Passwordless Authentication: How Blockchain Vulnerabilities Cost

2022 has been a tough year for crypto investors as blockchain platforms have been targeted by cyber attackers left and right. A total of $1.4 billion has been lost due to these attacks. Ronin, a bridge that supports Axie Infinity, has lost $615 million; Wormhole, a bridge backed by Jump Trading, lost $320 million; Horizon, a bridge by Harmony, lost $100 million; and around $200 million was stolen from Nomad.

How Were Blockchain Networks Hacked?

Cyberattackers exploit vulnerabilities in blockchain technology, specifically blockchain bridges and humans. Blockchain bridges are a type of software through which people send out tokens from one blockchain network to another. Bridges, being the piece of code that enables smart contracts to execute without human intervention, typically hold large values being transferred from one network to another. Without adequate security, these bridges are easy targets.

Although transactions must first be approved by validators to become successful, hackers are able to manipulate validators into handing over their private keys or compromise only a few accounts to withdraw funds. Bridges are central to blockchain technology, which is why their increased vulnerability is a major cause for concern.

Another way hackers steal funds is through human vulnerability. Some rely on social engineering tricks to convince a victim to send funds to them. Another method is by simply stealing cryptographic keys or private digital signatures, the access for which they gain through apps, wallets, and other third-party vendors that authenticate users to their digital services via legacy authentication. In other words, password-based authentication.

Eliminating The Human Risk Factor With Passwordless Authentication

Cryptocurrencies are continuously expanding, and blockchain technology grows with it. Despite the advanced technology with which blockchain technologies operate, cybercriminals are still able to find ways in through something as basic as a password login.

Passwords have long been a favorite vulnerability of cyber attackers. Both methods used by cyberattackers of blockchain networks succeeded through compromised phishing and man-in-the-middle attacks resulting in stolen passwords. With the increased interconnectedness of systems nowadays, even a technology as sophisticated and secure as decentralized blockchain requires strong, passwordless authentication, because of its distributed access.

Unphishable, key-based passwordless authentication is one way to elevate the security for blockchain networks across all platforms, especially third party applications. Nok Nok Inc, along with the global industry group (FIDO Alliance) they founded are on a mission to reduce people’s reliance on extremely vulnerable legacy password and knowledge-based system access.

Passwordless authentication is a possession-based and biometric authentication technique that relies on public-private cryptography. It generates a public-private key pair—the public key is shared with a service while the private key remains safe in the user’s device, protected by a PIN or biometrics. This system is incredibly convenient for end-users, as well as safe.

You can strengthen your cybersecurity with Nok Nok’s passwordless authentication system. To learn more about Nok Nok Inc’s industry-leading FIDO platform, contact us here.