SlideShare a Scribd company logo

Hacking blockchain

•Download as PPTX, PDF•
•
Jose L. QuiĂąones-Borrero
Jose L. QuiĂąones-Borrero

Polytechnical University of Puerto Rico May 4th, 2018 Cybersecurity Summit

Technology
1 of 23
“Hacking” Blockchain José L. Quiñones, BSEET MCSA, RHCSA, HIT, CNDP, CCFI, CMSP, C|EH, C|EI, C)PEH, C)M2I
./whois Jose L. Quiñones • UPR, School of Medicine • IT Director • Obsidis Consortia, Inc • Co-Founder & CEO • Head Organizer >> Security B Sides Puerto Rico • Founder & Mentor >> Defcon Group 787 • Engine 4 CWS • Technical Consultant for the IoT Lab & Smart City Initiative • Mentor for Habitants Internship Program • Private Consultant & Technical Instructor • Microsoft • Linux • Networking • Cybersecurity
If This, Then NOT That Cryptocurrency is blockchain, … but blockchain is not just cryptocurrency
What is blockchain? • A blockchain network is the notion of a shared, immutable ledger. This ledger records all the transactions that take place within a network and distributes exact copies of that record, cryptographically protected so they cannot be changed, to all members on the network. • IBM has hundreds of blockchain projects underway in diverse industries, including supply chain, food safety, government, healthcare, travel and transportation, chemicals and petroleum, insurance and more.
Not all cryptocurrencies are created equal • Bitcoin • Bitcoin operates within a network of “anonymous” participants • Etherium • A.K.A. Blockchain 2.0, is an enterprise-class blockchain is openly governed and feature permissioning to handle interactions between known parties. • Zcash • is the first open, permissionless cryptocurrency that can fully protect the privacy of transactions using zero-knowledge cryptography. • Ripple • Bank backed centrally controlled blockchain
Must read! • Bitcoin White paper • https://bitcoin.org/bitcoin.pdf • Ethereum White paper • https://github.com/ethereum/wiki/wiki/White-Paper
Websites and devices gets hacked • A cryptocurrency exchange or service website it’s still a website. • Vulnerable to SQLi, DNS hijacking, XSS, etc. using “old fashion” cyber attacks various cryptocurrency exchanges have been hacked. • IoT devices and services standout for their lack of security measures. • Unpatch computers/servers are vulnerable
Miner malware • Many of the biggest malware botnets today exists simply to mine bitcoin • Browser based mining are using Chrome Extensions, Firefox Add-ons, Embedded JavaScript and Webpage Widgets. • MassMiner— uses exploits for vulnerabilities such as CVE-2017-10271 (Oracle WebLogic), CVE-2017-0143 (Windows SMB), and CVE-2017- 5638 (Apache Struts), also leveraging SQLck, a tool for carrying out brute-force attacks against Microsoft SQL databases
Stolen file stores (wallets) • Wallets with no passwords or with weak passwords can be access by malware or an attacker if device is hacked.
Attacking the ICO • Coindash, an Israeli based company, As a result of this hack, more than half the funds being raised in the ICO were diverted to a rogue Ether address. The ICO was suspended while the rogue address was removed. • Veritaseum completed an ICO, but only one month later it was posted posted in the Veritaseum Slack group that hackers had stolen 36,000 VERI tokens at the time worth approximately USD$8.7M (USD$32.5M as at 1 January 2017). The hackers defeated two factor authorization on two different accounts • The total value these and other hacks and fails on 1 January 2018 prices is just shy of USD$1 billion, an eye-watering USD$978M.
“Smart” contracts • Smart contracts are meant to be stand-alone agreements, not subject to interpretation by outside entities or jurisdictions. • Immutable, the code itself is meant to be the ultimate arbiter of "the deal" it represents. • No updates, no patches, once deployed it “can’t” be pulled back.
The DAO Hack • What is DAO? • Decentralize Autonomous Organization • Like decentralize Kickstarter or Venture Capital movement • DAO tokens where used to vote for ideas • What happened? • The contract checked balance after sending the tokens • The failure check made recursion possible • 3.8 millions where stolen with 258 tokens
Tools & Methodology • Review and Compile .sol file (solidity) • Dissect code flow (Solgraph) • Check functions (oyente) • Mannually check for vulns • Its all about the order of execution
Konstantinos Karagiannis Defcon25 - Hacking Smart Contracts
Polluting the chain … unremovable links to illegal child pornography
Some ways of polluting the Blockchain • The coinbase field of a mined block allows for hex data which can hold approximately 1 tweet worth of data. • Multiple outputs can be used for a transaction such that each holds hex data. This would imply dust value outputs (outputs of <5640 satoshis) and would be frowned upon for bloating the Blockchain. • Hex data from a multi-signature transaction could be used to encode information • Sidechains allow for assets to be linked (though more abstractly) to a time/black in the Blockchain
Embedding • http://proofofexistence.com • allows for a hash of a document to be embedded in the Blockchain to prove an instance of an object (document/file) existed at a certain time. • Blockchain.info • allows for messages which are linked to transactions but are not embedded in the Blockchain.
Hacking trust • Using an 1 of 3 raw multisig output, where 1 of the public keys is real and the other 2 are just data. There's no way for the network to know that the public keys given are not real public keys. • Most cryptocurrencies expose your entire payment history to the public.
DC787 Meets: at Engine 4 Co-Working Space in Bayamon, PR every other Wednesday. . Location: Bayamon, Puerto Rico Point of Contact: Jose L. Quinones POC Email: josequinones@codefidelio.org Website: pending Description: The DC787 started as the “Init.d” InfoSec interest group in 2012. It was formed by several local hackers and started meeting whenever we could and wherever we were welcomed. Jose L. Quiñones, Jose A. Arroyo and Carlos Perez run the meetings and keep the social media outlets updated. We value community feedback and our activities are designed to fill the community’s needs. Interests: We work with Lock picking, Hardware Hacking, IoT, Blue & Red Team Techniques, and many other hacker/technology related topics.
October / November 2018 Follow us: @bsidespr
Thanks! • josequinones@codefidelio.org • @josequinones • http://codefidelio.org • jquinones@obsidisconsortia.org • @obsidis_NGO • http://obsidisconsortia.org

