2022 IEEE 7th International conference for Convergence in Technology (I2CT)
Pune, India. Apr 07-09, 2022
Exploring Security Threats on Blockchain
Technology along with possible Remedies
Sachin Sharma
Dept. of Computer Science
Pandit Deendayal Energy University
2022 IEEE 7th International conference for Convergence in Technology (I2CT) | 978-1-6654-2168-3/22/$31.00 ©2022 IEEE | DOI: 10.1109/I2CT54291.2022.9825123
Gandhinagar, India
iamsachin3110@gmail.com
Abstract—Being the center of commotion in recent times,
Blockchain Technology is on its way to bloom in the
technological world. With countless applications, even
governments and health facilities are adopting blockchain
technology into their applications because of the reliability and
security it is supposed to provide. Not to mention how it bought
about revolution in currency by making it possible for crypto-
currency to exist as introduced by Satoshi Nakamoto in his
ground-breaking paper. Unfortunately like every other
technology in existence, blockchain is also potentially
vulnerable no matter how secure it was meant to be designed.
We will take a look at such potential threats to the blockchain
technology in this paper, from seemingly human factors to
some technical aspects that are not too deep to understand for
anyone. We will also discuss about the possible remedies to the
explored threats to the blockchain technology.
Keywords—Blockchain Technology, Blockchain Security,
Cryptocurrency, Bitcoin, Threats
I. INTRODUCTION
A blockchain is a network of information “nodes” which
are registered securely on something known as a “distributed
ledger” and the information inside each node is duplicated in
all other nodes. Some basic features of blockchain includes
being decentralized, open-source, immutable, autonomous
and anonymity [13, 19]. The privacy issues and secure data
aggregation for wireless sensor networks and smart grids are
discussed in [14, 15, 16, 17, 18].
Blockchain can be categorized into public, private,
consortium and hybrid as shown in Fig.1. Public blockchains
are one in which all the nodes can have equal access to
blockchain thus these are also known as permissionless
blockchain. In contrast, private blockchain are governed by
one entity and are thus also called permissioned blockchain.
Consortium blockchain are like private ones but, it is
governed by group of organizations and not by a single
identity thus provides more room for decentralization than
private ones. Hybrid blockchains combine benefits of both
private and public blockchains, thus making it possible to
design a blockchain where ledger is accessible to all but the
modification is governed and centralized.
Fig. 1. Blockchain types
978-1-6654-2168-3/22/$31.00 ©2022 IEEE
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on September 01,2022 at 12:23:39 UTC from IEEE Xplore. Restrictions apply.
Kaushal Shah
Dept. of Computer Engineering
Pandit Deendayal Energy University
Gandhinagar, India
shah.kaushal.a@gmail.com
II. WORKING OF BLOCKCHAIN: OVERVIEW
Let’s look at working of blockchain from abstract view
followed by example of bitcoin’s proof of work mechanism.
Consider there are three blocks with addresses 1201, 1202
and 1203. The node 1202 wants to add/modify some
transaction.
1) The node 1202 will broadcast the message to all the
other nodes.
2) All the other nodes act as receiving node, and if the
message is proved correct and authentic.
3) To do this, consensus algorithms such as Proof of
Work and Proof of Stake are used to decide
authenticity and reliability of information.
4) If algorithm approves, then block will be then
stored on blockchain else rejected. In case of
success, block is replicated on 1201 and 1203
nodes.
One of the most popular use of blockchain is Bitcoin
cryptocurrency [1]. Let’s briefly go through it how it works.
1) Suppose a transaction is to be stored. It is
broadcasted to all the nodes into network and a
“hash” is generated based on something known as
difficulty which is predetermined by system. For
example, hash is prefixed by some number of zero.
If difficulty needs to be increased these number of
zeroes will be increased by system thus making it
more difficult to “solve” the hash. This hash is
SHA256.
2) Every node will use trial and error method to find
the number to the hash.
3) Whichever node is able to solve the hash will be
rewarded with some “bitcoin” for all the
computational power it has put into solving the
hash. This process is also known as mining.
4) Now since the node that solved the hash put into
efforts, it is considered to be valid transaction and
not just something that was put by malicious node.
5) This is how Proof of Work is carried out, and it has
been proven reliable in Bitcoin technology.
III. LITERATURE REVIEW
Below is summarized table of reference sources used.
