April 13, 2023 By C.J. Haughey 5 min read

Blockchain has transformed many industries, from healthcare to real estate to banking. But despite the “unhackable” hype, flaws in Blockchain technology undeniably weaken its goals of bringing greater security, transparency and privacy to the world.

Between January and November 2022, hackers stole $4.3 billion worth of cryptocurrency — marking a 37% increase from 2021. It was the worst year for crypto fraud, and the outlook still appears bleak.

For many years, experts have touted zero-knowledge cryptography as a potential game-changer for Blockchain applications. In 2023, that theory will be put to the test — but will it be enough?

How the crypto industry crumbled in 2022

Blockchain technology aims to solve problems associated with digital currencies. The immutable ledger of transactions is connected by digital cryptography and shared publicly across a decentralized network of computers around the world. It’s supposed to be uncrackable.

That’s the theory. But in reality, Blockchain is an imperfect system. Despite the system’s promise of virtually impenetrable security, hackers routinely steal millions from users of decentralized finance (DeFi) platforms through phishing scams, routing attacks and endpoint vulnerabilities.

Ironically, cyber criminals defraud lenders and investors by using the very anonymity that offered investors more control over their finances. The Federal Trade Commission (FTC) reports that cryptocurrency accounts for one out of every four dollars lost to online scams — more than any other payment method.

While Blockchain involves much more than digital coins, the technology’s flaws in the cryptocurrency market don’t inspire public confidence. In 2022, three of the biggest Blockchain hacks in history happened.

Back-to-back blockchain attacks

Wormhole Leaves Backdoor Open

In February 2022, hackers swooped in after an upgrade to the Wormhole’s GitHub repository wasn’t deployed to the live project. The $320 million theft included $47 million worth of Solana (SOL) — a major rival to Ethereum in the DeFi and NFT space.

A record-breaking hack hits Ronin network

The largest cryptocurrency hack in history happened in March 2022. Hackers stole $625 million worth of Ethereum and USDC stablecoin from the gaming-focused Ronin network. U.S. officials say a North Korean state-backed hacking collective, Lazarus Group, was responsible.

The long-awaited Binance hack

As the world’s largest cryptocurrency exchange by daily trading volume, the crypto industry feared a hack on Binance for years. In October 2022, that day finally came when hackers exploited a vulnerability to swipe 2 million BNB tokens worth $570 million.

Blockchain’s darkest hour: The collapse of FTX

While Binance is the biggest exchange, FTX was arguably the most important in terms of bringing cryptocurrency and Blockchain technologies to mainstream consciousness.

Alameda Research founder Sam Bankman-Fried was at the helm of a relentless marketing machine that promoted FTX as the safe, easy way to start crypto investing. Flashy TV ads and celebrity endorsements captured the trust — and money — of millions. But in November 2022, the $8 billion empire imploded.

The unraveling began with revelations that Alameda’s balance sheet was made up of the exchange’s own token, FTT. When Binance co-founder and CEO CZ Zhao announced he was selling over $500 million worth of FTT, the market panicked into a mass sell-off.

Within days, FTT’s value plummeted, Bankman-Fried resigned and the company filed for bankruptcy. To rub salt in the wounds, hackers hit the exchange the following day, compromising a further $415 million.

Can blockchain rise from the crypto winter?

Forbes reported that the crypto market’s value lost 60% since November 2021, plummeting from over $3 trillion to under $1 trillion.

The global hardware wallet market is projected to surge from $245 million in 2021 to more than $1.7 billion by 2030, suggesting the growing caution around online exchanges. With cooling prices, consumer trust in the security and privacy of digital currencies is at an all-time low.

If Blockchain is to live up to its billing as the technology that offers greater transparency, security and privacy, security teams and software developers must revisit its underlying technologies.

Somewhat ironically, the savior that could secure the future of one of the most innovative technologies in the world may come from an old cryptographic method that predates the modern internet: zero-knowledge proofs.

What is zero-knowledge proof?

A zero-knowledge proof (ZKP) is a cryptographic verification method where one party proves to another party that specific information is true without sharing any of the information itself. MIT researchers invented this protocol in the 1980s.

