The notoriously vulnerable FumbleChain blockchain is intended to serve as an educational tool for cryptocurrency developers.
The new development was demonstrated at the Black Hat event. According to a senior security engineer at Kudelski and one of the project developers
Nils Amiet, working with the blockchain involves solving various technical problems. With the help of gaming tasks, the company wants to teach developers the difficulties that they may encounter when working with the blockchain.
According to Dan Guido, co-founder and CEO of Trail of Bits, a cybersecurity company, FumbleChain is similar to hacking games used in traditional software development to search for vulnerabilities.
“Competitions and training tasks are used throughout the security industry, sometimes 30,000 or more players take part in competitions at the same time,” Guido said. “The blockchain industry has long had a time to acquire its own competition game.”
Users accumulate Fumblecoin game points every time they find and exploit a vulnerability in the FumbleChain blockchain. Amier notes that the underlying technology of FumbleChain is “very similar to Bitcoin,” but simpler. CertiK’s cybersecurity operations director, Daryl Hok, said FumbleChain is designed to make blockchain accessible to engineers in various fields.
“FumbleChain provides a gamified model that can interest a wide audience with its accessibility and incentives,” Hawk said. “Currently, the project focuses on source-level attacks, not on economically-oriented attacks, but this may be added in the future.”
Kudelski’s head of cybersecurity research, Nathan Hamiel, hopes FumbleChain will find its own life now that its open source code has been uploaded to GitHub.
“Many projects like this one tend to die out,” Hamiel said. “I feel that the only way to save such a project is to publish its open source code. … We hope that people will continue to not only use, but also develop new tasks, and they will really participate in the project. ”
FumbleChain was created after Kudelski completed a series of security checks for cryptocurrency projects, including Monero and Zcash, Hamiel said. The first task in FumbleChain simulates a so-called replay attack when duplicate transactions are generated in two separate chains.
Other attack vectors in FumbleChain include transaction input validation, public key and wallet address mismatches, and DoS attacks. FumbleChain also offers a web wallet and blockchain browser to experiment with. In the future, FumbleChain plans to include tasks for smart contracts and blockchain privacy.
Marc Laliberte, senior security analyst at WatchGuard Technologies, notes that FumbleChain can influence existing applications, creating opportunities for “hands-on” training. He said:
“Gaining experience identifying and exploiting common vulnerabilities is a great way to learn how not to make the same mistakes. FumbleChain provides developers and enthusiasts with the opportunity to learn about common weaknesses and play in a secure ecosystem, and then transfer this knowledge back to their applications. ”
At the beginning of this year, the Kudelski Group launched
Blockchain Security Center (BSC), a cybersecurity division of the blockchain, in order to provide its cryptographic experience to the developing community of blockchain developers.