Other than these, some online blogs and forums were also
1
 looked up into, which are referenced as and when needed maliciously created blockchain where the transaction X has
throughout the paper. not occurred. This gives unwanted profit to the attacker. [8]

TABLE I. SUMMARIZED RELATED WORK Larger networks are rather not much vulnerable to this
attack, given their sheer size. However, smaller blockchains
Author Title Summary are more likely to be affected. The prevention of 51% attack
can be done by using Proof of Stake rather than Proof of
Lin, Iuon-Chang A Survey of Provided
and Tzu-Chun Liao Blockchain Security introductory concepts
Work where the validation of a block depends on how many
Issues and Challenges regarding threats to coins a miner holds not by its computational power.
blockchain
2) The problem of Forking
Dasgupta, D., A survey of Provided threats
Shrein, J.M. & Gupta, blockchain from and their practical Since blockchain are decentralized, there is no central
K.D. security perspective impacts for example, body taking decision on behalf of all others. In such case,
in economy when a software upgrade is to be made and if for some
Nakamoto, Bitcoin: A peer- Revolutionary reason it is not agreed upon by all the nodes this becomes a
Satoshi to-peer electronic cash paper that introduced problem termed as “Forking” [3]. Basically, software upgrade
system concept of takes place for various enhancement reasons such as
cryptocurrency - improving the computing power, revising some policies, etc.
bitcoin
In case of forking, we may find any of these cases:
Zibin Zheng, An overview on Provided in-depth
Shaoan Xie, Hong- smart contracts: information about the 1) The new nodes of “upgraded” blockchain agrees
Ning Dai, Weili Chen, Challenges, advances smart contracts, some with the transactions of blocks sent by old nodes.
Xiangping Chen, Jian and platforms case study as well as 2) In this case, new nodes do not agree with the old
Weng, Muhammad threats
Imran nodes.
3) Similarly, old nodes may not agree with the
A. Sonnino, S. Replay Attacks This work
Bano, M. Al-Bassam and Defenses Against focused mainly on transaction made by newer nodes.
and G. Danezis Cross-shard Replay attacks and 4) Or for the last case, old nodes agrees to the
Consensus in Sharded how it can affect the transaction made by newer ones.
Distributed Ledgers consensus algorithm
from attacker point of
view The problem of forking can be divided into two
categories namely, Hard fork and soft fork. Hard Fork occurs
Wang H., Wang An Overview of This work
Y., Cao Z., Li Z., Blockchain Security explained blockchain
when upgrade is not compatible to previous version, so
Xiong G. Analysis attack threat vectors blockchain divides into 2 parts one with older ones, other
with examples with upgraded version. This also means new nodes will work
Vasileios The Impact of Explained how
with old nodes but this is already dangerous. Soft Fork is
Mavroeidis, Kamer Quantum Computing quantum computers when the new nodes and old nodes operate as different
Vishi, Mateusz D. on Present can change the entity. They would never approve work of each other but
Zych and Audun Cryptography landscape of “may” not cause problems.
Jøsang cryptographic world
we know today. 3) Faults in Smart Contracts
Smart contracts are simple (or complex) computer
IV. TYPES OF ATTACK ON BLOCKCHAIN programs, that run inside a blockchain as a node and also
As secure blockchain seems to be, there are some vectors participate in all the node activities including consensus
that may lead to its compromise. On positive side, mitigation algorithm [4]. These programs are useful when some set of
factors are also available for some of them. In this section, rule needs to be maintained, for monitor purposes or maybe
we will be discussing basic attacks on blockchain to carry out basic automation regarding transactions. Since
technology. these are just computer program in the end, they are
vulnerable to various attacks such as a basic buffer overflow,
1) The 51% rule string format, some bypasses, logical errors, business errors,
The 51% Rule is when a single entity has control of etc.
about 51% of total computational power available in These have been exploited in past such as in case of
blockchain [2]. This can cause exploitation such as in case of DAO [7]. DAO is Decentralized Autonomous Organization.
double spend. Double spend is a problem native to digital Created back in 2016, it was developed on Ethereum
currencies so we will take example of blockchain. An platform that used currency known as ethers. Investors used
attacker would first create an isolated “stealth” blockchain of to pay Ethers to DAO for certain startups made on same
its own. Later he/she decides to spend an amount X, it gets platform. But a notorious hacker was able to exploit the
registered on the original blockchain but it is not registered smart contract handling the transactions and was able to steal
on the isolated blockchain that is just created. Thus, at a around $50M USD worth of Ethers. Unfortunate enough,
point when attacker has much more computational power there was no way to make system perfectly functional again
and is able to make this isolated blockchain longer than other than going back to a point before attack, create a new
original the 51% rule comes into play. Blockchains are fork and make all non-malicious nodes agree to use newly
designed to follow the majority hence following the longer formed blockchain. Smart Contracts related flaws can be
blockchain. Attacker would then suddenly broadcast isolated mitigated by code analysis and testing before deployment in
blockchain on original one and since it is now bigger and crucial environment.
longer than original, all the original nodes will join the

Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on September 01,2022 at 12:23:39 UTC from IEEE Xplore. Restrictions apply.
