- It will detect and report security vulnerabilities in blockchain systems
- The new tool dubbed “Mythril” is a smart contract security diagnosis and analysis tool
- NRI will continue partnering with ConsenSys and other Fintech companies
Japan’s NRI’s Secure Technologies has unveiled a “Blockchain Security Monitoring Service for smart contracts on the Ethereum blockchain. The solution will detect and report security vulnerabilities in information systems and services that use the blockchain technology.
Smart Contract Security Tool “Mythril”
According to the announcement, the “Blockchain Security Monitoring Service” was launched on November 8, 2018, and will be executed by introducing a host of “scan tools in the ‘NeoSOC’ security log monitoring service,” that NRI operates.
NeoSOC is NRI’s 24/7 cloud-based managed security solution that uses our SOC-as-a-Service delivery model to provide a solution that monitors the behavior of targeted smart contracts and notifies the company using this service when new vulnerabilities are identified. NeoSOC uses advanced cross-device and cross-customer correlation analysis enriched by multiple streams of threat intelligence. The system uses Security Incident and Event Management (SIEM) to dramatically reduce the number of false positives that will require investigation.
The new service features a new tool dubbed “Mythril” that is described as a “smart contract security diagnosis and analysis tool” that is produced by U.S.-Based blockchain security firm ConsenSys Diligence Inc. Mythril has been designed to automatically diagnose the behavior of a smart contract to unearth any concealed susceptibilities. This makes NRI the first Japanese partner for U.S.-based ConsenSys.
There has been an increase in illegal intrusions into cryptocurrency exchanges and cyber-attacks targeting blockchain vulnerabilities and cases targeting smart contracts. The reentrancy problem ranks high among blockchain security vulnerabilities that can lead to accounts being drained through multiple expenditures using the same transaction.
The DAO hack remains the most infamous cryptocurrency attacks to date where the hackers exploited reentrancy. After raising over $150 million in its first month, the Decentralized Autonomous Organization (DAO), hackers used the reentrancy flaw to drain over $50 million on June 17, 2016. This resulted in the hard fork from Ethereum Classic (ETC) to Ethereum (ETH) as a way of trying to resolve the problem caused by the hacking incident. NRI explains:
“Therefore it is necessary for the developers of smart contracts, and the companies that introduce them, to always be aware of information about security vulnerabilities and check whether a developed program could be the target of an attack.”
NRI Secure Technologies is a subsidiary of Nomura Research Institute (NRI) that specializes in cybersecurity services and consulting. The company plans to continue partnering with ConsenSys and other Fintech companies in Japan and elsewhere to enhance security in the development of the blockchain technology and for the businesses that use it.