Все известные атаки: “Blockchain Attack Vectors & Vulnerabilities to Smart Contracts”


In this article, we will talk about all known attacks on the blockchain, as well as smart contract vulnerabilities. Blockchain isn’t really as secure as we tend to think. Though security is integrated throughout all blockchain technology, even the strongest blockchains come under attack by modern cybercriminals.

Blockchains can resist traditional cyber attacks quite well, but cybercriminals are coming up with new approaches specifically for hacking blockchain technology. In this article, we describe the main attack vectors against blockchain technology and take a look at the most significant blockchain attacks to date.

Cybercriminals have already managed to misuse blockchains to perform malicious actions. Ransomware attacks like WannaCry and Petya wouldn’t have been so massive if attackers hadn’t received their rewards in cryptocurrencies. Now, it looks like hackers consider exploiting blockchain security vulnerabilities as their main source of revenue.

In March 2019, white hat hackers found 43 bugs in various blockchain and cryptocurrency platforms in just 30 days. They even found vulnerabilities in such famous platforms as CoinbaseEOS, and Tezos.

However, weak spots are often challenging to detect, since they can be hidden in unobvious places. For instance, the Parity multisig wallet was hacked by breaking a library that had a withdraw function in it. The attacker managed to initialize the library itself as a wallet and claim owner rights to it. As a result, 573 wallets were affected, $30 million worth of crypto was stolen, and another $180 million rescued by a white hat hacker group was later returned to the rightful owners.

By attacking such huge networks as Bitcoin and Ethereum, cybercriminals show that they’re clever enough to disprove the myth of blockchain security. Let’s consider the five most common blockchain attack vectors:

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Blockchain Network Attacks

A blockchain network includes nodes that create and run transactions and provide other services. For instance, the Bitcoin network is formed by nodes that send and receive transactions and miners that add approved transactions to blocks. Cybercriminals look for network vulnerabilities and exploit them with the following types of attacks.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Distributed Denial of Service

Distributed denial of service (DDoS) attacks are hard to execute on a blockchain network, but they’re possible.

When attacking a blockchain network using DDoS, hackers intend to bring down a server by consuming all its processing resources with numerous requests. DDoS attackers aim to disconnect a network’s mining pools, e-wallets, crypto exchanges, and other financial services. A blockchain can also be hacked with DDoS at its application layer using DDoS botnets.

In 2017, Bitfinex suffered from a massive DDoS attack. It was especially inconvenient for the IOTA Foundation, which had launched their IOTA token on the platform the day before Bitfinex informed users about the attack. Three years later, in February 2020, Bitfinex experienced another DDoS attack just a day after the OKEx cryptocurrency exchange noticed a similar attack.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Transaction Malleability Attacks

A transaction malleability attack is intended to trick the victim into paying twice. In the Bitcoin network, every transaction has a hash that’s a transaction ID. If attackers manage to alter a transaction’s ID, they can try to broadcast the transaction with a changed hash to the network and have it confirmed before the original transaction. If this succeeds, the sender will believe the initial transaction has failed, while the funds will still be withdrawn from the sender’s account. And if the sender repeats the transaction, the same amount will be debited twice. This hack is successful once the two transactions are confirmed by miners.

Mt. Gox, a Bitcoin exchange, went bankrupt as the result of a malleability attack in 2014. However, Bitcoin seems to have solved this issue by introducing the Segregated Witness (SegWit) process, which separates signature data from Bitcoin transactions and replaces it with a non-malleable hash commitment to each signature.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Timejacking Attack

Timejacking exploits a theoretical vulnerability in Bitcoin timestamp handling. During a timejacking attack, a hacker alters the network time counter of the node and forces the node to accept an alternative blockchain. This can be achieved when a malicious user adds multiple fake peers to the network with inaccurate timestamps. However, a timejacking attack can be prevented by restricting acceptance time ranges or using the node’s system time.

The timejacking attack is also an extension of the Sybil attack. Each node maintains a time counter which is based on the median time of its peers, and if the median time differs from the system time by a certain value, then the node reverts to the system time. An attacker can flood the network with nodes reporting inaccurate timestamps, which can cause the network to slow down or speed up, leading to a desynchronization.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Routing Attacks on Cryptocurrencies

A routing attack can impact both individual nodes and the whole network. The idea of this hack is to tamper with transactions before pushing them to peers. It’s nearly impossible for other nodes to detect this tampering, as the hacker divides the network into partitions that are unable to communicate with each other. Routing attacks actually consist of two separate attacks:

  1. A partition attack, which divides the network nodes into separate groups
  2. A delay attack, which tampers with propagating messages and sends them to the network
Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Sybil Attacks in Cryptocurrency Mixers

Sybil attack is arranged by assigning several identifiers to the same node. Blockchain networks have no trusted nodes, and every request is sent to a number of nodes.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Figure 1. Sybil attack

During a Sybil attack, a hacker takes control of multiple nodes in the network. Then the victim is surrounded by fake nodes that close up all their transactions. Finally, the victim becomes open to double-spending attacks. A Sybil attack is quite difficult to detect and prevent, but the following measures can be effective: increasing the cost of creating a new identity, requiring some type of trust for joining the network, or determining user power based on reputation.

A sybil attack is defined by Wikipedia as “a type of attack on a computer network service in which an attacker subverts the service’s reputation system by creating a large number of pseudonymous identities and uses them to gain a disproportionately large influence.” If the network does not keep the count of the nodes, then the attacker can completely isolate the victim node from the network. The sybil attack on blockchain also works similarly, where an attacker tries to flood the network with their controlled nodes so that the victim only connects to the attacker controlled nodes. This can lead to a wide variety of damages where the attacker can prevent genuine blocks from being added to the chain, the attacker can add their own blocks to the chain, or they can cause confusion among the nodes, hampering the general functioning of the blockchain network.

In the above visual representation, the red nodes are controlled by the attacker, and they flood the network, making the victim connect only to a malicious node.


Sybil Attacks on Identity-Augmented Proof-of-Stake

IdAPoS is an identity-based consensus protocol for decentralised Blockchain networks that implements a trustless reputation system by extending Proof-of-Stake to facilitate leader selection in non-economic contexts. Like any protocol operating in a public/permissionless setting, it is vulnerable to Sybil attacks in which byzantine actors interfere with peer sampling by presenting artificially large numbers of identities. This paper demonstrates what influence these attacks have on the stability of member selection of a Blockchain system using the IdAPoS protocol and investigates how attacks can be mitigated. As a novel protocol, its vulnerability to this type of attack has not previously been researched. The research question is approached via an agent-based model of an IdAPoS system in which both honest and malicious actors are represented as agents. Simulations are run on some reasonable configurations of an IdAPoS system that employ different attack mitigation strategies. The results show that a super strategy that combines multiple individual mitigation strategies is more effective for containing Sybil attacks than the unmitigated protocol and any other individual strategies proposed. In the simulation this strategy extended the time until a system was taken over by a malicious entity approximately by a factor of 5. These positive initial results indicate that further research into the practical viability of the protocol is warranted

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Eclipse Attacks on Bitcoin

An eclipse attack requires a hacker to control a large number of IP addresses or to have a distributed botnet. Then the attacker overwrites the addresses in the “tried” table of the victim node and waits until the victim node is restarted. After restarting, all outgoing connections of the victim node will be redirected to the IP addresses controlled by the attacker. This makes the victim unable to obtain transactions they’re interested in. Researchers from Boston University initiated an eclipse attack on the Ethereum network and managed to do it using just one or two machines.

Eclipse attack arises in the blockchains, where the architecture partitions workloads and assigns tasks among the peers. As an example, if a chain has a node that has only eight outgoing connections and can support at most 128 threads at any given moment, each node has view access to only the nodes that are connected to it. The view of the chain for the victim node can be changed if an attacker attacks a specific node and gains control of the eight nodes connected to it. This can lead to a wide variety of damages that include double spending of the coins by tricking a victim that a particular transaction has not occurred, and also the attacks against the second layer protocols. The attacker can make the victim believe that a payment channel is open when it is closed, tricking the victim to initiate a transaction. The following diagram demonstrates a node under Eclipse attack.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Figure : Eclipse Attack

In the above visual representation, the red nodes are controlled by the attacker, and they can change the copy of the chain of the victim node by making it connect to attacker controlled nodes.


