CrowdStrike is a reminder why Bitcoin's decentralised network is Web3's blueprint

What was the CrowdStrike incident?

On 19 July 2024, something occurred which might be considered the biggest IT outage in history – it affected millions of Windows systems worldwide and infrastructures of industries that depend on it such as healthcare facilities, government services, banks, and airlines. Millions of Windows systems failed and showed the notorious blue screen of death.  

The day before, CrowdStrike, a leading cybersecurity company, issued a software update that contained a significant fault that caused the outage. The company in question is the endpoint security vendor whose technology is based on the Falcon platform. The platform’s main aim is to safeguard systems against potential cyber threats and diminish risks that might arise. 

The IT outage triggered a massive disruption on a scale not seen before. The CrowdStrike incident grounded thousands of flights worldwide, halted medical procedures, and disrupted financial transactions.

It demonstrated what happens when we put all the eggs in one basket. Integrating the company’s Falcon technology into a wide array of critical industries and operations amplified the outage's effect.

Main causes of the CrowdStrike incident

As mentioned above, the outage was not done by hackers and it was not a flaw of Microsoft Windows directly, but rather a flaw in the CrowdStrike Falcon’s update that triggered the blue screens of death. Systems got stuck in the restarting mode because CrowdStrike’s software had a fault when interacting with Windows. Let’s explain this a bit more. 

Falcon gets into the Microsoft Windows OS as a kernel process which provides many privileges such as providing Falcon the ability to oversee operations in real time across the OS. There was a flaw within the Falcon sensor version 7.11 that caused it to crash; since it is hooked on the Microsoft Windows kernel, it all resulted in the crash of Windows systems. 

In other words, the flaw was inside a sensor configuration update which is known to regularly update to provide customers with risk mitigation and protection from cyber threats. 

There are a few key factors that contributed to the severity of the CrowdStrike incident such as deep system access, fast update deployment as well as a complex recovery procedure. The recovery process required manual intervention in data centres. 

Even though CrowdStrike’s software runs also on Apple’s macOS and Linux OS, these systems were not affected. The July update caused problems only to Microsoft Windows as the root problem was a faulty sensor configuration update, the channel file 291, that was not issued to macOS and Linux systems since the kernel process is not the same. 

What was impacted by the incident?

There was an estimation that approximately 8.5 million Windows devices were directly affected by the flawed update. Even though this represents less than 1% of Microsoft’s install base, the systems affected were those linked to critical operations. 

For instance, the outage affected airports and flights – it grounded thousands of flights around the globe which caused delays and cancellations of approximately 10,000 flights. The outage caused significant problems to multiple airports and airlines globally such as the Amsterdam Schiphol Airport, Zurich Airport, KLM, Porter Airlines and so on. 

Many countries reported severe disruptions in healthcare systems, mainly appointment structures, which also led to significant cancellations and delays. In some parts of the world, the outage also affected emergency services. 

Furthermore, the flawed update caused a diverse range of problems for centralised banking systems and other financial institutions. As payment platforms and similar technologies were affected directly, many people couldn’t get to their funds. 

Additionally, several other platforms and critical technologies were affected- for example, media and broadcasting services didn't work for a while as it was impossible to streamline operations until the flaw was fixed.

Is it time to re-evaluate cloud strategies?

As we have already stated – the magnitude of this outage was not seen before. It caused a broad disruption and stopped the operations of many systems used by people on a daily basis. The outage led us to rethinking strategies and why a single point of failure allowed.  

Several industry experts within the IT industry stated that a diversified approach to cloud strategies could help mitigate strategies and explain why a single point of failure was gating such risks. The reliance on a single cloud provider amplified the consequences of the flawed update. When the only provider is disrupted, it creates far-reaching implications that we witnessed on 19 July. 

Can it happen again?

After the outage, many industry experts got the same question: can it happen again? When asked about this possibility, they mainly answered that it can happen again. They added that the type of rollbacks and redundancies that need to be set out are not where they once used to be; in other words, to fix the problem, many systems still need to be rebooted manually. 

Microsoft stated that similar outages can happen in the future and that they won’t be able to prevent their occurrences. This big tech company blamed the European Commission also due to laying down a rule that enables third-party vendors to obtain full kernel access to the OS. 

Was Bitcoin affected by the CrowdStrike incident?

Bitcoin wasn’t affected by this big outage. Because of its decentralised nature and infrastructure and reliance on Linux-based frameworks, Bitcoin continued to operate without any additional problems. 

Therefore, while the entire world suffered from the big IT outage, Bitcoin was doing business as usual. Centralised structures such as banks have been out of business for hours because of the incident while the decentralised structure wasn’t affected. 

To gain a better understanding of the crypto world, take a look at available courses at our Learn Crypto Academy.

What about the broader crypto ecosystem?

Bitcoin was not the only one unaffected by the CrowdStrike incident. Much of the crypto industry appeared to be unscathed by the flawed update. For example, Binance, the Algorand Foundation, Pumpfun and Kraken have all stated that they have not been impacted by the incident. 

It was further reported that no crypto companies had any errors in their services on that day. The crypto community praised the whole crypto ecosystem for removing the single point of failure issue.

Is decentralisation the answer?

The crypto space built on blockchain technology provides many possibilities, especially in the domain of security, transparency, and overall efficiency. In other words, blockchain technology based on the concept of decentralisation and smart contracts can potentially prevent problems like the one caused by CrowdStrike’s update. 

To find out more about smart contracts, check out this article: 'What are Smart Contracts?'.

One of the main perks of the concept is that it removes the risk of a single point of failure, which was the main problem of the CrowdStrike incident. Blockchain technology has the potential to provide a higher level of resilience against such incidents. 

After the incident, many industry experts pointed out that the main issue lies in centralised control. They highlighted the example of Bitcoin miners who can quickly modify their power usage to support the grid. In other words, a decentralised system is based on flexibility, transparency, and efficiency which amounts to the infrastructure’s resilience. 

Centralised systems provide several advantages such as streamlined decision-making procedures and user-friendly management, but its disadvantages can have far-reaching consequences. The CrowdStrike incident demonstrated the vulnerability of centralised systems and why decentralisation could be a better choice. 

The crypto community often speaks of decentralisation and its significance. To learn more about this concept, we suggest reading this article: 'What is decentralisation & why is it important?'.

Even though the crypto space isn’t perfect and still has to deal with several challenges, its main benefits are worth considering when laying down a more robust and effective infrastructure. 

Could a Web3 solution prevent future failures?

As mentioned above, the entire ecosystem based on blockchain technology is not perfect; for example, it was highlighted that decentralised finance (DeFi) platforms on Web3 have become a target of interest for cyber-criminals because of the possibility to steal large amounts of crypto assets in a single attack. 

If you wonder why Web3 should replace Web2, why not read this article: 'What is Web3? Understanding how the decentralised web could replace Web2'.

However, when it comes to the management of several critical industries, blockchain technology and Web3 are quite beneficial. The Web3 ecosystems demonstrated stability and resilience during the CrowdStrike incident. 

All of this comes down to one concept– decentralisation. The nature of DeFi platforms founded on node-based decentralisation serves as a great tool against centralised outages. 

Institutional investments in the Web3 space have also played an important role in providing stability – with more institutions entering the decentralised ecosystems, security measures are being enhanced, along with expanding the user base. 

There are significant advantages provided by Web3 and blockchain technology such as decentralised storage solutions that distribute data across many nodes which makes it almost impossible to experience a single outage that can disrupt the entire system. 

Security is enhanced with the use of consensus mechanisms, along with the ability to implement decentralised cloud-based architectures.