The Steemit Crypto Academy Week 5: @gbenga : All About Blockchain Security. Security problem with Cryptocurrency.

Hello @gbenga, this topic is very interesting, I think that as long as people know about security and risks in cryptocurrencies they will continue to place their trust in them.

So with nothing more to add, let's get started

INTRO

Through the combined use of different elements, blockchains are capable of reaching high levels of security, however, as with almost all systems, it is critical to apply it properly. A balance between decentralization and security is vital to building a reliable and effective cryptocurrency network.

It is here where, "in my opinion", arises a root problem in the security of cryptocurrencies , since blockchain technology allows value transactions between users without intermediaries involved in the process, in other words, it decentralizes the management of transactions and presents to all its participants the same decentralized database. The blockchain also offers a dynamic and unalterable record of these transactions over time that replaces trusted intermediaries and centralized authorities, for example banks, that support transactions due to the digital trust that users have placed in this technology.

THE PROBLEM

By principle, the blockchain also offers transparency, this means that all participants can see all the information contained in the distributed database, such as the transaction and operation history of any other user; This, added to the fact of not having a central arbiter, but rather that the participants make decisions by consensus, can generate certain security problems associated with the protection of identity.

Platforms and networks share security risks with information technologies, such as confidentiality, privacy, key management, cryptography, identification and patching of vulnerabilities or simply social engineering threats, and here is where the majority of efforts are concentrated by malicious people to breach cryptocurrency platforms security.

It's in this part of social engineering where I believe It lies the true vulnerability of cryptocurrency security; In the human factor. As all we know social engineering is the practice of obtaining confidential information through the manipulation of legitimate users. It's a technique that certain people can use to obtain information, access or permissions in information systems that allow them to harm the person.

The underlying principle of social engineering is: in any system, users are the weak link. So in this section I would like to add an additional attack type to the ones already mentioned in class.

THE BAITING

In which is used a removable storage device such as USB's infected with malicious software (malware), left in a public place with easy access, such as public bathrooms, cafes, subway. When the victim finds such a device and inserts it into their computer, the software will install and allow the hacker to obtain all of the user's personal data.

_{The Baiting, uses the victim's curiosity as a decoy to violate their security. Image Source: https://www.stateofdigitalpublishing.com/audience-development/clickbait/}

Another common type of Baiting is Click Baiting, which consists of using eye-catching headlines and links in order to make Internet users click (such as getting rich qick or making a large sum of money). In other words, making intentional uses of misleading headlines to quickly capture the attention of users. These headlines or advertisements are made in such a way that they are able to increase the curiosity and interest of users in the network. Click bait headlines are characterized by being not very descriptive and having the ability to generate great expectation.

In short, like Phishing, these security breach methods are designed to install malware on the victims' computers, which will then allow hackers to know the data or passwords, which in turn leads to the theft of the cryptoassets.

MY EXPERIENCE

As a Personal case. I must say that I was about to fall into a Phishing or Click bait trap ... or rather I have been about it several times but fortunately nothing bad happened.

In fact, I have had this experience on this same platform.

The fact is that in the time that I have been doing posts on Steemit, approximately 20 or 10% of the time (sometimes more between 70 or 80%) I received in the comments section some replies from unknown accounts but that apparently were safe and they came from a formal account.

These users began by voting my post with a small sum and then they left a comment congratulating me on my post and inviting me to enter a link that would redirect me to another place.

In some cases the link was advertised as a promise to receive larger payments on STEEM and SBD. For someone new the truth is a tempting offer. However, from my experience on the Internet (and partly common sense) I know that these addresses can contain Malware, so I abstained. However I remember that I was very tempted, in fact I once replied to one of the messages with a simple "thank you".

I think I was'nt the only one because soon after my friend @sampraise, who is the one who introduced me to Steemit, alerted me to this phenomenon and told me not to access these addresses, since they were malicious personnel who wanted to take advantage of the blockchain, they sent these malicious messages to gain the data and identities of users and then steal their assets.

_{My personal experience in Steemit}

Today that user is already blocked, so I could not show a screenshot of his publication, however I put one other replie from another suspicious account.

As a final point I must add that the challenges and risks will always be at the same level as technology, regardless of how secure a platform or system is, there will always be threats.

In this case, it is where the cooperation of each person is needed to contribute to the teaching and education of community members on security matters, in such a way that hackers do not have a simple job.