The blockchain market is growing too hot

– DRAWWhy are big blockchain networks like Bitcoin and Ethereum not hacked while networks like Ronin are attacked with a scale of more than 600 million USD?

Mr. Tran Viet Dinh: Actually, it wasn’t the Ronin network but the Ronin bridge that was attacked. Ronin bridge is a bridge for users to transfer cryptographic assets between the two blockchains Ethereum and Ronin Network. And Ronin bridge also uses Ronin Network’s validators to validate user withdrawals on Ronin bridge. The problem with Ronin bridge is that it uses 9 validators and only 5 out of 9 validators need to agree to be able to make withdrawals.

In addition to using less authenticators, the main reason is that they have been hacked into many servers and taken away the private keys. At least 5/9 servers have been hacked, from which it is possible to withdraw funds from Ronin bridge funds on the Ethereum network. In total, the hacker made two withdrawals with more than 600 million USD in exchange. Ronin’s problem is that it has been hacked by hackers and has too few authentication servers.

We often don’t hear about Bitcoin or Ethereum network being hacked because they have a large community, like Bitcoin has more than 14,000 nodes, the network of miners is also up to hundreds of thousands of computers, so the degree of decentralization is high. more. Moreover, the developer community involved in contributing source code to blockchain networks is also extremely large and highly qualified, making it more difficult to attack, but also theoretically impossible.

The majority of current hacks are mainly application layers on the Ethereum platform or due to the negligence of individual users such as loss of wallet, fraud, being hacked into the computer and taking away the security key, thereby losing it. money.

Mr. Nguyen Minh Duc: In fact, there is a special point, especially in 2022, in addition to Ronin’s case, in February there was also another case in the top 10 major attacks, that was Wormhole Bridge was attacked and damaged $ 320 million. Thus, two major attacks in 2022 are related to bridges. A bridge can be understood as an application that allows users to transfer digital assets from one blockchain to another. Bridge needs a large reserve to back the coins, making them a target for criminals.

Obviously, if the developers do not comply with the principles of information security enough, or the stages from design and operation do not ensure information security processes, negligence may occur. When analyzed, most negligence is related to human factors, such as design, operation or programming, which can create holes for bad guys to take advantage of.

For example, there are 9 validator nodes in the network, which is quite a small number. Theoretically, hackers have captured more than 50% of these authenticators and gained control of the system. There are also systems that used to have vulnerabilities in fairly basic programming stages. In my opinion, blockchain projects should also take this opportunity to review their systems, check and redefine possible risks.

Many blockchain projects have developed rapidly and hotly in the past time. By the time they become popular, heavily invested, or profitable, vulnerabilities from the early stages can become dangerous problems, which can lead to system collapse if we grow fast but unstable foundation.