 4) Replay Attacks
Replay attacks sound simple but they are very dangerous
for technology such as Blockchain because of its transparent
and distributed nature. In such attacks, an attacker is able to
resend some already used credentials on the network and it is
validated by all the nodes again and again without realizing
they have done it previously. To avoid such attacks a simple
way is to use a “nonce” token [6] and keep it recorded, or
best, simply use a timestamp with expiry and validity of
nonce token.
5) Eclipse Attacks
Eclipse attacks are a type of attack in which an attacker
attempts to isolate a target from the rest of the network by
monopolizing all of the target’s incoming and outgoing
connections. Typically, this results in that particular node
being cut-off from network for significant amount of time or
is unable to co-operate with rest of nodes [5]. This allows the
attacker to corrupt the targets view of the blockchain, force it
to waste compute power, or subvert the target’s compute
power for malicious purposes. Evident enough from Fig.2,
these attacks are prevalent on Peer-to-Peer networks.
It can be prevented in number of ways. One way is
Random Node selection, where the connections between
nodes are randomized rather than connecting to same set of
nodes every time. This makes it difficult to “isolate” a node
or take advantage. There is Deterministic Node selection
method which is opposite of Random Node. Other than these
two solutions, the number of peer-to-peer connections can
also be increased which will increase probability of node
connecting to legitimate node. But this has clear
disadvantage of bandwidth consumption.
Fig. 2. Pictorial representation of eclipse attack
6) Malware Attacks
Malware have been threat to cyber security since the
beginning. In case of blockchains, they have indirect threat.
Using malware, it is possible to infect multiple hosts inside a
chain and thus potentially makes new way of exploitation
possible. Just imagine a malware used for infecting nodes in
blockchain and later a 51% attack is carried out, that sounds
very alarming. Another use case of malware attacks, crypt-
miners. Infected systems can unknowingly dedicate their
resource consumption and energy for mining of
cryptocurrency and later transfer the benefit to the attacker
which is clearly illegal. Such systems become slow, and
sometimes may result in hardware failure for end users.
Mitigation measures for these attacks are to be carried
out by users themselves. General measures include keeping
operating systems and software up-to-date, using quality
Anti-Virus Software, taking care of own credentials and not
disclosing it to unknown entities, etc.
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on September 01,2022 at 12:23:39 UTC from IEEE Xplore. Restrictions apply.
7) Quantum Computing
The very existence of Quantum Computers will threaten
every security principle we know today. This may very well
cause something known as “Cryptographic Apocalypse”
where secrets generated using mathematics may not hold
unbreakable anymore [12]. By means of all the previous
discussion it is clear how important hashes are for both
signature purpose and from consensus algorithm point of
view, with them at verge of being broken cryptographic
functionality of blockchain will be definitely affected. All the
consensus algorithms such as PoW and PoS becomes no
longer reliable with this threat to SHA-256 hashes. This is
how dangerous of threat Quantum computers possess to
future of security.
Fortunately, US National Institution of Standards and
Technology (NIST), is in process to develop something
known as Post Quantum Cryptography or PQCrypto. It is
expected to be developed between 2022-2024 and will
probably be able to deal with problems related to quantum
computing in cryptography.
V. CONCLUSIONS
Blockchain technology is undoubtably capable of
bringing revolution in several departments. With the
Artificial Intelligence and Machine Learning opening ways
for advancements, blockchain is one of most anticipated
contenders. With its application varying from personal use,
to government use and even as far as forming a
cryptocurrency it has been targeted in past since its
introduction and will be targeted in future as well.
While some factors do not directly affect the security of
blockchain and are dependent on external agents such as
users themselves, the mitigations for blockchain specific
problems need to be solved as it will soon be the need of the
hour. Fortunately, since its introduction, it has protected
itself throughout the times. As for the big knock-over, in
which the whole system is taken down, we can say that the
probability is low. But it is not zero.
REFERENCES
[1] Nakamoto, Satoshi. "Bitcoin: A peer-to-peer electronic cash
system." Decentralized Business Review (2008): 21260.
