Last week something called FumbleChain was unveiled at the Black Hat infosec event. It is a deliberately flawed technology that is meant to act as an educational tool for crypto developers. Or as Coindesk says, it “makes breaking blockchains a sport.”
Nils Amiet, a senior security engineer at Kudelski and one of the developers behind the project explained, “Basically, this what people call CTF, or ‘capture the flag’. Whenever you solve a challenge that is when you get the flag. … The challenges are pretty technical.” Users collect game points dubbed “fumblecoins” every time they exploit a vulnerability in the FumbleChain blockchain and capture one flag.
According to Dan Guido, co-founder and CEO of cybersecurity firm Trail of Bits, FumbleChain is similar to the wargames used in traditional software development: “Competitions and training exercises are used throughout the security industry, sometimes in live competitions of 30,000 or more players at one time, to help educate and demonstrate the knowledge that participants have gained.” He also added, “It’s long overdue for blockchain security to have its own wargame.”
Daryl Hok, COO of blockchain cybersecurity company CertiK said that FumbleChain makes blockchain “approachable” for engineers coming from a diverse set of backgrounds.
“[FumbleChain] provides a gamified, wargames model that may interest a broad audience with its approachability and incentives. The project currently focuses on source code level attacks, as opposed to economically oriented attacks, but that may be something that is added in the future.”
Kudelski Head of Cybersecurity Research Nathan Hamiel now hopes FumbleChain will take on a life of its own now that the code has been open-sourced on GitHub.
“So many projects like this have a tendency to wither away as people move on to other things. I feel the only way to have a successful project like this is to have it be open-source. … We’re hoping people continue to not only utilize but develop new challenges and really come on board and be a part of the project.”