A flurry of cyberattacks has cast doubt on the security of blockchain technology
Blockchain comes with numerous benefits – not least of all improved security. In blockchain networks, a collection of computers (otherwise known as nodes) each store an updated copy of the database. A set of rules govern the nodes, creating incentives to secure the network. When done right, blockchain systems are highly complicated and expensive to infiltrate.
However, despite blockchain’s stellar security credentials, the rise in successful hacks shows that no system is completely safe. Since the beginning of the year, cybercriminals have stolen $4.26bn from cryptocurrency exchanges, investors, and users. In May, popular crypto exchange Binance suffered an especially significant loss of $40m.
Cybercriminals are now so sophisticated that even the most secure networks are at risk. All businesses must accept the reality of opportunistic hackers, and understand why and how to protect against them. Although blockchain has certainly improved transparency and security in digital transactions, it is no exception to the rule. Here, we list five techniques used by cybercriminals to attack so-called unhackable blockchain networks.
1) 51 per cent attack
In 51 per cent attacks, a user or multiple users gain a majority over the hash power available on a given blockchain system. This allows them to rewrite transaction history and carry out double spends. In a double spend, transactions are erased once the goods are received. This means that the tokens can be used again.
In January, Ethereum Classic experienced a 51 per cent attack from a hacker who carried out double spends on Coinbase to the value of $1.1m. The same attacker then targeted another exchange, Gate.io, but later returned half of the stolen currency. Whatever the motivation for the token gesture, the 51 per cent attack showed that individuals and groups can amass enough power to exploit even the most prominent crypto exchanges.
Typosquatting involves the creation of fake websites that allow fraudsters to collect user data and use it to access personal accounts. In blockchain focused attacks, individuals are tricked into entering a website disguised as a crypto exchange. When they type in their username and password, they unwittingly give the website’s creators the information needed to get into their cryptocurrency wallets. In June, six people were arrested in the Netherlands and the UK for their involvement in a $27m typosquatting scam.
3) Routing attack
Cryptocurrencies rely on Internet Service Providers (ISPs) which facilitate online traffic. In a routing attack, hackers intercept data as it is sent to an ISP and split the network of computers (or nodes) into partitions. All parts of the network continue to operate as usual, unaware that the other partitions are still functioning. The hacker is then able to create large amounts of fraudulent transactions in one partition, so that when the partition comes down the truthful transactions are rejected by the network and the fake ones are legitimised.
Blockchain’s decentralised nature would seem to reduce the likelihood of infiltration, but research suggests that just three nodes are responsible for 60 per cent of the Bitcoin transactions that happen today. This means that hackers can compromise 20 per cent of Bitcoin transactions by partitioning a single node.
4) Sybil attack
Much like Distributed Denial of Service (DDoS) attacks, Sybil attacks are a hacking method whereby the majority of nodes are controlled by one party but are flooded with multiple requests from forged identities. This prevents legitimate requests by causing a system crash. The name ‘Sybil’ comes from a book about a woman with a complex personality disorder. The adoption of proof-of-work algorithms has made it incredibly expensive for single hackers to carry out Sybil attacks, as each transaction carries a separate fee. So far, there have been no successful Sybil attacks on a major cryptocurrency.
Phishing attacks aim to convince victims to part with information by clicking on malicious links and entering personal data. They are often disguised as a request from a trusted third party. Phishing is a popular hacking technique and, if convincing, can compromise almost any online network. Phishing attacks generally take the form of an email.
In June, two Israeli cyber criminals were arrested for stealing over $100m in a phishing scam that lasted for three years. The hackers tricked investors in crypto trading into visiting websites that mimicked popular exchanges.
Security should never be taken for granted
Much like any network, blockchain can be infiltrated given enough time, effort, and patience. Fortunately, in many instances, an individual hacker would struggle to carry out a blockchain targeted attack on their own. However, there is strength in numbers. By working in teams, for example, cybercriminals could cover the cost of mining fees in Sybil attacks. As such, the technological community must come up with a collective and continual response to cybersecurity. Much of this relies on user, investor, and exchange behaviour. Perhaps the most important step is to belie the belief that blockchain’s security is unbeatable.
Keep in touch with tech by signing up for our free, weekly newsletter.