[2] Lin, Iuon-Chang and Tzu-Chun Liao. “A Survey of Blockchain
Security Issues and Challenges.” Int. J. Netw. Secur. 19 (2017): 653-
659.
[3] Dasgupta, D., Shrein, J.M. & Gupta, K.D. A survey of blockchain
from security perspective. J BANK FINANC TECHNOL 3, 1–17
(2019). https://doi.org/10.1007/s42786-018-00002-6
[4] Zibin Zheng, Shaoan Xie, Hong-Ning Dai, Weili Chen, Xiangping
Chen, Jian Weng, Muhammad Imran, “An overview on smart
contracts: Challenges, advances and platforms”, Future Generation
Computer Systems, Volume 105, 2020, Pages 475-491, ISSN 0167-
739X, https://doi.org/10.1016/j.future.2019.12.019.
[5] Wang H., Wang Y., Cao Z., Li Z., Xiong G. (2019) An Overview of
Blockchain Security Analysis. In: Yun X. et al. (eds) Cyber Security.
CNCERT 2018. Communications in Computer and Information
Science, vol 970. Springer, Singapore. https://doi.org/10.1007/978-
981-13-6621-5_5.
[6] A. Sonnino, S. Bano, M. Al-Bassam and G. Danezis, "Replay Attacks
and Defenses Against Cross-shard Consensus in Sharded Distributed
Ledgers," 2020 IEEE European Symposium on Security and Privacy
(EuroS&P), 2020, pp. 294-308, doi:
10.1109/EuroSP48549.2020.00026.
[7] https://www.igi-global.com/article/understanding-a-revolutionary-
and-flawed-grand-experiment-in-blockchain/216950, Last Accessed:
23/10/2021
 [8] https://cipher.com/blog/how-blockchain-can-be-hacked-the-51-rule-
and-more, Last Accessed: 23/10/2021
[9] Efpraxia Zamani, Ying He, Matthew Phillips. (2020) On the Security
Risks of the Blockchain. Journal of Computer Information
Systems 60:6, pages 495-506.
[10] Xiaoqi Li, Peng Jiang, Ting Chen, Xiapu Luo, Qiaoyan Wen,"A
survey on the security of blockchain systems",Future Generation
Computer Systems,Volume 107, 2020,Pages 841-853,ISSN 0167-
739X, https://doi.org/10.1016/j.future.2017.08.020.
[11] doi: https://doi.org/10.1038/d41586-018-07449-z, Last Accessed:
19/10/2021
[12] Vasileios Mavroeidis, Kamer Vishi, Mateusz D. Zych and Audun
Jøsang, “The Impact of Quantum Computing on Present
Cryptography” International Journal of Advanced Computer Science
and Applications(ijacsa), 9(3),
2018. http://dx.doi.org/10.14569/IJACSA.2018.090354
[13] Lepore, C., Ceria, M., Visconti, A., Rao, U. P., Shah, K. A., &
Zanolini, L. (2020). A survey on blockchain consensus with a
performance comparison of PoW, PoS and pure PoS. Mathematics,
8(10), 1782.
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on September 01,2022 at 12:23:39 UTC from IEEE Xplore. Restrictions apply.
[14] Shah, K., & Jinwala, D. C. (2016, May). A secure expansive
aggregation in wireless sensor networks for linear infrasturcture. In
2016 IEEE Region 10 Symposium (TENSYMP) (pp. 207-212). IEEE.
[15] Shah, K. A., & Jinwala, D. C. (2017). Novel approach for pre-
distributing keys in WSNs for linear infrastructure. Wireless Personal
Communications, 95(4), 3905-3921.
[16] Shah, K., & Jinwala, D. C. (2018). Performance analysis of
symmetric key ciphers in linear and grid based sensor networks.
arXiv preprint arXiv:1809.06587.
[17] Shah, K., & Jinwala, D. (2021). Privacy preserving secure expansive
aggregation with malicious node identification in linear wireless
sensor networks. Frontiers of Computer Science, 15(6), 1-9.
[18] Shah, K. A., & Jinwala, D. C. (2018). Privacy preserving, verifiable
and resilient data aggregation in grid-based networks. The Computer
Journal, 61(4), 614-628.
[19] Patel, V., Khatiwala, F., Shah, K., & Choksi, Y. (2020). A review on
blockchain technology: Components, issues and challenges. In
ICDSMLA 2019 (pp. 1257-1262). Springer, Singapore.