Recommended

Block Chain Basics
Block Chain BasicsBlock Chain Basics
Block Chain BasicsUniversity of Hertfordshire
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber securityPrateek Panda
 
Blockchain and Cybersecurity
Blockchain and Cybersecurity Blockchain and Cybersecurity
Blockchain and Cybersecurity gppcpa
 
The Idea Behind Blockchain Technology
The Idea Behind Blockchain TechnologyThe Idea Behind Blockchain Technology
The Idea Behind Blockchain TechnologyBlockchain Council
 
blockchain bootcamp @WCNJ
blockchain bootcamp @WCNJblockchain bootcamp @WCNJ
blockchain bootcamp @WCNJAsh Yadav
 
Blockchain - part 6 of 7 modern trends that every it pro should know about-
Blockchain - part 6 of 7 modern trends that every it pro should know about-Blockchain - part 6 of 7 modern trends that every it pro should know about-
Blockchain - part 6 of 7 modern trends that every it pro should know about-Ibrahim Muhammadi
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyTony Martin-Vegue
 
Secure IoT with Blockchain: Fad or Reality? [BOF5490]
Secure IoT with Blockchain: Fad or Reality? [BOF5490]Secure IoT with Blockchain: Fad or Reality? [BOF5490]
Secure IoT with Blockchain: Fad or Reality? [BOF5490]Leonardo De Moura Rocha Lima
 

Recommended

Block Chain Basics
Block Chain BasicsBlock Chain Basics
Block Chain BasicsUniversity of Hertfordshire
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber securityPrateek Panda
 
Blockchain and Cybersecurity
Blockchain and Cybersecurity Blockchain and Cybersecurity
Blockchain and Cybersecurity gppcpa
 
The Idea Behind Blockchain Technology
The Idea Behind Blockchain TechnologyThe Idea Behind Blockchain Technology
The Idea Behind Blockchain TechnologyBlockchain Council
 
blockchain bootcamp @WCNJ
blockchain bootcamp @WCNJblockchain bootcamp @WCNJ
blockchain bootcamp @WCNJAsh Yadav
 
Blockchain - part 6 of 7 modern trends that every it pro should know about-
Blockchain - part 6 of 7 modern trends that every it pro should know about-Blockchain - part 6 of 7 modern trends that every it pro should know about-
Blockchain - part 6 of 7 modern trends that every it pro should know about-Ibrahim Muhammadi
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyTony Martin-Vegue
 
Secure IoT with Blockchain: Fad or Reality? [BOF5490]
Secure IoT with Blockchain: Fad or Reality? [BOF5490]Secure IoT with Blockchain: Fad or Reality? [BOF5490]
Secure IoT with Blockchain: Fad or Reality? [BOF5490]Leonardo De Moura Rocha Lima
 
What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity Blockchain Council
 
The Blockchain: Introduction and Implications
The Blockchain: Introduction and ImplicationsThe Blockchain: Introduction and Implications
The Blockchain: Introduction and ImplicationsMichael Lesniak
 
blockchain governance : opportunities and challenges
blockchain governance : opportunities and challenges blockchain governance : opportunities and challenges
blockchain governance : opportunities and challengesRachid Meziani, PhD, CGEIT, PMP
 
Identity of the Blockchain: Perils and Promise
Identity of the Blockchain: Perils and PromiseIdentity of the Blockchain: Perils and Promise
Identity of the Blockchain: Perils and PromiseChristopher Allen
 
Blockchain and Crypto 101 - October 2017
Blockchain and Crypto 101 - October 2017Blockchain and Crypto 101 - October 2017
Blockchain and Crypto 101 - October 2017🔗Audrey Chaing
 
Blockchain Technology And Cryptocurrency
Blockchain Technology And CryptocurrencyBlockchain Technology And Cryptocurrency
Blockchain Technology And CryptocurrencyEno Bassey
 
Blockchain case study powerpoints: Brief intro
Blockchain case study powerpoints: Brief introBlockchain case study powerpoints: Brief intro
Blockchain case study powerpoints: Brief introShane Ninai
 
Week 3 - Cryptocurrencies
Week 3 - CryptocurrenciesWeek 3 - Cryptocurrencies
Week 3 - CryptocurrenciesRoger Royse
 
Blockchain & Cryptocurrencies Intro - July 2017
Blockchain & Cryptocurrencies Intro - July 2017Blockchain & Cryptocurrencies Intro - July 2017
Blockchain & Cryptocurrencies Intro - July 2017🔗Audrey Chaing
 
AI and Machine Learning for Analyzing Cryptocurrencies and the Blockchain
AI and Machine Learning for Analyzing Cryptocurrencies and the BlockchainAI and Machine Learning for Analyzing Cryptocurrencies and the Blockchain
AI and Machine Learning for Analyzing Cryptocurrencies and the BlockchainRakuten Group, Inc.
 
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018Blockchain Projects - Core Pillars of Shipping Product, Feb 2018
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018🔗Audrey Chaing
 
Blockchain based Security Architectures - A Review
Blockchain based Security Architectures - A ReviewBlockchain based Security Architectures - A Review
Blockchain based Security Architectures - A ReviewGokul Alex
 
The Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityThe Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityKevin CedeĂąo, CISM, CISA
 
Blockchain Security and Privacy
Blockchain Security and PrivacyBlockchain Security and Privacy
Blockchain Security and PrivacyAnil John
 
Harrison lsri blockchain 2017
Harrison lsri blockchain 2017Harrison lsri blockchain 2017
Harrison lsri blockchain 2017Colin Harrison
 
Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Merlec Mpyana
 
Emerging Applications of Blockchain for Supply Chains
Emerging Applications of Blockchain for Supply ChainsEmerging Applications of Blockchain for Supply Chains
Emerging Applications of Blockchain for Supply ChainsMIT Enterprise Forum Cambridge
 
What is hybrid blockchain how can it help to solve everyday problems
What is hybrid blockchain how can it help to solve everyday problemsWhat is hybrid blockchain how can it help to solve everyday problems
What is hybrid blockchain how can it help to solve everyday problemsBlockchain Council
 
From Cryptoequity to Cryptocommons
From Cryptoequity to CryptocommonsFrom Cryptoequity to Cryptocommons
From Cryptoequity to CryptocommonsRaffaele Mauro
 
Smart Contracts Basics - Silicon Valley Insurance Accelerator Blockchain Boot...
Smart Contracts Basics - Silicon Valley Insurance Accelerator Blockchain Boot...Smart Contracts Basics - Silicon Valley Insurance Accelerator Blockchain Boot...
Smart Contracts Basics - Silicon Valley Insurance Accelerator Blockchain Boot...🔗Audrey Chaing
 
Blockchain presentation to isaca (kemp)
Blockchain presentation to isaca (kemp)Blockchain presentation to isaca (kemp)
Blockchain presentation to isaca (kemp)Milan Hazra
 
Blockchain Perspective - Internet of Memorable Things
Blockchain Perspective - Internet of Memorable ThingsBlockchain Perspective - Internet of Memorable Things
Blockchain Perspective - Internet of Memorable ThingsTim Lackey
 

