Blockchain Attacks Explained: Understanding Network Vulnerabilities

Based on principles of cryptography, decentralization and consensus, blockchain technology offers one of the strongest securities against traditional cyber attacks. However, it is not foolproof, even the strongest blockchains like Bitcoin and Ethereum have inherent vulnerabilities due to their infrastructure. In this article, we will look at the different types of attacks possible on a blockchain.

51% Attack

What is a 51% Attack?

A 51% attack, also known as a majority attack, is when a single person or a coordinated group controls over 50% of the hashing power on proof-of-work blockchains OR more than half of the validating power (staked cryptocurrencies) on proof-of-stake blockchains.

How does a 51% Attack work?

Since transactions on a blockchain are validated via consensus, owning 51% of the blockchain’s hashing power or staked crypto gives the attacker majority rule, effectively allowing them to take control of the network. In such a scenario, the attacker has the final say in the validation process, even if the other 49% are against it. This potentially causes network disruption in a number of ways:

  • The attacker could reverse their own transactions, leading to a double-spending problem.
  • They could rewrite parts of the blockchain protocol, deliberately modifying the ordering of certain transactions.
  • They can even prevent some or all transactions from being confirmed, denying other miners or validators from earning rewards, which results in a monopoly.

Limitations of a 51% Attack

On the other hand, a 51% attack does have its limits in the amount of disruption it can cause. While the attacker could reverse their own transaction, they cannot reverse other users’ transactions on the network. Moreover, given the immutable nature of the blockchain, the attacker cannot alter the functionality of block rewards nor create coins out of thin air (unless there is a bug in the smart-contract coding).

How likely will a 51% Attack happen?

While possible, a 51% attack is unlikely as it is extremely expensive to execute. Owning more than half of the network’s computing power or staked crypto could potentially cost millions or billions of dollars depending on the user population of the blockchain. This is why the bigger the network, the stronger the protection. A majority attack is virtually impossible to occur in leading blockchains such as Bitcoin, Ethereum and Binance Smart Chain.

But it is worth noting that the blockchain should be truly decentralized, on top of having a large userbase. This is because organizing a 51% attack would most likely be a coordinated effort. If several malicious actors collude and pool their resources together, then the network would be more centralized, which could potentially lead to a majority attack. This is more prevalent amongst smaller altcoin blockchains. Ethereum Classic (ETC), Bitcoin Gold (BTG), and Verge (XVG) were notable victims of the 51% attack.

Sybil Attack

What is a Sybil Attack?

A Sybil attack is when an attacker uses a single node to create and operate multiple fake accounts in order to gain disproportionate influence over decisions made in the network. It is a smaller variation of a 51% attack. The main difference is that a Sybil attack largely focuses on manipulating the number of accounts or nodes rather than already owning them. It also targets smaller areas in the blockchain, whereas a 51% attack is capable of taking over the entire network. However, in some cases, a successful large-scale Sybil attack can transition to a 51% attack.

The word “Sybil” derives from a case study about a woman named Sybil Dorsett, who was diagnosed with a Dissociative Identity Disorder, also known as Multiple Personality Disorder.

How does a Sybil Attack work?

A Sybil attack is quite difficult to detect and prevent, because most public blockchains do not have trusted nodes due to its decentralized nature. This means that the system perceives all nodes and accounts as real, even the fake ones. There are two scenarios of a Sybil attack:

  1. By creating numerous fake identities (or Sybil identities), the attacker will have enough capacity to out-vote the honest nodes on the network, allowing them to perform unauthorized actions in the system.
  2. The attacker can also control the flow of information in a network. If the attacker manages to obtain information about your IP address, they can create many fake nodes to surround you. They can then prevent you from receiving or transmitting blocks, effectively blocking you from using the network.

How to prevent Sybil Attacks?

Although a lot of time and research went into figuring out a way to detect and prevent Sybil attacks, there is still no guaranteed defense as of today. But there are some ways to help mitigate Sybil attacks:

  1. Identity validation techniques such as phone number, credit card or IP address verification can help reveal the true identity of hostile entities. This is a secure way to suss out fake accounts or bots for most types of peer-to-peer networks. However, this relies on a central authority to perform these identity validations which sacrifices anonymity for accountability. Moreover, this means that the validation authority could become a target for attack.
  2. Social trust graphs, on the other hand, can limit the extent of damage by a specific Sybil attacker, while maintaining anonymity. You can analyze connectivity data in social graphs like SybilGuard or SybilLimit to identify suspected Sybil clusters in distributed systems. But this technique is not perfect either, as small-scale Sybil attacks are more difficult to detect.

Blockchain Denial of Service Attack (BDoS)

Denial of Service Attack (DoS)

Before we go into Blockchain Denial of Service attacks (BDoS), let’s take a look at its predecessors.

Traditionally, a Denial of Service attack (DoS) or a Distributed Denial of Service attack (DDoS) when multiple computers are involved, is a malicious attempt to disrupt real users’ access to a website or network service by overloading its servers with a massive amount of traffic, causing the website or application to slow down its functionality or even crash entirely.

But for blockchains, a DoS or DDoS attack is difficult to execute, especially if the network’s userbase is large and decentralized. This is because a decentralized network distributes computing power worldwide, eliminating single points of failure such as servers or apps. Even if several nodes are down, the blockchain is able to continue operating and validating transactions, unless…

What is a Blockchain Denial of Service Attack (BDoS)?

With the rise of blockchain technology, a new type of DoS attack emerged — a Blockchain Denial of Service attack (BDoS). These attacks focus on the protocol layer of a blockchain, usually PoW blockchains, with the biggest threat being transaction flooding.

Since most blockchains have a fixed block size, there is a limit to how many transactions can fit into a block. Attackers can exploit this by spamming transactions to the blockchain, filling the blocks to prevent legitimate transactions from being added to the chain. The legitimate transactions remain in the public mempool waiting for the next block.

When this happens, the throughput capacity of the network is drastically slowed down, and in some cases shut down. It happened to Solana in January 2022, where the network went offline for four hours as a result of a BDoS attack.

How to prevent a Blockchain Denial of Service Attack (BDoS)?

Penetration testing is a core security auditing process that helps identify potential vulnerabilities before the mainnet is deployed. By simulating in-dept attacks, penetration testing offers traffic analytics tools that can help blockchain developers spot some of the telltale signs of a DoS attack such as unusual traffic patterns from a single IP address or IP range.

In our previous article, we have covered some of the top blockchain security auditing firms that offer the best penetration testing services.