The 5 Ways You Can Attack a Blockchain was written by David Akilo, and it’s included in issue #12 of 21Cryptos Magazine. To read more articles like this subscribe today. To read other free articles check out our Magazine category. Follow us on Instagram, Facebook and LinkedIn.
This article is from an earlier date and as such can contain figures that were actual at time of writing.
Blockchain is often described as an ‘immutable ledger’, a means to guarantee security and trust without a third party, a secure means to transact. What is less often mentioned, however is the multiple means by which a blockchain is potentially vulnerable to a range of attacks – many of which have been carried out successfully over the years across different networks.
Bitcoin and other cryptoassets solve the double spend problem. This means that if Alice has 1 BTC and spends it, she cannot respend the same BTC. However, the valuable nature of cryptoassets means that a great deal of resources have been expended trying to achieve double spend attacks which allows attackers to spend the same BTC multiple times.
There are a number of different types of double spend attacks. The most well known attack, the 51% attack sees a bad actor control a majority of hashpower on the network (be it mining or otherwise, depending on consensus algorithm used). This lets them mine blocks quicker than the rest of the network combined, meaning that their chain becomes the legitimate chain.
As a result, the attacker could use this to target exchanges, by sending Coin 1 to an exchange, exchanging for Coin 2 and withdrawing, before subsequently publishing a longer fork for Coin 1 which invalidates the original transaction and leaves them in possession of both their original Coin 1 as well as the newly acquired Coin 2.
There are other types of double spend attacks, such as the Finney and Race attacks, as well as the Withhold attack. All work along similar principles but the former two can be largely negated if the recipient waits for several block confirmations (Bitcoin merchants, for example, are advised to wait six blocks before they feel confident that a transaction is unlikely to be reversed) while the latter’s effectiveness depends on hashpower controlled and the amount of confirmations a merchant waits – the less confirmations they wait and the more hashpower controller, the higher the chance of a successful attack.
Other than simply waiting for multiple confirmations, networks prevent double spend attacks in a number of ways. Primarily, consensus algorithms reject duplicate transactions (to prevent accidental double spends). As such, double spend attacks are usually only possible when used in conjunction with another attack. As with many of the attacks listed below, the greatest preventative measure lies in the size of a network – the more overall hashpower on a network, the harder it is for a single party to outmine the rest of the network on a separate chain or to control 51% of the mining power.
Of course, although there are projects aiming to achieve otherwise, if one participant does manage to control over 50% of the hashpower then it is essentially impossible to guard against a double spend attack – their chain becomes the chain.
Denial of Service
Another commonly touted benefit of blockchain is the distributed network, which ensures if one node goes down then the network will continue to function. But what if someone was able to target the whole network?
This is the basis of a Denial of Service (DoS) attack, in which the network comes under an attack aiming to degrade service. One way to do this involves flooding the network with huge numbers of empty transactions, which causes a blockage like effect. Successful attacks can subsequently back up the rest of the network which can take hours if not days to unblock, as well as causing transaction costs to rise as users outbid one another to get their transactions processed.
Networks prevent such attacks through a number of measures, most obviously through charging for transactions. This fee, even if small, increases the cost of an attack because it forces the attacker to spend significant sums on creating multiple transactions simultaneously. The limited size of each block also prevents an attacker from creating large and difficult to process blocks.
However, this has not stopped successful DoS attacks from being implemented in the past due to coding oversights which allowed attackers to create free or extremely cheap transactions. This was most noticeably seen in the SUICIDE attack on the Ethereum network, in which malicious actors were able to take advantage of an exploit which allowed them to create free transactions.
A network split attack is where, as the name suggests, a malicious actor splits the network into two separate chains. This then lets them double spend, by spending the same asset on both chains. When the chains reconnect, the transaction on the smaller of the chains will be discarded. The most dangerous network split is if a significant chunk of hashpower is cut off from the rest of the world and especially if a majority is isolated.
Network splits fall can be either physical splits or achieved through routing. A physical split can either be intentional or accidental – for example, a network split would occur if a country’s internet connection was suddenly severed from the wider world. A routing attack, meanwhile, would be where IP prefixes of miners are appropriated and redirected to mine a separate chain.
Network splits are difficult to prevent, because attackers can address weaknesses which are not confined to a network itself – the underlying infrastructure (such as internet cables) or routing protocols (known as the Border Gateway Protocol). However, this is also what makes them difficult to implement. Even if there is a split in the network, it would be hard to achieve on a large scale without those affected becoming aware of the split.
One of the most basic attacks is known as a Sybil attack. Sybil attacks are not confined to blockchains, and are achieved through a malicious actor managing to control enough accounts on the network to be able to seize control of it. From this vantage, they would be able to control which transactions are processed and the manner in which they are routed, as well as deanonymizing private transactions as they would be able to see both origination and end destination nodes, given sufficient control.
Sybil attacks are prevented through controlling the impact an attacker can achieve through simply controlling a majority of accounts. Even if an attacker controlled millions of accounts, it would be difficult to do much as a result because of the consensus algorithms networks use. For example, Proof of Work processes blocks according to a user’s hashpower – not how many accounts they have.
An Eclipse attack is a targeted attack against other users. It is achieved when an attacker manages to successfully isolate another node from the wider network. Once this is achieved, the attacker is able to present a false state of the network to said node, enabling them to then launch double spend attacks against them. The isolated node, unaware that the attacker has already spent their cryptoasset on the true chain, will accept payment as an honest transaction. Once the attack drops and the node reconnects to the wider network, they will see that the transaction was in fact voided and will emerge with nothing.
There are a manner of means by which blockchains prevent Eclipse attacks, many of which revolve around preventing nodes from being able to target specific nodes to connect to and by increasing the number of connections each node has.
Is any blockchain ever 100% safe from attack?
No. Rather, the goal of blockchains is to make the cost of an attack and the resources required to launch one as high as possible. Through this they can deter all but the most determined and well-funded attackers, as the financial returns make them hard to justify. However, an attacker with no concern for the financial cost (such as a state actor) would remain a threat.
As networks grow, so too do the costs to attack them. As such, an attack on a network like Bitcoin requires substantially more resources than a smaller one. This is why successful double spend attacks and DoS attacks have tended to be on smaller networks.
The composition of a network also alters the likelihood of an attack. For example, the more concentrated the miner supply is on a network, the easier it becomes to enforce an attack – because by rerouting or forcing offline one miner, even temporarily, an attacker can either co-opt or reduce the total network hashpower significantly.