In a blog post about the event, Riedesel noted that the contest, which offered about $2,500 in awards, presented 23 challenges based on real-world vulnerabilities in both public and enterprise blockchain applications. The participants “claimed 22 of the 23 Chain Heist bounties,” he wrote.
A year earlier, at the 2018 DEF CON, Riedesel and Synopsys colleague Parsia Hakimian, a senior security consultant, demonstrated an open source tool they had helped create called Tineola, designed to attack Hyperledger Fabric, the most popular enterprise blockchain platform.
“Tineola” is the scientific name of a species of moth that eats clothes, as in fabric—get it? “It’s happily munching away on your blockchain fabric,” Biehn said.
In their demo, they showed how vulnerabilities in an insurance application could be used to commit insurance fraud.
“It’s important to note that part of this [responsibility for security] is on the developers using the platform—using it correctly,” Biehn said, “and the other part is on the platform authors to make it defensively designed and easy to write secure code.”