While developing blockchain solutions and performing penetration testing on smart contracts, Apriorit needs to regularly investigate blockchain vulnerabilities. This provides us with a clear understanding that the blockchain isn’t really as secure as we tend to think.
Though security is integrated throughout all blockchain technology, even the strongest blockchains come under attack by modern cybercriminals. Apriorit experts have recently analyzed the attacks onCoincheck,Verge, and the Bancor exchange that have greatly undermined the reputation of the blockchain itself.
The blockchain can resist traditional cyber attacks quite well, but cybercriminals are developing new attacks specifically for hacking blockchain technology. Any technology has its attack vectors, and it seems like the blockchain is no exception. In this article, we describe the main attack vectors of blockchain technology and take a look at the most significant attacks to date.
Market Research Specialist
Contents:Blockchain network attacks
Smart contract attacks
Transaction verification mechanism attacks
Cybercriminals have already managed to misuse blockchains to perform malicious actions.Ransomware attacks like WannaCry and Petya wouldn’t have been so massive if attackers hadn’t received their reward in cryptocurrencies. Now, it looks like hackers consider exploiting blockchain security vulnerabilities as their main source of revenue.
By attacking such huge platforms as Bitcoin and Ethereum, cybercriminals show that they’re clever enough to disprove blockchain security. Before addressing how to counter the threats posed by hackers, let’s consider five blockchain features often targeted by cybercriminals:
- The blockchain network
- User wallets
- Smart contracts
- Transaction verification mechanisms
- Mining pools
Blockchain network attacks
The blockchain network includes nodes that create and run transactions and provide other services. For instance, the Bitcoin network includes nodes that send and receive transactions and miners that add approved transactions into the blocks. Cybercriminals look for network vulnerabilities and exploit them with the following attacks on blockchain networks.
Distributed denial of service
Distributed denial of service (DDoS) attacks are hard to execute on a blockchain network. Still, blockchain technology is susceptible to DDoS attacks and these attacks are actually the most common type on blockchain networks. When attacking a blockchain network, hackers intend to bring down a server by consuming all its processing resources with numerous requests. DDoS attackers aim to disconnect mining pools, e-wallets, crypto exchanges, and other financial services of the network. A blockchain can also be hacked with DDoS at its application layer when hackers use DDoS botnets. Bitcoin, along with other blockchain networks, takes measures to protect against DDoS attacks.
Transaction malleability attack
A transaction malleability attack is intended to trick the victim into paying twice. In the Bitcoin network, every transaction has a hash that is a transaction ID. If attackers manage to alter the transaction ID, they can try to broadcast a transaction with a changed hash to the network and have it confirmed before the original transaction. The sender will believe their initial transaction has failed, while the funds will still be withdrawn from their account. And if the sender repeats the transaction, they’ll spend the same amount twice. This hack is successful once the two transactions are confirmed by miners. MtGox , a Bitcoin exchange, went bankrupt as the result of a malleability attack in 2014.
Timejacking exploits a theoretical vulnerability in Bitcoin timestamp handling. During a timejacking attack, a hacker alters the network time counter of the node and forces the node to accept an alternative blockchain. This can be achieved when a malicious user adds multiple fake peers to the network with inaccurate timestamps. However, this attack can be prevented by restricting acceptance time ranges or using the node’s system time.
A routing attack can impact both individual nodes and the whole network. The idea of this hack is to tamper with transactions before pushing them to peers. It’s nearly impossible for other nodes to detect this tampering as the hacker divides the network into partitions that are unable to communicate with each other. Routing attacks actually consist of two separate attacks:
- A partition attack, which divides the network nodes into separate groups
- A delay attack, which tampers with propagating messages and sends them to the network
A Sybil attack is arranged by assigning several identifiers to the same node. Blockchain networks have no trusted nodes, and every request is sent to a number of nodes.
Figure 1. Sybil attack
During a Sybil attack, a hacker takes control of multiple nodes in the network. Then the victim is surrounded by fake nodes that close up all their transactions. Finally, the victim becomes open to double-spending attacks. A Sybil attack is quite difficult to detect and prevent, but the following measures can be effective: increasing the cost of creating a new identity, requiring some type of trust for joining the network, or considering user power based on reputation .
An eclipse attack requires that a hacker control a large number of IP addresses or have a distributed botnet. Then the attacker overwrites the addresses on the tried table of the victim node and waits until the victim node is restarted. After restarting, all outgoing connections of the victim node will be redirected to the IP addresses controlled by the attacker. This makes the victim unable to obtain transactions they’re interested in. Researchers from Boston University initiated an eclipse attack on the Ethereum network and managed to do it using just one or two machines.
User wallet attacks
Actually, blockchains and cyber security come together like salt and pepper until people interact with them. It may sound surprising, but blockchain users pose the greatest security threat. People tend to overestimate the security of the blockchain and overlook its potential attack vectors. User wallet credentials are the main target for cybercriminals. Hackers try to use both traditional methods like phishing and dictionary attacks and new sophisticated methods like finding weaknesses in cryptographic algorithms. Here’s an overview of the most common ways of attacking user wallets.
