The OODA Loop Blockchain Series includes case studies of blockchain security initiatives and cybersecurity incidents.  We tracked down the best-in-class research efforts and subject matter experts to explore how they are “framing and naming” the formative issues around blockchain security, including the national security, cybersecurity, and health security promise and peril.

In April 2022, the crypto market was described euphemistically as “experiencing significant downside pressure” or “had a very bleak May” – while most proclaimed a full-on crash.  The WSJ declared in mid-May 2022 that $1 trillion of crypto vanished in just six months – while still others argue that the digital assets were overpriced and ripe for such a correction.  Trust is central to monetary systems, especially in ecosystems designed for the capture, storage, and transaction of value.   Trust continues to be shattered in the world of crypto, DeFi and for blockchain business models across a variety of industry verticals  – as security vulnerabilities and hacks continue to plague the technology.

The OODA Loop Blockchain Series

Blockchain Security, National Security, Cybersecurity, and Health Security

The RektTest, “On-Chain” Security Exploits and the Future of Blockchain Development: A collaborative group of security researchers with Web3 expertise has produced a 12 question guide to the basics of Web3 security. This report captures those 12 questions and provides context around their optimal use.

NIST on Blockchain and Cybersecurity at the Physical Layer (Access Control Systems): NIST’s Computer Security Division, Information Technology Laboratory’s white paper on Blockchain for Access Control Systems presents general information for blockchain access control systems from the views of blockchain system properties, components, functions, and supports for access control policy models. Considerations for implementing blockchain access control systems are also included.

Security, Privacy and Interoperability: Blockchain-based Decentralized Identifiers 1.0: Since 2020, the Institute of Electrical and Electronics Engineers (IEEE) Identity of Things Working Group has been working with a global consortium on the development of the IEEE P2958 standard:  “According to IEEE chair of the Identity of Things working group Dr. Xinxin Fan, researchers from Lockheed Martin, Ericsson, Lenovo, Huawei, Bosch, IoTeX and the China Academy of Information and Communications Technology are developing the global standards for blockchain-based decentralized identities (DID)…” after two years of research, the six major global businesses have provided the proof-of-concept for blockchain-based decentralized identification (DID) for IoT devices, which Dr. Fan started in 2019 with the World Wide Web Consortium (W3C).

The Ronin DeFi Network Hack and Blockchain Analysis Techniques for Attribution:  In early April 2022, we began our research and analysis of crypto and blockchain security initiatives.  In our initial post, we explored recent blockchain bridge heists, growing national security concerns, and The Secure Blockchain Initiative at Carnegie Mellon.  This post is about a specific attribution that emerged around the giant $618 million hack in March 2022 of the Ronin Network, in which “hackers [stole] more than $600 million worth of Ethereum (173,600 ETH) and $25.5 million of US dollar-pegged stablecoin USDC, making it one of the largest decentralized finance (DeFi) hacks to date.   The company, which is tied to the popular blockchain game Axie Infinity, said in a Substack post that they suffered a security breach on March 23. Sky Mavis, a blockchain gaming company, built and controls the Axie Infinity game.” (1)  In April 2022, the U.S. Treasury has attributed The Lazarus Group to the Ronin Network heist.

TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies:   The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) issued this joint Cybersecurity Advisory (CSA) to highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima.  The U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs). They provide recommendations for mitigating attacks (OODA provides additional, more actionable context below).

In 2022: $1B in Crypto Blockchain Bridge Heists, Growing National Security Concerns and the Secure Blockchain Initiative:  Blockchain in particular shows great promise for the future of identification and security protocols.  For now, however, what trumps the potential cybersecurity applications of the blockchain is the conventional wisdom that the entire crypto ecosystem has serious middleware challenges – and growing direct security vulnerabilities in the blockchain design and architecture itself.

Blockchain Technologies are the Future of Food Security and Food Safety:  A shout-out and a thank you to the Ontario, Canada-based Blockchain Research Institute (BRI) and the authors of this research.  BRI allows for the distribution of a high percentage of its blockchain research of really interesting case studies with real-world applications via a Creative Commons license.  The first BRI report we feature as part of our research and analysis of blockchain technologies in the agriculture industry sector is a pilot project from Walmart in collaboration with IBM using IBM’s blockchain solution based on Hyperledger Fabric.

Additional OODA Loop Resources

Innovative Blockchain Technology Case Studies (by Industry Sector):  Over the course of 2022 and 2023, The OODA Loop Blockchain Series has explored blockchain disruption in the market and new opportunities created by blockchain technologies in both the public and private sectors.  Innovative blockchain technology efforts (by industry sector)  – with a focus on how the blockchain enables new business models, opportunities for innovative value proposition design, and decentralized governance – are listed here.  Industry sectors include: The Financial Sector and Monetary System; The Technology Sector (Semiconductor Subsector); The Automotive Sector and the Future of Mobility; and The Bioeconomy, Biotechnology, and Healthcare. 

On Trust and Zero Trust: New Paradigms of Trust, Designing Trust into Systems, and Trustworthy AI:  The future of trust is a broad research theme at OODA Loop, overlapping with topics like the future of money (ie. the creation of new value exchange mechanisms, value creation and value storage systems – and the role trust will play in the design of these new monetary systems). Likewise, notions of trust (or lack thereof) will impact the future of Generative AI, AI governance (i.e. Trustworthy AI) and the future of autonomous systems and exponential technologies generally.  This post is a compilation of OODA Loop Original Analysis and OODAcast conversations concerned with trust, zero trust and trustworthy AI.

The Future of the Internet, Trust and Web3: Data and Digital Sovereignty Versus Digital Self-Sovereignty:  Charles Clancy, Chief Futurist at MITRE, and his co-authors of a recent report –  “Democratizing Technology: Web3 and the Future of the Internet” – provide the best framing of a “robust and decentralized, democratized alternative to the existing technology stack” and “the establishment and advancement of alternative technological paradigms to protect the public interest by making authoritarian misuse difficult or impossible.”

For additional OODA Loop News Briefs And Original Analysis on Blockchain Technologies, see  OODA Loop | Blockchain