Reference URL: https://thenextweb.

com/hardfork/2019/07/26/security-firm-vulnerable-blockchain-
education-fumblechain/

Security firm releases flawed blockchain into the wild to help educate hackers

Blockchains are supposed to be highly secure for transactions and data. Blockchains are particularly
attractive to thieves because fraudulent transactions can’t be reversed as they often can be in the
traditional financial system.

Along with this, we too know that as blockchains have unique security features, they also posses unique
vulnerabilities. Earlier, market slogans and headlines misleads this technology calling it as " unhackable"
and were proved wrong.

Blockchains can be compromised and have many exploitable vulnerable, despite being highly secure.
Still, one of the security firm thinks that the hack can be fixed. Natively, blockchains are secure because
of their immutability. The second layer of security comes via consensus algorithms that define which
transactions should be added to a blockchain.

Now researchers are planning to launch a intentionally vulnerable blockchain in a hope to draw attention
of hackers to the find out the flaws. The FumbleChain, designed by Kudelski Security, will debut at the
Black Hat conference next month.

The FumbleChain project is designed to showcase how blockchain ecosystems could be vulnerable, as
explained as head of cybersecurity research at Kudelski, Nathan Hamiel. This step by the firm will allow
them to know how hackers exploit the blockchain system in their way. This can also make them realize of
the vulnerabilities to the system and secure the blockchains.

While talking about the security and the misconception among people about blochains, Nathan Hamiel,
head of cyber security research at Kudelski Security said,

“There is a common misconception that blockchains are inherently secure, but the reality is that the
technology is incredibly nuanced and complex, and a great deal of attention must be paid to its
underlying security and cryptography."

The FumbleChain is running a spoof ecommerce application called FumbleStore. While in the
cybersecurity language, FumbleStore is a CTF type hacking game. CTF particularly means Capture the
Flag, where participants compete to either secure the system or break it and also to capture the various
components of digital real estate.

Cybersecurity is having much demand in industry. The Damn Vulnerbale Web Application, DVWA is a
deliberately broken web app design to help and teach users about the cybersecurity and web based
application security. to to teach users about web-based application security.

FumbleChain is written in Python, an easy to manipulate programming language. Python was mainly
chosen to create the FumbleChain to allow CTF participants to read and modify its source code. The
blockchain‘s code is also constructed in modules so new CTF or hacking challenges can be added over
time. With the time the the old modules get irrelevant or continue to run.