More Related Content

What's hot

What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity Blockchain Council
 
The Blockchain: Introduction and Implications
The Blockchain: Introduction and ImplicationsThe Blockchain: Introduction and Implications
The Blockchain: Introduction and ImplicationsMichael Lesniak
 
blockchain governance : opportunities and challenges
blockchain governance : opportunities and challenges blockchain governance : opportunities and challenges
blockchain governance : opportunities and challengesRachid Meziani, PhD, CGEIT, PMP
 
Identity of the Blockchain: Perils and Promise
Identity of the Blockchain: Perils and PromiseIdentity of the Blockchain: Perils and Promise
Identity of the Blockchain: Perils and PromiseChristopher Allen
 
Blockchain and Crypto 101 - October 2017
Blockchain and Crypto 101 - October 2017Blockchain and Crypto 101 - October 2017
Blockchain and Crypto 101 - October 2017🔗Audrey Chaing
 
Blockchain Technology And Cryptocurrency
Blockchain Technology And CryptocurrencyBlockchain Technology And Cryptocurrency
Blockchain Technology And CryptocurrencyEno Bassey
 
Blockchain case study powerpoints: Brief intro
Blockchain case study powerpoints: Brief introBlockchain case study powerpoints: Brief intro
Blockchain case study powerpoints: Brief introShane Ninai
 
Week 3 - Cryptocurrencies
Week 3 - CryptocurrenciesWeek 3 - Cryptocurrencies
Week 3 - CryptocurrenciesRoger Royse
 
Blockchain & Cryptocurrencies Intro - July 2017
Blockchain & Cryptocurrencies Intro - July 2017Blockchain & Cryptocurrencies Intro - July 2017
Blockchain & Cryptocurrencies Intro - July 2017🔗Audrey Chaing
 
AI and Machine Learning for Analyzing Cryptocurrencies and the Blockchain
AI and Machine Learning for Analyzing Cryptocurrencies and the BlockchainAI and Machine Learning for Analyzing Cryptocurrencies and the Blockchain
AI and Machine Learning for Analyzing Cryptocurrencies and the BlockchainRakuten Group, Inc.
 
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018Blockchain Projects - Core Pillars of Shipping Product, Feb 2018
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018🔗Audrey Chaing
 
Blockchain based Security Architectures - A Review
Blockchain based Security Architectures - A ReviewBlockchain based Security Architectures - A Review
Blockchain based Security Architectures - A ReviewGokul Alex
 
The Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityThe Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityKevin CedeĂąo, CISM, CISA
 
Blockchain Security and Privacy
Blockchain Security and PrivacyBlockchain Security and Privacy
Blockchain Security and PrivacyAnil John
 
Harrison lsri blockchain 2017
Harrison lsri blockchain 2017Harrison lsri blockchain 2017
Harrison lsri blockchain 2017Colin Harrison
 
Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Merlec Mpyana
 
Emerging Applications of Blockchain for Supply Chains
Emerging Applications of Blockchain for Supply ChainsEmerging Applications of Blockchain for Supply Chains
Emerging Applications of Blockchain for Supply ChainsMIT Enterprise Forum Cambridge
 
What is hybrid blockchain how can it help to solve everyday problems
What is hybrid blockchain how can it help to solve everyday problemsWhat is hybrid blockchain how can it help to solve everyday problems
What is hybrid blockchain how can it help to solve everyday problemsBlockchain Council
 
From Cryptoequity to Cryptocommons
From Cryptoequity to CryptocommonsFrom Cryptoequity to Cryptocommons
From Cryptoequity to CryptocommonsRaffaele Mauro
 
Smart Contracts Basics - Silicon Valley Insurance Accelerator Blockchain Boot...
Smart Contracts Basics - Silicon Valley Insurance Accelerator Blockchain Boot...Smart Contracts Basics - Silicon Valley Insurance Accelerator Blockchain Boot...
Smart Contracts Basics - Silicon Valley Insurance Accelerator Blockchain Boot...🔗Audrey Chaing
 

What's hot (20)

What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity
 
The Blockchain: Introduction and Implications
The Blockchain: Introduction and ImplicationsThe Blockchain: Introduction and Implications
The Blockchain: Introduction and Implications
 
blockchain governance : opportunities and challenges
blockchain governance : opportunities and challenges blockchain governance : opportunities and challenges
blockchain governance : opportunities and challenges
 
Identity of the Blockchain: Perils and Promise
Identity of the Blockchain: Perils and PromiseIdentity of the Blockchain: Perils and Promise
Identity of the Blockchain: Perils and Promise
 