A recent attack on IOTA wallets was initiated with iotaseed.io (now offline), a fake online seed generator. Hackers conducted a phishing campaign with this service and collected logs with secret seeds. As a result, in January 2018 hackers successfully stole more than $4 million worth of IOTA from victims’ wallets.
During these attacks, hackers attempt to break a victim’s cryptographic hash and salt. They pick at hash values of common passwords like password1 . By translating clear text passwords to a cryptographic hash, attackers can find the credentials to wallets.
Blockchain networks use various cryptographic algorithms to create user signatures, but these technologies may also have vulnerabilities. For example, Bitcoin uses the ECDSA cryptographic algorithm to automatically generate unique private keys. However, it appears that ECDSA has insufficiententropy, which can result in the same random value in more than one signature. IOTA also faced cryptographic problems with its old Curl hash function .
Flawed key generation
Exploiting vulnerabilities in key generation, the hacker known as Johoe got access to private keys provided by Blockchain.info in December 2014. The attack happened as the result of a mistake that appeared during a code update and resulted in poor randomness of inputs for generating public user keys. Though this vulnerability was quickly mitigated, the flaw is still possible with the ECDSA algorithm.
Attacks on cold wallets
Hardware wallets, or cold wallets, can also be hacked. For instance, researchers have recently initiated an Evil Maid attack by exploiting bugs in the Nano S Ledger wallet. As a result of this hack, researchers obtained the private keys as well as the PINs, recovery seeds, and passphrases of victims.
Attacks on hot wallets
Hot wallets are internet-connected apps used for storing private cryptographic keys. Though owners of cryptocurrency exchanges claim that they keep their user data in wallets disconnected from the web, a recent $500 millionattack on Coincheck has proved that this isn’t always true.
Smart contract attacks
Apriorit has teams working on smart contract development and penetration testing. We’ve already accumulated rich experience in analyzing and avoiding vulnerabilities in smart contracts based onthe Ethereum,EOS, andNEO platforms. The main blockchain security issues associated with smart contracts relate to possible bugs in source code, a network’s virtual machine, the runtime environment for smart contracts, and the blockchain itself. Let’s look closer at each of these attack vectors.
Vulnerabilities in contract source code
If a smart contract has vulnerabilities in its source code, it poses a risk to parties that sign the contract. For instance, bugs discovered in an Ethereum contract cost its owners $80 million in 2016. One of the common vulnerabilities in Solidity opens up a possibility to delegate control to untrusted functions from other smart contracts known as reentrancy attack. During this attack, a contract A calls a function from a contract B that has an undefined behavior. In its turn, the contract B can call a function from the contract A and use it for malicious purposes.
Vulnerabilities in virtual machines
The Ethereum Virtual Machine (EVM) is a distributed stack-based computer where all smart contracts of Ethereum-based blockchains are executed. The most common vulnerabilities of the EVM are the following:
- Immutable defects — Blockchain blocks are immutable by nature, which means that once a smart contract is created it can’t be changed. But if a smart contract contains any bugs in its code, they also are impossible to fix. There’s a risk that cybercriminals can discover and exploit code vulnerabilities to steal Ether or create a new fork, as happened with the DAO attack .
- Cryptocurrency lost in transfer — This is possible if Ether is transferred to an orphan address that doesn’t have any owner or contract.
- Bugs in access control — There’s a missed modifier bug in Ethereum smart contracts that allows a hacker to get access to sensitive functionality in the contract.
- Short-address attack — This is possible because the EVM can accept incorrectly padded arguments. Hackers can exploit this vulnerability by sending specifically crafted addresses to potential victims. For instance, during a successful attack on the Coindash ICO in 2017, a modification to the Coindash Ethereum address made victims send their Ether to the hacker’s address.
Generally, smart contracts represent a new blockchain attack vector that hackers can compromise by applying other methods that are typical for compromising blockchain technology, including DDoS, eclipse, and various low-level attacks.
However, younger blockchains such as Cardano and Zilliqa use different virtual machines: IELE, KEVM, and others. These new blockchains claim to guarantee smart contract security within their protocols .
Transaction verification mechanism attacks
Unlike financial institutions, blockchains provide transaction confirmation only after all nodes in the network are in agreement. Until a block with a transaction is verified, the transaction is classified as unverified. However, verification takes a certain amount of time, which creates a perfect vector for cyberattacks.
Double-spending is a common blockchain attack exploiting the transaction verification mechanism. All transactions on a blockchain need to be verified by other users in order to be recognized as valid, which takes some time. Attackers can use this delay to their advantage and trick the system into using the same coins or tokens in different transactions.
Figure 2. A double-spending attack
Here are the most common types of attacks that are based on exploiting the intermediate time between a transactions initiation and confirmation.
A Finney attack is possible when one transaction is pre-mined into a block and an identical transaction is created before that pre-mined block is released to the network, thereby invalidating the second identical transaction.
