Distributed ledger technologies have gained significant attention and adoption in recent years. Despite various security features distributed ledger technology provides, they are vulnerable to different and new malicious attacks, such as selfish mining and Sybil attacks. While such vulnerabilities have been investigated, detecting and discovering appropriate countermeasures still need to be reported. Cybersecurity knowledge is limited and fragmented in this domain, while distributed ledger technology usage grows daily. Thus, research focusing on overcoming potential attacks on distributed ledgers is required. This study aims to raise awareness of the cybersecurity of distributed ledger technology by designing a security risk assessment method for distributed ledger technology applications. We have developed a database with possible security threats and known attacks on distributed ledger technologies to accompany the method, including sets of countermeasures. We employed a semi-systematic literature review combined with method engineering to develop a method that organizations can use to assess their cybersecurity risk for distributed ledger applications. The method has subsequently been evaluated in three case studies, which show that the method helps to effectively conduct security risk assessments for distributed ledger applications in these organizations.

翻译：分布式账本技术近年来获得了广泛关注与应用。尽管该技术具备多种安全特性，但其仍易遭受诸如自私挖矿和女巫攻击等新型恶意攻击。虽然此类漏洞已得到研究，但针对其有效检测手段及应对措施的发现仍需进一步报告。随着分布式账本技术的日常使用与日俱增，该领域的网络安全知识仍显有限且零散。因此，亟需开展针对分布式账本潜在攻击的防御研究。本研究旨在通过设计面向分布式账本应用的安全风险评估方法，提升业界对其网络安全的认知。为配合该方法，我们构建了包含分布式账本技术潜在安全威胁、已知攻击类型及其应对措施集的数据库。本研究采用半系统性文献综述结合方法工程学手段，开发了可供组织评估其分布式账本应用网络安全风险的方法体系。该方法随后在三个案例研究中得到验证，结果表明该方法能够有效帮助这些组织实施针对分布式账本应用的安全风险评估。