Cybersecurity Challenges in Blockchain Technology: A Scoping Review

Blockchain technology (BCT) is an emerging technology. Cybersecurity challenges in BCT are being explored to add greater value to business processes and reshape business operations. This scoping review paper was aimed at exploring the current literature ’ s scope and categorizing various types of cybersecurity challenges in BCT. Databases such as Elsevier, ResearchGate, IEEE, ScienceDirect, and ABI/INFORM Collection (ProQuest) were searched using a combination of terms, and after rigorous screening, 51 research studies were found relevant. Data coding was performed following a framework proposed for scoping review. After careful analysis, thirty di ﬀ erent types of cybersecurity challenges in BCT were categorized into six standardized classes. Our results show that most of the studies disclose cybersecurity challenges in BCT generally without pointing to any speci ﬁ c industry sector, and to a very little extent, few papers reveal cybersecurity challenges in BCT related to speci ﬁ c industry sectors. Also, prior studies barely investigated the strategies to minimize cybersecurity challenges in BCT. Based on gap identi ﬁ cation, future research avenues were proposed for scholars.


Introduction
With the advancement of technology, cybersecurity has gained immense importance in research. Cybersecurity issues are growing exponentially across different sectors operating in the business world [1]. Big companies are focusing more on when there will be a cyberattack rather than if there will be an attack [2]. Companies are urging governments to combat cybersecurity attacks [3] as these cybersecurity issues are causing extreme financial losses [4]. A study disclosed that cyberattacks had a severe impact on companies [5], and 61% of small and medium enterprises have suffered cyberattacks [6]. Similarly, another study revealed that cybersecurity risks, like data breaches and disclosure of confidential data, are on the rise due to the increased use of cloud technologies and online applications [7].
One of the critical emerging technologies in recent years is blockchain technology (BCT) [8]. BCT is a distributed database where all assets (tangible or intangible) are digitally encoded. This digital encoding helps easy registering, track-ing, and trading through private keys provided on the blockchain [9]. Also, research depicts that blockchain is playing an essential role in achieving decentralized information technology [10]. BCT is considered one of the most significant and emerging technology in the recent computing paradigm ( [11] [12]). Similarly, another study highlights that BCT is a new and emerging technology that provides additional security to information system applications. At the same time, BCT is facing an increasing number of cyberattack challenges [2]. Blockchain technology is one of the most popular technologies allowing transactions to be more transparent than traditional centralized systems. This technology can help organizations manage and distribute digital data by using mutually distributed ledgers. Literature shows that blockchain technology has four key components. These components include nonlocalization (decentralization), security, auditability [13], and smart execution [14]. This technology initially focuses on sharing and executing digital events among given blockchain.
Furthermore, there are many advantages of using BCT. However, it still has many associated risks [2]. One of the major advantages of using BCT is a decentralized system. A decentralized system works without involving any third party or core administrator [15]. Also, any data entered in the BCT system cannot be altered or deleted which helps in ensuring transparency and immutability [15]. Furthermore, BCT system processing is much faster as compared to traditional systems. BCT system reduces processing time from 3 days to approximately several minutes or even seconds [16].
However, despite these advantages, BCT has many associated risks and disadvantages. BCT systems consume high energy as a substantial amount of computer power is required to keep a real-time ledger and ensure transparency. Also, BCT systems have a significant amount of initial capital costs [16]. Most importantly, the BCT system has a high risk of external cybersecurity threats including 51% attacks, double-spending attacks, and Sybil's attacks [15]. A recent study claims that BCT is prone to multiple cybersecurity attacks [17]. Cyberattack is a critical challenge in all business sectors and is increasing day by day [3]. In other words, without a good understanding of these multiple cybersecurity challenges in BCT, companies cannot adopt BCT successfully. A study reported many different cyberattacks, resulting in system breakdowns like data losses, password hacks, and information stealing through emails [2,3] [17,19,67]).
Although BCT adoption is increasing due to its unique features, most of the existing literature still reveals concerns about cybersecurity in adopting this system [1,4,17]. Also, BCT is still considered a new and emerging area of research in literature. In this regard, we suggest that many questions regarding cybersecurity challenges and their classification in BCT must be addressed so that research scholars and practitioners understand not only cybersecurity challenges in BCT in general but also specifically prioritize the major types of cybersecurity challenges that can be proven too fatal for the BCT system. Also, as the cybersecurity challenges literature in BCT is rapidly increasing, we found it the right time to grab this novel research opportunity to conduct a scoping review on this topic, identify research gaps through analysis of current research literature, and suggest future implications. More precisely, this scoping review focuses on providing a deeper understanding of current literature and the gaps regarding key cybersecurity challenges reported in BCT literature and then suggesting future opportunities for research scholars working in this area. This paper is structured as follows: The next section discusses the scoping review methodology used for this research study to ensure rigor and reliability. The following section discloses our analysis and findings based on the review. The last section of the paper discusses results and identifies gaps and future implications.