Blockchain and Crypto 101 - October 2017
Blockchain and Crypto 101 - October 2017Blockchain and Crypto 101 - October 2017
Blockchain and Crypto 101 - October 2017
 
Blockchain Technology And Cryptocurrency
Blockchain Technology And CryptocurrencyBlockchain Technology And Cryptocurrency
Blockchain Technology And Cryptocurrency
 
Blockchain case study powerpoints: Brief intro
Blockchain case study powerpoints: Brief introBlockchain case study powerpoints: Brief intro
Blockchain case study powerpoints: Brief intro
 
Week 3 - Cryptocurrencies
Week 3 - CryptocurrenciesWeek 3 - Cryptocurrencies
Week 3 - Cryptocurrencies
 
Blockchain & Cryptocurrencies Intro - July 2017
Blockchain & Cryptocurrencies Intro - July 2017Blockchain & Cryptocurrencies Intro - July 2017
Blockchain & Cryptocurrencies Intro - July 2017
 
AI and Machine Learning for Analyzing Cryptocurrencies and the Blockchain
AI and Machine Learning for Analyzing Cryptocurrencies and the BlockchainAI and Machine Learning for Analyzing Cryptocurrencies and the Blockchain
AI and Machine Learning for Analyzing Cryptocurrencies and the Blockchain
 
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018Blockchain Projects - Core Pillars of Shipping Product, Feb 2018
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018
 
Blockchain based Security Architectures - A Review
Blockchain based Security Architectures - A ReviewBlockchain based Security Architectures - A Review
Blockchain based Security Architectures - A Review
 
The Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityThe Blockchain and the Future of Cybersecurity
The Blockchain and the Future of Cybersecurity
 
Blockchain Security and Privacy
Blockchain Security and PrivacyBlockchain Security and Privacy
Blockchain Security and Privacy
 
Harrison lsri blockchain 2017
Harrison lsri blockchain 2017Harrison lsri blockchain 2017
Harrison lsri blockchain 2017
 
Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges
 
Emerging Applications of Blockchain for Supply Chains
Emerging Applications of Blockchain for Supply ChainsEmerging Applications of Blockchain for Supply Chains
Emerging Applications of Blockchain for Supply Chains
 
What is hybrid blockchain how can it help to solve everyday problems
What is hybrid blockchain how can it help to solve everyday problemsWhat is hybrid blockchain how can it help to solve everyday problems
What is hybrid blockchain how can it help to solve everyday problems
 
From Cryptoequity to Cryptocommons
From Cryptoequity to CryptocommonsFrom Cryptoequity to Cryptocommons
From Cryptoequity to Cryptocommons
 
Smart Contracts Basics - Silicon Valley Insurance Accelerator Blockchain Boot...
Smart Contracts Basics - Silicon Valley Insurance Accelerator Blockchain Boot...Smart Contracts Basics - Silicon Valley Insurance Accelerator Blockchain Boot...
Smart Contracts Basics - Silicon Valley Insurance Accelerator Blockchain Boot...
 

Similar to Hacking blockchain

Blockchain presentation to isaca (kemp)
Blockchain presentation to isaca (kemp)Blockchain presentation to isaca (kemp)
Blockchain presentation to isaca (kemp)Milan Hazra
 
Blockchain Perspective - Internet of Memorable Things
Blockchain Perspective - Internet of Memorable ThingsBlockchain Perspective - Internet of Memorable Things
Blockchain Perspective - Internet of Memorable ThingsTim Lackey
 
Tokenomics: What Tokens, ICOs, Cryptography, and the Blockchain Mean for the ...
Tokenomics: What Tokens, ICOs, Cryptography, and the Blockchain Mean for the ...Tokenomics: What Tokens, ICOs, Cryptography, and the Blockchain Mean for the ...
Tokenomics: What Tokens, ICOs, Cryptography, and the Blockchain Mean for the ...Stephen Peters
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
Blockchain as a new cyber strategy for your business
Blockchain as a new cyber strategy for your businessBlockchain as a new cyber strategy for your business
Blockchain as a new cyber strategy for your businessDavid Joao Vieira Carvalho
 
Blockchain and Cryptocurrencies
Blockchain and CryptocurrenciesBlockchain and Cryptocurrencies
Blockchain and CryptocurrenciesnimeshQ
 
Technology4democracy: The Potential of Web3 and Blockchain for Democracy
Technology4democracy: The Potential of Web3 and Blockchain for DemocracyTechnology4democracy: The Potential of Web3 and Blockchain for Democracy
Technology4democracy: The Potential of Web3 and Blockchain for DemocracyCharles Mok
 
