Open in app

Sign in

Write

Sign in

How secure is Ethereum?

Tharusha Jayasooriya
6 min readAug 10, 2024

--

Introduction

Blockchain security refers to the procedures and systems blockchains use to protect the blockchain and mitigate fraud.

Due to the decentralized nature and the use of cryptography, blockchains are generally secure. In fact, the reason most people use blockchains is to share data in a secure and tamper-proof way. Ethereum is no different.

But this does not mean blockchains like Ethereum are fail-proof. In this article, we’ll discuss different techniques blockchains use to secure their networks as well as how they can fail.

How is Ethereum secured?

Ethereum like many other blockchains uses many techniques and systems to make their network secure. Some of these techniques include.

Proof of Stake (PoS) consensus

Ethereum transitioned from Proof-of-Work to Proof-of-Stake in 2022 as part of a set of upgrades typically referred to as “Ethereum 2.0”. In PoS, validators stake their ETH to participate in block validation. Users who want to become validators lock up a certain amount of their stake in a smart contract. This is known as the “stake”.

Ethereum will then randomly choose a validator to create the next block. The more eth the user puts as stake the more likely the user will be able to create the block.

This system enhances security by making attacks economically unfeasible, as malicious actors would need to stake and potentially lose a large amount of ETH.

Also if a user is suspected of being malicious, they risk losing a portion or all of their staked ETH. This severe penalty discourages bad actors.

Decentralization

Ethereum is a decentralized blockchain platform. This means Ethereum isn’t operated or managed by any centralized entity instead consists of thousands of nodes that exist as a peer-to-peer network.

This distributed nature means that even if some nodes are compromised or go offline, the network continues to function. This also makes it incredibly difficult for a single entity to take control or manipulate a large part of the blockchain.

Illustration showing blocks in the blockchain

Use of Cryptography

Cryptography is a technology used in many forms of applications for sharing and storing data securely. They use keys that are only known by certain parties to encrypt those valuable data.

Ethereum uses many cryptographic technologies in its operations. For instance,

  • Elliptic Curve Digital Signature Algorithm (ECDSA) for creating and verifying digital signatures, ensuring that only the owner of a private key can initiate transactions from their account.
  • Keccak-256 hash function for generating unique identifiers for blocks, transactions, and addresses.

Slashing mechanisms

This is part of the PoS consensus mechanism used on Ethereum. Essentially the slashing mechanism refers to the process of rewarding validators for contributing to the network, while also penalizing bad actors on the network. This is designed to deter validators from dishonest behavior.

According to Beaconcha as of August 2024, 439 validators have been slashed out of 916,000 active validators.

Continuous updates and improvements

Ethereum undergoes regular upgrades through a process of Ethereum Improvement Proposals (EIPs). These proposals include upgrades to aspects such as security and scalability. List of ongoing EIPs.

These ongoing improvements help Ethereum adapt to new challenges and maintain its security in the face of evolving threats.

How can Ethereum security fail?

Much like any other system, security fails of these systems always come down to two reasons. Vulnerabilities within the system itself, or due to certain actions performed by their users.

In the Ethereum world, you can think of them as vulnerabilities within the Ethereum network or issues with smart contracts and validators.

Vulnerabilities within the Ethereum network

To understand these vulnerabilities let’s look at some previous attacks

  • In 2016, an attacker exploited the reentrancy vulnerability to steal about US$60M.

The vulnerability occurs when an external callee contract calls back to a function in the caller contract before the caller contract finishes. This allows the attacker to bypass the due validity check until the caller contract is drained of Ether or the transaction runs out of gas.

  • In July 2017, a vulnerability in the Parity wallet contract caused the loss of US$31M

A function called “innitWallet” within the WalletLibrary was exploited to change some high-profile contract owners. The attacker exploited this and simply changed the contract’s m_owners state variable to a list containing only their address.

Vulnerabilities within smart contracts and validators

Smart contracts are pieces of code that govern the behavior of transactions in the blockchain. These are built on top of the Ethereum network.

Some of the vulnerabilities found within smart contracts :

Improper Signature Verification

Networks like Ethereum rely heavily on signature verification. This signature acts as a digital fingerprint, proving their ownership and authorization.

Smart contracts developed with improper signature verification can lead to unauthorized access to funds.

Signature Malleability

This exploit lets attacked bypass security checks and access funds by altering the cryptographic signature of a transaction without affecting its validity.

To learn more about improper signature verification and signature malleability, read this article.

Other vulnerabilities

In April 2018, the MyEtherWallet wallet fell victim to a BGP and DNS hijacking attack, enabling the hacker to steal US$17M. DNS servers were hijacked to redirect users trying to access myetherwallet.com to a malicious server, which proceeded to empty the user’s wallet.

How to improve Ethereum security?

The Ethereum team continues to improve the security of the network. The Ethereum Foundation is currently working on security implementations such as view merging and Single slot finality (SSF).

For developers

Smart contract developers directly contribute to the security of the Ethereum network, since the end user will likely use these 3rd party smart contracts and dApps to do transactions within the Ethereum network.

Developers need to follow secure coding practices and thorough tests before they make smart contracts public. They also need to upgrade and maintain these smart contracts so users won’t be victims of newer vulnerabilities.

To learn about common solidity security vulnerabilities & how to avoid them, read this article.

For end users

Most of the Ethereum-related scams are done by bad actors taking advantage of the misunderstanding most end users have surrounding blockchain technologies.

Most common attacks like giveaway scams and phishing scams can be avoided by following some very simple steps such as,

  • Keeping private keys to yourself and never sharing them,
  • Using a hardware wallet,
  • Double-check transactions before sending,
  • Setting smart contract spending limits.
Hardware wallets, Ledger, and TREZOR

For tips to avoid crypto scams read this article.

FAQ’s

How safe are smart contracts?

Smart contract safety depends on the quality of the code and the diligence of the developers. While many contracts are secure, vulnerabilities can and do occur, sometimes leading to significant losses.

How can I check if a smart contract is secure?

You can look for published security audits, check if the contract’s code is verified on block explorers, and research the reputation of the project and its developers.

What are digital signatures?

These are mathematical schemes for verifying the authenticity of digital messages and documents. Digital signatures rely on public key cryptography.

Are Ethereum transactions anonymous?

Ethereum transactions are pseudonymous, not anonymous. While addresses aren’t directly linked to real-world identities, transaction patterns, and other on-chain data can potentially be used to identify users.

What is a 51% attack?

A 51% attack is when an entity controls more than 51% of the network’s validation power. Due to the PoS consensus mechanism used in Ethereum taking control of 51% of the network is economically infeasible.

What is The Ethereum roadmap?

The Ethereum roadmap outlines the specific improvements that will be made to the protocol in the future

Conclusion

Although by design Ethereum is meant to be a secure network, fraudulent activities still happen, either due to the network fault or due to badly designed smart contracts and user error.

It is important for developers and/or end users to understand these vulnerabilities and flaws in the network so that we can avoid these attacks and inspire trust within the blockchain ecosystem.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Cryptocurrency
Ethereum
Blockchain
Security
Web3

--

--

Tharusha Jayasooriya
Tharusha Jayasooriya

Written by Tharusha Jayasooriya

3 Followers
3 Following

A Linux Nerd.

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams