Attacks on Blockchain

The blockchain isn’t really as secure as we tend to think. Though security is integrated throughout
all blockchain technology, even the strongest blockchains come under attack by modern
cybercriminals.
Blockchains can resist traditional cyber attacks quite well, but cybercriminals are coming up with
new approaches specifically for hacking blockchain technology.
Cybercriminals have already managed to misuse blockchains to perform malicious actions.
Ransomware attacks like WannaCry and Petya wouldn’t have been so massive if attackers hadn’t
received their rewards in cryptocurrencies.
In March 2019, white hat hackers found 43 bugs in various blockchain and cryptocurrency
platforms in just 30 days.

By attacking such huge networks as Bitcoin and Ethereum, cybercriminals show that they’re clever
enough to disprove the myth of blockchain security. Let’s consider the five most common
blockchain attack vectors:
1. Blockchain network attacks
A blockchain network includes nodes that create and run transactions and provide other services.
For instance, the Bitcoin network is formed by nodes that send and receive transactions and miners
that add approved transactions to blocks. Cybercriminals look for network vulnerabilities and
exploit them with the following types of attacks.

Distributed denial of service

Distributed denial of service (DDoS) attacks are hard to execute on a blockchain network, but
they’re possible.
When attacking a blockchain network using DDoS, hackers intend to bring down a server by
consuming all its processing resources with numerous requests. DDoS attackers aim to disconnect a
network’s mining pools, e-wallets, crypto exchanges, and other financial services. A blockchain can
also be hacked with DDoS at its application layer using DDoS botnets.

Transaction malleability attacks

A

transaction malleability attack is intended to trick the victim into paying twice. In the Bitcoin
network, every transaction has a hash that’s a transaction ID. If attackers manage to alter a
transaction’s ID, they can try to broadcast the transaction with a changed hash to the network and
have it confirmed before the original transaction. If this succeeds, the sender will believe the initial
transaction has failed, while the funds will still be withdrawn from the sender’s account. And if the
sender repeats the transaction, the same amount will be debited twice. This hack is successful once
the two transactions are confirmed by miners.
 Timejacking
Timejacking exploits a theoretical vulnerability in Bitcoin timestamp handling. During a
timejacking attack, a hacker alters the network time counter of the node and forces the node to
accept an alternative blockchain. This can be achieved when a malicious user adds multiple fake
peers to the network with inaccurate timestamps. However, a timejacking attack can be prevented
by restricting acceptance time ranges or using the node’s system time.

Routing attacks
A routing attack can impact both individual nodes and the whole network. The idea of this hack is
to tamper with transactions before pushing them to peers. It’s nearly impossible for other nodes to
detect this tampering, as the hacker divides the network into partitions that are unable to
communicate with each other. Routing attacks actually consist of two separate attacks:
 A partition attack: which divides the network nodes into separate groups
 A delay attack: which tampers with propagating messages and sends them to the network
 Sybil attacks
A Sybil attack is arranged by assigning several identifiers to the same node. Blockchain networks
have no trusted nodes, and every request is sent to a number of nodes. During a Sybil attack, a
hacker takes control of multiple nodes in the network. Then the victim is surrounded by fake nodes
that close up all their transactions. Finally, the victim becomes open to double-spending attacks. A
Sybil attack is quite difficult to detect and prevent, but the following measures can be effective:
increasing the cost of creating a new identity, requiring some type of trust for joining the network,
or determining user power based on reputation.
 Eclipse attacks
Eclipse attacks are a special type of cyberattack where an attacker creates an artificial environment
around one node, or user, which allows the attacker to manipulate the affected node into wrongful
action. By isolating a target node from its legitimate neighboring nodes, eclipse attacks can produce
illegitimate transaction confirmations, among other effects on the network.
Eclipse attacks involve a malicious actor isolating a specific user or node within a peer-to-peer
(P2P) network. When executing an eclipse attack, the attacker attempts to redirect the target user’s
inbound and outbound connections away from its legitimate neighboring nodes to attacker-
controlled nodes, thereby sealing off the target in an environment that’s entirely separate from the
actual network activity. By obfuscating the legitimate current state of the blockchain ledger, the
attacker can manipulate the isolated node in various ways that can lead to illegitimate transaction
confirmations and block mining disruptions.

