A False Sense of Security

Blockchains are protected by complex mathematical protocols and by decentralization. Cryptographic primitives, such as digital signatures and hashing, are used to verify transaction authenticity and the integrity of the data stored on the blockchain. It is only through these primitives that the concept of digital ownership can be secured. Decentralization makes it incredibly hard for an attacker to gain sufficient control over a blockchain to alter transaction history or apply censorship.

This means that blockchains are quite secure at the protocol level. Although there are confirmed incidents of protocol-level breaches, such as 51% attacks, these are relatively rare and confined…


A Long History of Mathematical Trust

Cryptography is not a new field. It has existed for thousands of years. There has always been a need to keep secrets and encrypt messages, mainly for military and political reasons, but also for commercial and industrial confidentiality.

However, the goals and methods of cryptography have evolved over time, and since the introduction of networked computing, it has become incredibly versatile. Powerful cryptography is now readily available to anyone and, in fact, used by most people on a daily basis without them even realizing it. However, it is also increasingly difficult for companies to use cryptography effectively. …


We are pleased to announce that Cryptonics has finished an extensive security audit of the pTokens Bitcoin to Ethereum bridge.

pTokens is a cross-blockchain solution developed by Provable Things, formerly know as Oraclize. The system allows assets from different blockchains to be moved to Ethereum, in order to make them available to Decentralized Finance (DeFi) applications. This is achieved by locking up assets on the original chain and minting the equivalent amount of representative pTokens on Ethereum. Assets can be moved back by burning tokens on Etherum and freeing up the equivalent assets on the original chain.

Cryptonics has been…


Smart contracts are hard to get right. Their three main properties, the ability to hold value, transparency, and immutability, are essential for them to work. However, these properties also turn smart contracts into a security risk and a high-interest target for cybercriminals. Even without deliberate attacks, there are plenty of examples of funds getting stuck and companies losing money due to smart contract bugs and vulnerabilities.

Over the last two years, we have audited the smart contracts of more than 40 projects here at Cryptonics. The contracts audited include different types of asset tokenization, insurance policies, decentralized finance platforms, investment…


Cryptographic signatures are a fundamental building block of blockchains. Transactions are signed with the private keys corresponding allowing the transaction senders to be linked to their account. Without this feature, the Blockchain’s bookkeeping would simply not work.

Digital signatures are also often verified directly in smart contracts deployed on Ethereum, in order to allow one or more verifiers to authorize actions by submitting signatures created off-chain (or even signatures generated by another smart contract). This is commonly used in multi-signature vaults or voting contracts, in order to submit various signatures together or delegate authorization.

A common vulnerability in such implementations…


Blockchain and distributed computing are complex technologies consisting of a number of layers. Few people understand the underlying cryptography and distributed algorithms in details. And, to be honest, that’s fine. The nature of specialization means that different experts concentrate on different layers and the end-results should fit together nicely through agreed interfaces.

However, when it comes to consensus protocols, there are a number of half-truth and myth that need to be addressed. Understanding consensus is a pre-requisite for choosing the right blockchain platform and configuration for an application. Making the wrong choice can lead to inefficient and insecure setups.

Here…


At Cryptonics, we have audited the smart contracts of 22 blockchain projects during the last 12 months. These projects included both fungible and non-fungible tokens, complex exchange protocols, prediction markets, staking systems, and smart contract-based video-games.

In the audited contracts, we discovered a total of 13 critical, 16 major, and 36 minor issues. But what do these numbers demonstrate? As much as we would like to boast, these statistics do not just highlight our auditing capabilities (we like to think they do, of course). They mainly illustrate that writing secure smart contracts is very difficult. …


Blockchain projects, particularly those based on permissionless platforms, usually sell themselves as Decentralized Applications (DApps). By this, they imply that power is returned to the user by not relying on a trusted third party. Instead, they distribute control among peers. This may be true for Bitcoin and some other cryptocurrencies, but most application-layer DApps built on smart contracts, are far more centralized than most people realize.

Let’s have a look at hidden sources of centralizations and how many projects are just as centralized as their non-DApp counterparts.

Trusted Smart Contracts

Smart contracts are meant to be self-executing pieces of code deployed on a…


Since Bitcoin emerged as the world’s first peer-to-peer currency, it has become common practice to represent assets on blockchains. Assets may be protocol-level cryptocurrencies, such as Bitcoin and Ether or they may be implemented in smart contracts, in the form of fungible or non-fungible tokens. In any case, there is now a very large eco-system of decentralized assets, represented on a number of different blockchains. Making these blockchains work with each other in a way that allows trading or moving assets between different chains is a challenge, mainly because blockchains are designed to be self-contained ecosystems. Breaching the boundaries this…


We have talked a lot about how the blockchain can revolutionize the insurance industry and how distributed ledger technologies can be put to use in enterprise applications in general. Black Insurance is much more than an efficient and transparent implementation of a software platform for the insurance business that leverages the advantages of blockchain technology. The platform is also a re-modeling of the insurance value chain that moves product design closer to the customer, changes the insurance investment landscape and promotes role changes for certain stakeholders, all whilst fitting within existing regulatory frameworks.

In this article, we have a look…

Stefan Beyer

Computer Scientist with research background in Operating Systems, Distributed Systems, Fault Tolerance and Cybersecurity.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store