Methodology
In the scoping review methodology, we followed the framework provided by Arksey and O'Malley [20] and Levac et al. [21]. This framework is adopted to ensure the study follows high precision, consistency, and reliability [22]. There are different phases to be followed in a scoping review. However, conducting a scoping review is completely different from traditional systematic literature reviews. The systematic literature review focuses on previous empirical study findings on an already mature topic to answer questions like what is best for this research area, whereas, in a scoping review, the researcher focuses on an emerging topic to report the initial literature size, identify gaps, and propose research agendas accordingly for future implications [23]. As literature states that BCT is an emerging topic [2,11], a scoping review has been chosen for studying this topic rather than a systematic review methodology. The five-phase scoping review methodology which will be followed for this study is shown in Figure 1.

Developing a Review
Protocol. An extensive review protocol is developed in the first phase and followed throughout the scoping review stages. In scoping review, protocol serves more like a guiding tool than a rigid process and can be modified according to the study fit. This phase involves identifying the research question, search criteria, overall scope of the study, inclusion and exclusion criteria, conceptual framework, data extraction, defining each team member's roles and responsibilities, data analysis methods, and work plans. The research question includes the following: (1) What cybersecurity issues in BCT have been investigated in the current literature? (2) What significant gaps are identified in this current literature? and (3) What are the examples of future implications for cybersecurity challenges in BCT?
The scope of the paper is threefold: (1) to provide an upto-date literature review of the existing research, contributing to the development of a standard body of knowledge, (2) to report the research gaps identified from the findings based on previous literature, and (3) to reveal future research avenues for research scholars. Furthermore, from a practitioner viewpoint, the paper is of significant value for companies, especially for companies planning to adopt BCT, also for information systems practitioners seeking to implement BCT in their business operations.
2.2. Searching the Literature. Major databases were searched and reviewed for this study to reveal complete literature work. The databases included Elsevier, ResearchGate, IEEE, ScienceDirect, and ABI/INFORM Collection (ProQuest). Citations and publications from these databases were sorted from the years 2017-2022 to identify the most recent literature for inclusion. Final keywords were selected for the review after each team member carried out a pilot test using these databases independently. The frequently used keywords after multiple discussions and test rounds among team members include "Cybersecurity", "Cyber-security", "Cyber security", "Blockchain technology", and "Challenges". There was no time restriction for searching keywords to ensure more literature coverage and selecting accurate keywords. After searching the keywords mentioned above using Boolean operators, 31 papers were acquired from Elsevier, 48 from ResearchGate, 40 from IEEE, 59 from ScienceDirect, and 27 from ABI/INFORM Collection (Pro-Quest). Boolean operators AND and OR were used as shown in Figure 2. A total of 202 papers were initially considered.