Long range attacks on proof of stake networks

Long range attacks target networks that use the proof of stake (PoS) consensus algorithm, in which
users can mine or validate block transactions according to how many coins they hold.
These attacks can be categorized into three types:
1. Simple: A naive implementation of the proof of stake protocol, when nodes don’t check block
timestamps
2. Posterior corruption: Attempt to mint more blocks than the main chain in a given time frame
3. Stake bleeding: Copying a transaction from the honestly maintained blockchain to a private
blockchain maintained by the attacker
When conducting a long-range attack, a hacker uses a purchased or stolen private key of a sizable
token balance that has already been used for validating in the past. Then, the hacker can generate an
alternative history of the blockchain and increase rewards based on PoS validation.

2. User wallet attacks

To obtain wallet credentials, hackers try to use both traditional methods like phishing and dictionary
attacks and new sophisticated methods like finding weaknesses in cryptographic algorithms. Here’s
an overview of the most common ways of attacking user wallets.
Phishing
A phishing attack usually starts with an attacker sending out a mass email or message to potential
victims. It will often look like it is from a legitimate source, such as a wallet or cryptocurrency
exchange. The message almost always contains a link that leads to a fake website that looks
identical to the real one. Once the victim clicks on the link and inputs their login information, the
attacker uses it to access their account.
In 2018, there was an attack on IOTA wallets initiated with iotaseed.io (now offline), a fake online
seed generator. Hackers conducted a phishing campaign with this service and collected logs with
secret seeds. As a result, in January 2018, hackers successfully stole more than $4 million worth of
IOTA from victims’ wallets.
Dictionary attacks
During these attacks, a hacker attempts to break a victim’s cryptographic hash and salt by trying
hash values of common passwords like password1. By translating clear text passwords to
cryptographic hashes, attackers can find wallet credentials.
Vulnerable signatures
Blockchain networks use various cryptographic algorithms to create user signatures, but they may
also have vulnerabilities. For example, Bitcoin uses the ECDSA cryptographic algorithm to
automatically generate unique private keys. However, it appears that ECDSA has insufficient
entropy, which can result in the same random value in more than one signature. IOTA also faced
cryptographic problems with its old Curl hash function.
Flawed key generation
Exploiting vulnerabilities in key generation, the hacker known as Johoe got access to private keys
provided by Blockchain.info in December 2014. The attack happened as the result of a mistake that
appeared during a code update that resulted in poor randomness of inputs for generating public user
keys. Though this vulnerability was quickly mitigated, the flaw is still possible with the ECDSA
algorithm.
Attacks on cold wallets
Hardware wallets, or cold wallets, can also be hacked. For instance, researchers initiated an Evil
Maid attack by exploiting bugs in the Nano S Ledger wallet. As a result of this hack, researchers
obtained the private keys as well as the PINs, recovery seeds, and passphrases of victims.
One of the latest cold wallet attacks happened in 2019, when the UPbit cryptocurrency exchange
was transfering funds to a cold wallet. This is a common way to freeze crypto when you’re
expecting a cyberattack. The hackers managed to steal 342,000 ETH, apparently because they knew
the timing of the transaction.
Attacks on hot wallets
Hot wallets are internet-connected apps for storing private cryptographic keys. Though owners of
cryptocurrency exchanges claim they keep their user data in wallets disconnected from the web, a
$500 million attack on Coincheck in 2018 proved this isn’t always true.
In June 2019, an attack on GateHub resulted in unauthorized access to dozens of native XRP
wallets and the theft of crypto assets. Singapore-based crypto exchange Bitrue also experienced a
hot wallet attack at almost the same time due to a system vulnerability. As a result, hackers
managed to steal funds worth over $4.5 million in XRP and $237,500 in ADA.

