The excitement that has sprung up around the cryptocurrency and the blockchain topics has attracted not only supporters and critics of the new technology but also cybercriminals. After Bitcoin’s exchange rate began to reach unimaginable levels of $20,000, attackers started looking for blockchain vulnerabilities. Most unfortunate for conscientious users is that they found flaws in cryptocurrencies in the elements related to their storage and transfer.
Attacks Associated with Blockchain
Crypto hackers never sleep. Day in and day out, they try to destroy the ideal concept of Satoshi, where it is said that Bitcoin is a decentralized system without control and regulation by the government, banks, and other societies that are associated with economics in the understanding of the participants of the system. And this is really so because Bitcoin and blockchain do not and cannot be responsible for the operations of crypto exchanges or improper storage of access keys to wallets where cryptocurrencies are located. This situation can be compared with the security of your front door. If you lock it up and lose the keys, and the thieves find them and rob your house, it will not mean that the house is bad, but that man is to blame. Therefore, all blockchain-related threats are associated with inattention, a frivolous approach to business, and an indifference to the details of crypto security.
It is necessary to know the sources and directions that the attackers might take to prevent hacker attacks on cryptocurrency investments.
A popular DDoS hacker attack is the Distributed Denial of Service that is conducted against a well-protected company. The cybercriminals operate according to the following algorithm:
They scan the network using prepared scenarios (for each case, an individual plan is developed) which identify potentially weak nodes;
The selected nodes are attacked, and the hacker becomes the system administrator of the network;
Trojan programs are installed on the captured nodes, which work in the background and require additional control;
Upon receiving certain commands from the hacker, the infected computers spread the virus to other computers that are in this network.
During a DDoS attack, the users do not suspect that their system is infected and pass data to the attackers, that is why this type of attack on crypto projects is one of the most infamous. In March 2018, for example, a network of second-tier payment channels of the Bitcoin blockchain Lightning Network was subjected to a DDoS attack. The organizer of the cyberattack was the anonymous BitPico group, which had a set of automated tools with the function of connecting to hundreds of nodes. The developers of the Lightning Network had not detected any vulnerabilities in the network then, but 200 nodes, or 20% of the network, were disabled.
Another known attack is the "Sybil Attack" that got its name in 2002 thanks to Microsoft Research specialist Brian Zill. He suggested renaming the pseudospoofing (the former name for the "Sybil Attack") in honor of the main heroine of the bestselling book of the 80s, where a girl named Sybil was treated for dissociative personality disorder. When afflicted by this condition, a person takes on several types of behavior and can behave like a woman, a man, a child, and others. "The Sybil Attack" can be compared with a mental illness because in this case the hacker assigns several identifiers to one node and thereby disrupts the entire network.
If we go into the details, there are no trusted nodes in peer to peer networks, such as on the Bitcoin and Ethereum networks, so each request is forwarded to several recipients. At the same time, users can have multiple identifiers from different nodes that can be used to share common resources. The received copies create redundancy, thus allowing to check the received data independent from a network.
But if you look at this approach from the other side, it turns out that all available nodes that must represent different recipients of the query are controlled by the same user. If the latter turns out to be a fraud, then the following transactions will be closed on node aliases.
This attack is gaining popularity because decentralized networks are growing, and with a large number of users, it is not advisable to require each network participant to confirm the ownership of their identifiers because it hinders the scalability of the network.
Another kind of attack at the network level is the Eclipse attack, or "The Eclipse Information Attack." This type of cyberattack was described in detail in the report of a group of scientists from the Boston and Jewish universities headed by Ethan Heilman in 2015. Their research described the causes of the first attack on the Bitcoin network, and an experiment conducted in the framework of scientific work demonstrates the vulnerability of the technology. Heilman later demonstrated the possibility of conducting an eclipse attack on the Ethereum network and proved that the entire system requires further development.
The Eclipse Information Attack allows the perpetrators to gain control over access to the node and its information. With proper manipulation in the peer to peer network, a hacker can "eclipse" the nodes so that they contact only the infected nodes.
In fact, this cyberattack is the first step in the organization of a “51% Attack.” The information eclipse works as follows. The network contains three large mining nodes, two control nodes have 30% of the mining capacity (in the end, 60%), and the third node at 40% is responsible for the rest of the network. If a hacker owns a 40 percent node, then they can break 40 percent into two miners so that they cannot combine the blocks of each other. As a result, the blockchain of the attacker becomes a chain of the whole consensus block. After that, the attacker can manipulate the node and make sure that all its outbound connections are associated with the attacking IP addresses. To do this, they only need to populate the node's peer to peer tables with infected addresses, restart the current connections of all the users (this is often due to software updates and other issues), and create new connections for criminal IPs only.