Screening Papers.
After initially identifying papers for the review, all team members schedule a meeting and applied the inclusion and exclusion criteria on six out of 205 papers for training purposes. The six papers were chosen randomly. This step was done to ensure that all team members have a common understanding of the inclusion and exclusion criteria, and no significant paper has been removed from the review. To continue for further analysis in this phase, each team member ensured that the paper should answer one of the above-stated research questions in phase one. For inclusion and exclusion from the research studies revealed after searching the above keywords, we followed the recommendation provided in the literature [21] as selecting studies after refining is critical for the scoping review study. All 205 research papers were screened by two team members independently. After filtering papers, both members compared and confirmed the results. Then, the third member reviewed these papers and made the final decision. This cross-checking of documents helps in ensuring validity for the review process. During this screening of papers, the whole team met, discussed, and refined the search criteria multiple times. At the above point, after some screening of the studies by each of the authors independently and working in teams, an in-depth analysis of primary studies was carried out after exploring the literature review's relevance; conclusive studies are selected for the research study. This cross-checking of papers among team members helps in adding more reliability to this phase. During the paper screening, we found duplicate research papers. Then, after thorough research and considering limitations, including the availability of papers in the English language, same studies, and topic-based exclusion, research studies were screened as illustrated in Figure 3. Finally, at this step, the investigation continued with a total of 51 papers.

Charting the Data.
A coding sheet was created to extract relevant data from all selected papers in this phase. The coding sheet was created in excel with columns consisting of information about each selected paper. The first simple information sheet includes the name of publication, year of publication, the paper's title, author name, and type of paper. Another core information sheet was developed consisting of research questions, names, and summarised explanations of each of the cybersecurity challenges reported, and ideas for future implications were collected. Then, similar cybersecurity challenges reported in all 51 selected research papers were highlighted with one specific color to make it easier for team members to code and develop themes. A total of 30 cybersecurity challenges were identified from all selected papers. Our main goal is to report all BCT cybersecurity challenges based on the selected papers' current literature. All team members worked together on all selected papers coding and thematic analysis to ensure similar understanding and avoid bias and error in the scoping review process. We adopted a framework at this stage for this review [24]. In this framework, the data is structured by dividing it into themes and significant categories. We used this framework and adopted the main heading proposed by Salvato and Corbetta [24] named as follows: (1) 1st-order data: this includes the descriptive summarised explanation of each of the cybersecurity challenges in BCT reported in the selected papers from the core information sheet developed by team members, (2) 2nd-order themes: this includes the cybersecurity challenges themes in BCT identified from 1st-order data, and (3) aggregated 2nd-order data dimensions: this includes the standardized classification of all 30 cybersecurity challenges themes identified in the 2nd-order data as shown in Figures 4 and 5. A separate third information sheet was developed for this framework to avoid any errors in classifying cybersecurity challenges in BCT. However, all papers were coded independently by each team member, and all disagreements were discussed and reviewed to make a final decision regarding theme development and standardized classification.
2.5. Data Analysis. All team members shared and worked together to develop the coding sheets and perform the thematic analysis. Like other scoping review papers, descriptive standardized classification of similar cybersecurity challenges was conducted under one central theme to depict the nature and scope of the current review. After conducting a rigorous scoping review by following recommendations given by [23], our significant findings are given in the following section of the paper.

