No technology can be 100% secure, and blockchain technology is no exception. Attacks on distributed databases differ in how they are hacked: the goal is a consensus mechanism that allows you to change the information entered in the blockchain ledger.
Before our eyes, the wonderful blockchain world of information, where everyone has the opportunity to move to the other side of the globe in one click, is turning into a dangerous path, where any step must be verified and thought out in advance. Blockchain technology, which is just beginning to gain popularity, is perceived by many people as a panacea. They are waiting for the full implementation of the new technology to be able to breathe easily again because the trust factor will completely disappear.
1. Attack 51%
The most common threat to the blockchain network is the 51% attack. The attack’s name is an analogy with a controlling stake in a business. The problem is in the Proof-of-Work protocol, which is used by such projects as Bitcoin, Litecoin, Monero, and others: the attack involves the cooperation of more than half of the owners of all the computing equipment turned on.
Vulnerability to a 51% attack is a kind of cryptocurrency and a fatal disease. When there is little confidence in the new currency, generating capacities are still negligible, and it is possible to raise funds necessary for an attack without much difficulty. Of course, no economic benefit can be extracted at this stage, but it is possible, for example, to “kill a competitor.”
A 51% is on a blockchain network in which attackers gain control of 51 percent or more of the network’s hash rate. This allows hackers to:
- stop adding new data to the block, preventing other miners from generating blocks;
- collect rewards for adding new partnerships, as well as user commissions for transactions;
- exclude or change the order, rewrite transaction history or private keys;
- prevent confirmation of some (or all) transaction history (bitcoin transactions), money, and blocks;
- cancel your transactions, which allows you to spend the same coins several times (the so-called double spending);
- block the work of other bona fide miners and prevent them from mining new coins;
- create your version of the blockchain system (that is, hard fork the original network).
An eclipse attack is a relatively simple attack that an attacker can carry out to interfere with the operation of network nodes. As the name suggests, the episode’s purpose is to distort the participant’s information about the state of the peer-to-peer network to cause general breaches or prepare the web for more complex attacks.
In an eclipse attack, the hackers seek to ensure that all victim connections are made through hosts controlled by the hackers. Therefore, it surrounds the target with controlled IP addresses that the victim will likely connect to when the software is restarted. The restart can either be forced (for example, via a DDoS attack on the smart contracts) or due to arbitrary circumstances, in which case the hackers wait.
With enough IP addresses, hackers can “shadow” any node or smart contract. The most obvious way to prevent this is to block incoming connections and only make outgoing connections to certain nodes (whitelisted by other peers). However, as noted in the study, this approach cannot be scalable. If all participants adhere to such tactics, new nodes will not be able to connect to the network or blockchain protocol.
3. Sybil Attack
A Sybil in peer-to-peer networks is an attack by an attacker in which the victim connects only to those nodes that the attacker controls.
The attacker creates new nodes in the peer-to-peer network, which gradually “surround” the attacked node. Since each node stores and updates its own “ranking” of neighboring nodes, after a while it trusts more those who have provided it with data for longer and better. It costs nothing to create a new node ID in a peer-to-peer network, so hackers can implement different “encirclement” strategies, creating new IDs faster than network defenders discover them. Once a host receives data only from hosts controlled byhackers, the hackers may begin to provide false data to the host. Although the initial cost of an attack may not be immediately obvious (lock capital -> execute attack -> get staked after a certain period), it is assumed that the PoS model works because:
- the amount of capital that hackers can bet is limited since the sum of the attacker’s stake plus all other stakes cannot exceed the total turnover;
- by performing a Sybil, hackers devalue the public trust (and value) of the underlying protocol/digital assets/system, thereby reducing or eliminating any profitability of the attack.
4. Vector Attack 76
Vector Attack 76 is a double-spend attack that uses a small bug in the Bitcoin consensus system to launch. As a result, hackerscan steal funds of smart contracts and cause damage to their victims.
Despite advanced technologies, including blockchain, they have attack vectors that cybercriminals can use to their advantage. One of the least known of these attacks in the cryptocurrency world is the Vector Attack 76.
This attack allows hackers to include a double spend transaction in one block and use it to their advantage. This is achieved by sending a self-generated block to the network to confirm that the block is valid. Thus, an hackerscan seize a certain amount of funds before the network becomes aware of the problem.
How does Vector Attack 76 work?
This attack is based on Finny’s attack. Its main purpose is exchanges or exchange offices where attackers can buy and sell their cryptocurrencies and tokens without being quickly detected.
The blockchain technology world will continue to be subject to cyberattacks and security breaches in 2022. Most of the attacks will target the rapidly growing DeFi sector, which is still struggling with flawed systems and inadequate human capital. At the same time, the increased value of crypto assets will encourage attackers to target users through social engineering techniques. Meanwhile, tighter regulation will force companies to invest in cybersecurity and spur growth and innovation in the sector.
Therefore, in addition to understanding the potential use cases and tokenomics of your favorite blockchain projects, it is also important to take the time to understand the underlying consensus mechanisms that underlie blockchain transactions.
Does not affect the theoretical possibility, but in practice, due to routing between shards, it will be more difficult for users to program such an attack.
The 51% attack affects security holes, PoW, and PoS smart contracts algorithms.
The most attacked application area of the blockchain turned out to be exchanged. The reasons for blockchain hacking are quite simple – there is something for attackers to profit from. In second place in the frequency of hacking after exchanges are wallets, to steal money.
While eclipse attacks are few and far between, it cannot be denied that they can do much damage. Such manipulation of the network and exploitation of node influence can lead to loss of funds and even to a hostile takeover of the network. Hopefully, the peer-to-peer network structure will continue to prevent this type of attack in the long run.