Impacts at the User Level
The main and the simplest tools of the modern blockchain hacker are the botnets, which spread special anonymous malicious programs through droppers that masquerade as pirate versions of licensed programs. Considerable time and computing power are required for mining. To save resources, crypto hackers infect computers of other network users. As a result, these people yield considerable income to cybercriminals and do not even suspect about it. For example, a bot called Smominru for mining Monero infected more than half a million servers around the world for six months and yielded 8,900 XMR, or $2 million.
Vulnerability at the user level from a legal point of view is connected with de-anonymization of market participants. Since blockchain addresses are not tied to a person and all conducted transactions do not require the disclosure of participant identities in the transaction process, the crypto criminals use these advantages for their own nefarious purposes. If an attacker connects infected nodes to the network, it will be possible to trace the source of the transactions. In addition, the anonymity of the blockchain allows for transactions between terrorists and other criminals who engage in illegal activities.
Impacts at the Mining Level
The most popular threat at the level of mining is called the "51% Attack" that we wrote about in April of this year, when the network of the anonymous Verge cryptocurrency was compromised by a 51% attack. A few months ago, this attack occurred because of a bug in the code. On May 22, the attackers raided Verge again, and the problem affected all the pools and all the miners. Correct transactions were rejected as a result of the attack. Likely, the machinations were conducted between blocks 2,155,850 and 2,206,272, which allowed the attackers to steal 35 million XVG tokens, or $1.75 million in just a few hours.
Another impact at the level of mining is Double spending, which implies a double success of using the same funds. In principle, Bitcoin is protected from this vulnerability by verifying each transaction using the Proof of Work (PoW) consensus algorithm, and only after a minimum of three confirmations will the committed payment be added to the chain of blocks. In 2013, however, the Bitcoin system crashed as client program 0.7, which was installed by many users, stopped updating the records of the blocks. Version 0.8, which had been released a month before, continued to function in normal mode. The problem was that the next block under the number of 225,430 was confirmed by Bitcoin 0.8 customers, but not accepted by Bitcoin 0.7 clients. Thanks to this divergence, the miner made a double spend of coins in the amount of $10,000.
Selfish mining can be called the problem of the future. This is a strategy of Bitcoin mining, when users of the network are bound in special groups in order to increase their own incomes. This impact can centralize the network and kill the original concept of a decentralized system. The unification of mining capacities occurs in China, after all, this country extracts two-thirds of all Bitcoins in the world. If selfish mining does not stop, then all participants of the blockchain market will find themselves right where they started, that is, they will return a centralized economy in an altered electronic format.
Attacks Independent of Blockchain
There are methods of cyberattacks that can be applied to all technologies related to networks. These methods of fraud are not an intricate formula for stealing money. But the organizers of blockchain projects often forget about the banalest ways of hacking and become victims of criminals. To avoid this, it is important to remember the list of attacks that can harm the infrastructure, regardless of the use of blockchain.
Phishing is one of the most popular types of Internet fraud. It appeared in the 90s of the last century but is still popular. According to Group IB, in 2017 more than 50% of funds from blockchain projects were stolen by phishing. In the classic version, the attack is implemented through spam as mailings are sent on behalf of well-known companies with a request to confirm user data. People follow the links and thereby pass on their logins and passwords to the hackers.
But the attackers did not stop at copying accounts and began forging the websites of blockchain projects. In April 2018, hackers stole $150 million from the addresses of MyEtherWallet's cryptocurrency account by using phishing. The cybercriminals acted according to the following algorithm:
They registered a domain such as www.mye1herwa11et.com similar to the official website of www.myetherwallet.com;
Then they made a copy of the website’s content and changed the address of the wallet;
They advertised the website on the internet;
Then they intercepted and redirected all the users of the real wallet to their own website.
The way to protect against phishing is pretty simple, as one has to carefully check all the characters in the domain name, visit websites through bookmarks, or each time copy links from a saved text document.
Defacing is a method of a targeted attack by using which the hackers attack the websites of blockchain projects and change the addresses used to raise funds for links to their own wallets. In July 2017, the Israeli startup CoinDash was defaced, and the project lost about 40,000 Ether in the first three minutes of the ICO, or more than $7 million at the exchange rate at the time.
Weak passwords make the hacking of blockchain project websites possible. To prevent an attack, one must use complex security keys and two-factor authentication.
A social vector attack involves stealing coins from the users of blockchain projects through social engineering methods. Just like in the case of phishing, the attackers pretend to be the employees of some company and convince users to share confidential information.
The above mentioned are only a few of the vulnerabilities that are associated with the blockchain industry and human factors. The hackers can steal your passwords from crypto wallets, crack open crypto exchanges, and change the system time setting. Note that all attacks are associated with exposure at the user level, and not with the technology itself, which is protected from hacking and unauthorized actions.