Blockchain and Bitcoin
Blockchain and BitcoinBlockchain and Bitcoin
Blockchain and BitcoinM Shamim Iqbal
 
A technical Introduction to Blockchain.
A technical Introduction to Blockchain.A technical Introduction to Blockchain.
A technical Introduction to Blockchain.Dev
 
Introduction to blockchain
Introduction to blockchainIntroduction to blockchain
Introduction to blockchainKrzysztof Bury
 
Blockchain Introduction
Blockchain IntroductionBlockchain Introduction
Blockchain IntroductionZAID SHARIFF
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsA Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsBeau Bullock
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsA Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsBeau Bullock
 
Fintech & blockchain technology 06.12.2021
Fintech & blockchain technology 06.12.2021Fintech & blockchain technology 06.12.2021
Fintech & blockchain technology 06.12.2021Oluwaseyi Adeniyan
 
Indjic fintech module 6
Indjic fintech module 6Indjic fintech module 6
Indjic fintech module 6Drago Indjic
 
How to raise $100M for your healthcare startup via ICO: Breaking the myths of...
How to raise $100M for your healthcare startup via ICO: Breaking the myths of...How to raise $100M for your healthcare startup via ICO: Breaking the myths of...
How to raise $100M for your healthcare startup via ICO: Breaking the myths of...VSee
 
Understanding Blockchain
Understanding BlockchainUnderstanding Blockchain
Understanding BlockchainTony Willenberg
 

Similar to Hacking blockchain (20)

Blockchain presentation to isaca (kemp)
Blockchain presentation to isaca (kemp)Blockchain presentation to isaca (kemp)
Blockchain presentation to isaca (kemp)
 
Blockchain Perspective - Internet of Memorable Things
Blockchain Perspective - Internet of Memorable ThingsBlockchain Perspective - Internet of Memorable Things
Blockchain Perspective - Internet of Memorable Things
 
Tokenomics: What Tokens, ICOs, Cryptography, and the Blockchain Mean for the ...
Tokenomics: What Tokens, ICOs, Cryptography, and the Blockchain Mean for the ...Tokenomics: What Tokens, ICOs, Cryptography, and the Blockchain Mean for the ...
Tokenomics: What Tokens, ICOs, Cryptography, and the Blockchain Mean for the ...
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
Blockchain as a new cyber strategy for your business
Blockchain as a new cyber strategy for your businessBlockchain as a new cyber strategy for your business
Blockchain as a new cyber strategy for your business
 
Blockchain and Cryptocurrencies
Blockchain and CryptocurrenciesBlockchain and Cryptocurrencies
Blockchain and Cryptocurrencies
 
Technology4democracy: The Potential of Web3 and Blockchain for Democracy
Technology4democracy: The Potential of Web3 and Blockchain for DemocracyTechnology4democracy: The Potential of Web3 and Blockchain for Democracy
Technology4democracy: The Potential of Web3 and Blockchain for Democracy
 
Blockchain and Bitcoin
Blockchain and BitcoinBlockchain and Bitcoin
Blockchain and Bitcoin
 
A technical Introduction to Blockchain.
A technical Introduction to Blockchain.A technical Introduction to Blockchain.
A technical Introduction to Blockchain.
 
Introduction to blockchain
Introduction to blockchainIntroduction to blockchain
Introduction to blockchain
 
Blockchain 101
Blockchain 101Blockchain 101
Blockchain 101
 
Blockchain Introduction
Blockchain IntroductionBlockchain Introduction
Blockchain Introduction
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsA Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsA Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
 
Blockchain As An Enabler_16 July 2016_David Lee_Final
Blockchain As An Enabler_16 July 2016_David Lee_FinalBlockchain As An Enabler_16 July 2016_David Lee_Final
Blockchain As An Enabler_16 July 2016_David Lee_Final
 
Fintech & blockchain technology 06.12.2021
Fintech & blockchain technology 06.12.2021Fintech & blockchain technology 06.12.2021
Fintech & blockchain technology 06.12.2021
 
Indjic fintech module 6
Indjic fintech module 6Indjic fintech module 6
Indjic fintech module 6
 
How to raise $100M for your healthcare startup via ICO: Breaking the myths of...
How to raise $100M for your healthcare startup via ICO: Breaking the myths of...How to raise $100M for your healthcare startup via ICO: Breaking the myths of...
How to raise $100M for your healthcare startup via ICO: Breaking the myths of...
 
Understanding Blockchain
Understanding BlockchainUnderstanding Blockchain
Understanding Blockchain
 
Blockchain
Blockchain Blockchain
Blockchain
 

More from Jose L. QuiĂąones-Borrero

Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?Jose L. QuiĂąones-Borrero
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresJose L. QuiĂąones-Borrero
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneJose L. QuiĂąones-Borrero
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingJose L. QuiĂąones-Borrero
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterJose L. QuiĂąones-Borrero
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Jose L. QuiĂąones-Borrero
 
Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Jose L. QuiĂąones-Borrero
 
InfoSec professional advice to university students
InfoSec professional advice to university students InfoSec professional advice to university students
InfoSec professional advice to university students Jose L. QuiĂąones-Borrero
 
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meetingBYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meetingJose L. QuiĂąones-Borrero
 

More from Jose L. QuiĂąones-Borrero (15)

Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
 
Cryto Party at CCU
Cryto Party at CCUCryto Party at CCU
Cryto Party at CCU
 
Weaponization of IoT
Weaponization of IoTWeaponization of IoT
Weaponization of IoT
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and Countermeasures
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your Drone
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
 
Securing Your Business
Securing Your BusinessSecuring Your Business
Securing Your Business
 
InfoSec Gamification
InfoSec GamificationInfoSec Gamification
InfoSec Gamification
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
 
Pivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG PresentationPivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG Presentation
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
 
Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013
 
InfoSec professional advice to university students
InfoSec professional advice to university students InfoSec professional advice to university students
InfoSec professional advice to university students
 
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meetingBYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Hacking blockchain

