Blockchain Attacks: Is No One Safe in the World of Cryptocurrencies?
Security is one of the foremost advantages that Bitcoin and its derivatives (e.g., Ethereum, Ripple, etc.) claim to offer compared to other digital payments. Indeed, corrupting the Bitcoin network and other blockchain technologies is nearly impossible, thanks to their advanced architecture. However, hackers are still eager to exploit some workarounds for ill-gotten financial gain.
In this article, we review some of the most popular attacks in the world of blockchain technologies, how they are technically carried out, and who is at risk.
Solving the Double-Spending Problem
Perhaps the biggest issue facing digital currency is its lack of proof that users have not spent the same money twice. Traditional financial systems solve this problem by adding the superstructure of banks and other financial institutions, which guard every payment and derive their fees from this service.
Bitcoin is the first digital currency to offer an alternative solution that does not require third-party interference. It employs a decentralized network of nodes that follow the same protocol to reach consensus and store transactional data. Once a transaction receives enough confirmations, it becomes irreversible, and only someone who knows the private keys to a given wallet can control the funds stored on it.
Thus, in order to double-spend bitcoins or any other cryptocurrency, a user must either gain control over a significant portion of the cryptocurrency network or find a way to fabricate a confirmed transaction. Here are some of the best-known methods for this kind of subterfuge.
51% Attack (Reorganization)
The 51% attack implies that hackers gain control of over 51% of all the nodes in a network to double-spend cryptocurrency and reverse transactions. When a malicious miner or group of miners finds a new block, they do not broadcast it to other participants on the network. Possessing the majority of the network’s mining power allows these hackers to launch a new branch of the blockchain and force the rest of the network to accept this new branch as the true network.
If, before these hackers succeed, they executed any transactions (for example, purchased an expensive Lamborghini with bitcoins), then all of those transactions are undone. The chain gets reorganized, and the hackers get both their Bitcoin funds and their Lamborghini.
Who Is at Risk?
It is worth noting that such schemes can only work with cryptocurrencies based on the proof-of-work consensus algorithm, such as Bitcoin. The fewer entities controlling the majority of a network, the worse. The website Bitcoin Era shares some further considerations:
Bitcoin Era: The most popular cryptocurrencies are still controlled by just a few entities
Bitcoin fans can set their worries aside, though. The chances of the Bitcoin network being compromised this way are very low because the network has become huge—especially over the past few years—making this kind of attack nearly impossible.
However, smaller networks with fewer nodes face much higher risks. Notable attacks have taken place in recent years:
- Ethereum Classic. Advocates of the classic approach have been attacked many times throughout this cryptocurrency’s existence, which is supported solely by its community. A few minor attacks took place in 2019 and 2020, and hackers managed to steal $5.6 million worth of ETC—Ethereum’s currency.
- Bitcoin Gold. $18 million worth of Bitcoin Gold’s BTG currency was stolen during a 51% attack on this altcoin network in May 2018. A smaller attack resulted in a loss of only $70,000 in January 2020.
A similar type of attack requires that hackers take control of only 34% of a network, and it threatens networks based on the Tangle blockchain, such as IOTA. IOTA is aware of this threat, and the team behind IOTA has been working to improve the platform’s security. In fact, the “coordinators” who prevent blockchain hacks have developed one of the solutions to address this type of attack.
When attempting a race attack, hackers quickly send the same coins to a vendor and to their own wallet—one right after the other. If an attacker controls a node, the attacker may reject the first transaction, prioritize the second transaction, and broadcast this second transaction to the rest of the network, thus deceiving other users.
Merchants who send out goods purchased through these hacks without waiting for transaction confirmations are at risk. To reduce the chance of such attacks, users should connect only with trusted nodes, disable incoming connections, or change their order-fulfillment policies and send out goods only after a transaction is confirmed by at least one node.
The Finney attack also targets merchants who do not wait for transaction confirmations before releasing goods. This type of hack bears the name of a famous Bitcoin adopter, Hal Finney, who suggested this attack for the first time in his post on Bitcointalk in 2011.
For this hack, attackers must run their own node. They include transactions between their own wallets into new blocks that they generate themselves. These coins are double-spent, the deceived merchant sends the ordered goods, and then these new blocks are released into the network. Transactions in these new blocks obtain higher priority and, thus, only the new blocks are registered on-chain.
A Vector76 attack technically combines the race and Finney attacks into one hack. Essentially, attackers create two transactions simultaneously and broadcast them to different parts of a network. One of the transactions bears a high value and is sent to the attackers’ address (the first transaction), while the other transaction is small (the second transaction). Attackers are credited with the high amount, while the second transaction eliminates the first transaction and gets the network’s final acceptance.
This type of attack isn’t very popular because it requires a node with an incoming transaction and a hosted wallet that accepts payments after only one confirmation. These characteristics, however, are difficult to achieve.
The Sybil attack was invented long before blockchain technologies. It threatens any online system where a single unit can attempt to control a network by creating multiple identities. On the blockchain, an attacker can run multiple nodes and outvote legitimate network participants. In fact, a Sybil attack is a minor instance of the 51% attack described above.
To prevent Sybil attacks, blockchains implement different consensus algorithms—such as proof-of-work and proof-of-stake—which increase the cost of such attacks and make them unprofitable for potential attackers.
Despite the high level of security that Bitcoin and other cryptocurrencies claim, cunning minds can exploit workarounds to steal from unsuspecting users. This risk is the price users pay when choosing the blockchain’s freedom over a centralized party.
However, if one is inclined to make cryptocurrencies an integral part of his or her life, this risk should not deter potential users. Implementing a set of security best practices can significantly improve one’s cryptocurrency safety, encouraging attackers to choose an alternative, more vulnerable targets.