Publication
Year. Papers included for the scoping review were published between 2017 and 2022 to inform the trends from the most recent literature. Also, BCT is new, and cybersecurity issues in BCT gained fame recently after organization's interest was found in the adoption and implementation of BCT. To report exact percentage, 6% of papers were published in 2017, 10% of papers were published in 2018, 27% of papers were published in 2019, 22% of papers were published in 2020, and 24% and 12% of papers were published in 2021 and 2022, respectively. A pictorial representation of primary studies found from each year is shown in Figure 6. 3 Human Behavior and Emerging Technologies 3.2. Publication Type. The publication type of selected research papers for this review depicts that 84% of the paper sample are included from peer-reviewed journals, whereas 16% of paper samples are from conference proceedings as shown in Figure 7. Based on publication year and publication type, it can be said here that there is a gradual increase in journal papers publications regarding this topic after the year 2017. Hence, it can be predicted that the topic is of interest to practitioners and has potentials for future researchers to work in this emerging research area.
3.3. Nature of Industry Types. Figure 8 depicts the nature of the type of industry in which cybersecurity security challenges in BCT have been explored. It shows that 57% of the sample studies have explored cybersecurity challenges in BCT generally without specifying the nature of industry type, whereas 24% of the studies have focused on healthcare and smart cities. 6% of the studies have chosen to study energy sector, and 8% of the studies have chosen supply chain and energy sectors. Others include oil and gas, accounting and finance, and the agriculture sector. Based on the above facts and figures, it can be predicted here that there is a need for research on cybersecurity challenges in BCT in oil and gas, accounting and finance, agriculture, gov-ernment, supply chain, and energy sectors. In other words, specialized studies highlighting cybersecurity challenges in BCT focusing on specific industry types are lacking in the literature.

Cybersecurity Challenges in BCT.
A thematic analysis using a framework adapted from Salvato and Cobetta [24] was done. Summarised explanations of each of the cybersecurity challenges were written as 1st-order data, and then, themes for each of these descriptions for cybersecurity challenges in BCT were developed as 2nd-order themes. This was done after careful considerations and repeated independent analysis by each group member, as discussed in Methodology, to ensure the rigor and validity of the review. The final results reveal a total of six standardized cybersecurity attacks, which are reported as the most common and fatal while implementing and adopting BCT depicted named as aggregated 2nd-order dimensions. Figures 4 and 5 show the detailed description of the thematic analysis of cybersecurity challenges in BCT. Table 1 represents an overview of these thematic findings, relating the literature references within each cyberattack category. The left column represents the six standardized classes of cyberattacks in BCT. The middle column shows all themes developed using    Human Behavior and Emerging Technologies literature descriptions for that cyberattack. The right column shows the literature references for each of the themes and standardized class.
3.5. Nature of Cybersecurity Attacks. 80% of the research studies included in our sample reveal malleability attacks as the most common cybersecurity challenge in BCT. Following this are the wallet security attacks and 51% attacks as the most common cybersecurity challenges in BCT with 33% each, respectively. The other significant cybersecurity attacks reported in BCT in our sample are smart contract loophole attacks, double-spending attacks, and system errors attacks. A pictorial representation of sample studies reporting cybersecurity challenges in BCT for each of the themes is shown in Figure 9.

Human Behavior and Emerging Technologies
solutions for various cybersecurity challenges in BCT reported in their research papers, whereas 82% of the sample studies do not provide any solutions for these reported cybersecurity challenges in BCT. The studies reported multiple-signature technique, oyente, smart check, routine audits, automation of blockchain incident response, use of hot wallets and cold wallets, end-to-end product life cycle reviews, regulatory compliance, and blockchain providers selection as few solutions for these above-reported cybersecurity challenges in BCT. However, still, there is a need to explore more practical solutions for these challenges. Based on this finding, it can be said here that there is a need for research studies exploring solutions to these wide ranges of cybersecurity challenges reported in BCT in several research papers.

