Blockchain Attack Vectors: Main Vulnerabilities Against Blockchain Technology

The blockchain isn’t really as secure as we tend to think. Though security is integrated throughout all blockchain technology, even the strongest blockchains come under attack by modern cybercriminals. Apriorit experts have already analyzed the attacks on Coincheck, Verge, and the Bancor exchange, which have greatly undermined the reputation of the blockchain itself.

Blockchains can resist traditional cyber attacks quite well, but cybercriminals are coming up with new approaches specifically for hacking blockchain technology. In this article, we describe the main attack vectors against blockchain technology and take a look at the most significant types of blockchain attacks to date.

Cybercriminals have already managed to misuse blockchains to perform malicious actions. Ransomware attacks like WannaCry and Petya wouldn’t have been so massive if attackers hadn’t received their rewards in cryptocurrencies. Now, it looks like hackers consider exploiting security vulnerabilities in blockchain as their main source of revenue.

In March 2019, white hat hackers found 43 bugs in various blockchain and cryptocurrency platforms in just 30 days. They even found vulnerabilities in such famous platforms as Coinbase, EOS, and Tezos.

However, weak spots are often challenging to detect, since they can be hidden in unobvious places. For instance, the Parity multisig wallet was hacked by breaking a library that had a withdraw function in it. The attacker managed to initialize the library itself as a wallet and claim owner rights to it. As a result, 573 wallets were affected, $30 million worth of crypto was stolen, and another $180 million rescued by a white hat hacker group was later returned to the rightful owners.

By attacking such huge networks as Bitcoin and Ethereum, cybercriminals show that they’re clever enough to disprove the myth of blockchain security. Let’s consider the five most common blockchain attack vectors:

1. Main blockchain attack types

A blockchain network includes nodes that create and run transactions and provide other services. For instance, the Bitcoin network is formed by nodes that send and receive transactions and miners that add approved transactions to blocks. Cybercriminals look for network vulnerabilities and exploit them with the following types of attacks.

Distributed denial of service

Distributed denial of service (DDoS) attacks are hard to execute on a blockchain network, but they’re possible.

When attacking a blockchain network using DDoS, hackers intend to bring down a server by consuming all its processing resources with numerous requests. DDoS attackers aim to disconnect a network’s mining pools, e-wallets, crypto exchanges, and other financial services. A blockchain can also be hacked with DDoS at its application layer using DDoS botnets.

In 2017, Bitfinex suffered from a massive DDoS attack. It was especially inconvenient for the IOTA Foundation, which had launched their IOTA token on the platform the day before Bitfinex informed users about the attack. Three years later, in February 2020, Bitfinex experienced another DDoS attack just a day after the OKEx cryptocurrency exchange noticed a similar attack.

Transaction malleability attacks

A transaction malleability attack is intended to trick the victim into paying twice. In the Bitcoin network, every transaction has a hash that’s a transaction ID. If attackers manage to alter a transaction’s ID, they can try to broadcast the transaction with a changed hash to the network and have it confirmed before the original transaction. If this succeeds, the sender will believe the initial transaction has failed, while the funds will still be withdrawn from the sender’s account. And if the sender repeats the transaction, the same amount will be debited twice. This hack is successful once the two transactions are confirmed by miners.

Mt. Gox, a Bitcoin exchange, went bankrupt as the result of a malleability attack in 2014. However, Bitcoin seems to have solved this issue by introducing the Segregated Witness (SegWit) process, which separates signature data from Bitcoin transactions and replaces it with a non-malleable hash commitment to each signature.

Timejacking

Timejacking exploits a theoretical vulnerability in Bitcoin timestamp handling. During a timejacking attack, a hacker alters the network time counter of the node and forces the node to accept an alternative blockchain. This can be achieved when a malicious user adds multiple fake peers to the network with inaccurate timestamps. However, a timejacking attack can be prevented by restricting acceptance time ranges or using the node’s system time.

Routing attacks

A routing attack can impact both individual nodes and the whole network. The idea of this hack is to tamper with transactions before pushing them to peers. It’s nearly impossible for other nodes to detect this tampering, as the hacker divides the network into partitions that are unable to communicate with each other. Routing attacks actually consist of two separate attacks:

1. A partition attack, which divides the network nodes into separate groups
2. A delay attack, which tampers with propagating messages and sends them to the network

Sybil attacks

A Sybil attack is arranged by assigning several identifiers to the same node. Blockchain networks have no trusted nodes, and every request is sent to a number of nodes.