A race attack is executed when an attacker creates two conflicting transactions. The first transaction is sent to the victim, who accepts the payment and sends the product without waiting for confirmation of the transaction. At the same time, a conflicting transaction returning the same amount of cryptocurrency to the attacker is broadcast to the network, eventually making the first transaction invalid.
Vector76 is a combination of two previous attacks. In this case , a malicious miner creates two nodes, one of which is connected only to the exchange node and the other of which is connected to well-connected peers in the blockchain network. After that, the miner creates two transactions, one high value and one low value. Then, the attacker pre-mines and withholds a block with a high-value transaction to an exchange service. After a block announcement, he quickly sends the pre-mined block directly to the exchange service. It along with some miners will consider the pre-mined block as the main chain and confirm this transaction. Thus, this attack exploits the fact that one part of the network sees the transaction the attacker has included into a block while the other part of the network doesn’t see this transaction. After the exchange service confirms the high-value transaction, the attacker sends a low-value transaction to the main network that finally rejects the high-value transaction. As a result, the attacker’s account is deposited on the amount of the high-value transaction. Though there’s a high chance for success with this attack, it’s not a common one because it requires a hosted e-wallet that accepts the payment after one confirmation and a node with an incoming transaction.
Alternative history attack
An alternative history attack may happen even in the case of multiple confirmations but requires a huge amount of computing power from the hacker. In this case , the malicious user sends a transaction to the seller and at the same time mines an alternative fork with another transaction that returns the same coins. Even if the seller sends their product after n confirmations, they may lose money if the attacker releases a longer chain and gets their coins back.
51% or majority attack
A majority attack is possible when a hacker gets control of 51% of the network hash rate and creates an alternative fork that finally takes precedence over existing ones. This attack was initially the only known blockchain vulnerability and seemed unrealistic in the near past. However, at least five cryptocurrencies —Verge, ZenCash, Monacoin, Bitcoin Gold, and Litecoin Cash — have already suffered from 51% attacks. In each of these cases, cybercriminals collected enough hashing power to compromise the network and pocket millions of dollars.
Figure 3. Majority attack
Unfortunately, all small cryptocurrencies are still at risk. Since they attract fewer miners, attackers can just rent computing power to create a majority share of the network. The developers of Crypto51 have tried to draw attention to the potential risks of hacking smaller cryptocurrencies. Their website shows the expected costs of a 51% attack on various blockchains.
Possible measures for preventing double-spending attacks include monitoring received transactions during a listening period, forwarding double-spending attempts, inserting other nodes to observe transactions, and rejecting direct incoming connections.
Moreover, there’s an innovative technology called the lightning network that’s designed to solve the problem of exploiting weaknesses in the transaction verification mechanism. This network allows users to instantly verify transactions through a network of bidirectional payment channels without delegating custody of funds. However, it’s still susceptible to DDoS attacks, one of which already happened in March 2018.
Mining pool attacks
Miners often unite their computing power, creating a mining pool. This allows them to mine more blocks and thus receive a share of the reward. For major cryptocurrencies like Bitcoin, it becomes really impossible for individual miners to earn a profit, so they unite their computing power by creating mining pools. Currently, the largest Bitcoin mining pools are BTC.com, AntPool, and ViaBTC. Together, they obtain more than 52 percent of all the hash rate of the Bitcoin network according to Blockchain.com .
Mining pools represent a sweet target. Malicious miners try to get control over mining pools both internally and externally by exploiting vulnerabilities in the blockchain consensus mechanism.
Here’s a list of the most common attacks on mining pools.
Selfish mining refers to the attempts of a malicious miner to increase their share of the reward by not broadcasting mined blocks to the network for some time and then releasing several blocks at once, making other miners lose their blocks. Possible measures for preventing this type of attack may be random assignment of miners to various branches of pools, preferring the block with a more recent timestamp, or generating blocks within a maximum acceptable time. This type of attack is also known as block withholding.
Figure 4. Selfish mining attack
As a result of a selfish mining attack on the Eligius pool in 2014, miners lost 300 BTC. This type of selfish mining has high chances of success and may happen with all cryptocurrencies. Possible preventive measures against selfish mining may be registering only trusted miners or making changes to the existing Bitcoin protocol to hide the difference between a partial Proof-of-Work and full Proof-of-Work.
Fork-after-withhold (FAW) is a variation of selfish mining that turns out to be more rewarding for the attackers. During an FAW attack, the malicious miner hides a winning block and either discards it or releases it later to create a fork, depending on the situation. The concept of this attack was explicitly described by a group of researchers led by Ujin Kwon.
The blockchain is a relatively new technology that has bugs and vulnerabilities. Though blockchain popularity is on the rise, an increasing number of cyber attacks on blockchains may slow down this process. Most of these attacks can be avoided by increasing blockchain users’ awareness of vulnerabilities, while some can be prevented only with professional expertise.
Apriorit has a team of professionals who are constantly exploring security vulnerabilities in blockchain and working on developing highly protected blockchain solutions. Read more about how to mitigate or avoid newly discovered blockchain vulnerabilities on ourblockchain blog or contact us directly with your specific questions.