Researchers have been tirelessly nudging cryptocurrency and blockchain organizations for crimps in their security – and it appears that some of them are at last getting acknowledgment for their work.
Three researchers are up for Pwnie Awards this year – a yearly showcase of the best and worst in data security. Little toy ponies are given to the most meriting hackers and security researchers.
Nominations for “Best Cryptographic Attack” are MIT Digital Currency Initiative chief Neha Narula and Boston University researcher Ethan Heilman. They have been nominated after cracking a hash function in prevalent cryptocurrency, IOTA. In addition to that, ConsenSys security engineer Bernard Mueller is also nominated for “Most Innovative Research” seeing his work on securing Ethereum smart contracts.
Cracking IOTA’s Hash Function
Forging IOTA transactions were obviously achievable “in only a couple of minutes,” as indicated by Narula and Heilman. The combineation found a technique that enabled funds to be stolen directly from user wallets. They attribute the security hole directly to IOTA’s implementation of its hashing calculation.
The vulnerability was initially found a year ago, and IOTA has since addressed it in a series of blog posts. While Narula and Heilman are clear to express that the exploitable attack vectors have been plugged, they do note that the faulty hash function is still being utilized in some parts IOTA stage.
Keeping Smart Contracts Secure
Muller is named for his broad research on the security of Ethereum’s blockchain. His Smashing Smart Contracts for Fun and Real Profit, presents another security analysis apparatus for smart contracts called Mythril.
He jabs fun at the tech network for not “adapting much since 1996,” with a heap of security vulnerabilities coming from a dependence on older programming language while creating smart contracts. Myrthil is Muller’s commitment to smart contract security, with an intention to expel bugs that may prompt cash misfortune.
As reported by The Next Web, Muller’s research additionally praises the cutting edge hacking infrastructure. He notes, however, that the beginning of Ethereum’s “world computer” and its steady security concerns are shockingly reminiscent of the early web.