paint-brush
Is a Crypto-DAG Platform Vulnerable to Hacking? Understanding the Security Risksby@obyte
591 reads
591 reads

Is a Crypto-DAG Platform Vulnerable to Hacking? Understanding the Security Risks

by ObyteAugust 15th, 2023
Read on Terminal Reader
Read this story w/o Javascript

Too Long; Didn't Read

A crypto-DAG platform is a type of distributed ledger used for managing transactions in cryptocurrencies. Unlike blockchains, it uses a Directed Acyclic Graph (DAG) structure, where each transaction references previous ones, creating a more decentralized system. Obyte is one of such platforms. But amidst the benefits lie concerns about security vulnerabilities and the potential for hacking attempts.
featured image - Is a Crypto-DAG Platform Vulnerable to Hacking? Understanding the Security Risks
Obyte HackerNoon profile picture

A crypto-DAG platform is a type of distributed ledger used for managing transactions in cryptocurrencies. Unlike blockchains, it uses a Directed Acyclic Graph (DAG) structure, where each transaction references previous ones, creating a more decentralized system —without miners or other middlemen. Obyte is one of such platforms.


However, amidst the benefits lie concerns about security vulnerabilities and the potential for hacking attempts. We’ll make here a quick overview of the security landscape of crypto-DAG platforms, exploring the measures in place to safeguard user funds and data. By understanding the risks and challenges associated with these innovative systems, users can make informed decisions while participating in the crypto-DAG ecosystem.

DAG vs Blockchains (for hackers)

So, maybe you’re wondering which system is the safest: a DAG or a blockchain? Well, the truth is that there’s no one-size-fits-all answer. It completely depends on the specific network. Both DAGs and blockchains have their unique security strengths and weaknesses, and their safety depends on how well they are designed, implemented, and maintained.


However, a DAG like Obyte can mitigate some of the security risks already present in numerous blockchains. Potential attacks like transaction censorship, double-spending (spending the same coins more than once), Sybil attacks (rogue nodes colluding to damage the network), and 51% attacks (the majority of miners or validators colluding to control the network) are ever-present risks in any blockchain. Not to mention the quite common smart contract vulnerabilities, from which hackers have stolen billions.


On the other hand, not all DAGs are the same, but they share an important feature: they’re block-less chains, without miners or powerful validators-approvers. Every transaction is intertwined with the previous one and the next one, forming a graph along the way. No miner or block producer (misleadingly called “validator”) is needed to approve or reject transactions: once it’s created by any user, it’s included in the DAG. So, things like censorship aren’t possible.

Other threats

Now, to avoid double-spending and Sybil attacks, Obyte has Order Providers (previously called witnesses). These providers, who are typically well-respected individuals or companies, create transactions like everyone else and these transactions serve as waypoints for ordering all other transactions. In return, they get a portion of the transaction fees, but that shouldn’t be the main purpose of an Order Provider.


They are selected for this role by the community among the respectable members of the community who have a lot to lose if they misbehave. And, unlike miners or “validators” in blockchains, they don’t have a lot of power themselves. They can’t decide which transactions are approved or not, and they can’t double-spend money.


Basically, the only thing they can do if they collude is stop the network, until a new network with a new set of Order Providers is restarted from the point where the old network stopped. They were selected by the community itself to begin with, so, the same community can take the role away. They’d lose their reputation as individuals or businesses, and be excluded from the network. No one can buy the right to control a decentralized DAG.

What about the IOTA hack?

IOTA is another crypto-DAG ledger that is infamous for an attack that happened in 2020. Hackers stole 8.5 million in IOTA's native token MIOTA directly from users —approximately $2 million at the time. That raised distrust against DAG-based systems, but the thing is, the DAG itself wasn’t hacked back then. Instead, the hackers exploited a feature in the IOTA wallet Trinity that allowed users to purchase MIOTA with fiat money through MoonPay — a third-party fiat-to-crypto gateway.


T he attackers managed to replace legit code from the MoonPay API with malicious code. That compromised all the Trinity Wallet downloads between December 17, 2019, and February 17, 2020. Once users entered their seed phrases (private keys) into the compromised wallets, the attackers gained access to their funds and could transfer them to their own accounts.


The IOTA Foundation suspended the network (which was possible because the network was, and still is, utterly centralized) for several weeks to avoid further losses, and the founder promised to refund the affected users himself. Sadly, this was a third-party vulnerability that could’ve happened to any distributed ledger platform (blockchain or DAG).

What can you do to protect your funds?

Being aware of the risks is the first step. The second is to protect your private keys at all costs. Seeing the IOTA case, it’s advisable to distribute your funds into several wallets and diminish third-party services when possible —especially from your main wallet. A third step is to always pay attention to the latest news about the distributed ledgers you participate in. If there’s some kind of issue, the team will announce it quickly through public channels to mitigate damages.


One potential weak point in any decentralized system, including Obyte, is the human factor. The security of users' funds can be compromised if individual users fall victim to social engineering attacks (frauds), phishing attempts (impersonation), or if they share their private keys or recovery phrases with malicious actors. Users must be vigilant and cautious, not only regarding their interactions with the network but also in safeguarding their own authentication details.


Don’t forget that we already talked about protecting your private keys in Obyte and how common crypto scams work. To protect your funds, don’t make it easy for hackers and scammers!



Featured Vector Image by Freepik