Security Threats to Blockchain Networks — 1 — Cyber Attacks Taxonomy

Market attacks

Pump-and-dump

Exit scam

Rug-pull

Investment scam

Front running

Economic attacks

Phishing

Spear phishing

Extortion

Ransomware

Churning

Celebrity-based scams

Blockchains work by nodes agreeing on what transactions have been made. This system can be bypassed, exploited, and hijacked in numerous ways to favor individuals or cartels.

Finney attack

Race attack

Vector76

51% majority attack

Nothing-at-stake

Weak subjectivity

Liveness denial

Censorship

Precomputation attack

Mining Pool attacks

Selfish mining

Bribery attacks

Long-range PoS attacks

Simple

The attacker secretly creates a rival chain, forging the timestamps on the blocks so that it is not possible for nodes to tell the difference between the forged chain and the real main chain.

Posterior Corruption

Where timestamp-forging is not an option, the attacker can use the private keys of a retired validator (either by theft or with their consent) to sign valid blocks.

Stake Bleeding

When the attacker is given their turn as slot leader, they forfeit their turn (slowing the growth of the main chain), thus steadily ceding their stake to the other validators. Meanwhile, they publish blocks constantly on the rival chain, and so eventually catch up with the main chain.

Communication between the nodes is the lifeblood of the blockchain network. Blocking or manipulating these communications is a way to subvert or pervert the proper functioning of the chain.

Routing attacks

Sybil attacks

DDoS (Distributed Denial of Service)

Eclipse attacks

Transaction Malleability

Timejacking

Since wallets are where cryptocurrency is stored, finding ways to bypass wallet security is a prime vector for cybercriminals.

Seizure of Private Keys (Hot Wallets)

Cold wallet hacks

Fake Wallets

SIM-Swap

Security phrase handling

Dictionary attacks

Vulnerable signatures

Smart contracts are immutable, transparent, and capable of holding value. These properties also make them a liability if errors or exploits exist in the code.

Reentrance

Flash loan exploit

Transaction Order Dependence

Timestamp Dependence

Blockhash usage

Arithmetic Exploit

Short Address Attack

DelegateCall

Default visibilities

Originally published at https://crypto.security on May 18, 2022.

--

--

Partner @PwC — Lead OT, IoT, 5G Security | 30y red teaming & protecting critical infrastructure, telcos, cyber-physical systems, emerging tech | 5x Global CISO

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Marin Ivezic

Partner @PwC — Lead OT, IoT, 5G Security | 30y red teaming & protecting critical infrastructure, telcos, cyber-physical systems, emerging tech | 5x Global CISO