum — they are the safest players on the market. What is the number of transactions that have already happened on this blockchain? What is this blockchain used for? Is it beneficial or came from nowhere and will not stay for a long time?

As for NFTs, currently, with the NFT winter, there are only a few legitimate projects worth mentioning. However, the best way to get to know about projects is by researching open-source platforms like OpenSea.

Step two is to check the website of the project. Does the project not have any website? This is a red flag of scams, as well as the absence of social media like Twitter, Discord, etc. Regarding Web3 projects, Twitter and even LinkedIn are great research places.

Also, to protect yourself, it helps to remember two basic cybersecurity rules:

1. Do not open suspicious links because it can be fishing, and fraudsters will take the information you provide via this link. It is a simple scheme, but it works, even in Web3.
2. Use a unique and strong password. In the blockchain world, it can also be convenient to write it down somewhere safe because there are no Forgot Password buttons in crypto wallets.

Really? No special tips for blockchain security?

Well, these are the same schemes and scams if we are talking about the human level. For example, as for the crypto wallet, you cannot say one is more secure than the others. It doesn’t matter whether you use MetaMask or Coinbase; it’s more about which user is more gullible.

Still, there is one unique feature of blockchain. This is the security of smart contracts.

These are the contracts people mostly use in Ethereum applications and for NFTs purchases. There is also a popular scheme called ice fishing, where hackers correct a smart contract in a way that every time it is used, they get money in their wallet instead of the seller’s wallet. That is why creators of smart contracts should pay a lot of attention to their security and check whether there are bugs in it.

From the user’s side, it is the NFT marketplace’s responsibility to check the security and correctness of smart contracts. But even reliable platforms like OpenSea can’t check everything because there are a lot of transactions every day, every minute. So buyers also have to educate themselves and be able to identify a proper smart contract.

Smart contracts are a niche in developing spaces. It’s difficult to understand if you don’t have basic coding knowledge. However, Opensea’s NFT Bible does a good job explaining the details of a contract used for NFTs.