There’s a presumed notion that blockchain technology has the optimum security measures compared to the centralized system. It is true to an extent as blockchain can withstand conventional cyber attacks. Developers generally believe that there’s no such thing as foolproof technology and will have at least one loophole which helps the hacker to create an attack vector. Hence, blockchain is also vulnerable to security threats.
The cybercriminal groups know this fact and they have and are continuously developing new attack vectors to hack into blockchain technology. They have launched different types of ransomware, a particular malware designed to extort ransom in return of data extracted. They have been successful in carrying out such attacks. For instance, according to various news reports, operators of CryptoLocker ransomware extorted US$ 3 Million from infected users. Other prominent ransomware are CryptoWall, Locky, WannaCry, and Petya. These are either updated or taken over by new ransomware and chances of cyberattacks remain open.
There are multiple investigative reports which highlight that the dark web is the largest marketplace for ransomware software. The average price range starts from US$ 1K to 10K and above depending on the features of the software. The creators also make custom-made ransomware as per the market requirement. It is assumed that more than 25% of the dark web population consists of such marketplaces and the trading of ransomware has an economy of its own.
Reportedly at present, there are hundreds of thousands of dark web marketplaces selling ransomware with huge listings of various types of malware. The yearly income of creators is ten times higher than the legit software developers. In this article, you will further know about the identified hotspots of blockchain technology, which is frequently targeted by cybercriminals.
The Blockchain Network Attacks
The blockchain network provides various services out of which a few are exploited by cybercriminals.
Distributed Denial of Service (DDoS) – This is a method used to disrupt the legit traders’ access by crashing the target network with huge amounts of bogus traffic. DDoS attacks are hard to execute as the decentralized model of blockchain reduces the probability, but still, exchange platforms are a popular target of the same. For instance, soon after its launch, the Bitcoin Gold website was down for several hours following the massive attacks. Reportedly, the website received 10 Million requests per minute.
Transaction Malleability Attack – A method where an attacker changes the unique transaction ID and gives a false impression that the transaction didn’t happen while the money is deducted from the user’s account. And, if he/she repeats the transaction, then they end up paying double the amount for the same transaction. This may sound similar to double-spending, but both are different as in the latter method, coins are spent first, and then a different transaction is executed using the same coins. The repercussions are high here as managing the damage control is economically unfeasible. For instance, MtGox, a Bitcoin exchange, went bankrupt in 2014.
Timejacking – This method draws our attention to a theoretical vulnerability in Bitcoin timestamp handling. An attacker can create an alternative blockchain by adding numerous fake peers to the network with false timestamps.
Routing Attack – This can have consequences on individual nodes and the overall blockchain network. An attacker alters the transactions before sending them to peers. It cannot be easily detected by the other nodes as the attacker divides the network into subdivisions by which the communication between nodes is lost. The routing attacks are divided into two different attacks.
(i) Partition Attack – The attacker splits the blockchain network into multiple groups by hacking the connecting point between the two groups.
(ii) Delay Attack – The attacker alters the propagating messages and sends them to the blockchain network
Sybil Attack – In this method, an attacker floods the network with numerous nodes. All these nodes will be incognito and are used to control the network. After that, the transaction processes are tampered by sending multiple confirmations. The traders fall prey to double-spending as they accept the transactions thinking that confirmations have come from various nodes, but in reality, it is controlled and sent by the attacker.
Eclipse Attack – This attack is mainly targeted on single nodes, unlike the Sybil attack where the majority of the network is compromised. Here the attacker controls the single nodes by eclipsing them from the entire network. Once this is done, the nodes can view only the details manipulated by the attacker. The transactions are carried out based on those details which often results in double-spending attacks
User Wallet Attacks
User wallet attacks are a common form of attack. The cybercriminals use both conventional and most modern ways to find loopholes in the system’s algorithms.
Phishing – It’s a method where cyber criminals disguise themselves as a representative of an entity or create platforms that look similar to a particular entity. Then they collect sensitive information from traders like login credentials etc. If it’s a similar platform, then the details entered by the traders are stored in the attacker’s database. For instance, in January 2018, IOTA cryptocurrency users lost US$4 Million. Hence, it is strongly recommended that never share the personal details with anybody and keep a note of the URL as mentioned by an entity. The entities always underline the fact they never ask personal details and anyone attempting for the same is a scamster. It is also advised to bookmark the authentic URL to remain vigilant.
Dictionary Attacks – An attacker tries to break the system’s algorithm by determining the decryption key. This is done by creating a list of common passwords and the potential permutations & combinations around it. The attacker converts such passwords into a cryptographic hash to hack the wallet credentials. Users can withstand these attacks by creating long passwords with a mix of upper & lower case letters, numbers, and symbols. Also, it should not be connected to personal information or any random dictionary word.
