Lucene search

K
threatpostLisa VaasTHREATPOST:C3C8E90FB9A6A06B1692D70A51973560
HistoryMar 31, 2022 - 1:00 p.m.

A Blockchain Primer and Bored Ape Headscratcher – Podcast

2022-03-3113:00:09
Lisa Vaas
threatpost.com
109

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

Why in the world would a collection of nonfungible token (NFT) gorilla avatars called the Bored Ape Yacht Club (BAYC), run by 30-somethings using aliases like “Emperor Tomato Ketchup” and “No Sass” and adored by celebrities, spiral on up to a multibillion-dollar valuation (…and, by the way, how can you yourself get stinking crypto-rich?!)?

Image of Bored Ape Yacht Club NFT.

If you don’t have a clue, you might be one of the crypto-newbies for whom the New York Times recently pulled together its Latecomer’s Guide to Crypto and whom mutual funds companies are trying to ease into the brave new world.

You also might have a thousand questions that go beyond cartoon apes and get into the nitty-gritty of how cryptocurrency and blockchain technologies work and how to sidestep the associated cybersecurity risks.

Those risks are big, throbbing realities. The latest: Ronin, an Ethereum-linked blockchain platform for NFT-based video game Axie Infinity, on Tuesday put up a blog post advising that 173,600 ether tokens and 25.5 million USD coins – valued at nearly $620 million as of Tuesday – had been drained from its platform after an attacker used hacked private keys to forge two fake withdrawals last week.

According to Forbes, blockchain analytics firm Elliptic pegs it as the second-biggest hack ever.

New Technology, Old Hacks

Cryptocurrency and related technologies may be shiny new concepts, but the techniques crooks are using to drain them aren’t necessarily newfangled. As of its Wednesday update, Ronin said that it looks like the breach was pulled off with old-as-the-hills social engineering:

> “While the investigations are ongoing, at this point we are certain that this was an external breach. All evidence points to this attack being socially engineered, rather than a technical flaw.” —3/30/22 Ronin alert.

Dr. Lydia Kostopoulos, senior vice president of emerging tech insights at KnowBe4, stopped by the Threatpost podcast to give us an overview of this brave new world of blockchain: a landscape of new technologies that are making wallets swell and shrink and hearts to flutter in dismay when such things as the Ronin hack transpire.

She shared her insights into everything from how such technologies work to what the associated cybersecurity risks are, including:

  • How blockchain technologies, including NFTs, work.
  • The cybersecurity risks that might emerge from the use of NFTs/cryptocurrency, including popular scams/social engineering attempts circulating today.
  • Steps individuals/businesses can take to protect themselves.
  • What is driving their popularity and if NFTs are here to stay.
  • Regulations on blockchain technology.

You’ve heard it a thousand times before, but Dr. Kostopoulos says it’s real: Blockchain technology is transformative. Look out for state-backed currencies and blockchain-enabled voting that can’t be tampered with, for starters. Look for NFT invitations to artists’ performances that keep giving as those artists reward their ticket holders with future swag. And for the love of Pete, don’t lose your cold wallets if you want to keep your crypto safe.

If you don’t yet know what a cold wallet is, definitely have a listen!

You can download the podcast below or listen here. For more podcasts, check out Threatpost’s podcast site.

_Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our _FREE downloadable eBook, “Cloud Security: The Forecast for 2022.”****We explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.

References

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C