3. Smart contract attacks

Smart contracts are simply programs stored on a blockchain that run when predetermined
conditions are met. They typically are used to automate the execution of an agreement so that all
participants can be immediately certain of the outcome, without any intermediary’s involvement or
time loss. They can also automate a workflow, triggering the next action when conditions are met.
The main blockchain security issues associated with smart contracts relate to bugs in source code, a
network’s virtual machine, the runtime environment for smart contracts, and the blockchain itself.
 Vulnerabilities in contract source code
If a smart contract has vulnerabilities in its source code, it poses a risk to parties that sign the
contract. For instance, bugs discovered in an Ethereum contract cost its owners $80 million in 2016.
One of the common vulnerabilities in Solidity opens up a possibility to delegate control to untrusted
functions from other smart contracts, known as a reentrancy attack. During this attack, contract A
calls a function from contract B that has an undefined behavior. In turn, contract B can call a
function from contract A and use it for malicious purposes.
Vulnerabilities in virtual machines
The Ethereum Virtual Machine (EVM) is a distributed stack-based computer where all smart
contracts of Ethereum-based blockchains are executed. The most common vulnerabilities of the
EVM are the following:
 Immutable defects: Blockchain blocks are immutable by nature, which means that once a
smart contract is created, it can’t be changed. But if a smart contract contains any bugs in its
code, they also are impossible to fix. There’s a risk that cybercriminals can discover and
exploit code vulnerabilities to steal Ether or create a new fork, as happened with the DAO
attack.
 Cryptocurrency lost in transfer: This is possible if Ether is transferred to an orphaned
address that doesn’t have any owner or contract.
 Bugs in access control: There’s a missed modifier bug in Ethereum smart contracts that
allows a hacker to get access to sensitive functionality in a contract.
 Short address attack: This is possible because the EVM can accept incorrectly padded
arguments. Hackers can exploit this vulnerability by sending specifically crafted addresses
to potential victims. For instance, during a successful attack on the Coindash ICO in 2017, a
modification to the Coindash Ethereum address made victims send their Ether to the
hacker’s address.

Also, hackers can compromise smart contracts by applying other methods that are typical for
compromising blockchain technology, including DDoS, eclipse, and various low-level attacks.

4. Transaction verification mechanism attacks

Unlike financial institutions, blockchains confirm transactions only after all nodes in the network
are in agreement. Until a block with a transaction is verified, the transaction is classified as
unverified. Verification takes a certain amount of time, which creates a vector for cyberattacks.
 Finney attacks
A Finney attack is possible when one transaction is premined into a block and an identical
transaction is created before that premined block is released to the network, thereby invalidating the
second identical transaction.
Race attacks
A race attack is executed when an attacker creates two conflicting transactions. The first transaction
is sent to the victim, who accepts the payment (and sends a product, for instance) without waiting
for confirmation of the transaction. At the same time, a conflicting transaction returning the same
amount of cryptocurrency to the attacker is broadcast to the network, eventually making the first
transaction invalid.
Vector76
Vector Attack 76 is executable when a dishonest miner, who has control over 2 full nodes of the
network, connect one of these (node A) directly with the service of an exchange. Then, the second
complete node (node B), interconnects it with other nodes that are well positioned within the
network of the blockchain. To know which nodes to connect to, the miner must watch when nodes
transmit transactions, and how they then propagate them to other nodes in the network. Thus, he
will be able to know which nodes are the first to transmit operations and will be able to connect
with the target service and with well-positioned nodes.
After establishing the necessary connections, the miner generates a valid block privately. At that
moment, create a pair of transactions, which will have different values, being a high value
transaction and a low value transaction. For example, the first transaction may be 25 BTC or more,
and the second transaction may be as low as 0.1 BTC. Subsequently, the miner keeps the mined
block on hold and assigns node A the high value transaction, that is, the 25 BTC transaction. This
will be the transaction that will be directed to make a deposit within the exchange service.
When the miner detects a block advertisement on the network, it immediately transmits the block
pre-terminated by it, directly to the exchange service, along with the recently generated block on the
network. This in the hope that the rest of the nodes will consider their block as valid and assume
them as part of the main chain. Thus, this block will be confirmed, and therefore, the 25 BTC
transaction that is included in it is validated.
Once the exchange service confirms the 25 BTC transaction, the attacker makes a withdrawal from
the exchange for the same number of cryptocurrencies that they deposited in the previous
transaction (25 BTC). The attacker then sends the second transaction created, the 0.1 BTC
transaction, to the network from node B. In order to create a fork that causes the network to reject
and invalidate the first transaction. If this fork survives, the first transaction with the 25 BTC
deposit will be invalidated, but the withdrawal will have been made. Therefore, the attacker will
have succeeded and the exchange will lose 25 BTC.

