The Security Challenges with Bringing Blockchain In-House
Properly securing blockchain-enabled technologies such as smart contracts requires not only traditional cybersecurity protections, but also coordination across multiple different teams.
May 21, 2018 at 10:00 AM
4 minute read
The promise of blockchain is spurring companies across the economy to experiment with leveraging the technology in their products and internal processes. But given its novelty, bringing blockchain in-house can come with its unique set of security challenges.
Blockchain is digital network of information, complied in a decentralized database shared with users that may have access. Each “block” in a blockchain is a record of information, essentially a entry on a ledger. Companies across the economy, including those in the tech and finance industries have been looking to leverage blockchain for a variety of platforms.
One of the most potentially viable applications is smart contracts, which use blockchain to automatically execute terms, such as transferring funds when a deed is received. But if smart contracts handle sensitive information or funds, users need to make sure that they are coded correctly to ensure the data and capital is managed in the right way.
“Anyone working with smart contracts should absolutely be having an audit done if it's going to handle any kind of operation of importance or financials,” said Yo Sub Kwon, CEO of Hosho, a blockchain security company.
Such audits are necessary, he noted, as “there are so few people writing good contracts right now because the space, the language, the methodology, are so new.”
What's more, if a smart contract manages or transfers cryptocurrency, users also need to take precautions to make sure their digital “wallets”—where cryptocurrency is stored—are safe from cybertheft. “If you're dealing with cryptocurrency, it's very important to have high security measures around the wallet, everything from how the keys are generated to how they are stored, to who has access to backups,” Kwon said.
Beyond cryptocurrency storage and code vulnerabilities, there are operational security issues with using blockchain-enabled technologies as well. Because blockchain, whether public or private, connects multiple different parties, there is a need to ensure security across all users.
With collaboratively using software on the blockchain, whether smart contracts or compliance technology, the problem then becomes one of coordination. “Using peer-to-peer software technologies, you're talking about IT teams and cybersecurity teams having to cooperate with each other across organizations to shield that software from attack and respond to attacks that can occur,” said Amir Azaran, a partner in Loeb & Loeb's advanced media and technology practice.
“So you're going to have to have teams from different organizations working together in a way they haven't had to before, and that's going to be an institutional challenge.”
But it is a challenge that must be overcome. Companies or law firms that use the same blockchain software have to be able to ensure it is not only impenetrable from outside attack, but also restricted only to authorized and trusted in-house users.
“There is absolutely a security issue with who has administrative rights to smart contracts,” Kwon said. “Some of the largest hacks that have happened in the smart contract space have been due to user access or people who have been able to get administrative access when they should otherwise not been able to.”
Indeed, fraud due to unauthorized access of blockchain technologies, such as cryptocurrency wallets, is one of the biggest problems facing the technology. This is mainly because while the blockchain itself is secure, the security of software or transactions on the blockchain are the responsibility of individual users.
For example, “In the world of bitcoin, the consumer is basically in charge of securing their own bitcoin if something goes wrong; if they lose their keys or if someone hacks them, they can't get it back,” said Duane Pozza, assistant director at the Federal Trade Commission, at the CDX Academy Blockchain Brand Innovation Summit in New York on May 11. “The architecture of many of these systems puts it on the consumer to secure it and take a lot of control over it.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1We the People?
- 2New York-Based Skadden Team Joins White & Case Group in Mexico City for Citigroup Demerger
- 3No Two Wildfires Alike: Lawyers Take Different Legal Strategies in California
- 4Poop-Themed Dog Toy OK as Parody, but Still Tarnished Jack Daniel’s Brand, Court Says
- 5Meet the New President of NY's Association of Trial Court Jurists
Who Got The Work
J. Brugh Lower of Gibbons has entered an appearance for industrial equipment supplier Devco Corporation in a pending trademark infringement lawsuit. The suit, accusing the defendant of selling knock-off Graco products, was filed Dec. 18 in New Jersey District Court by Rivkin Radler on behalf of Graco Inc. and Graco Minnesota. The case, assigned to U.S. District Judge Zahid N. Quraishi, is 3:24-cv-11294, Graco Inc. et al v. Devco Corporation.
Who Got The Work
Rebecca Maller-Stein and Kent A. Yalowitz of Arnold & Porter Kaye Scholer have entered their appearances for Hanaco Venture Capital and its executives, Lior Prosor and David Frankel, in a pending securities lawsuit. The action, filed on Dec. 24 in New York Southern District Court by Zell, Aron & Co. on behalf of Goldeneye Advisors, accuses the defendants of negligently and fraudulently managing the plaintiff's $1 million investment. The case, assigned to U.S. District Judge Vernon S. Broderick, is 1:24-cv-09918, Goldeneye Advisors, LLC v. Hanaco Venture Capital, Ltd. et al.
Who Got The Work
Attorneys from A&O Shearman has stepped in as defense counsel for Toronto-Dominion Bank and other defendants in a pending securities class action. The suit, filed Dec. 11 in New York Southern District Court by Bleichmar Fonti & Auld, accuses the defendants of concealing the bank's 'pervasive' deficiencies in regards to its compliance with the Bank Secrecy Act and the quality of its anti-money laundering controls. The case, assigned to U.S. District Judge Arun Subramanian, is 1:24-cv-09445, Gonzalez v. The Toronto-Dominion Bank et al.
Who Got The Work
Crown Castle International, a Pennsylvania company providing shared communications infrastructure, has turned to Luke D. Wolf of Gordon Rees Scully Mansukhani to fend off a pending breach-of-contract lawsuit. The court action, filed Nov. 25 in Michigan Eastern District Court by Hooper Hathaway PC on behalf of The Town Residences LLC, accuses Crown Castle of failing to transfer approximately $30,000 in utility payments from T-Mobile in breach of a roof-top lease and assignment agreement. The case, assigned to U.S. District Judge Susan K. Declercq, is 2:24-cv-13131, The Town Residences LLC v. T-Mobile US, Inc. et al.
Who Got The Work
Wilfred P. Coronato and Daniel M. Schwartz of McCarter & English have stepped in as defense counsel to Electrolux Home Products Inc. in a pending product liability lawsuit. The court action, filed Nov. 26 in New York Eastern District Court by Poulos Lopiccolo PC and Nagel Rice LLP on behalf of David Stern, alleges that the defendant's refrigerators’ drawers and shelving repeatedly break and fall apart within months after purchase. The case, assigned to U.S. District Judge Joan M. Azrack, is 2:24-cv-08204, Stern v. Electrolux Home Products, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
