Blockchain Projects: It’s Time For An Audit

Since little mistakes can cost millions of dollars, best practices when it comes to security are paramount for blockchain projects.

So you have a project with a lot of moving pieces. It’s only natural that you work closely with partners to help operations go smoothly. But when push comes to shove, who is handling the vital links in the chain of your infrastructure, and how seriously do they take their security? It’s a serious question, particularly for those building projects the cryptocurrency ecosystem.

You should be asking yourself, right now, when was the last time we did a complete audit of our security practices? If you’ve got sensitive data in the care of third party service providers, can you say how secure it is? Are those systems that contain vital information air gapped? Are they encrypted, and do those with access to them execute best practices to ensure that access remains private and secure? If you haven’t asked those questions recently, it’s time to to do it.

The truth is, someone is probably already trying to figure out a way to breach the security of a project just like yours. There’s a member of a team out there that has an old password to an email that connects to some important service that will ultimately grant a hacker access to the innards of the company, where they can wreak havoc. It might be a Chrome Store Account, like the recent VPN add-on, Hola, hack that lead to MyEtherWallet users data being skimmed. It might be an infiltrated Zendesk account such as the one responsible for a phishing attack experienced by the EOS community. Or, it might be something you’re not prepared to be looking out for, like a DNS hack that redirects traffic from your website to a phishing site; as much happened to both Trezor and MEW recently.

Right now is the time to take action. Talk to your third party providers about the way they handle data security. If they aren’t up to snuff, maybe it’s time to do it in-house, or find a partner whose practices are better suited your project’s needs. Take time with your team to reinforce preventative practices such as proper password management, system monitoring, and the use of multi-factor authentication tools, and it will go a long way towards security.

Once news of an attack reaches the team who needs to respond to it, it’s too late. The damage has been done. Sadly, it’s often the very supporters of projects who take the biggest brunt of the scams that arise due to poor security practices. No one wants to hear a project got shut down because someone’s account with administrative access had a password exposed in some years-old data breach was accessed. Don’t let your community and project fall prey.

MetaCert has built a series of tools that can help you and your community avoid phishing attacks. Check out our Telegram Bot, our Cryptonite browser add-on, and our enterprise grade Slack tool, all of which rely on the MetaCert Protocol, a threat intelligence system for the trust and reputation of web resources.

The MetaCert Protocol is a trust and reputation threat intelligence system for verifying web resources. It addresses a number of attack vectors, encompassing solutions for anti-phishing, child safety, brand protection, crypto-address verification, and news credibility. Find out more about the MetaCert Protocol, ask questions, and leave suggestions on both our White Paper and Technical Paper. You can also join our Telegram community to stay up to date on our blockchain project. Remember to install Cryptonite to protect yourself from phishing scams before it’s too late.