Security Issues in the crypto world

A presentation at 4IRC Crypto-Assets: What are the challenges to wide spread adoption? in April 2019 in Belfast, UK by Simon Whittaker

Slide 1

Slide 1

#4IRC Crypto-assets: What are the challenges to widespread adoption? Simon Whittaker Cyber Security Director – Vertical Structure Ltd

Slide 2

Slide 2

Prepare, Protect, Persist® • Prepare • We help you and your partners to understand how to identify and resolve potential security issues at the earliest stages with hands on ‘hack yourself first’, threat modelling and GDPR compliance workshops as well as security training for non-technical colleagues. • Protect • Using automated and manual penetration testing techniques, we provide a comprehensive security report for your Web and mobile applications, including API testing, and networks. The report highlights potential issues and their resolutions. • Persist • We ensure that your organisation benefits from continual improvements in security levels through information assurance processes, auditing and certification including ISO27001:2013 and Cyber Essentials. © Vertical Structure Ltd where applicable simon.whittaker@verticalstructure.com

Slide 3

Slide 3

Bit about me • Director of Vertical Structure Ltd • Security & Penetration Tester • Trainer • Security Consultant © Vertical Structure Ltd where applicable simon.whittaker@verticalstructure.com

Slide 4

Slide 4

My experiences of cyber security • Basic flaws • Obfuscation rather than security • Automated scans • Time from security testing->deployment reduced © Vertical Structure Ltd where applicable simon.whittaker@verticalstructure.com

Slide 5

Slide 5

Volume is extraordinary Screenshot from 15:46 on 01 April 2019 © Vertical Structure Ltd where applicable simon.whittaker@verticalstructure.com

Slide 6

Slide 6

© Vertical Structure Ltd where applicable simon.whittaker@verticalstructure.com

Slide 7

Slide 7

Mixed fortunes • ICO fraud • Exit Scam • Coin Thefts from wallets and exchanges • Lots of legitimate transactions as well • Flaws in the protocol identified

Slide 8

Slide 8

Some ~recent events • Blackwallet • CoffeeMiner • KodakCoin • Benebit • Binance • Combojack • Russian Federation Nuclear Centre • Gov.uk websites © Vertical Structure Ltd where applicable Simon.whittaker@verticalstructure.com

Slide 9

Slide 9

Some ~recent events • BTG hardfork • Bancor • $87 million by targeting wallets • Zaif • 100,000 Ripple tokens • Pincoin • Darkgate • SIM swapping • BitFi © Vertical Structure Ltd where applicable Simon.whittaker@verticalstructure.com

Slide 10

Slide 10

Old attacks – new targets • Script injection to perform mining • Mining instead of encryption scams • Server compromise now being hidden • Web applications & infrastructure targeted © Vertical Structure Ltd where applicable simon.whittaker@verticalstructure.com

Slide 11

Slide 11

Guilt by Association? © Vertical Structure Ltd where applicable Simon.whittaker@verticalstructure.com

Slide 12

Slide 12

Questions? Simon.Whittaker@verticalstructure.com @szlwzl @vsltd © Vertical Structure Ltd where applicable Simon.whittaker@verticalstructure.com