51% or majority attacks

A 51% attack is a potential attack on a blockchain network, where a single entity or organization is
able to control the majority of the hash rate, potentially causing network disruption. In such a
scenario, the attacker would have enough mining power to intentionally exclude or modify the
ordering of transactions. They could also reverse transactions they made while being in control -
leading to a double-spending problem.
A successful majority attack would also allow the attacker to prevent some or all transactions from
being confirmed (transaction denial of service) or to prevent some or all other miners from mining,
resulting in what is known as a mining monopoly.
The 51% attack is an attack on the blockchain, where a group controls more than 50% of the
hashing power, the computing that solves the cryptographic puzzle, of the network. This group then
introduces an altered blockchain to the network at a very specific point in the blockchain, which is
theoretically accepted by the network because the attackers would own most of it.
A 51% attack is a very difficult and challenging task on a cryptocurrency with a large participation
rate. In most cases, the group of attackers would need to be able to control the necessary 51% and
have created an alternate blockchain that can be inserted at the right time. Then, they would need to
out-hash the main network. The cost of doing this is one of the most significant factors that prevent
a 51% attack.
Major cryptocurrencies, such as Bitcoin, are unlikely to suffer from 51% attacks due to the
prohibitive cost of acquiring that much hashing power. For that reason, 51% attacks are generally
limited to cryptocurrencies with less participation and hashing power.
In addition to the costs, a group that attempts to attack the network using a 51% attack must not
only control 51% of the network but must also introduce the altered blockchain at a very precise
time. Even if they own 51% of the network hashing rate, they still might not be able to keep up with
the block creation rate or get their chain inserted before valid new blocks are created by the 'honest'
blockchain network.

5. Mining pool attacks

For major cryptocurrencies like Bitcoin, it has become impossible for individual miners to earn a
profit, so miners unite their computing power by creating mining pools. This allows them to mine
more blocks and each receive a share of the reward.
Mining pools represent a sweet target. Malicious miners try to get control over mining pools both
internally and externally by exploiting vulnerabilities in the blockchain consensus mechanism.

Selfish mining
Selfish mining refers to the attempts of malicious miners to increase their share of the reward by not
broadcasting mined blocks to the network for some time and then releasing several blocks at once,
making other miners lose their blocks. Possible measures for preventing this type of attack are
random assignment of miners to various branches of pools, preferring the block with a more recent
timestamp, and generating blocks within a maximum acceptable time. This type of attack is also
known as block withholding.
As a result of a selfish mining attack on the Eligius pool in 2014, miners lost 300 BTC. Selfish
mining has high chances of success and may happen with all cryptocurrencies. Possible preventive
measures include registering only trusted miners and making changes to the existing Bitcoin
protocol to hide the difference between a partial proof of work and full proof of work.