Attacking the blockchain network
The Blockchain Network Infrastructure
The blockchain protocol defines a peer-to-peer network of blockchain nodes that communicate with one another to implement the functionality of the blockchain. This includes transmitting transactions and blocks across the network so that every node is capable of building blocks and updating its copy of the distributed ledger.
However, this blockchain network must be implemented on top of another communications network. While blockchain communications are infrastructure-agnostic - it is possible to implement blockchain over carrier pigeon - most blockchains are designed to run on top of traditional network infrastructure.
Learn Blockchain Security
Attacks Against the Blockchain Network
The blockchain’s communications infrastructure is essential to its ability to function. As a result, attacks against blockchain communications can have a number of different impacts on the functionality and security of the blockchain.
Eclipse Attack
An eclipse attack is an attack designed to isolate a single node from the rest of the blockchain network. This requires an attacker to control the node’s connections to all of its neighbors in the blockchain’s peer-to-peer network. This can be accomplished in a variety of different ways:
- Malicious Neighbors: Every node in the blockchain network is directly connected to a set of other nodes and receives all transactions and blocks via them. If an attacker controls all of a node’s neighbors, then the attacker has control over the node’s view of the blockchain.
- Malware: Blockchain software is like any other software, it relies on its connection to the computer’s hardware to perform its role. Malware that can intercept communications between a node’s blockchain software and the network connection can filter it as desired.
- Man-in-the-Middle: An attacker performing a man-in-the-middle (MitM) - via a malicious Wi-Fi connection, ISP, etc. - can gain control over a node’s network connection. This enables it to filter traffic intended for other blockchain nodes.
An eclipse attack enables an attacker to filter the traffic that a node receives from other nodes, enabling it to drop transactions or blocks. Additionally, an attacker could send mutually conflicting versions of transactions or blocks to the target node and the rest of the blockchain network. This enables an eclipse attacker to achieve a number of different goals:
- Denial of Service: A node isolated from the rest of the network can’t effectively participate in block creation and consensus. By filtering the node’s view of the blockchain network, an attacker can force them onto a divergent version of the blockchain and ensure that any blocks that it creates would be rejected by the rest of the network. This slows the rate of block creation and decreases blockchain throughput.
- Divergent Blockchain: Forcing a node onto a divergent blockchain can also benefit an attacker. A node believing an attacker’s account of the current state of the ledger could build blocks that benefit the attacker, making it easier to create a version of the blockchain that replaces the “real” one under the longest chain rule.
- Double-Spend: An attacker performing an eclipse attack can send one version of a transaction to the eclipsed node and a different version to the rest of the network. This enables them to perform a double-spend attack against the eclipsed node since the version of the blockchain that it builds (including the version of the transaction that benefits them) will be rejected by the rest of the network when the attack ends.
Routing Attack
A routing attack is a more general version of an eclipse attack. Instead of isolating a single node in the blockchain network, the attacker breaks the blockchain network into multiple isolated chunks. By controlling the links between these isolated chunks, the attacker controls each’s view of the current state of the network.
A routing attack provides many of the same benefits as an eclipse attack. It can also be performed in different ways. One study highlighted how easy it would be for an attacker to perform a routing attack against the Bitcoin network using a Border Gateway Protocol (BGP) hijacking attack.
Sybil Attack
A sybil attack is not necessarily a network-level attack against the blockchain. However, performing a Sybil attack can help an attacker to achieve the goals of a network level attack.
The blockchain is designed so that anyone can create an account, operate a node, and participate in the functioning of the network. However, this also means that a person could create multiple different accounts and nodes on the network.
A Sybil attacker creates many different blockchain accounts. While this doesn’t help them to perform a 51% or other attack against blockchain consensus algorithms, it can help with a network-level attack.
Blockchain nodes are connected via a peer-to-peer network, meaning that each node needs to select other nodes to connect to. If an attacker controls many (or even a majority) of the nodes within a network, the chance of a node selecting them as a neighbor is increased. This can help an attacker to perform an eclipse or routing attack if a node or set of nodes is only connected to the rest of the blockchain network via links that pass through attacker-controlled nodes.
Learn Blockchain Security
Securing the Blockchain Network
Blockchains are vulnerable to network-level attacks that take advantage of the structure of the blockchain’s peer-to-peer network and its underlying infrastructure. While an attacker can take down a blockchain by disabling its communications infrastructure, this is not the only possible attack vector. An attacker can use network-level attacks to increase the probability of performing a different attack successfully.
Many network-level attacks take advantage of traditional cybersecurity vulnerabilities. Implementing traditional cybersecurity best practices (antivirus, encrypted communications, etc.) and carefully selecting neighbor nodes can help to decrease the vulnerability of a blockchain network to network-level attacks.
Sources
- https://learnmeabitcoin.com/technical/longest-chain
- https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7958588
- https://www.netscout.com/what-is-ddos/bgp-hijacking
Learn Blockchain Security
Build your blockchain security skills with five courses covering security at each level of the blockchain ecosystem. What you'll learn:- Blockchain structure
- Cryptographic algorithms
- Blockchain attacks
- Smart contract security
- And more
In this Series
- Attacking the blockchain network
- Rise of cryptocurrency attacks: Inside dark web investigations
- Decentralized identifiers (DIDs) and blockchain: The silver bullet for online privacy?
- Cryptocurrency Enforcement Framework: Impacts on digital forensic investigations
- Blockchain and hash functions
- What are smart contracts?
- Introduction to blockchain consensus algorithms
- Advanced cryptography in blockchain
- Blockchain alternative distributed ledger architectures
- Ethereum vulnerabilities and smart contracts
- Proof of work in consensus algorithms
- Targeting the blockchain node
- Public-key cryptography in blockchain
- Hash functions in blockchain
- Blockchain structure
- Blockchain: Beyond the basics
- Blockchain security: Can blockchain be hacked?
- Consensus algorithm security
- Fundamentals of blockchain security
- Blockchain security overview
- Taking an Identity Selfie – Self-Sovereign Identity and the Blockchain
- Blockchain Vulnerabilities: Imperfections of the Perfect System
- Security vulnerabilities of cryptocurrency exchanges
- The End of Bitcoin Ransomware?
- Bitcoin May Turn from Cybercriminals’ Biggest Asset into Their Biggest Liability
- What is Bitcoin?
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Blockchain security
Rise of cryptocurrency attacks: Inside dark web investigations
Blockchain security
Cryptocurrency Enforcement Framework: Impacts on digital forensic investigations
Blockchain security