Eclipse Attacks on Ethereum

In this technical report, we present three vulnerabilities affecting the Ethereum blockchain network and client. First, we outline an eclipse attack that allows an adversary to partition the peer-to-peer network without monopolizing the connections of the victim. This is attack is possible by exploiting the block propagation design of Ethereum. Second, we present an exploit to force a node to accept a longer chain with lower total difficulty than the main chain. Finally, we outline a bug in Ethereum’s difficulty calculation. We provide countermeasure proposals for each reported vulnerability.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Long-Range Attacks in Proof-of-Stake Systems

Long range attacks target networks that use the proof of stake (PoS) consensus algorithm, in which users can mine or validate block transactions according to how many coins they hold.

These attacks can be categorized into three types:

  1. Simple — A naive implementation of the proof of stake protocol, when nodes don’t check block timestamps
  2. Posterior corruption — An attempt to mint more blocks than the main chain in a given time frame
  3. Stake bleeding — Copying a transaction from the honestly maintained blockchain to a private blockchain maintained by the attacker
Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

When conducting a long-range attack, a hacker uses a purchased or stolen private key of a sizable token balance that has already been used for validating in the past. Then, the hacker can generate an alternative history of the blockchain and increase rewards based on PoS validation.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

2. User Wallet Attacks

Actually, blockchains and cybersecurity go together like salt and pepper until people interact with them. It may sound surprising, but blockchain users pose the greatest security threat. People know about the use of blockchain in cybersecurity, and tend to overestimate the security of the blockchain and overlook its weaknesses. User wallet credentials are the main target for cybercriminals.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

To obtain wallet credentials, hackers try to use both traditional methods like phishing and dictionary attacks and new sophisticated methods like finding weaknesses in cryptographic algorithms. Here’s an overview of the most common ways of attacking user wallets.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Phishing Attacks

In 2018, there was an attack on IOTA wallets initiated with iotaseed.io (now offline), a fake online seed generator. Hackers conducted a phishing campaign with this service and collected logs with secret seeds. As a result, in January 2018, hackers successfully stole more than $4 million worth of IOTA from victims’ wallets.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"
Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Dictionary Attacks

During these attacks, a hacker attempts to break a victim’s cryptographic hash and salt by trying hash values of common passwords like password1. By translating clear text passwords to cryptographic hashes, attackers can find wallet credentials.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Vulnerable Signatures

Blockchain networks use various cryptographic algorithms to create user signatures, but they may also have vulnerabilities. For example, Bitcoin uses the ECDSA cryptographic algorithm to automatically generate unique private keys. However, it appears that ECDSA has insufficient entropy, which can result in the same random value in more than one signature. IOTA also faced cryptographic problems with its old Curl hash function.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Flawed Key Generation

Exploiting vulnerabilities in key generation, the hacker known as Johoe got access to private keys provided by Blockchain.info in December 2014. The attack happened as the result of a mistake that appeared during a code update that resulted in poor randomness of inputs for generating public user keys. Though this vulnerability was quickly mitigated, the flaw is still possible with the ECDSA algorithm.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Lattice Attack

If  the signing nonce NONCES  is ever disclosed, the  private key can be immediately  recovered , which  breaks our entire signature scheme .

Also, if two nonces ever repeat, no matter what the messages are,  an attacker  can easily detect this and immediately  recover the secret key , again breaking our whole scheme.

In the Bitcoin blockchain, we found a certain transaction:

transaction:  08d917f0fee48b0d765006fa52d62dd3d704563200f2817046973e3bf6d11f1f

for Bitcoin Addresses:  15N1KY5ohztgCXtEe13BbGRk85x2FPgW8E

and we managed to multiply the fake signatures and apply the lattice

where using the  Python script  algorithmLLL.py  with the installation of packages in  GOOGLE COLAB

INSTALL >> SAGE + ECDSA + BITCOIN + algorithm LLL

We managed to get  Private Key to  Bitcoin Wallet from one weak transaction in  ECDSA.

Installation
Installation
Run Bash script: lattice.sh
Run Bash script: lattice.sh
Result in HEX format Private key found!
Result in HEX format Private key found!
File: ONESIGN.txt (ECDSA Signature R, S, Z Value)
File: ONESIGN.txt (ECDSA Signature R, S, Z Value)
We propagated fake signatures for the Python script algorithmLLL.py
We propagated fake signatures for the Python script algorithmLLL.py
File: PRIVATEKEY.txt
File: PRIVATEKEY.txt
File: ADDRESS.txt
File: ADDRESS.txt

Let’s open bitaddress and check:

Private key found!

https://www.blockchain.com/btc/address/15N1KY5ohztgCXtEe13BbGRk85x2FPgW8E

0.001 BTC
0.001 BTC
ADDR: 15N1KY5ohztgCXtEe13BbGRk85x2FPgW8E
WIF:  5JCAmNLXeSwi2SCgNH7wRL5qSQhPa7sZvj8eDwxisY5hJm8Uh92
HEX:  31AFD65CAD430D276E3360B1C762808D1D051154724B6FC15ED978FA9D06B1C1 

RangeNonce

«RangeNonce» is a script to find the range of the secret key

Let’s choose the version for the distribution kit  GNU/Linux . Google Colab provides UBUNTU 18.04

Upload all files to Google Colab

RangeNonce + Google Colab
RangeNonce + Google Colab

Let’s allow permissions for the script and run the script «RangeNonce»

Teams:

chmod +x RangeNonce
./RangeNonce
cat Result.txt
Pollard's Kangaroo find solutions to the discrete logarithm secp256k1 PRIVATE KEY + NONCES in a known range

Everything will be saved to a file: Result.txt

This is the partial disclosure of bytes of information the value of “K” (NONCES)

So our  secret key  is in  the range :

K = 070239c013e8f40c8c2a0e608ae15a6b00000000000000000000000000000000
K = 070239c013e8f40c8c2a0e608ae15a6bffffffffffffffffffffffffffffffff
Pollard's Kangaroo find solutions to the discrete logarithm secp256k1 PRIVATE KEY + NONCES in a known range

Pay attention to the initial  32 digits and letters  HEX of the format, the value of the signature  Z matches  the range of the secret key  , that is, the value "K" (NONCES)

This is a very serious ECDSA signature error


Frey-Rück Attack

With a critical vulnerability in the Bitcoin blockchain transaction, we can solve the rather difficult discrete logarithm problem to extract the ECDSA secret key"K" (NONCE) from the vulnerable signature in order to ultimately restore the Bitcoin Wallet, since knowing the secret key we can get the private key.

To do this, there are several algorithms from the list of popular attacks on Bitcoin , one of which is “Frey-Rück Attack on Bitcoin” .


Rowhammer Attack

The biggest cryptographic strength of the Bitcoin cryptocurrency is a computational method in discrete mathematics that takes the problem of factorization of large integers and the problem of hidden numbers (HNP)in the Bitcoin signature transaction as a basis ECDSA.

Rowhammer Attack on Bitcoin, allows us to efficiently find all zeros for normalized polynomials modulo a certain value, and we adapt this method to a signature algorithm, ECDSAmore precisely, to critically vulnerable transactions in the Bitcoin blockchain.
We will apply multiplication by different powers of the same element of the finite field, which, oddly enough, can coincide and give us a certain function over the finite field, which can be specified using the Lagrange interpolation polynomial .


WhiteBox Attack

Differential fault analysis (DFA)was briefly described in the literature in 1996 when an Israeli cryptographer and cryptanalyst Eli Biham and an Israeli scientist Adi Shamir showed that they could use error injection to extract the secret key and recover the private key using various signature and verification algorithms.

We implement the “WhiteBox Attack on Bitcoin” with the differential bugs described in this research paper. The classic DFAthat we described in the previous article is called F(). Some of these attacks also require two signature pairs ECDSA.


Twist Attack

Not so long ago, the elliptic (6.5.4) package for standard elliptic curves was vulnerable to various attacks , one of which is the Twist Attack . The cryptographic problem was in the implementation of secp256k1. We know that the Bitcoin cryptocurrency uses secp256k1 and this attack did not bypass Bitcoin, according to the CVE-2020-28498 vulnerability, the confirming parties of the ECDSA algorithm transaction through certain points on the secp256k1 elliptic curve transmitted partial private key values ​​(simpler subgroups consisting of 5 to 45 bit )
called sextic twiststhis process is so dangerous that it reveals encrypted data after performing a series of ECC operations.

In this article, we will implement a Twist Attack with an example and show how, using certain points on the secp256k1 elliptic curve, we can get partial private key values ​​and restore a Bitcoin Wallet within 5-15 minutes using “Sagemath pollard rho function: (discrete_log_rho)” and “ Chinese Remainder Theorem” .


Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"


Attacks on Cold Wallets

Hardware wallets, or cold wallets, can also be hacked. For instance, researchers initiated an Evil Maid attack by exploiting bugs in the Nano S Ledger wallet. As a result of this hack, researchers obtained the private keys as well as the PINs, recovery seeds, and passphrases of victims.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

One of the latest cold wallet attacks happened in 2019, when the UPbit cryptocurrency exchange was transfering funds to a cold wallet. This is a common way to freeze crypto when you’re expecting a cyberattack. The hackers managed to steal 342,000 ETH, apparently because they knew the timing of the transaction.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Attacks on Hot Wallets

Hot wallets are internet-connected apps for storing private cryptographic keys. Though owners of cryptocurrency exchanges claim they keep their user data in wallets disconnected from the web, a $500 million attack on Coincheck in 2018 proved this isn’t always true.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

In June 2019, an attack on GateHub resulted in unauthorized access to dozens of native XRP wallets and the theft of crypto assets. Singapore-based crypto exchange Bitrue also experienced a hot wallet attack at almost the same time due to a system vulnerability. As a result, hackers managed to steal funds worth over $4.5 million in XRP and $237,500 in ADA.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Smart Contract Attacks

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"
Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"
Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"
Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"
Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"
Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

We’ve already accumulated rich experience in analyzing and avoiding vulnerabilities in smart contracts based on the EthereumEOS, and NEO platforms. The main blockchain security issues associated with smart contracts relate to bugs in source code, a network’s virtual machine, the runtime environment for smart contracts, and the blockchain itself. Let’s look at each of these attack vectors.

PDF: Smart Contract Vulnerability Detection Technique: A Survey

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

The Smart Contract examples used are issues that have occurred on the Ethereum blockchain. They are applicable to any platform that uses the Ethereum Virtual Machine and the concepts can be applied to any form of smart contracts. The topic will also cover known best practices to mitigate these issues.

The Topology attacks explore possible attack vectors on the Bitcoin network, and subsequently any networks that rely on a controlled amount of peer-peer communication for validation. The issues explored will be on two levels: Vulnerable Smart Contract codes and Topology attacks.

Jorden Seet’s interest in the Cybersecurity world started in 2013 when he competed in his first CTF after a 2-day penetration testing bootcamp. Ever since, he has grown a passion in cybersecurity and explored many facets of it, from Cryptography to Social Engineering.

Currently, he is working on a National Research Foundation – Tel Aviv University (NRF-TAU) granted project on using Network Topology Analytics for Cyber Attack Deterrence in SMU. He was previously with the Cyber Security Agency of Singapore’s Penetration Testing department as an intern and is currently working with BlockConnectors on Smart Contract Audit and Blockchain development.

In his spare time, he works on Smart Contract Hacking as well as explore potential blockchain attack vectors. He firmly believes that decentralization is a paradigm that could have real potential in revolutionizing the security industry, such as in DDoS prevention, Data integrity and IoT security.


Vulnerabilities in Contract Source Code

If a smart contract has vulnerabilities in its source code, it poses a risk to parties that sign the contract. For instance, bugs discovered in an Ethereum contract cost its owners $80 million in 2016. One of the common vulnerabilities in Solidity opens up a possibility to delegate control to untrusted functions from other smart contracts, known as a reentrancy attack. During this attack, contract A calls a function from contract B that has an undefined behavior. In turn, contract B can call a function from contract A and use it for malicious purposes.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Vulnerabilities in Virtual Machines

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"
Vulnerabilities in virtual machines

The Ethereum Virtual Machine (EVM) is a distributed stack-based computer where all smart contracts of Ethereum-based blockchains are executed. The most common vulnerabilities of the EVM are the following:

  • Immutable defects — Blockchain blocks are immutable by nature, which means that once a smart contract is created, it can’t be changed. But if a smart contract contains any bugs in its code, they also are impossible to fix. There’s a risk that cybercriminals can discover and exploit code vulnerabilities to steal Ether or create a new fork, as happened with the DAO attack.
  • Cryptocurrency lost in transfer — This is possible if Ether is transferred to an orphaned address that doesn’t have any owner or contract.
  • Bugs in access control — There’s a missed modifier bug in Ethereum smart contracts that allows a hacker to get access to sensitive functionality in a contract.
  • Short address attack — This is possible because the EVM can accept incorrectly padded arguments. Hackers can exploit this vulnerability by sending specifically crafted addresses to potential victims. For instance, during a successful attack on the Coindash ICO in 2017, a modification to the Coindash Ethereum address made victims send their Ether to the hacker’s address.
Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Also, hackers can compromise smart contracts by applying other methods that are typical for compromising blockchain technology, including DDoS, eclipse, and various low-level attacks.

However, younger blockchains such as Cardano and Zilliqa use different virtual machines: IELE, KEVM, and others. These new blockchains claim to guarantee smart contract security within their protocols.


Transaction Verification Mechanism Attacks

Unlike financial institutions, blockchains confirm transactions only after all nodes in the network are in agreement. Until a block with a transaction is verified, the transaction is classified as unverified. However, verification takes a certain amount of time, which creates a perfect vector for cyberattacks.

Double-spending is a common blockchain attack exploiting the transaction verification mechanism. All transactions on a blockchain need to be verified by users in order to be recognized as valid, which takes time. Attackers can use this delay to their advantage and trick the system into using the same coins or tokens in more than one transaction.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Figure 2. A double-spending attack

Here are the most common types of attacks based on exploiting the intermediate time between a transaction’s initiation and confirmation.


Finney Attacks

A Finney attack is possible when one transaction is premined into a block and an identical transaction is created before that premined block is released to the network, thereby invalidating the second identical transaction.

The Finney attack can be termed as an extension of the selfish mining attack. The attacker mines a block stealthily and sends the unconfirmed transaction to the other node, possibly to a merchant node. If the merchant node accepts the transaction, then the attacker can further add a new block to the chain in a small-time frame, reversing that transaction and inducing a double spending attack. The attack window in the case of a Finney attack is considerably small, but this can cause a lot of damage if the value of the transaction is large enough.


Race Attacks

A race attack is executed when an attacker creates two conflicting transactions. The first transaction is sent to the victim, who accepts the payment (and sends a product, for instance) without waiting for confirmation of the transaction. At the same time, a conflicting transaction returning the same amount of cryptocurrency to the attacker is broadcast to the network, eventually making the first transaction invalid.

In a race attack, the attacker does not pre-mine the transaction but simply broadcasts two different transactions, one of them to the merchant and one of them to the network. If the attacker is successful in giving the merchant node the illusion that the transaction received by them is the first one, then they accept it, and the attacker can broadcast a completely different transaction to the entire network.

Besides these core blockchain level attacks, there are a number of other attacks that can happen at the application implementation level. One of the most infamous of them was the DAO attack that happened in June 2016, leading to a theft of about $70 million. The attacker contributed to the crowdfunding campaign of a company and requested a withdrawal. However, a recursive function was implemented for the withdrawal that didn’t check the settlement status of the current transaction. To recover the money, the Ethereum chain went into a hard fork, with the old chain continuing on as Ethereum Classic. This severely damaged the reputation of the chain, and the autonomy of the chain also came into question.

Some general measures to prevent these attacks from happening:

  • It should be ensured that there are no logical inconsistencies in the chain code and consensus algorithm.
  • The peers should be selected with sufficient complexity and caution, and the transactions should be reviewed regularly.
  • In case any suspicious activity is detected, the network should be vigilant enough to isolate the bad actor node immediately.
  • A proper review process should be deployed for the network for each new node when it joins the network.
  • Rate limiting algorithms should be present at all the relevant processes to limit the damage and prevent attacks as and when they happen.
  • 2FA should be present at all the concerned authentication points, and it should be ensured that all the authentication level bugs should be fixed at the application level itself to the extent possible
  • Most of the time, the approach of blacklisting and whitelisting does not work due to scalability issues. So, a better approach should be to make the attacks costly enough to be performed and increase the complexity of the system to be resilient enough and make successful exploitation extremely difficult.

Multiple other bugs and vulnerabilities exist in different kinds of the blockchain networks, the most common and concerning of them being at the smart contract level, but they are a topic for another time.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Vector76 Attacks

Vector76 is a combination of two previous attacks. In this case, a malicious miner creates two nodes, one of which is connected only to the exchange node and the other of which is connected to well-connected peers in the blockchain network. After that, the miner creates two transactions, one high-value and one low-value. Then, the attacker premines and withholds a block with a high-value transaction from an exchange service. After a block announcement, the attacker quickly sends the premined block directly to the exchange service. It along with some miners will consider the premined block as the main chain and confirm this transaction. Thus, this attack exploits the fact that one part of the network sees the transaction the attacker has included into a block while the other part of the network doesn’t see this transaction.

After the exchange service confirms the high-value transaction, the attacker sends a low-value transaction to the main network, which finally rejects the high-value transaction. As a result, the attacker’s account is credited the amount of the high-value transaction. Though there’s a high chance for success with this type of attack, it’s not common because it requires a hosted e-wallet that accepts the payment after one confirmation and a node with an incoming transaction.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Alternative History Attacks

An alternative history attack — also called a blockchain reorganization attack — may happen even in the case of multiple confirmations but requires a huge amount of computing power from the hacker. In this case, a malicious user sends a transaction to a recipient and at the same time mines an alternative fork with another transaction that returns the same coins. Even if the recipient considers the transaction valid after n confirmations and sends a product, for instance, the recipient may lose money if the attacker releases a longer chain and gets the coins back.

One of the latest blockchain reorganization attacks happened to Ethereum Classic in August 2020 when a miner used old software and lost access to internet access for a while when mining. A reorganization happened when two versions of the blockchain competed for validity from nodes in the network and resulted in about a 3000-block insertion.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

51% or Majority Attacks

A majority attack is possible when a hacker gets control of 51% of the network hash rate and creates an alternative fork that finally takes precedence over existing forks. This attack was initially the only known blockchain vulnerability and seemed unrealistic in the near past. However, at least five cryptocurrencies — Verge, ZenCash, Monacoin, Bitcoin Gold, and Litecoin Cash — have already suffered from 51% attacks. In each of these cases, cybercriminals collected enough hashing power to compromise the network and pocket millions of dollars.

The recent 51% attack on Ethereum Classic (ETC) that happened in August 2020 resulted in approximately $5.6 million worth of the ETC cryptocurrency being double-spent. Apparently, the hacker had good knowledge of the ETC protocol and managed to mine 4,280 blocks over four days until the platform noticed an attack. Just five days after the incident, ETC suffered from a second 51% attack, in which a miner conducted a 4,000-block network reorganization.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Majority attack

Unfortunately, all small cryptocurrencies are still at risk of majority attacks. Since these cryptocurrencies attract fewer miners, attackers can just rent computing power to gain a majority share of the network. The developers of Crypto51 have tried to draw attention to the potential risks of hacking smaller cryptocurrencies. Their website shows the expected costs of a 51% attack on various blockchains.

Possible measures for preventing double-spending attacks include monitoring received transactions during a listening period, forwarding double-spending attempts, inserting other nodes to observe transactions, and rejecting direct incoming connections.

Moreover, there’s an innovative technology called the lightning network that’s designed to solve the problem of exploiting weaknesses in the transaction verification mechanism. This network allows users to instantly verify transactions through a network of bidirectional payment channels without delegating custody of funds. However, it’s still susceptible to DDoS attacks, one of which already happened in March 2018.

51% attack happens when a particular miner or a set of miners gain more than 50% of the processing power of the entire blockchain network, which helps them gain a majority in regard to the consensus algorithm. This attack vector is primarily related to the Proof of Work algorithm, but it can be extended as a test case to other consensus algorithms also, where there is a risk of a single party gaining enough influence in the network to unduly modify the state of the chain. This can lead to multiple damages including rewriting the chain data, adding new blocks, and double spending. The following diagram shows how this attack happens.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

In the above visual representation, the red nodes are controlled by the attacker, and they can change the copy of the chain by adding new blocks post gaining majority consensus.

Some of the major chains that have suffered a 51% attack are the Bitcoin Gold Blockchain (in May 2018, 388,000 BTG worth around $18 million were stolen from multiple exchanges), Bitcoin Satoshi’s Vision (in August 2021, they suffered a 51% attack after which the coin suffered a 5% loss in value) and the Ethereum Classic blockchain. Rented Hash Power can also lead to 51% attacks. In this method, the attackers can rent computing power on servers to calculate hashes faster than other participants and gain consensus. Mining pools are also an interesting party in this, since they too can sometimes exceed the consensus requirements. In July 2014, the mining pool ghash.io gained more than 50% processing power for a brief period, after which it committed to reducing its power voluntarily.

The culprits behind the recent 51% attacks on Ethereum Classic used rented mining hash power to carry off their heists, exploiting a vulnerability common to cryptocurrencies that rely on “proof of work” as their underlying technology. 

Rented mining hash power is at the center of all three attacks on ETC last month, which resulted in millions of dollars in losses and delivered a significant blow to the reputation of PoW protocols previously believed to be immutable and “unhackable.” 

“It’s actually a huge vulnerability in the system,” said Terry Culver, CEO of ETC Labs, an incubator of projects on Ethereum Classic, in an interview with Forkast.News

“Three attacks in one month will tell you that security is an issue on Ethereum Classic. And we believe and know that other blockchains get attacked more regularly, maybe with less visibility,” Culver said. “It’s a universal problem.”

The cryptocurrency space has been trying to weed out criminals and tighten up security, including the implementation of “know your customer” and anti-money laundering (KYC/AML) proceduresincreased regulations from governments, and enhanced security systems to stave off hacking.

But despite these efforts, malicious actors continue to exploit a core feature of many blockchain systems — decentralization and the requirement that there must be a 51% consensus of the protocol’s nodes to control the network. 

“The [cryptocurrency] system is maturing, but the hash rental market is actually growing,” Culver said. “Think of it like, you turn the light on, and where do the mice go? [Malicious actors have] left the exchanges for the most part, and they’ve moved into the hash rental market.”

Proponents of PoW systems would say that the 51% requirement needed to gain consensus would make it very hard to hack large blockchain protocols like Bitcoin and Ethereum. But there is still a theoretical possibility if someone or a group manages to gain 51% control over those networks. The risks of a 51% attack increases for smaller cryptocurrencies that don’t have as many nodes, as it would be relatively easier to take over the network of a smaller network while still turning a profit.

For example, it would take over US$513,000 to perform a 51% attack (at the time of this publication) for one hour on Bitcoin, but only about US$3,800 for a similar attack on Ethereum Classic, which is why the smaller network may be much easier and more profitable for malicious actors to attack.

“The hash rental market is like under a rock somewhere, it’s totally anonymous,” Culver said. “They’re basically money laundering operations. So you could take your BTC from ill-gotten gains, rent hash power, and get out freshly-minted tokens with no provenance.”

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"
The cost of launching a 51% attack on various top cryptocurrencies through NiceHash. Image: Crypto51

What does renting hashpower do?

How did they do it? The malicious actors behind the first two attacks on ETC in August were able to achieve 51% dominance over the network by renting hash power from NiceHash provider daggerhashimoto, based on an analysis by Bitquery, a data intelligence firm.

Slovenia-based NiceHash is an online platform where customers can rent hashing power from sellers providing the computing power to mine cryptocurrencies. 

By using this rented hash power, the attackers behind the first and second attacks on Ethereum Classic were able to “double spend” over US$7 million by overwriting entries in the blockchain, reversing or even changing the destination of transactions. In other words, the attackers had almost complete control over the network and were able to route money as they pleased.

NiceHash has previously been embroiled in controversy. In 2019, its former chief technology officer and co-founder Matjaz Skorjanec was arrested in Germany over U.S. charges of being involved in a hacking group that organized the theft of millions of dollars. 

NiceHash itself was hacked in 2017, resulting in the loss of an estimated US$78 million in bitcoin.

The August hacks were not the first time Ethereum Classic suffered from such breaches, as a similar 51% attack occurred against ETC in January 2019. Hackers have also launched successful 51% attacks on a number of other smaller cryptocurrencies, including Bitcoin Gold, Verge and Monacoin in 2018.

“Computers are getting better, it’s going to keep getting easier and easier to get control of the computer power necessary to do these things,” said Benjamin J. A. Sauter, partner at New York-based international law firm Kobre & Kim, which is representing ETC Labs in investigating and suing the hackers. 

Moreover, the concentration of hashing power in China has also been shown to be a risk for cryptocurrencies, as recent flooding in the country’s Sichuan province destroyed thousands of crypto miners. Sichuan province, which is known for its cheap hydropower, has been a popular location for cryptocurrency mining farms looking to save money, but the floods and landslides caused a distinct drop of BTC hashrate in Chinese mining pools.

In a statement addressing the recent attacks and allegations from ETC Labs, NiceHash says that it “does not support or enable 51% attacks” but also concedes that its hash power “might be abused by the attacker’s pool.”

NiceHash says it takes steps to prevent or help prevent market disruptions and manipulations, and cooperates with law enforcement conducting investigations on activities which break their terms of service and privacy policy.

Forkast.News has reached out to NiceHash for additional comment, but has not received a response as of the time of writing. 

Self regulation vs government intervention?

Despite the hacks and the numerous monetary losses, the crypto community have largely said they prefer to pursue malicious actors privately instead of bringing in greater government regulation and scrutiny. 

As a result of the attacks on Ethereum Classic, ETC Labs has announced that they are developing a strategic plan to protect the integrity of the ETC ecosystem. The plan includes cooperating with miners to maintain a consistent hash rate on the network, advanced monitoring to identify anomalies or spikes in the hashrate, and eventually changing the PoW mining algorithm.

“By and large, I think the space doesn’t want the government to become deeply involved in how the exchanges operate and try to remedy wrongs,” Sauter said. “I think the industry as a whole wants to be able to self-regulate and have an environment where the government doesn’t need to be in the weeds. But as long as there’s not an effective private resolution, it’s how problems are going to be solved.”

This is a thought-provoking observation. 🤔

By definition, a decentralized cryptocurrency must be susceptible to 51% attacks whether by hashrate, stake, and/or other permissionlessly-acquirable resources.

If a crypto can’t be 51% attacked, it is permissioned and centralized. https://t.co/LRCVj5F0O1— Charlie Lee [LTC⚡] (@SatoshiLite) January 8, 2019

The cryptocurrency industry has seen increasing government interest, stricter rules and moves toward regulations in recent times, including the U.S.’ Financial Action Task Force’s guidelines for virtual asset service providers like exchanges to include the personal information of people transacting over US$1,000. 

Another U.S. agency, the Commodity Futures Trading Commission (CFTC) also announced a strategic plan to regulate cryptocurrencies by 2024. The U.S. Security and Exchange Commission (SEC) may also be on track to shift its views on how it determines cryptocurrencies to be securities, according to SEC commissioner Hester Peirce. 

“Capital markets can transform people’s lives, and so allowing the financial system to reach more people means that we have to really revisit some regulatory features that are in place now,” Peirce said in an interview with Forkast.News. “Crypto is an opportunity for us to be introspective and to say, hey, are we handling innovation right?”

Rented hash power might be a new sector where the industry may prefer to resolve disputes privately before the government steps in, Sauter said.

“If you don’t [have a framework for private dispute resolution], the only other choice that the victims of frauds have is to go to the government,” Sauter said, adding that those actions led to a wide crackdown on cryptocurrency business by the SEC and CFTC. “The industry would like for the government to take a hands-off approach, but that’s just not going to be a long-term, feasible solution if there’s also no way to figure out who is abusing the system.”

To bring the cryptocurrency industry out of the Wild West of scams and hacks that proliferated during the ICO bubble of 2017 would require increasing controls and checks on the system — through government or private organizations.

“If there’s a market for renting, I don’t think that itself is a problem,” Sauter said. “But if you’re doing it without keeping track of who your customers are and doing the same kind of due diligence that the exchanges are doing now, so that you’re able to trace back these kinds of frauds and hold people accountable when they abuse it, then you’re part of the problem, not the solution.”

NiceHash begs to differ.

“Just like ISPs can’t guarantee that all internet traffic is not malicious, NiceHash cannot be responsible for the security of every blockchain infrastructure,” the hash power provider said, in a statement. “The question of security becomes the question of the community and its creators. We must accept that if we want a true decentralization.”

Ethereum Classic was besieged in August with three separate instances of 51% attacks that resulted in the disruption of over 10,000 blocks and millions of dollars in losses. “Increasing frustration is definitely the best way to describe it,” said Terry Culver, CEO of ETC Labs, an incubator of projects on Ethereum Classic.

Although ETC Labs and other developers are working on ways to protect the blockchain network from further 51% attacks, security concerns regarding transactions have put in question the utility of blockchain networks based on proof of work (PoW), the consensus mechanism used in more cryptocurrencies than any other.

Today another large 51% attack occurred on the #ETC network which caused a reorganization of over 7000 blocks which corresponds to approximately 2 days of mining. All lost blocks will be removed from the immature balance and we will check all payouts for dropped txs.

— Bitfly (@etherchain_org) August 29, 2020

“It’s a vulnerability that all proof-of-work blockchains have, even Bitcoin and Ethereum,” said Culver, in an interview with Forkast.News. “We think that they’re secure because of the cost to attack those networks, but the truth is that cost is subjective.”

The first of the recent wave of Ethereum Classic’s 51% attacks occurred in early August, when an estimated US$5.6 million of ETC was double-spent — made possible because rented hashpower allowed the individuals to achieve majority control over the network.

“The cost to attack one of those networks for a state actor, or even a non-state actor, is trivial,” Culver said. “And in fact, I think those attacks will come.”

According to Benjamin J. A. Sauter, partner at New York-based international law firm Kobre & Kim, the attacks were not the result of a technical issue with the ETC blockchain, as reported by other publications, but rather the result of a person or group acting maliciously to commit fraud.

“What we want to do is send a message to them: that you’re not going to get away with this, we’re not going to take it sitting down, and we are going to try to figure out who you are,” Sauter said.

Culver adds: “And what we are doing now and what we have to continue to do is find ways to make it more secure. For us, it’s not a question of abandoning proof of work; it’s a question of innovating so that we can prevent malicious activity and grow the kind of ecosystem we’re trying to grow.”

Watch Culver and Sauter’s full interview with Forkast.News Editor-in-Chief Angie Lau explaining the repeated Ethereum Classic 51% hacks, what these breaches mean for larger PoW blockchains like Bitcoin and Ethereum, whether ‘proof of stake‘ networks offer a superior alternative, and more.

Angie Lau: Welcome to Word on the Block, the series that takes a deeper dive into the blockchain and emerging technology stories that shape our world at the intersection of business, politics and economy. I’m Forkast.News Editor-in-Chief Angie Lau. Well, once upon a time, ‘proof of work’ was actually what made the blockchain world go round, as a consensus mechanism made popular by Satoshi Nakamoto’s Bitcoin. Developers have been increasingly concerned about the 51% attack, the proof of work, the silver bullet.

Really in the early days, it was theoretical, a hypothetical. Well, in the span of just a couple of months, an attacker has gained more than 50% control of the network’s hash rate, and it has prevented other miners from completing blocks. We’ve seen not one, not two, but three attacks — 51% attacks — on one network, and it’s Ethereum Classic. And so the question is, is this the end of proof of work? What is happening with Ethereum Classic?

Highlights

Could Ethereum Classic get 51%-hacked again? “Three attacks in one month will tell you that security is an issue on Ethereum Classic. And we believe and know that other blockchains get attacked more regularly, maybe with less visibility. It’s a universal problem.”

The nature of proof-of-work blockchains: “We think that they’re secure because of the cost to attack those networks, but the truth is that cost is subjective. The cost to attack one of those networks for a state actor, or even a non-state actor, is trivial.”

What allowed these attacks to happen: “So there’s two problems here: one is gaining 51% of the hash power on the network, which allows you to create your own transactions. The other is exchanges, where if their security protocols are not strong enough, an attacker can deposit and withdraw funds very quickly, before the exchange can respond to it.”

Despite these losses, the industry still has strong desire for self-regulation: “By and large, I think the space doesn’t want the government to become deeply involved in how the exchanges operate and try to remedy wrongs. I think the industry as a whole wants to be able to self-regulate and have an environment where the government doesn’t need to be in the weeds.”

Is it time to move away from proof of work, toward proof of stake? “For us, it’s not a question of abandoning proof of work; it’s a question of innovating so that we can prevent malicious activity and grow the kind of ecosystem we’re trying to grow.”


Mining Pool Attacks

For major cryptocurrencies like Bitcoin, it has become impossible for individual miners to earn a profit, so miners unite their computing power by creating mining pools. This allows them to mine more blocks and each receive a share of the reward. Currently, the largest Bitcoin mining pools are BTC.com, AntPool, and ViaBTC. Together, they represent more than 52 percent of the total hash rate of the Bitcoin network according to Blockchain.com.

Mining pools represent a sweet target. Malicious miners try to get control over mining pools both internally and externally by exploiting common web application vulnerabilities in the blockchain consensus mechanism.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"
Mining pool attacks

Selfish Mining Attack

Selfish mining refers to the attempts of malicious miners to increase their share of the reward by not broadcasting mined blocks to the network for some time and then releasing several blocks at once, making other miners lose their blocks. Possible measures for preventing this type of attack are random assignment of miners to various branches of pools, preferring the block with a more recent timestamp, and generating blocks within a maximum acceptable time. This type of attack is also known as block withholding.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Selfish mining attack

As a result of a selfish mining attack on the Eligius pool in 2014, miners lost 300 BTC. Selfish mining has high chances of success and may happen with all cryptocurrencies. Possible preventive measures against selfish mining include registering only trusted miners and making changes to the existing Bitcoin protocol to hide the difference between a partial proof of work and full proof of work.

This attack occurs when an attacker is able to mine blocks stealthily and create a copy of the chain that is longer than the common chain being worked upon by the other nodes. The attacker mines some blocks and does not broadcast them to the entire network. They keep mining and then publish a private fork once they are sufficiently ahead of the network in terms of the length of the chain. Since the network will shift to the chain that has been most worked upon (aka the longest chain rule), the attacker’s chain becomes the accepted one. With the help of a selfish mining attack, the attacker can publish some transactions on the public network and then reverse them with the help of stealthily mined blocks.

PDF: Security Problem Definition and Security Objectives of Cryptocurrency Wallets

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Fork after withholding

Fork after withholding (FAW) is a variation of selfish mining that turns out to be more rewarding for attackers. During an FAW attack, the malicious miner hides a winning block and either discards it or releases it later to create a fork, depending on the situation. The concept of this attack was explicitly described by a group of researchers led by Ujin Kwon.

First of all, you have the core concept of how a blockchain system functions. It is, literally, a chain of “blocks”, where each block is a piece of data that has been cryptographically hashed. Each block of data is a piece of information. In currencies, as a common and elementary example, each block is a transaction. When a user wants to make a transaction, their information is checked against the entire blockchain, to verify that the user indeed has currency available to spend. Once verified, their transaction is sent to miners, who compete to hash the data appropriately and add it to the chain.

In manufacturing, blockchain technology may be used to secure sensitive files. If an attacker attempts to intercept those files and manipulate them, the blockchain fingerprint will be missing and those files will be rejected by the blockchain.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

That cryptography is one part of the equation of security. The cryptography used in a blockchain may vary, but modern cryptography is generally quite difficult to crack without compromising the keys. When learning about blockchain technology, you’ll learn all about how cryptography functions and its purpose.

Additionally, the blockchain itself is a stored ledger of all of the data hashed into it. It’s a perfect, immutable transaction history that covers everything from the first action to the most recent action. More importantly, this ledger is not stored in one central location. Instead, it’s distributed between everyone who uses the technology. No one can manipulate this ledger, because they would need to manipulate every instance of it to make them match. This is the consensus protocol.

Different blockchain technologies work in different ways specifically, but they all share core elements relating to consensus and the chain of blocks, where individuals block each contains information about itself and the previous block, continuing a chain indefinitely.

While security seems immutable, humans are clever creatures, and there have already been a variety of different attacks on blockchain technologies, both actual and theoretical.

Blockchain technology is relatively new and complex, and that means there are a lot of people looking at a lot of different angles to figure out how to compromise it. Wherever there’s a potential profit motivation, there will be malicious actors. Indeed, blockchain tech has a lot of potential and actual vulnerabilities, that you will need to be aware of if you’re interested in modern cybersecurity.

Blockchain Technology Requires Proper Implementation of High-Quality Cryptography

Using high-end cryptographic processes to encode and hash data into a blockchain is great – if they’re implemented properly. It’s easy to treat these technologies as puzzle pieces that fit together, but using them in the wrong way can leave holes that can be exploited.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

racking the cryptography directly may be rare, but cracking the way it’s put together is a lot easier. Not to mention the possibility of backdoors in the encryption allowing unsavory access.


Blockchain Technology Interfaces with Less Secure Technology

Blockchain technology itself might be securely designed, but it has to interface with other technology to be useful, and that point of contact can be exploited. There have been dozens of small and large-scale attacks on blockchain systems. Though blockchain extends well beyond cryptocurrency, coin exchanges have been major targets of sophisticated attacks. Attackers don’t have to necessarily compromise the protocol itself when they can simply hack an exchange that has failed to take proper security measures on their servers.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Looking for these vulnerabilities can be a golden opportunity for malicious actors, but it’s also proven to be lucrative for white hat hackers who chase bugs for bounties. These bug hunters have identified dozens of problems with various blockchain platforms.

One such attack targeted the “smart contract” system used by several digital currencies. In particular, it targeted Ethereum’s blockchain via the exchange Coincheck in Japan. The attack stole around 80 million dollars worth of ether from the exchange.


Blockchain’s Permanence for Currencies

Blockchain currency benefits are detriments as well. We’ve all read stories of people losing access to hugely valuable digital wallets, what was pocket change years ago became millions and was lost. The anonymity and security of the currency are both seen as a benefit, but for those who find themselves unable to recover a lost wallet, it’s a painful reminder that the technology requires security on both sides of the digital coin.

This is also an issue with the inability to insure or refund a transaction. With traditional currency, if some money is stolen from a bank account, a charge-back can rectify the situation and the insured bank takes the hit and is reimbursed. With something like cryptocurrency, if your currency is stolen from a wallet, it’s gone. The transaction cannot be reversed and is not insured.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

In some cases, this can be rectified with something called a Hard Fork. A hard fork is a forced update to the entire blockchain that “forks” the chain before the theft, rewriting history to look like the theft never happened. The fork where it happened is abandoned, and the new fork becomes reality. Of course, this has its own set of problems; it requires a return to a central authority that can make such decisions, which is then open to further vulnerability.

Now, perhaps future iterations of a digital blockchain currency will integrate solutions to this problem, and perhaps that will make other attack vectors appear. The ever-evolving world of blockchain security is what you’ll learn when you study the subject.

Consensus Protocols

The distributed nature of the blockchain and the fact that the network requires consensus, and thus eliminates simple attempts at manipulation, also opens the technology up to broader forms of manipulation.

One speculated issue with blockchain is a majority problem. For example, with cryptocurrencies, a distributed network of miners is required to keep consensus. To change the “history” of a blockchain, an attacker would need to convince the consensus that their reality was the correct one. Normally, this would be impossible.

However, as more and more mining moves to Chinese warehouse farms and away from the distributed hands of people around the world, it becomes easier for a central group to dominate all mining, and thus, the consensus. In other words, one entity with sufficient computing power to throw at the task can take over a network and essentially write reality to be whatever they want it to be.

Called a 51% attack, when an attacker gains a majority control over the nodes in the network, they can control the new reality of the blockchain. While larger blockchains may or may not be at that point, several smaller networks have experienced these attacks already. The proof of concept has been proven, and now it’s a problem that must be solved.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Another attack, known as an “eclipse attack”, involves taking over communications to and from a node. By isolating a node and controlling traffic to it, an attacker can trick that node into wasting time and resources with false data, and thus failing to achieve participation in the blockchain.

The “timejacking” attack is similar. A hacker can theoretically alter the time handling of a node and tricks that node into operating on a temporary fork of the blockchain, often using multiple peers that are compromised to use their alternative fork for the attack.

Other attacks involve misdirection. The “selfish miner” attack was first theorized. It involves strategic timing with mining and adding the mined block to the chain, such that it essentially forks the protocol and forces other miners to waste their time and lose out on the benefits of mining.

A “partition attack” is a kind of attack where attackers segment the network, dividing it into several different partitions that cannot communicate between one another. Selectively blocking traffic essentially forks the blockchain, requiring consensus only within the partition. Similar attacks, called delay attacks, tamper with the speed that nodes can propagate their messages across the network.

One of the most common sorts of attacks is called a double-spending attack. With blockchain-based currencies, the network needs to agree that the request matches its ledger to verify a transaction. Getting all nodes on the network to agree takes time, though, and that lapse in time can be exploited. There are several kinds of double-spending attacks, including Finney attacks, Race attacks, and Vector76.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Denial of Service Attacks

One of the common threats to online businesses and services is the distributed denial of service or DDoS attacks. A DDoS attack involves thousands to millions of machines operating to send data to a server, far more than it can process, bringing it down. This happens hundreds of times every year, to everything from small businesses to major websites.

The distributed nature of the blockchain means it’s less susceptible to these attacks, but botnets can be very, very large, and can be tuned to attack multiple parts of a blockchain network at once. Additionally, numerous instances in the past have shown that even if the blockchain itself isn’t vulnerable, the hubs that use it are; coin exchanges are a popular target for DDoS attacks.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Additionally, many of the more common attacks, such as attacking passwords with dictionary brute-forcing, or phishing and social engineering users for their private information, can work to secure accounts on exchanges and other blockchain-adjacent technologies and platforms.

The very nature of the cryptographic protocol used in the blockchain can leave it vulnerable. Bitcoin is a prime example, using the ECDSA algorithm to generate private keys. Due to the size of the blockchain ledger, it appears that the algorithm used doesn’t have sufficient entropy and can generate the same key more than once. The hashing function used at the core of a blockchain needs to be appropriately complex and entropic to ensure security, and it can be difficult to foresee issues of scale.

On top of all of that, physical attacks can still work as well. One method for storing cryptocurrency “safely” is the Cold Wallet, a wallet storing the data completely segregated from the internet, out of the reach of digital hackers. Someone with the right access to the right facility, though, can simply steal a hard drive and all of the wallets it contains.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Novel Solutions to Novel Problems

Blockchain technology is new and interesting, and as such, thousands of tech startups and hundreds of established companies are working in the space. It’s ripe for innovation and experimentation, but that always opens up room for new attacks. All it takes is forgetting a key element of security along the way to leave a vulnerability open in new technology.

One of the most interesting uses of blockchain technology involves divorcing it from the cryptocurrency aspect of the tech and using the core blockchain protocol in other ways. This has fascinating potential and requires a lot of critical thinking and testing to spot potential security issues in the implementation of new technology.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Many of the problems we have listed up above have solutions, either in theoretical space or in actual implementation. Consider the problems presented and think about potential solutions. What might you come up with?

If the thought exercise interests you, and blockchain technology is something you find fascinating, you might consider pursuing a program to learn the ins and outs of the technology and its security challenges. Our program can certify you as a blockchain developer and prepare you to work in the fast-paced world of emerging technologies.

Whether you’re interested in developing blockchain technology for the next step in its evolution, or you’re more interested in the cat-and-mouse game of hacker versus cybersecurity expert, there’s room for you in the blockchain space. Learn the ins and outs of the technology today, and get started with your contribution to the technology tomorrow.

The most famous cryptocurrency is Bitcoin, but there are many others, such as Ethereum, Litecoin, and Monero. Cryptocurrencies are often bought and sold on decentralized exchanges and can also be used to purchase goods and services.

How Do Cryptocurrencies Work?

Cryptocurrencies use blockchain technology to create a secure, decentralized ledger of all transactions. Blockchain is a secure distributed database from hacking because it uses cryptography to encrypt transactions and prevent double-spending.

Whenever a transaction is made, it is recorded on the blockchain and verified by a network of computers. This makes it impossible to spend the same cryptocurrency twice fraudulently. It also makes cryptocurrencies much more secure than traditional fiat currencies, which are vulnerable to counterfeiters.

What Are the Cryptocurrency Scams That Affect Cybersecurity?

Since cryptocurrencies are digital and often stored in online wallets, they are vulnerable to hacking. In fact, there have been several high-profile hacks of cryptocurrency exchanges in recent years, resulting in the loss of millions of dollars worth of cryptocurrency.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

In early May 2021, a ransomware attack struck the Colonial Pipeline. This attack resulted in the shutdown of the pipeline, which provides much of the fuel for the East Coast of the United States. The hackers demanded a ransom of $5 million in Bitcoin, and they got it.

This is just one example of how criminals use cryptocurrency to extort money from victims. Below, we’ve listed the major cryptocurrency scams affecting the cybersecurity of businesses and the security of companies and individuals.

  1. Investment Scams: These scams lure victims with the promise of high returns on their investment in a new cryptocurrency. The reality is that these scammers will take your money and disappear.
  2. Phishing Scams: Phishing is a type of cyber-attack that involves criminals sending fake emails or messages that look like they come from a legitimate source, such as a cryptocurrency exchange. These messages will often contain links that lead to counterfeit websites that steal your login credentials or infect your computer with malware.
  3. Ponzi Schemes: A Ponzi scheme is a type of investment scam that promises high returns but instead uses the money from new investors to pay old investors. These schemes eventually collapse, leaving the new investors with nothing.
  4. Initial Coin Offering (ICO) Fraud: An ICO is a crowdfunding campaign used to raise funds for new cryptocurrencies. However, many ICOs are scams, and the people behind them will take your money and disappear.
  5. Malware: Cryptocurrency mining requires a lot of computing power, which criminals can harness to mine cryptocurrency for themselves. They do this by infecting your computer with malware that allows them to use your resources to mine cryptocurrency. This can slow down your computer and use up a lot of your electricity.

How Does Cryptocurrency Affect the Security of Your Business?

Cryptocurrencies are often used in ransomware attacks, as we saw with the Colonial Pipeline attack. In these attacks, hackers will encrypt your data and demand a ransom in cryptocurrency to decrypt it. These attacks can be very costly for businesses, as they have to pay the ransom and deal with the downtime caused by the attack. In some cases, companies may not be able to recover their data even after paying the ransom.

Cryptocurrency can also buy and sell illegal goods and services on the dark web. This includes things like drugs, weapons, and child pornography. By using cryptocurrency, criminals can buy and sell these items anonymously without fear of being caught. This makes it very difficult for law enforcement to track down these criminals.

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Cryptocurrency can also be used in money laundering schemes. In these schemes, criminals will convert their illicit funds into cryptocurrency and then use it to buy legitimate goods and services, making it difficult to trace the money and track down the criminals.

Overall, cryptocurrency can have a significant impact on the security of your business. If you accept cryptocurrency as payment, you could be targeted by criminals. Additionally, if you use cryptocurrency to buy or sell goods and services, you could unwittingly participate in criminal activity.

For these reasons, it’s essential to exercise caution when dealing with cryptocurrency. Make sure you only deal with reputable exchanges and businesses, and be sure to keep your computer security up-to-date to protect yourself from mining malware and other attacks.

What are the measures businesses can take to protect themselves from cryptocurrency scams?

Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Businesses can take a few measures to protect themselves from cryptocurrency scams.

  1. Educate yourself and your employees about cryptocurrency and how it works. It will help you spot red flags that indicate a scam.
  2. Only deal with reputable exchanges and businesses. Do your research to make sure you’re dealing with a legitimate company.
  3. Keep your computer security up-to-date to protect yourself from mining malware and other attacks.
  4. Be careful when accepting cryptocurrency as payment. Make sure you understand the risks involved before you agree to receive it.
  5. If you use cryptocurrency to buy or sell goods and services, only deal with reputable companies. Be aware of the risks involved in doing this.

You can help protect your business from cryptocurrency scams by taking these measures.

What is the future of cryptocurrency?

The future of cryptocurrency is uncertain, and it remains to be seen whether it will become widely adopted or fade into obscurity.

Cryptocurrency has the potential to revolutionize the way we conduct business and interact with each other. However, it also has the potential to be used for criminal activity.

Only time will tell what the future of cryptocurrency holds. In the meantime, it’s essential to exercise caution when dealing with it.

Cybercriminals can make money from attacking your organization’s software systems, such as stealing credit card numbers or online banking credentials. However, there are other more sophisticated ways to monetize their actions that aren’t as obvious as stealing money.

Attackers may infect your system with malware that grants remote access to a command and control server. Once they have infected hundreds or even thousands of computers they can establish a botnet, which can be used to send phishing emails, launch other cyber attacks, steal sensitive data, or mine cryptocurrency.

Another common motivation is to gain access to personally identifiable information (PII), healthcare information, and biometrics to commit insurance fraud, credit card fraud or illegally obtain prescription drugs.

Competitors may employ attackers to perform corporate espionage or overload your data centers with a Distributed Denial of Service (DDoS) attack to cause downtime, harm sales, and cause customers to leave your business.

Money is not the only motivator. Attackers may want to leak information to the public, embarrass certain organizations, grow political ideologies, or perform cyber warfare on behalf of their government like the United States or China.

How Do Attackers Exploit Attack Vectors?
There are many ways to expose, alter, disable, destroy, steal or gain unauthorized access to computer systems, infrastructure, networks, operating systems, and IoT devices.

In general, attack vectors can be split into passive or active attacks:

Passive Attack Vector Exploits
Passive attack vector exploits are attempts to gain access or make use of information from the system without affecting system resources, such as typosquatting, phishing, and other social engineering-based attacks.

Active Attack Vector Exploits
Active cyber attack vector exploits are attempts to alter a system or affect its operation such as malware, exploiting unpatched vulnerabilities, email spoofing, man-in-the-middle attacks, domain hijacking, and ransomware.

That said, most attack vectors share similarities:

The attacker identifies a potential target
The attacker gathers information about the target using social engineering, malware, phishing, OPSEC, and automated vulnerability scanning
Attackers use the information to identify possible attack vectors and create or use tools to exploit them
Attackers gain unauthorized access to the system and steal sensitive data or install malicious code
Attackers monitor the computer or network, steal information, or use computing resources.
One often overlooked attack vector is your third and fourth-party vendors and service providers. It doesn’t matter how sophisticated your internal network security and information security policies are — if vendors have access to sensitive data, they are a huge risk to your organization.

This is why it is important to measure and mitigate third-party risks and fourth-party risks. This means it needs to be part of your information security policy and information risk management program.

Consider investing in threat intelligence tools that help automate vendor risk management and automatically monitor your vendor’s security posture and notify you if it worsens.

Every organization now needs a third-party risk management framework, vendor management policy, and vendor risk management program.

Before considering a new vendor perform a cybersecurity risk assessment to understand what attack vectors you could be introducing to your organization by using them and ask about their SOC 2 compliance.

What are the Common Types of Attack Vectors?

  1. Compromised Credentials
    ‍Usernames and passwords are still the most common type of access credential and continue to be exposed in data leaks, phishing scams, and malware. When lost, stolen, or exposed, credentials give attackers unfettered access. This is why organizations are now investing in tools to continuously monitor for data exposures and leaked credentials. Password managers, two-factor authentication (2FA), multi-factor authentication (MFA), and biometrics can reduce the risk of leak credentials resulting in a security incident too.
  2. Weak Credentials
    ‍Weak passwords and reused passwords mean one data breach can result in many more. Teach your organization how to create a secure password, invest in a password manager or a single sign-on tool, and educate staff on their benefits.
  3. Insider Threats
    ‍Disgruntled employees or malicious insiders can expose private information or provide information about company-specific vulnerabilities.
  4. Missing or Poor Encryption
    ‍Common data encryption methods like SSL certificates and DNSSEC can prevent man-in-the-middle attacks and protect the confidentiality of data being transmitted. Missing or poor encryption for data at rest can mean that sensitive data or credentials are exposed in the event of a data breach or data leak.
  5. Misconfiguration
    ‍Misconfiguration of cloud services, like Google Cloud Platform, Microsoft Azure, or AWS, or using default credentials can lead to data breaches and data leaks, check your S3 permissions or someone else will. Automate configuration management where possible to prevent configuration drift.
  6. Ransomware
    ‍Ransomware is a form of extortion where data is deleted or encrypted unless a ransom is paid, such as WannaCry. Minimize the impact of ransomware attacks by maintaining a defense plan, including keeping your systems patched and backing up important data.
  7. Phishing
    ‍Phishing attacks are social engineering attacks where the target is contacted by email, telephone, or text message by someone who is posing to be a legitimate colleague or institution to trick them into providing sensitive data, credentials, or personally identifiable information (PII). Fake messages can send users to malicious websites with viruses or malware payloads.

Learn the different types of phishing attacks here.

  1. Vulnerabilities
    ‍New security vulnerabilities are added to the CVE every day and zero-day vulnerabilities are found just as often. If a developer has not released a patch for a zero-day vulnerability before an attack can exploit it, it can be hard to prevent zero-day attacks.
  1. Brute Force
    ‍Brute force attacks are based on trial and error. Attackers may continuously try to gain access to your organization until one attack works. This could be by attacking weak passwords or encryption, phishing emails, or sending infected email attachments containing a type of malware. Read our full post on brute force attacks.
  2. Distributed Denial of Service (DDoS)
    DDoS attacks are cyber attacks against networked resources like data centers, servers, websites, or web applications and can limit the availability of a computer system. The attacker floods the network resource with messages which cause it to slow down or even crash, making it inaccessible to users. Potential mitigations include CDNs and proxies.
  3. SQL Injections
    ‍SQL stands for a structured query language, a programming language used to communicate with databases. Many of the servers that store sensitive data use SQL to manage the data in their database. An SQL injection uses malicious SQL to get the server to expose information it otherwise wouldn’t. This is a huge cyber risk if the database stores customer information, credit card numbers, credentials, or other personally identifiable information (PII).
  4. Trojans
    ‍Trojan horses are malware that misleads users by pretending to be a legitimate program and are often spread via infected email attachments or fake malicious software.
  5. Cross-Site Scripting (XSS)
    XSS attacks involve injecting malicious code into a website but the website itself is not being attacked, rather it aims to impact the website’s visitors. A common way attackers can deploy cross-site scripting attacks is by injecting malicious code into a comment e.g. embedding a link to malicious JavaScript in a blog post’s comment section.
  6. Session Hijacking
    ‍When you log into a service, it generally provides your computer with a session key or cookie so you don’t need to log in again. This cookie can be hijacked by an attacker who uses it to gain access to sensitive information.
  7. Man-in-the-Middle Attacks
    ‍Public Wi-Fi networks can be exploited to perform man-in-the-middle attacks and intercept traffic that was supposed to go elsewhere, such as when you log into a secure system.
  8. Third and Fourth-Party Vendors
    ‍The rise in outsourcing means that your vendors pose a huge cybersecurity risk to your customer’s data and your proprietary data. Some of the biggest data breaches were caused by third parties.
Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Conclusion

Cryptocurrency can have a significant impact on the security of your business. If you accept cryptocurrency as payment, you could be targeted by criminals. Additionally, if you use cryptocurrency to buy or sell goods and services, you could unwittingly participate in criminal activity.

Businesses can take a few measures to protect themselves from cryptocurrency scams. These include educating yourself and your employees about cryptocurrency, only dealing with reputable firms and exchanges, and keeping your computer security up-to-date.

Though blockchain popularity is still on the rise, an increasing number of cyber attacks on blockchains may negatively affect their reputation. Knowing the most common blockchain vulnerabilities and attack types is a must for everyone who’s concerned about blockchain security and wants to know what to secure first.


GitHub

Telegram: https://t.me/cryptodeeptech

Video: https://youtu.be/7pqVNbcGzls

Source: https://cryptodeep.ru/blockchain-attack-vectors


Все известные атаки: "Blockchain Attack Vectors & Vulnerabilities to Smart Contracts"

Crypto Deep Tech