Here’s how it works:

  • Zero-knowledge proof revolves around two main parties: a prover and a verifier
  • A prover is a person or entity that wants to prove the information is accurate and true — without revealing any underlying information
  • A verifier is a person or entity that confirms whether the information is accurate — without ever accessing the underlying data
  • To confirm the validity of the information, the verifier must perform a specific action repeatedly. As the prover continues to deliver the correct result each time, the verifier gains confidence that the data is accurate.
  • Once enough repetitions have convinced the verifier beyond all doubt that the data is accurate, the zero-knowledge protocol is complete.

How can zero-knowledge proofs improve the blockchain?

With the integrity of Blockchain technology under question, cryptocurrency platforms and other Web3 applications can use ZKP to win the trust of investors and customers.

Here are five benefits of zero-knowledge proofs for Blockchain:

Privacy

The most pressing problem for Blockchain is the vast number of people falling prey to financial fraud. With ZKP, users can prove their identity on public applications without revealing any sensitive data, such as their banking account login credentials or Social Security Number (SSN).

Simplicity

ZKP technology allows individuals, businesses and government bodies to verify data without any need for complicated encryption methods. Non-technical users can quickly and easily confirm their identity to access apps.

Security

Rather than using two-factor authentication that asks people to disclose their SSN, a ZKP algorithm can analyze and connect segments of the user’s information to verify their identity. By replacing ineffective authentication methods, ZKP protects sensitive user data and creates applications that are more resilient in the face of advanced cyberattacks.

Verifiable randomness

Zero-knowledge protocols can generate randomness that is backed by cryptographic proof — delivered and verified completely on the Blockchain. This innovation helps Blockchain games create unpredictable gameplay and allows NFT platforms to create provably fair mints.

Scalability

Whereas Visa can process 24,000 transactions per second, Bitcoin can only do seven. ZK-Rollups can solve the bottleneck in Blockchain by batching hundreds or thousands of token transfers into a single off-chain transaction. A Stanford team of researchers is working on Espresso, a program using rollups to improve privacy and scalability.

Use cases of zero-knowledge proofs on the blockchain

In the age of mobile apps and digital banking, ZKP offers increased opportunities to improve systems. Here are four use cases:

Election voting systems

One of the best applications for Blockchain is to solve the problem of election fraud. ZKP and Blockchain would ensure every registered voter can vote only once and provide immutable, mathematical proof that their vote will be included in the final tally.

Private transactions

The principle of transparency means that everyone can view every transaction that happens on public blockchains like Bitcoin and Ethereum. Naturally, many people have privacy concerns about this openness. ZKP allows people to perform private transactions on public blockchains, giving them greater confidentiality as a result.

Private messaging applications 

With traditional messaging applications such as Facebook or WhatsApp, you must verify your identity to a server. The end-to-end encryption of ZKP enables decentralized platforms to verify users without accessing any of the user’s personal information.

Document sharing

As the zero-knowledge protocol encrypts data in pieces, users can further control the visibility of their information. When you combine ZKP and Blockchain, users can share confidential data securely, giving access to some and restricting visibility for others.

ZKP can restore trust in blockchain

If Blockchain aims to shape the world’s future, the ailing health of its first major initiative is a worrying barometer. But while cryptocurrency remains a volatile project, Blockchain will prevail.

However, change is needed if we’re to unlock the full potential of this revolutionary technology. The transformation starts with rebuilding the foundational principle of Blockchain: trustworthy transactions.

Zero-knowledge proofs can introduce greater privacy to public blockchains without sacrificing their decentralized nature. While developers and security experts collaborate, industries can look forward to more secure digital ecosystems that offer users a proven guarantee of trust in every transaction.

Learn more about the future of Blockchain and cryptocurrency on the Security Intelligence blog.

More from Risk Management

Working in the security clearance world: How security clearances impact jobs

2 min read - We recently published an article about the importance of security clearances for roles across various sectors, particularly those associated with national security and defense.But obtaining a clearance is only part of the journey. Maintaining and potentially expanding your clearance over time requires continued diligence and adherence to stringent guidelines.This brief explainer discusses the duration of security clearances, the recurring processes involved in maintaining them and possibilities for expansion, as well as the economic benefits of these credentialed positions.Duration of security…

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

4 min read - On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code.While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been spotted in the wild, reports from customers quickly made it clear that hackers were actively exploring both flaws. As a result, the company created patches for…

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today