Vulnerable Signatures – The traders have to create a cryptographic signature through ECDSA (Elliptic Curve Digital Signature Algorithm) for performing a transaction. The software will generate a random number for each signature. This has to be generated properly as the same number for multiple signatures leads to a potential cyber-attack. The attackers constantly monitor the blockchain network for such signatures to extract money from traders whose private key has been compromised. This attack can be avoided if the ECDSA software has well-equipped entropy to produce unique numbers for each cryptographic signature.
Flawed Key Generation – The attackers constantly keep a track of blockchain’s key generation algorithm to deduct potential situations of a security breach. If the key is not generated properly, then it makes the traders account vulnerable as attackers can extract the tokens from their wallets. For instance, in December 2014, a Bitcointalk user named Johoe extracted 255 BTC from infected accounts.
Attack on Cold Wallets – Cold wallets or hardware wallets were created as computers with internet connection are inherently vulnerable to cyber attacks. But it can be attacked theoretically. The attackers can create a malware to infect the traders’ computer, specifically the hardware wallet chrome application, and can alter the receiving address seen on their computer screen. This is technically not a flaw of hardware wallets, but a reminder that we cannot trust the details displayed on our computer screen.
Attacks on Hot Wallets – Hot wallets are vulnerable to cyber attacks as the public and private keys are stored on the internet. The probability of attack also depends on how well the traders’ handle security information. It is advised to keep the funds required for the near future transactions only as it is unlikely that an attacker will hack the wallet for fewer funds. This helps in reducing the damage control and remaining funds should be stored in cold wallets. For instance, attackers stole Ethereum worth $48.7 Million from the South Korean cryptocurrency exchange Upbit.
Smart Contract Attacks
The main security concerns in smart contracts are the possibility of bugs in source code, network’s virtual machine, runtime environment, and the blockchain itself.
Vulnerabilities in Contract Source Code – Smart contracts can have vulnerabilities in its source code. The one with vulnerability poses a risk to the parties signing the contract. One of the biggest smart contract attacks undertaken was ‘The DAO’ hack. It was a highly ambitious feature of the Ethereum. An attacker identified a vulnerability in its source code wherein a recursive withdrawal connection function can be executed without checking the settlement of the ongoing transaction. Using this loophole, the attacker initiated the attack by contributing small amounts and then requesting a withdrawal with a recursive function. The attacker was able to pull out a whopping US$ 70 Million dollars.
Vulnerabilities in Virtual Machines – All the smart contracts of Ethereum-based blockchains are executed through Ethereum Virtual Machine (EVM). An EVM is a distributed stack-based computer and here are some of its common vulnerabilities.
(i) Immutable Defects – The blocks of blockchain are immutable, which means that no changes can be done once the smart contract is created. This makes smart contracts vulnerable by nature as in the case of bugs detected in its code, there’s no scope of fixing the same.
(ii) Cryptocurrency Lost in Transfer – This happens when the Ether is transferred to an address that doesn’t have any owner
(iii) Bugs in Access Control – The Ethereum smart contracts have a missed modifier bug which allows an attacker to lay their hands on the sensitive functionality of the contract.
Transaction Verification Mechanism Attacks
Double-spending is the most common blockchain attack vector. An attacker makes multiple copies of the same digital file and creates counterfeit cryptocurrencies of the same value. The same amount is spent twice in different transactions by the trader and the attacker.
51% attack – Attackers can verify the transaction and blocks if they get access to the 51% hash power. Double-spending can be easily executed in such situations.
Finney Attack – In this method, an attacker creates a pre-mined transaction into a block and a similar transaction is created before the pre-mined block is released to the blockchain network. If the trader accepts a similar transaction with zero confirmations and the attacker releases the pre-mined transaction after that, then the trader’s transaction is declared as invalid.
Race Attack – This can be executed by the attacker only if the traders accept the transactions with zero confirmation. It can be avoided if the traders religiously wait for 6 confirmations before proceeding ahead with the transaction.
Mining Pool Attacks
Selfish Mining – A method where attackers do not broadcast the mined blocks to the blockchain network for a brief period of time and try to increase their reward price by releasing multiple blocks at once. The other miners lose their blocks in such situations. This can be avoided by generating blocks within a set timeline.
Fork-after-withhold (FAW) – FAW attack is a variation of selfish mining where the attacker manipulates the situation by hiding the winning block either by discarding or releasing it to create a fork. This helps the attacker to claim a higher reward.
The blockchain technology is vulnerable to security attacks, but compared to the centralized system, is far more enhanced and more secure. The attacks mentioned above can be easily brought down or can be avoided by having the right knowledge of the possible attack vectors and by following the necessary precautions and steps mentioned by the cryptocurrencies companies and exchange platforms.