We continue to learn about cybersecurity and technologies such as Blockchain as part of the C1b3RWALL Academy 2021 program which so far has more than 50,000 active users. This week we have started Module 6 “Threat Agents”.

Gabi Urrutia, Director of Security at Halborn participated with a keynote entitled “Threat Agents in Blockchain”. The objective of his lecture was to identify the main threat agents that we find in Blockchain. Besides being director of Halborn, Gabriel has been the head of SOC Joint Command Cyberspace for 3 years and has a master’s degree in Cybersecurity from Carlos III University.

Threat agents in Blockchain

External agents

External agents often use social engineering, attack groups to spread the message and then attack individuals. They have seen that there is great economic power in DeFi and intend to exploit it. They have powerful DDoS machines and write to the organization announcing that its website is at a great risk. If they get paid, they will tell the organization how to fix it; the Russian Booters attack is an example.

Internal agents

Within a DeFi project, insiders are known as rug-pullers. They take advantage of community trust or project hype.

  • Rug-pull. A fictitious project, Carpet.Finance, pushes out a token called $CRP. The (anonymous) owners mint 10 billion tokens and keep 20%. Their website is attractive and they tokenize shipments and users get rewards for buying. They have a large community on Telegram (30,000 users) even before they release the token. Then, the organization requests the token audit and liquidity pool. Once the token comes out, it gets $20M in the first hour, and users start putting liquidity into the pool. In 10 days the price goes up exponentially.
  • Pretending to be an insider. Another way to steal funds in DeFi projects is to pretend to be an insider. The attacker locates the release of a new token and conducts a survey of the Telegram pool or other groups. He invites all those participants to a fake group and tells them that the launch is going to be preempted, even with a fake website that looks legitimate.

Blockchain cybersecurity is becoming very similar to traditional cybersecurity. Threat actors are primarily motivated by an economic aspect, although in the future it is likely that DeFi companies will be attacked rather than users.

We still have a lot to learn in this area, so I invite you to watch Gabriel’s talk, which will not only be interesting but will also provide you with knowledge about Blockchain technology.

You can read the full article on News 365

If you are interested in this technology, the BISITE Research Group of the University of Salamanca offers quality courses taught by experienced professors and the possibility of doing internships in companies in the sector.

Posted by Juan M. Corchado

Juan Manuel Corchado (15 de Mayo de 1971, Salamanca, España) Catedrático en la Universidad de Salamanca. Ha sido Vicerrector de Investigación desde el 2013 hasta el 2017 y Director del Parque Científico de la Universidad de Salamanca. Elegido dos veces como Decano de la Facultad de Ciencias, es Doctor en Ciencias de la Computación por la Universidad de Salamanca y, además, es Doctor en Inteligencia Artificial por la University of the West of Scotland. Dirige el Grupo de Investigación Reconocido BISITE (Bioinformática, Sistemas Inteligentes y Tecnología Educativa), creado en el año 2000. Director del IOT Digital Innovation Hub y presidente del AIR Institute, J. M. Corchado también es Profesor Visitante en el Instituto Tecnológico de Osaka desde enero de 2015, Profesor visitante en la Universiti Malaysia Kelantan y Miembro del Advisory Group on Online Terrorist Propaganda of the European Counter Terrorism Centre (EUROPOL). J. M. Corchado ha sido presidente de la asociación IEEE Systems, Man and Cybernetics, y coordinador académico del Instituto Universitario de Investigación en Arte y Tecnología de la Animación de la Universidad de Salamanca e investigador en las Universidades de Paisley (UK), Vigo (Spain) y en el Plymouth Marine Laboratory (UK). En la actualidad compagina toda su actividad con la dirección de los programas de Máster en Seguridad, Animación Digital, Telefonía Movil, Dirección de Sistemas de Información, Internet de las Cosas, Social Media, Diseño e Impresión 3D, Blockchain, Z System, Industria 4.0, Gestión de Proyectos Ágiles y Smart Cities & Intelligent Buildings​, en la Universidad de Salamanca y su trabajo como editor jefe de las revistas ADCAIJ (Advances in Distributed Computing and Artificial Intelligence Journal), OJCST (Oriental Journal of Computer Science and Technology) o Electronics MDPI (Computer Science & Engineering section). J. M. Corchado desarrolla principalmente trabajos en proyectos relacionados con Inteligencia Artificial, Machine Learning, Blockchain, IoT, Fog Computing, Edge Computing, Smart Cities, Smart Grids y Análisis de sentimiento.