During a Sybil attack, a hacker takes control of multiple nodes in the network. Then the victim is surrounded by fake nodes that close up all their transactions. Finally, the victim becomes open to double-spending attacks. A Sybil attack is quite difficult to detect and prevent, but the following measures can be effective: increasing the cost of creating a new identity, requiring some type of trust for joining the network, or determining user power based on reputation.

Eclipse attacks

An eclipse attack requires a hacker to control a large number of IP addresses or to have a distributed botnet. Then the attacker overwrites the addresses in the “tried” table of the victim node and waits until the victim node is restarted. After restarting, all outgoing connections of the victim node will be redirected to the IP addresses controlled by the attacker. This makes the victim unable to obtain transactions they’re interested in. Researchers from Boston University initiated an eclipse attack on the Ethereum network and managed to do it using just one or two machines.

Long range attacks on proof of stake networks

Long range attacks target networks that use the proof of stake (PoS) consensus algorithm, in which users can mine or validate block transactions according to how many coins they hold.

These attacks can be categorized into three types:

1. Simple — A naive implementation of the proof of stake protocol, when nodes don’t check block timestamps
2. Posterior corruption — An attempt to mint more blocks than the main chain in a given time frame
3. Stake bleeding — Copying a transaction from the honestly maintained blockchain to a private blockchain maintained by the attacker

When conducting a long-range attack, a hacker uses a purchased or stolen private key of a sizable token balance that has already been used for validating in the past. Then, the hacker can generate an alternative history of the blockchain and increase rewards based on PoS validation.

2. User wallet attacks

Actually, blockchains and cybersecurity go together like salt and pepper until people interact with them. It may sound surprising, but users pose the greatest blockchain security risks. People know about the use of blockchain in cybersecurity, and tend to overestimate the security of the blockchain and overlook its weaknesses. User wallet credentials are the main target for cybercriminals.

To obtain wallet credentials, hackers try to use both traditional methods like phishing and dictionary attacks and new sophisticated methods like finding weaknesses in cryptographic algorithms. Here’s an overview of the most common ways of attacking user wallets.

Phishing

In 2018, there was an attack on IOTA wallets initiated with iotaseed.io (now offline), a fake online seed generator. Hackers conducted a phishing campaign with this service and collected logs with secret seeds. As a result, in January 2018, hackers successfully stole more than $4 million worth of IOTA from victims’ wallets.

Dictionary attacks

During these attacks, a hacker attempts to break a victim’s cryptographic hash and salt by trying hash values of common passwords like password1. By translating clear text passwords to cryptographic hashes, attackers can find wallet credentials.

Vulnerable signatures

Blockchain networks use various cryptographic algorithms to create user signatures, but they may also have vulnerabilities. For example, Bitcoin uses the ECDSA cryptographic algorithm to automatically generate unique private keys. However, it appears that ECDSA has insufficient entropy, which can result in the same random value in more than one signature. IOTA also faced cryptographic problems with its old Curl hash function.

Flawed key generation

Exploiting vulnerabilities in key generation, the hacker known as Johoe got access to private keys provided by Blockchain.info in December 2014. The attack happened as the result of a mistake that appeared during a code update that resulted in poor randomness of inputs for generating public user keys. Though this vulnerability was quickly mitigated, the flaw is still possible with the ECDSA algorithm.

Attacks on cold wallets

Hardware wallets, or cold wallets, can also be hacked. For instance, researchers initiated an Evil Maid attack by exploiting bugs in the Nano S Ledger wallet. As a result of this hack, researchers obtained the private keys as well as the PINs, recovery seeds, and passphrases of victims.

One of the latest cold wallet attacks happened in 2019, when the UPbit cryptocurrency exchange was transfering funds to a cold wallet. This is a common way to freeze crypto when you’re expecting a cyberattack. The hackers managed to steal 342,000 ETH, apparently because they knew the timing of the transaction.

Attacks on hot wallets

Hot wallets are internet-connected apps for storing private cryptographic keys. Though owners of cryptocurrency exchanges claim they keep their user data in wallets disconnected from the web, a $500 million attack on Coincheck in 2018 proved this isn’t always true.

In June 2019, an attack on GateHub resulted in unauthorized access to dozens of native XRP wallets and the theft of crypto assets. Singapore-based crypto exchange Bitrue also experienced a hot wallet attack at almost the same time due to a system vulnerability. As a result, hackers managed to steal funds worth over $4.5 million in XRP and $237,500 in ADA.

3. Smart contract attacks

Apriorit has teams working on smart contract development and blockchain testing. We’ve already accumulated rich experience in analyzing and avoiding vulnerabilities in smart contracts based on the Ethereum, EOS, and NEO platforms. The main blockchain security issues associated with smart contracts relate to bugs in source code, a network’s virtual machine, the runtime environment for smart contracts, and the blockchain itself. Let’s look at each of these attack vectors.

Vulnerabilities in contract source code

If a smart contract has vulnerabilities in its source code, it poses a risk to parties that sign the contract. For instance, bugs discovered in an Ethereum contract cost its owners $80 million in 2016. One of the common vulnerabilities in Solidity opens up a possibility to delegate control to untrusted functions from other smart contracts, known as a reentrancy attack. During this attack, contract A calls a function from contract B that has an undefined behavior. In turn, contract B can call a function from contract A and use it for malicious purposes.

Vulnerabilities in virtual machines

The Ethereum Virtual Machine (EVM) is a distributed stack-based computer where all smart contracts of Ethereum-based blockchains are executed. The most common vulnerabilities of the EVM are the following:

• Immutable defects — Blockchain blocks are immutable by nature, which means that once a smart contract is created, it can’t be changed. But if a smart contract contains any bugs in its code, they also are impossible to fix. There’s a risk that cybercriminals can discover and exploit code vulnerabilities to steal Ether or create a new fork, as happened with the DAO attack.
• Cryptocurrency lost in transfer — This is possible if Ether is transferred to an orphaned address that doesn’t have any owner or contract.
• Bugs in access control — There’s a missed modifier bug in Ethereum smart contracts that allows a hacker to get access to sensitive functionality in a contract.
• Short address attack — This is possible because the EVM can accept incorrectly padded arguments. Hackers can exploit this vulnerability by sending specifically crafted addresses to potential victims. For instance, during a successful attack on the Coindash ICO in 2017, a modification to the Coindash Ethereum address made victims send their Ether to the hacker’s address.

Also, hackers can compromise smart contracts by applying other methods that are typical for compromising blockchain technology, including DDoS, eclipse, and various low-level attacks.

However, younger blockchains such as Cardano and Zilliqa use different virtual machines: IELE, KEVM, and others. These new blockchains claim to guarantee smart contract security within their protocols.

4. Attacks During Transaction Verification

Unlike financial institutions, blockchains confirm transactions only after all nodes in the network are in agreement. Until a block with a transaction is verified, the transaction is classified as unverified. However, verification takes a certain amount of time, which creates a perfect vector for cyberattacks.

Double-spending is a common blockchain attack during the transaction verification mechanism. All transactions on a blockchain need to be verified by users in order to be recognized as valid, which takes time. Attackers can use this delay to their advantage and trick the system into using the same coins or tokens in more than one transaction.

Here are the most common types of attacks based on exploiting the intermediate time between a transaction’s initiation and confirmation.

Finney attacks

A Finney attack is possible when one transaction is premined into a block and an identical transaction is created before that premined block is released to the network, thereby invalidating the second identical transaction.

Race attacks

A race attack in blockchain is executed when an attacker creates two conflicting transactions. The first transaction is sent to the victim, who accepts the payment (and sends a product, for instance) without waiting for confirmation of the transaction. At the same time, a conflicting transaction returning the same amount of cryptocurrency to the attacker is broadcast to the network, eventually making the first transaction invalid.

Vector76

Vector76 is a combination of two previous attacks. In this case, a malicious miner creates two nodes, one of which is connected only to the exchange node and the other of which is connected to well-connected peers in the blockchain network. After that, the miner creates two transactions, one high-value and one low-value. Then, the attacker premines and withholds a block with a high-value transaction from an exchange service. After a block announcement, the attacker quickly sends the premined block directly to the exchange service. It along with some miners will consider the premined block as the main chain and confirm this transaction. Thus, this attack on blockchain exploits the fact that one part of the network sees the transaction the attacker has included into a block while the other part of the network doesn’t see this transaction.

After the exchange service confirms the high-value transaction, the attacker sends a low-value transaction to the main network, which finally rejects the high-value transaction. As a result, the attacker’s account is credited the amount of the high-value transaction. Though there’s a high chance for success with this type of attack, it’s not common because it requires a hosted e-wallet that accepts the payment after one confirmation and a node with an incoming transaction.