  • 1. “Hacking” Blockchain JosĂŠ L. QuiĂąones, BSEET MCSA, RHCSA, HIT, CNDP, CCFI, CMSP, C|EH, C|EI, C)PEH, C)M2I
  • 2. ./whois Jose L. QuiĂąones • UPR, School of Medicine • IT Director • Obsidis Consortia, Inc • Co-Founder & CEO • Head Organizer >> Security B Sides Puerto Rico • Founder & Mentor >> Defcon Group 787 • Engine 4 CWS • Technical Consultant for the IoT Lab & Smart City Initiative • Mentor for Habitants Internship Program • Private Consultant & Technical Instructor • Microsoft • Linux • Networking • Cybersecurity
  • 3.
  • 4. If This, Then NOT That Cryptocurrency is blockchain, … but blockchain is not just cryptocurrency
  • 5. What is blockchain? • A blockchain network is the notion of a shared, immutable ledger. This ledger records all the transactions that take place within a network and distributes exact copies of that record, cryptographically protected so they cannot be changed, to all members on the network. • IBM has hundreds of blockchain projects underway in diverse industries, including supply chain, food safety, government, healthcare, travel and transportation, chemicals and petroleum, insurance and more.
  • 6. Not all cryptocurrencies are created equal • Bitcoin • Bitcoin operates within a network of “anonymous” participants • Etherium • A.K.A. Blockchain 2.0, is an enterprise-class blockchain is openly governed and feature permissioning to handle interactions between known parties. • Zcash • is the first open, permissionless cryptocurrency that can fully protect the privacy of transactions using zero-knowledge cryptography. • Ripple • Bank backed centrally controlled blockchain
  • 7. Must read! • Bitcoin White paper • https://bitcoin.org/bitcoin.pdf • Ethereum White paper • https://github.com/ethereum/wiki/wiki/White-Paper
  • 8. Websites and devices gets hacked • A cryptocurrency exchange or service website it’s still a website. • Vulnerable to SQLi, DNS hijacking, XSS, etc. using “old fashion” cyber attacks various cryptocurrency exchanges have been hacked. • IoT devices and services standout for their lack of security measures. • Unpatch computers/servers are vulnerable
  • 9. Miner malware • Many of the biggest malware botnets today exists simply to mine bitcoin • Browser based mining are using Chrome Extensions, Firefox Add-ons, Embedded JavaScript and Webpage Widgets. • MassMiner— uses exploits for vulnerabilities such as CVE-2017-10271 (Oracle WebLogic), CVE-2017-0143 (Windows SMB), and CVE-2017- 5638 (Apache Struts), also leveraging SQLck, a tool for carrying out brute-force attacks against Microsoft SQL databases
  • 10.
  • 11. Stolen file stores (wallets) • Wallets with no passwords or with weak passwords can be access by malware or an attacker if device is hacked.
  • 12. Attacking the ICO • Coindash, an Israeli based company, As a result of this hack, more than half the funds being raised in the ICO were diverted to a rogue Ether address. The ICO was suspended while the rogue address was removed. • Veritaseum completed an ICO, but only one month later it was posted posted in the Veritaseum Slack group that hackers had stolen 36,000 VERI tokens at the time worth approximately USD$8.7M (USD$32.5M as at 1 January 2017). The hackers defeated two factor authorization on two different accounts • The total value these and other hacks and fails on 1 January 2018 prices is just shy of USD$1 billion, an eye-watering USD$978M.
  • 13. “Smart” contracts • Smart contracts are meant to be stand-alone agreements, not subject to interpretation by outside entities or jurisdictions. • Immutable, the code itself is meant to be the ultimate arbiter of "the deal" it represents. • No updates, no patches, once deployed it “can’t” be pulled back.
  • 14. The DAO Hack • What is DAO? • Decentralize Autonomous Organization • Like decentralize Kickstarter or Venture Capital movement • DAO tokens where used to vote for ideas • What happened? • The contract checked balance after sending the tokens • The failure check made recursion possible • 3.8 millions where stolen with 258 tokens
  • 15. Tools & Methodology • Review and Compile .sol file (solidity) • Dissect code flow (Solgraph) • Check functions (oyente) • Mannually check for vulns • Its all about the order of execution
  • 16. Konstantinos Karagiannis Defcon25 - Hacking Smart Contracts
  • 17. Polluting the chain … unremovable links to illegal child pornography
  • 18. Some ways of polluting the Blockchain • The coinbase field of a mined block allows for hex data which can hold approximately 1 tweet worth of data. • Multiple outputs can be used for a transaction such that each holds hex data. This would imply dust value outputs (outputs of <5640 satoshis) and would be frowned upon for bloating the Blockchain. • Hex data from a multi-signature transaction could be used to encode information • Sidechains allow for assets to be linked (though more abstractly) to a time/black in the Blockchain
  • 19. Embedding • http://proofofexistence.com • allows for a hash of a document to be embedded in the Blockchain to prove an instance of an object (document/file) existed at a certain time. • Blockchain.info • allows for messages which are linked to transactions but are not embedded in the Blockchain.
  • 20. Hacking trust • Using an 1 of 3 raw multisig output, where 1 of the public keys is real and the other 2 are just data. There's no way for the network to know that the public keys given are not real public keys. • Most cryptocurrencies expose your entire payment history to the public.
  • 21. DC787 Meets: at Engine 4 Co-Working Space in Bayamon, PR every other Wednesday. . Location: Bayamon, Puerto Rico Point of Contact: Jose L. Quinones POC Email: josequinones@codefidelio.org Website: pending Description: The DC787 started as the “Init.d” InfoSec interest group in 2012. It was formed by several local hackers and started meeting whenever we could and wherever we were welcomed. Jose L. QuiĂąones, Jose A. Arroyo and Carlos Perez run the meetings and keep the social media outlets updated. We value community feedback and our activities are designed to fill the community’s needs. Interests: We work with Lock picking, Hardware Hacking, IoT, Blue & Red Team Techniques, and many other hacker/technology related topics.
  • 23. Thanks! • josequinones@codefidelio.org • @josequinones • http://codefidelio.org • jquinones@obsidisconsortia.org • @obsidis_NGO • http://obsidisconsortia.org

Editor's Notes

  1. https://blockchain.info/
  2. https://blockchainreview.io/wp-content/uploads/2018/03/02.01._final_Ethereum-White-Paper-Made-Simple.pdf
  3. https://thehackernews.com/2018/03/cryptocurrency-mining-malware.html https://www.secureworks.com/research/cryptocurrency-mining-malware-landscape https://www.bleepingcomputer.com/news/security/new-massminer-malware-targets-web-servers-with-an-assortment-of-exploits/ https://www.ghacks.net/2017/09/19/first-chrome-extension-with-javascript-crypto-miner-detected/
  4. https://www.bleepingcomputer.com/news/security/showtime-websites-used-to-mine-monero-unclear-if-hack-or-an-experiment/
  5. https://medium.com/@MikeBacina/1b-lost-the-5-biggest-cryptocurrency-fails-of-2017-9862131e2bf7
  6. https://www.youtube.com/watch?v=5JrdR6SRlWE
  7. https://www.youtube.com/watch?v=k_aVpSSx-Qg&index=39&list=WL&t=6s
  8. Blockchain.info allows for messages which are linked to transactions but are not embedded in the Blockchain.