Discussion
The results of this scoping review reveal the current literature on cybersecurity challenges in BCT and highlight the most reported cybersecurity attacks in the BCT. The study's findings reveal that there is still a need for in-depth and extensive research studies to be explored in this area. Most of the research currently reports cybersecurity challenges in controlling or exploiting a computer system without permission   Furthermore, based on the above analysis, there are many research gaps in the current literature on cybersecurity challenges in BCT. We will reveal a few significant gaps identified from the results of our current sample. Firstly, based on our analysis, 80% of the sample studies have pointed out malleability attacks as a significant cybersecurity challenge in BCT. Also, the literature points out that malleability attacks are harmful and can hinder a blockchain system's performance [4,48]. For instance, Accenture [66] reported that a $2.4 million loss could occur due to these malicious attacks. There are no available preventative strategies in place to address this issue. Therefore, we strongly encourage researchers to investigate and design strategies to minimize malicious attacks when adopting and implementing BCT based on empirical studies. This will enrich our collective understanding and knowledge about coping with malicious attacks in BCT. Also, these strategies will be of great benefit for practitioners in various sectors who desire to adopt and implement BCT. Furthermore, analysis reveals that more than 60% of studies reported 51% attacks and wallet security attacks as fatal cybersecurity challenges in BCT adoption. Therefore, it is a timely opportunity for researchers to design strategies exclusively for each of these attacks identified in BCT to help fill the current research gap.
Secondly, there is also a lack of industry focus studies examining the cybersecurity challenges in BCT. Our analysis depicts that half of the current literature sample points out cybersecurity challenges in BCT without specifying any industry. Therefore, knowledge about cybersecurity issues in BCT in specific industry sectors is rather insufficient. Results reveal that only 6% of sample studies focused on agriculture, accounting and finance, and oil and gas sectors. Therefore, we suggest that future studies should exclusively investigate cybersecurity challenges in BCT associated with each industry sector. This will help enrich the current literature by fulfilling this research gap but will also be helpful for practitioners who are searching for cybersecurity challenges in BCT related to their specific industry type.
Finally, there is a need for more research studies providing solutions to these identified cybersecurity challenges in BCT adoption. Indeed, the challenges have been explored by most of the authors. However, solutions for these cybersecurity challenges have not been investigated extensively. We posit the need for more empirical research studies at this stage of knowledge development in the field of cybersecurity challenges in BCT. Proposing solutions for cybersecurity challenges in BCT based on scientific investigations is an interesting research opportunity and significant and relevant in BCT adoption. Novel research studies might help the researchers to develop better solutions for these reported cybersecurity challenges in BCT adoption.
We analysed and interpreted the scoping review with great caution. However, the study has few limitations. Firstly, the study search strategy is only limited to English language papers. After an independent search by each team member, we only found one paper in a language other than

Human Behavior and Emerging Technologies
English considering our keyword search and databases. Secondly, selection bias can also be a limitation for the current scoping review. Although we searched for papers from dif-ferent databases which are commonly used, there are still chances that we missed some research papers on this topic published in other databases.

Conclusion
The main goal of this scoping review was to determine the size, scope, and gaps in the current literature on cybersecurity challenges in BCT. Our results show that most of the study sample reveals cybersecurity challenges in BCT generally without pointing to any specific industry sector. Few sample papers reveal cybersecurity challenges in BCT related to specific industry sectors to a very small extent. Also, most of the prior literature was conceptual review-based studies and lacked extensive empirical research on this topic. Furthermore, prior studies barely investigated the strategies and solutions to minimize cybersecurity challenges in BCT adoption. The majority of the sample study points out that malleability attacks, 51% attacks, and wallet security attacks are the most common attacks while adopting BCT. However, the literature lacks an answer to what types of strategies can be implemented to avoid malleability attacks, 51% attacks, and wallet security attacks while adopting BCT in an organization. Based on our findings and gaps identified, we proposed some future implications on this topic. Future research scholars should focus on how and what types of questions to enhance current literature understanding on this topic. The reasons how these six commonly reported cybersecurity attacks revealed in this review could be tackled while adopting BCT should be researched further to minimize the impacts of these challenges while adopting BCT. Overall, it can be recommended based on this review that both research scholars and industry practitioners should work together to understand better and reveal solutions for these cybersecurity challenges identified during BCT adoption. Research questions like the best strategies to avoid cybersecurity challenges concerning one specified industry sector while adopting BCT need more extensive investigation.

Conflicts of Interest
The authors declare that they have no conflicts of interest.