Cybercrime losses reach new highs every year, and some experts think that while blockchain technology might not be the silver bullet that could stop it, mainstream adoption could definitely help.
Cybercrime can take many forms, including ransomware attacks, identity fraud, data theft and phishing campaigns. According to cybersecurity research firm Cybersecurity Ventures, cybercrime losses around the world are estimated to reach $10.5 trillion annually by 2025.
The first decentralized blockchain, Bitcoin (BTC), was launched in January 2009 along with its associated cryptocurrency. Security features such as cryptography, decentralization and consensus are built into the tech.
Speaking to Cointelegraph, Ronghui Gu, co-founder of blockchain security firm CertiK, said blockchain tech is “at its core, a security technology” and that mainstream “industries which rely heavily on data integrity,” such as healthcare and finance, could have a higher level of security through its use.
“For example, patient records stored on a blockchain could reduce the risks of data breaches and unauthorized access to sensitive information while giving patients more control over their data and when and with whom it is shared,” he said.
Some companies are already experimenting with storing and managing medical records using blockchain. One company even released a COVID-19 medical certificate on the blockchain.
Gu said the centralized nature of standard data storage systems could make them attractive targets for cyberattackers. Additionally, many current systems lack sufficient mechanisms for individuals to verify where and how their data is being used.
Related: Can blockchain revolutionize digital securities management for stock exchanges?
He thinks blockchain and Web3 technologies address several of these issues by decentralizing data storage and reducing the risk of centralized points of failure and unauthorized access.
“The distributed ledger technology that it’s built on is designed to eliminate single points of failure, making it more resistant to traditional cyberattacks such as data tampering and network penetration,” Gu said.
“Unlike centralized systems, blockchains distribute data across a network of computers, making it incredibly difficult for attackers to gain control of the entire system.”
Blockchain has stronger-than-average security
CertiK’s annual “Hack3d: The Web3 Security Report” for 2023 found that over $1.8 billion in digital assets was lost across 751 Web3 security incidents in 2023.
Gu said blockchain technology is not immune to cyberattacks but that its decentralized nature provides more robust security. To change a distributed ledger, a hacker would need control of more than half of all machines, and “once data is entered, it becomes nearly impossible to alter.”
“Each transaction is secured with powerful cryptography, ensuring that only those with the correct keys can act on behalf of an address,” he added.
Data from online data-gathering platform Statista shows that investment scams saw the highest losses in the United States last year. Business email compromise was second, followed by fraudulent tech support correspondence.
Each of these types of attacks can involve a request to send funds to the scammers and result in monetary losses, along with the exposure of sensitive financial and personnel information.
Gu thinks the use of smart contracts could help reduce instances of these common cyberattacks succeeding.
A smart contract is a transaction protocol intended to automatically execute actions bound by the terms of the agreement.
“Smart contracts can ensure transactions are executed if, and only if, certain conditions are met, reducing the risk of fraud in the financial industry and automating many laborious compliance tasks,” Gu said.
Blockchain not a silver bullet to stop cybercrime, but it could still help
Gu believes that “completely eliminating all cybercrime is not realistically achievable” because cybersecurity is a constantly evolving field. As new technologies emerge, so do new vulnerabilities and attack vectors.
“A significant amount of cybercrime exploits human errors, such as weak passwords, phishing scams or social engineering attacks. While education can reduce these risks, it’s unrealistic to expect every user to be infallible,” he said.
“There is also a socioeconomic dimension to cybercrime. As long as there are incentives, financial or otherwise, individuals or groups will engage in criminal activities.”
According to Statista data, those incentives, specifically the funds stolen from victims, will reach dizzying highs of over $13 trillion by 2028.
Gu thinks the goal should not necessarily be to eliminate all cybercrime but rather to minimize it and mitigate impacts through resilient infrastructures and informed users.
“This approach preserves the freedom and benefits of decentralized technologies while protecting against their inherent risks,” he said.
“Achieving a state where cybercrime is entirely eradicated would likely require extreme measures that could infringe on personal freedoms and privacy in line with the values that blockchain was created to preserve,” Gu added.
Speaking to Cointelegraph, Johann Polecsak, co-founder and chief technology officer of hybrid blockchain platform QANplatform, said that while “blockchain alone is not a silver bullet against all kinds of cyberattacks,” it could help increase security in specific fields.
“If implemented well, it can effectively narrow down the point of failure to key-management issues, which, in turn, can be effectively mitigated using hardware-based signing tools,” he said.
“However, to build a truly future-proof system, it is unquestionably important to choose a blockchain designed to withstand quantum computing attacks.”
Quantum computing has long been feared as a possible inflection point for the crypto industry. A computer capable of breaking blockchain encryption could result in large-scale theft of user funds.
Related: A ‘simple’ hard fork could subvert a quantum attack on Ethereum: Vitalik Buterin
Eskil Tsu, co-founder of decentralized security data and security service network GoPlus, told Cointelegraph he thinks “blockchain is the only thing that can help” reduce cybercrime.
“Blockchain’s inherent properties of decentralization, transparency and immutability can significantly mitigate risks and reduce the surface for online attacks,” he said.
“Leveraging these core aspects by offering robust security solutions not only protects against current threats but also anticipates future vulnerabilities.”
Blockchain tech a possible solution for AI cyberattacks
Fraser Edwards, co-founder and CEO of decentralized data infrastructure provider Cheqd, thinks there are lots of opportunities for blockchain tech to prevent cyberattacks, especially phishing and impersonation scams.
According to a 2024 report from security provider Hornetsecurity, phishing continues to be the most common email attack method, accounting for 43.3% of all email threats.
“Decentralized identity and credentials, which often use blockchain under the hood, will have a huge impact on reducing cyberattacks,” Edwards said.
“A huge proportion of cyberattacks are through phishing or social engineering, where people are either impersonated or their security details gained.”
Edwards said that blockchain tech could even be the answer to emerging scams and cyber threats, such as those using artificial intelligence.
Concerns about AI-generated content have increased exponentially in the last few years. The World Economic Forum even highlighted all the possible adverse outcomes of AI technologies in the 2024 edition of its “Global Risks Report.”
Deepfakes have been flagged as a particular cause for concern. AI video tech can create computer-generated images and voices often indistinguishable from the real thing.
A recent deepfake scam saw a Hong Kong company defrauded out of $25 million when scammers impersonated senior executives in an online video meeting. Hong Kong police said it was one of the first cases of this type they had seen.
According to data from SumSub, deepfakes increased tenfold across all industries globally from 2022 to 2023.
Edwards said it’s now possible to generate fake passport or driver’s license documents, which can be used to fool Know Your Customer (KYC) processes. He also claimed that once you know someone’s account details, it is typically easy to impersonate them through their accounts or apps.
Related: Can voters spot AI deepfakes ahead of the 2024 presidential elections?
KYC checks are the mandatory process of identifying and verifying identity when opening an online account with a crypto exchange.
Edwards argued a possible solution to curbing these types of cybercrimes could be a decentralized identifier (DID), a globally unique identifier like a URL whose address is unique, resolvable with high availability and cryptographically verifiable.
“DID and credentials somewhat automatically implement 2FA with authentication to accounts not just using passwords but requiring the correct signature from the wallet or device the credentials are stored with,” he said.
“DID and credentials can also prevent document images being generated by AI, as they would not be signed by the right issuer and therefore would easily be detected as fraud. Similarly, content credentials can prevent generated videos from being used,” Edwards added.
Magazine: Bots, airdrops push Ronin to No.2 blockchain for daily users — Not Pixels fans