While blockchain is very efficient with respect to transactions, there are concerns about the security of blockchain distributed ledger technology based transactions. Vulnerabilities also exist in the Smart Contracts based on some blockchain based technologies.Some of discovered issues are: Blockchain based distributed ledger technologies can be hacked like any other IT platform/ protocol. If someone chooses to save their private keys on an Internet-connected device, they can be stolen. Once private keys are stolen, it does not matter how secure the blockchain architecture and encryption features are to hackers. Incidents like this have occurred in the past for e.g. the Ethereum attack in June 2016 in which US $150 million was lost.
Nodes of blockchain can be infected by malware like any other IT system. This has been proven through a POC software that was demonstrated by Interpol at Black Hat Asia in March 2015. This POC software was morphed into malware that could circumvent the blockchain node and introduced data unrelated to transactions into the blockchain. Researchers have also demonstrated that botnets have the ability to send messages utilizing the nodes in the network. Fujacks Trojan, a botnet backdoor, has successfully proven that it can remotely control infected computers that are nodes in a blockchain, collect information, and install other malware or tools into the nodes of a blockchain.
Securing Keys. Banks have concerns about transactions’ confidentiality, securing private keys and the strength of cryptographic algorithms used in blockchain-based transactions.
A blockchain-based smart contract is visible to all users of said blockchain. However, this leads to a situation where bugs, including security holes, are visible to all yet may not be quickly fixed. Issues in Ethereum smart contracts, in particular, include ambiguities and easy-but-insecure constructs in its contract language Solidity, compiler bugs, Ethereum Virtual Machine bugs, attacks on the blockchain network, the immutability of bugs and that there is no central source documenting known vulnerabilities, attacks and problematic constructs.
Need (Demand) As blockchain technology continues to both positively and negatively disrupt global industries, we must be diligent about the security implications. As we’ve seen, cybercriminals will find creative ways to reach their goals. Although the blockchain has been well researched and answers many questions regarding decentralized trust, it does not address the security of users or the applications that connect to its network. Attackers have used old techniques in new ways with success, such as the dictionary attacks against private keys. Even traditional phishing attacks can work to gain access to wallets or computer resources. To provide assurance for Blockchain distributed ledger implementations we need a Cyber Security Audit.
Bottom line: As industries research and implement their own blockchain distributed ledger, we can expect cybercriminals to deploy a combination of known and yet unknown techniques to compromise them. Without a clear understanding of where the risks are you may place undue trust in your blockchain implementations. As we’ve seen, mistakes are easy to make. Users are even harder to control and can negatively contribute to the risk. We need to learn from recent events to make better decisions for securing our technologies for tomorrow. It is therefore important for us to have an appropriate Governance model for implementing and monitoring the blockchain deployment.
Given the high-profile nature of cyber-attacks on blockchain deployments , both the demand for information related to cybersecurity—and the need to facilitate robust conversations on these topics—have grown exponentially across major stakeholder groups. Board members: Boards of directors need information about the entity’s cybersecurity program and the cyber threats facing the entity to help the boards fulfill their oversight responsibilities. They also want information that will help them evaluate the entity’s effectiveness in managing cybersecurity risks.
Why CPA for Blockchain Risks
Today’s public accounting firms employ individuals with CPAs as well as other credentials specifically related to information technology and security. These include Certified Information Systems Security Professionals (CISSP), Certified Information Systems Auditors (CISA) etc.
Blockchain Audits • Smart Contract Code Reviews • Evaluate Controls implemented as intended using blockchain • Operating effectiveness of the blockchain implemented controls • Vendor organizations may require a Third-Party Audit for Vendor Due Diligence • Provide an Auditors independent opinion about controls at the organization to Management, Stakeholders and other concerned parties
Why Us ?
We conduct our assurance engagement against established standards used by auditors to assess the internal controls of a blockchain distributed ledger deployment. The control objectives and criteria vary based on the scope of the engagement and client operations. The relationship between the organization deploying the blockchain and the purpose it serves must be viewed to help determine the controls that should be included in the engagement. Hence our engagements are usually risk based. In addition, the impact of the blockchain distributed ledger technology adapted in financial areas for the organizations financial statements will also be the determining factor as to whether required controls whether covered in the scope of the engagement.
Some of the advantages of working with Us are: