So what is the solution to NEM hack and its kind?

Sentinel Protocol as a solution for blockchain hacking

Just a week ago, Japanese cryptocurrency exchange Coincheck has been hacked, resulting in a massive loss of 523 million NEM coins. This record-breaking hacking incident must have got regulators’ attention to enforce stricter security requirements at cryptocurrency exchanges but the problem is a lot of them do not know how to regulate this area. There are still no security standards in blockchain industry.

Before going to the blockchain security, let us give you some background of how security solution nowadays works. The way to stop any malicious attempts is by utilizing past attack information. Whether it is web application security, database security or network security, security vendors have to gather previous attack vectors and learn the patterns of those attacks. From there, if similar kind of behavior takes place, it will be labelled ‘risky’ and eventually ‘blocked.’ The more the threat information is collected, the more the protection measures can be designed. That’s why machine learning technology is often utilized in security field, in order to predict future attacks and become better prepared.

The issue here is that security vendors are not encouraged to cooperate and create one comprehensive database that has all the threat information. There’s basically no motivation for them to share intelligence and knowledge or discuss possible solutions together. If something rings a bell, you’re on the right track. This problem can be solved by leveraging the advantage of blockchain technology.

The solution lies in the blockchain.

If a blockchain-based reputation system and cybercrime information are all shared within a blockchain distributed policy, it will not only foster collective intelligence but also guarantee data integrity. It is not a big surprise that security company sometimes get compromised as well, which means data provided could be forged and manipulated. Again, this can also be prevented from decentralized nature of blockchain, because there’s going to be no attack surface.

Sentinel Protocol is the project of building a worldwide integrated intelligence platform. Ultimately, it will discourage hackers from doing ill behaviors. Hacking occurs based on cost-benefit analysis. If hackers can only get negligible amount of benefit compared to what it takes for them to succeed, they would lose interest significantly and fewer hacking attempts will occur. What Sentinel Protocol does, is to make hacking itself unattractive thing to do.

Within Sentinel Protocol platform, stolen cryptocurrency will be automatically tracked in real time, and such information gets shared rapidly around the world among whoever is using Sentinel Protocol database. The more Sentinel Protocol is integrated into major crypto wallets, exchanges, and payment services, the faster the value of stolen assets drops. By incapacitating the value of stolen money, Sentinel Protocol becomes the ultimate countermeasure to crypto cyber crimes.

How could Sentinel Protocol have made it different?

Let’s go back to the NEM’s case. The actual attack vectors are still not officially announced. At least from what we know so far, let’s see what could have happened differently if Sentinel Protocol was used.

The coins were stolen from hot wallet using the private key.

>> There’s nothing could be done at this point. Sentinel Protocol can definitely partner with private key protection services in the future, but protecting private key is not within our service range at the moment.

Stolen NEM was continually dispersed to multiple accounts.

>> Sentinel Protocol recognizes abnormal behavior by monitoring regular transaction patterns. A deviation from typical behavior would be noted on the system, and will require extra layers of authentication to proceed. Sending large amounts of coins to multiple accounts in a short amount of time would have been flagged in Sentinel Protocol platform. This would at least have stopped the leak half way through. Then, this would also have prevented from one from getting into mess for his or her stolen coins. (A random account of good person was used.)

It took at least 8 hours for Coincheck to notice the hacking.

>> The exchange gets notified almost immediately when abnormal behavior happens. In order to reduce human error, what’s called blockchain Fraud Detection System (FDS) will be initiated in this case so that immediate actions can be taken. Besides, a group of security experts called ‘The Sentinels’ will jump on investigating the case. The Sentinels are white hackers or security researchers who cooperate on cyber crime prevention and get rewarded for post hacking investigation.

The unidentified account owner of the stolen coins tried to move the coins onto different exchanges.

>> Once hacker tries conversion, the exchanges will get high priority alarm that this transaction should not be approved. By the policy, all the exchanges that have integrated Sentinel Protocol will not accept hacker’s transactions. The hacker address will be shared to all Sentinel Protocol network regardless of national border. This is quite noticeable, since the interpol isn’t much of a help as of now.

The stolen coins got dispersed to numerous accounts and some were used to pay for the ICO.

>> Sentinel Protocol automatically tracks all sub-addresses derived from the original hacker’s addresses. It will cut off any chance for hackers to make use of the seized coins, no matter how hard the hacker splits the stolen coins through tumbling and mixing. Also, the fact that stolen crypto assets can be abused as a payment for commercial services or ICO has been a headache for many parties, but with Sentinel Protocol, this problem will no longer be of an issue.

Concluding thoughts

Coincheck would issue full refunds to all of the 260,000 victimized users. However, this is just one compromised exchange’s own decision. We should not expect exchanges are liable for our own assets. As you may already know, the end users hold the responsibility by themselves in this decentralized world. This leaves us two options: 1) Use exchanges and wallet services that have Sentinel Protocol integrated 2) Join The Sentinel and participate in the community by reporting hacking incident, getting help from security experts and upvoting for their contribution.

Now, what do you think? Do you believe Sentinel Protocol is the solution to bring a truly decentralized yet safely connected crypto world?