Alternative history attacks

An alternative history attack — also called a blockchain reorganization attack — may happen even in the case of multiple confirmations but requires a huge amount of computing power from the hacker. In this case, a malicious user sends a transaction to a recipient and at the same time mines an alternative fork with another transaction that returns the same coins. Even if the recipient considers the transaction valid after n confirmations and sends a product, for instance, the recipient may lose money if the attacker releases a longer chain and gets the coins back.

One of the latest blockchain reorganization attacks happened to Ethereum Classic in August 2020 when a miner used old software and lost access to internet access for a while when mining. A reorganization happened when two versions of the blockchain competed for validity from nodes in the network and resulted in about a 3000-block insertion.

51% or majority attacks

A majority attack is possible when a hacker gets control of 51% of the network hash rate and creates an alternative fork that finally takes precedence over existing forks. This attack was initially the only known blockchain vulnerability and seemed unrealistic in the near past. However, at least five cryptocurrencies — Verge, ZenCash, Monacoin, Bitcoin Gold, and Litecoin Cash — have already suffered from 51% attacks. In each of these cases, cybercriminals collected enough hashing power to compromise the network and pocket millions of dollars.

The recent 51% attack on Ethereum Classic (ETC) that happened in August 2020 resulted in approximately $5.6 million worth of the ETC cryptocurrency being double-spent. Apparently, the hacker had good knowledge of the ETC protocol and managed to mine 4,280 blocks over four days until the platform noticed an attack. Just five days after the incident, ETC suffered from a second 51% attack, in which a miner conducted a 4,000-block network reorganization.

Unfortunately, all small cryptocurrencies are still at risk of majority attacks. Since these cryptocurrencies attract fewer miners, attackers can just rent computing power to gain a majority share of the network. The developers of Crypto51 have tried to draw attention to the potential risks of hacking smaller cryptocurrencies. Their website shows the expected costs of a 51% attack on various blockchains.

Possible measures for preventing double-spending attacks include monitoring received transactions during a listening period, forwarding double-spending attempts, inserting other nodes to observe transactions, and rejecting direct incoming connections.

Moreover, there’s an innovative technology called the lightning network that’s designed to solve the problem of exploiting weaknesses in the transaction verification mechanism. This network allows users to instantly verify transactions through a network of bidirectional payment channels without delegating custody of funds. However, it’s still susceptible to DDoS attacks, one of which already happened in March 2018.

5. Mining pool attacks

For major cryptocurrencies like Bitcoin, it has become impossible for individual miners to earn a profit, so miners unite their computing power by creating mining pools. This allows them to mine more blocks and each receive a share of the reward. Currently, the largest Bitcoin mining pools are BTC.com, AntPool, and ViaBTC. Together, they represent more than 52 percent of the total hash rate of the Bitcoin network according to Blockchain.com.

Mining pools represent a sweet target. Malicious miners try to get control over mining pools both internally and externally by exploiting common web application vulnerabilities in the blockchain consensus mechanism.

Here are the most common attacks on mining pools.

Selfish mining

Selfish mining refers to the attempts of malicious miners to increase their share of the reward by not broadcasting mined blocks to the network for some time and then releasing several blocks at once, making other miners lose their blocks. Possible measures for preventing this type of attack are random assignment of miners to various branches of pools, preferring the block with a more recent timestamp, and generating blocks within a maximum acceptable time. This type of attack is also known as block withholding.

As a result of a selfish mining attack on the Eligius pool in 2014, miners lost 300 BTC. Selfish mining has high chances of success and may happen with all cryptocurrencies. Possible preventive measures against selfish mining include registering only trusted miners and making changes to the existing Bitcoin protocol to hide the difference between a partial proof of work and full proof of work.

Fork after withholding

Fork after withholding (FAW) is a variation of selfish mining that turns out to be more rewarding for attackers. During an FAW attack, the malicious miner hides a winning block and either discards it or releases it later to create a fork, depending on the situation. The concept of this attack was explicitly described by a group of researchers led by Ujin Kwon.

Conclusion

Though blockchain popularity is still on the rise, an increasing number of cyber attacks on blockchains may negatively affect their reputation. Knowing the most common vulnerabilities and blockchain attack types is a must for everyone who’s concerned about blockchain security and wants to know what to secure first.

Apriorit has a team of professionals with extensive experience developing highly protected blockchain software and applications and blockchain penetration testing. Contact us to start building your efficient and secure solution right away.