Blockchain Security Attacks
Though security is integrated throughout all blockchain technology, even the strongest blockchains come under attack by modern cybercriminals. The blockchain can resist traditional cyber attacks quite well, but cybercriminals are developing new attacks specifically for hacking blockchain technology. Take a look at the most significant attacks to date:
Peer-to-Peer Network-based Attacks
Eclipse attack – An Eclipse Attack is a means of attacking a decentralized network through which an attacker seeks to isolate and attack a specific user(s), rather than attack the whole network (as in a Sybil Attack).
Sybil attack – While the Eclipse attack is about eclipsing a user’s view of the true ledger, the Sybil attack targets the whole network. In a Sybil attack, an attacker will flood the network with large number of nodes with pseudonymous identity and try to influence the network.
Consensus Mechanism and Mining-based Attacks
Selfish mining attack – these attacks occur when an individual in a mining pool attempts to withhold a successfully validated block from being broadcast to the rest of the mining pool network. After the selfish miner withholds their successfully mined block from the group, they continue to mine the next block, resulting in the selfish miner having demonstrated more Proof of Work compared to other miners in the mining pool. This allows the selfish miner to claim the block rewards (and financial rewards) while the rest of the network adopts their block solutions.
Mining malware – Malware uses the computing power of unsuspecting victims’ computer to mine cryptocurrencies for hackers. China reported that over a million computers were infected by this malware and helped attackers mine more than 26 million tokens of various cryptocurrencies.
51% attack – A 51% attack or double-spend attack is a miner or group of miners on a blockchain trying to spend their crypto’s on that blockchain twice. They try to ‘double spend’ them, hence the name. The goal of this isn’t always to double spend crypto’s, but more often to cast discredit over a certain crypto or blockchain by affecting its integrity.
Race attack – A race attack is executed when an attacker creates two conflicting transactions. The first transaction is sent to the victim, who accepts the payment and sends the product without waiting for confirmation of the transaction. At the same time, a conflicting transaction returning the same amount of cryptocurrency to the attacker is broadcast to the network, eventually making the first transaction invalid.
Finney attack – A Finney attack is when one transaction is pre-mined into a block and an identical transaction is created before that pre-mined block is released to the network, thereby invalidating the second identical transaction.
Smart Contract-based Attacks
If a smart contract has vulnerabilities in its source code, it poses a risk to parties that sign the contract. The most notable attack remains the Decentralized Autonomous Organization (DAO), one of crypto’s most highly anticipated projects of all time.
Hardware wallets, or cold wallets, can also be hacked. For instance, researchers have initiated an Evil Maid attack by exploiting bugs in the Nano S Ledger wallet. As a result of this hack, researchers obtained the private keys as well as the PINs, recovery seeds, and passphrases of victims.