Security Threats to Blockchain Networks — 2 — A Holistic Overview
The utopian view of the blockchain as an unhackable alternative to the status quo is a pipedream. Many traditional cyberattacks are effective in a blockchain-based setting, and even cryptographically-secured processes are prone to errors and exploits. Understanding the potential attack vectors is a prerequisite to building a stable blockchain-based alternative to today’s centralized networks.
The capacity for blockchain to alter the modern-day economy and society is immense. This potential goes well beyond the creation of cryptocurrencies and trustless payment systems.
While still early in their evolution, blockchain networks have been shown to enable new means of exchanging value (tokenization), making agreements (smart contracts), and constructing corporate entities (DAOs). This is just the beginning of what is likely to be an epoch-defining trajectory.
As the underlying technology of ‘Web3’ (the next iteration of the internet), much rides upon the blockchain’s ability to overcome the obstacles in its path. Not least of which is the threat of malicious actors — hackers, criminals, and government agencies — to divert its power to their own ends.
In this article, we examine the potential cybersecurity risks of blockchain from as wide a variety of angles as possible. These range from traditional attack vectors (e.g. social engineering) to novel approaches that are blockchain-specific (smart contract exploits).
Security strengths of blockchain
Compared with traditional networks, a blockchain network offers an enhanced level of security for both users and developers. This is chiefly because it is decentralized by design.
A good comparison between the two modes would be the storage of digital data. Today, much of the world’s most sensitive data is stored in data centers. Large agglomerations of data conveniently stored in a single location present an obvious target for attackers. From the user perspective, this leads to higher risks of data loss and delay.
On the other hand, decentralized storage solutions (such as Storj and Filecoin) offer a superior alternative that — apart from being faster and cheaper for users — is considerably more secure. By distributing storage across large networks of hard drives, encrypted and sharded, hacking becomes an inordinately difficult task.
Considering these advantages, many traditional institutions are looking to blockchain technology as a direct remedy for the increasingly sophisticated attacks on standard IT systems.
Banco Santander was one of the first major banks to seriously invest in re-tooling their core infrastructure for the blockchain age, shifting their international transfer service on to the Ripple blockchain network, in the One Pay FX initiative. The Australian government is leading the charge in the public sector, and has partnered with IBM since 2018 to develop a decentralized storage system for government documents.
However, as more institutions consider blockchain as a way out of present cyber security issues, malicious actors are working with equal dedication to identify exploitable weaknesses in decentralized ledger technology — not without success.
The rise of blockchain cyber attacks
Cryptocurrencies, the most well-known offspring of blockchain technology, have from the outset been associated with criminal activities, owing to their convenience as a currency for ransom and illicit trade.
As cryptocurrencies themselves become an asset class that respectable institutions are considering for investment, the opportunity for criminals lies, increasingly, in targeting the crypto-assets themselves.
As crypto-assets are not protected by any third party, there is nothing beyond the blockchain protocol to stop fraudulent actions, and no recourse for victims if the protocol is somehow breached.
According to Atlas VPN, hackers carried out a total of 122 attacks in 2020, amounting to $3.8bn in total value. Attacks in the first three quarters of 2021 exceeded the previous year’s total number (146), with over $1bn stolen in the third quarter alone.
The primary target, according to Atlas, is the ecosystem of applications built upon the Ethereum network. Ethereum is the blockchain of choice for smart contracts and associated decentralized finance (DeFi) companies such as decentralized exchanges or DEXes.
Figures are rough and imprecise, as the decentralized nature of the affected systems is not ideal for comprehensive data-gathering exercises (and those who suffer losses may not be eager to broadcast them).
What is certain, however, is that as more institutions follow in the footsteps of Santander, the scale of opportunity for cybercriminals is likely to grow, and attacks are likely to rise in tandem.
Given the issue’s growing importance, it is worthwhile considering the full scope of vulnerabilities in the blockchain so as to lay the foundation for a comprehensive set of counter-strategies.
Overview of attack dimensions
We should begin by noting that the topic of “cybersecurity” is as complex as the underlying world of “technology”. Not only this, but as technology continues to evolve, effective strategies or countermeasures may become redundant as new ones take their place.
It is difficult to process such a large list without a categorization framework. Arriving at a mutually exclusive set of categories is also hard, owing to the interconnected nature of computing.
However, a pragmatic framework will help in distinguishing threats and grouping them into clusters that share common characteristics. The diagram below shows such a framework, with attacks divided into various groups depending on the nature of the attack vector.
Examples: Pump and Dump, Exit scam, Front running
Market attack strategies typically rely on asymmetric information and/or mass manipulation of investors. While occasionally the advantage is acquired by the possession of illicitly acquired data (as in Front Running), most schemes rely on crowd psychology.
This psychological element often involves “hyping” a particular asset, increasing its price, and creating a self-perpetuating spike, before cashing in ahead of a sudden collapse. The classic example of a market attack is the Ponzi scheme, whereby funds are gathered by the promise of outsize returns with a plausible cover story.
The pseudonymous nature of permissionless blockchain systems affords the ideal ‘getaway car’ for would-be attackers, and calls for vigilance on the part of investors committing their funds, particularly where funds are not locked and the founders do not have established reputations.
