Blockchain technology is being implemented in lots of innovative applications, together with cryptocurrencies, financial systems, communication systems, IoT, health care, censorship resistance, smart contracts, digital voting, and distributed provenance.
Attackers skilled a distributed denial-of-service (DDoS) attack to Bitfinex crypto currency exchange that caused its temporary suspension in June 2017. Until now several exchanges of Bitcoin and Ethereum have additionally suffered from DDoS attacks and DNS attacks. This attacks seriously hampering the service availability to the users. Such attacks can be cause devaluation of the cryptocurrency, loss of mining rewards, or even closure of cryptocurrency exchanges.
The security of Blockchain systems is important for their sustainability by potential investors. Investors take the security of crypto currency into account when studying the risks associated with their investments and use of this technology.
In this article, I will share how these attacks can compromise Blockchain technology. Blockchain peer-to-peer architecture actually face off to several attacks including DDoS attacks, selfish mining, the majority attack (51%), DNS attacks, eclipse attacks and consensus delay. Let’s briefly examine these potential attack surfaces.
A. Distributed Denial of Service Attacks
One of the most not unusual attacks on online services is the distributed denial-of-service (DDoS) attack. Blockchain technology, and regardless of being a peer-to-peer system, continues to be liable to DDoS attacks. Blockchain-based applications, together with Bitcoin and Ethereum, have repeatedly suffered from these attacks. DDoS attacks show up themselves in a number of approaches, relying upon the application nature, network structure, and peer’s conduct. as an instance, inside the Bitcoin network, the 51% attack can cause denial-of-service. specifically, if a collection of miners accumulates a huge hashing power, they are able to save you other miners from adding their mined blocks to the Blockchain, invalidate ongoing transactions, and motive service failure within the network. Intentional forks; forks that are the result of malicious behavior; can turn into difficult forks, resulting in similar outcomes of denial-of-service.
B. Selfish Mining Attacks
The selfish mining attack is an approach opted by way of positive miners who try to increase their rewards by intentionally keeping their blocks private.
To begin with, the selfish miner tries to increase the longest chain, as they’s presupposed to. However, when they generated a block, they continue it secret rather than publishing it, and then attempts to increase it further, forming a secret branch.
Meanwhile, the opposite miners enlarge the public chain, on the way to ultimately grow to be longer considering the fact that they may be the majority. The selfish miner maintains to increase her secret branch until the public chain is one step in the back of. Then they publish her secret chain.
Because the secret chain is longer, the other events keep in mind it the principle chain, so now anyone is following the selfish miner’s blocks. The blocks generated with the aid of the opposite miners are for this reason pruned – omitted and confer no reward to their creators. as soon as the general public Blockchain starts off evolved approaching the duration of their private chain, selfish miners release their blocks to say block rewards. Having first-rate mining power may additionally further help selfish miners win the block race.
Selfish mining attacks can produce unwanted results for the rest of the network by using invalidating the blocks of honest miners who make a contribution to the Blockchain. Moreover, all the transactions inside the honest miner’s block additionally get rejected.
C. The Majority Attacks
The majority attack also called the 51% attack in Blockchain-based packages that can be exploited whilst a single attacker, a set of Sybil nodes, or a mining pool in the network attains the majority of the network’s hash price to manipulate the Blockchain.
With majority of network’s hash rate, the attackers are able to prevent transactions or blocks from being tested, reverse transactions at some point of the time they may be in control to allow double-spending, fork the main Blockchain and split the network, and prevent different miners (verifiers) from finding any blocks for a short period of time.
Under race conditions, the attackers with over 50% hash rate are guaranteed to overtake different miners and append their blocks within the Blockchain with excessive probability. Additionally, those blocks can possibly have fraudulent or double spent transactions. If an attacker performs a transaction in exchange for any product with X, it is able to mirror the identical transaction with Y and placed it at the block. Transactions on Blockchains are not reversible, and only one transaction may be taken into consideration valid.
D. Network Attacks
Blockchain packages are decentralized and use peer-to-peer network architecture as the medium of communication between the network entities. The attacks associated to the Blockchain network encompass amongst others, the DNS attacks, spatial partitioning, and Eclipse attacks. For each of those attacks, the purpose of the attacker is to limit their get right of entry to the community resources, isolate users and miners from the actual network, or create partition in the network and placed into impact conflicting rules the various peers.
E. DNS Attacks
Whilst a node joins the Bitcoin network for the primary time, it isn’t aware about the active peers in the network. To discover the active peers (diagnosed through their IP addresses) in the network, a bootstrapping mechanism is needed. The domain name system (DNS) can be used as a bootstrapping mechanism, and DNS seeds are queried with the aid of nodes upon joining the network to acquire in addition information about other active peers.
It has been noted in Bitcoin systems that the DNS opens a huge attack surface to the Bitcoin networks in well-known. Namely, the DNS resolution is vulnerable to man-in-the-middle attacks (on the resolver side), cache poisoning, and stale records, amongst many others. For this attack, an adversary can either inject an invalid listing of seeder nodes in the open source Blockchain software program, or poison DNS cache on the resolver.
F. Eclipse Attacks
Blockchain’s peer-to-peer system is also vulnerable to a form of attack known as the eclipse attack, wherein a collection of malicious nodes isolates its neighboring nodes using IP addresses, thereby compromising their incoming and outgoing traffic. as an example, in Bitcoin, a node can actively connect with all the other nodes in the network, forming a node cluster. inside the node cluster, every peer is aware of the IP address of all different peers. With sufficient compromised nodes in a cluster, the attacker can isolate honest nodes and change their Blockchain view. He can manipulate their incoming and outgoing visitors and feed them with fake information regarding Blockchain and transactions.
G. Consensus Delay Attacks
Another attack related to the peer-to-peer nature structure is the consensus delay. in this attack, an attacker may inject false blocks to add latency or save you peers from achieving consensus about the state of the Blockchain. The sybil nodes also can send bogus signatures to the opposite replicas all through the prepare phase and the commit phase. due to the fact that every duplicate is then required to verify signatures, therefore, bogus signatures will purpose extra verification overhead. If the sybils retain to send such signatures, they are able to stall the completion of the commit phase and ultimately cause a delay inside the reply section. As an end result, the primary will now not receive the desired number of approvals for the transaction verification. this could motive consensus delay and reduce the throughput of the application.