A defining characteristic of cryptocurrencies is that they are organized into a decentralized system and are not managed by a central bank like traditional currencies. Whenever researchers find security vulnerabilities in the systems of virtual currencies, it creates problems. Sometimes it is unclear who runs the system, whether the system is affected by a certain vulnerability, or whether the bug has been patched. Researchers working with Professor Ghassan Karme, who is a member of the Cluster of Excellence CASA – Cybersecurity in the age of large-scale adversaries at Germany’s Ruhr University Bochum, have investigated how much it takes to prove security vulnerabilities in various cryptocurrencies. it takes time. , Ruhr University’s science journal Rubin is reporting on their findings.
44 critical security vulnerabilities tested
The source code of bitcoin, perhaps the best-known cryptocurrency, is openly available on the Internet. Anyone can copy it and launch their own cryptocurrency. Many bitcoin variations have been created in this way, which are widely known under the umbrella term altcoins. Security vulnerabilities found in bitcoin code usually affect altcoin code as well. Along with his colleagues, Ghassan Karme examined how different cryptocurrencies have responded to 44 of the most serious cyber security vulnerabilities documented in recent years.
It contained a vulnerability that Karme and his colleagues exposed in 2015. Describes the issue as the chairman of the head of information security.
Many cryptocurrencies take months or even years to fix vulnerabilities
Using a tool specially developed for this purpose, the researchers estimated the time it would take for various cryptocurrencies to close the security gap described above. “In short: The result was a shock,” as Ghassan Karme says. While Bitcoin fixed the vulnerability in only seven days, for example, Litecoin took 114 days, Dogecoin 185 days and DigiByte almost three years. “Three years in which you could crash the entire system of the respective cryptocurrency with as little as ten laptops,” explains Karme.
Essentially, the same pattern emerged over and over again in the analysis of other security breaches: for many altcoins, the number of days it took to fix the flaws was in the three-digit or four-digit range.
At Rubin, you can read more about why the analysis was such a complex challenge and what advice Ghassan Karme has for users of cryptocurrencies.
Detailed article in the science journal Rubin
You can find a detailed article on this topic in the special edition of the science journal Rubin, IT Security.