Examples: Phishing, Ransomware, Celebrity-based scams
Economic attacks may target multiple individuals at the same time, and also rely on a mixture of data and psychology to extract funds. However, they typically work at the level of the individual rather than the group.
Attacks include abuse of trust by a 3rd party (e.g. a broker churning a portfolio), outright threats (as in the case of extortion and ransomware), subterfuge (phishing, spear phishing), and greed/FOMO (celebrity-based ‘double your money’ scams).
While these attacks may take on different forms, they are unlikely to ever disappear as (like market attacks) they rely on weaknesses in the human mind. The theoretically trustless blockchain environment has unfortunately not proven resistant to these age-old tactics, as trust remains a lynchpin of human society, and can always be abused.
Examples: 51% majority attack, Nothing at stake, Selfish mining
Unlike centralized systems with single points of failure, a large number of parties (nodes) are required to sign off on the status of a blockchain or the validity of its transactions. This should in theory make efforts to corrupt the process prohibitive for a would-be attacker.
However, the two leading paradigms for consensus — Proof of Work (PoW), Proof of Stake (PoS) — have been shown to have many vulnerabilities at the consensus level. Both are in theory subject to the most basic risk of all: collusion between individuals or groups (51% attack, Selfish Mining).
Other weaknesses are specific to the consensus mechanism in question. The costless nature of PoS makes the creation of alternative blockchain histories (Long-Range Attacks) feasible. In the case of PoW attacks, the costly nature of mining makes perversions of the protocol potentially ruinous for those affected, even if no funds are double-spent or stolen.
Smaller chains are naturally more vulnerable to the risk of highjacking by cartels, as the number of nodes required to capture a legitimate majority is lower. Ultimately, the problem can only be solved by the desire of a majority of participants to secure the long-term future of the network, meaning that the cost of temporary subversion, even if feasible, is seen as undesirable.
Examples: Routing attacks, Transaction Malleability, Timejacking
Communication between the nodes in a blockchain network is like the circulation of blood in a living organism. Blocking or manipulating these communications is a way to subvert or pervert the proper functioning of the chain.
Whereas consensus-based attacks are typically chain-wide in their implications and seek to give the attackers carte blanche to act as they wish, network attacks are often intended to paralyze or isolate specific nodes, with a view to facilitating a specific transaction.
This is achieved by creating or subjugating nodes adjacent to the victim node, blocking or absorbing its attempts to communicate with the other nodes, and giving enough time to carry out the objective of the attack.
This category includes classic pre-blockchain strategies such as the Sybil attack, as well as tactics that exploit blockchain-specific weaknesses (e.g. the malleability of timestamps and transaction IDs).
Examples: Fake Wallets, SIM-Swap, Dictionary attacks
When asked why he robbed banks, the heist artist Wille Sutton is reported to have said ‘Because that’s where the money is’. Similarly, wallets represent a logical choice for hackers to target. According to Atlas VPN, 80% of money stolen in 2020 was via wallet hacks.
Occasionally, techniques in this category rely on purely technical bugs in the security of the wallets themselves or the exchanges that store users’ private keys. Ingenious methods have been developed to bypass the randomness of key generation (by exploiting ‘insufficient entropy’) or reverse engineer passwords (e.g. Dictionary attacks).
The attraction of wallet hacks, however, is that they often rely on user error rather than a hacker’s technical expertise. Users can also be induced to give up access to their wallets via trickery (e.g. Fake Wallets, impersonation of customer service).
Systematic human errors are harder to guard against than technical errors that can be patched once discovered. The best antidote is hypervigilance.
Examples: Reentrance, Transaction Order Dependence, Arithmetic Exploit
Smart contracts are by definition immutable, transparent, and capable of holding value. These properties are the reason for their potency as an enabler for the new Web3-based economy. Unfortunately, the same properties make them a liability if errors or exploits exist in the contract code.
Some errors have the effect of making funds unreachable or produce unintended results that cannot be reversed. Other errors, when noticed by a hostile agent (as all contracts are open source) can open the door to loss of funds.
One of the most famous exploits in smart contract history is Reentrancy, which brought down The DAO shortly after its launch. The hack was possible due to a bug that allowed an external function to ‘re-enter’ and make repeated withdrawals before the victim contract could end the transaction.
While some strategies (e.g. Flash Loan attacks) are popular, it is difficult to neatly sub-categorize smart contract attacks, as the number of contracts is large and errors are therefore typically idiosyncratic.
Since the attacks exploit errors that have been missed by the original programmers, the errors themselves are often complex for non-programmers to understand, particularly given the use of multiple smart contract programming languages.
The growing list of counter-measures (such as AI-assisted contract audit and ongoing monitoring services), should enable contracts to become more secure as learnings from smart contract hacks are absorbed by the wider community.
As should be obvious from this brief survey of the various sources of cyber risk, the blockchain world is rife with potential danger. Blockchain technologies are in a primordial state, and this presents great opportunities for enterprising agents — both benign and malign.
The security benefits that blockchain brings, along with the democratization of governance structures and the elimination of bureaucracy, are as real as the risks. The dividends of blockchain technology, in other words, can only increase as effective responses to security threats evolve.
This process of stabilization may take some time owing to the disparate nature of the entities working across protocols and continents. But since the blockchains that survive can only do so by serving the needs of the collective, it is a Darwinian certainty.
Originally published at https://crypto.security on June 3, 2022.