Cyber-Attack Strategies in the Blockchain Era – A Framework for Categorizing the Emerging Threats to the Crypto Economy
Rely on the mass-manipulation of investors through asymmetric information
Parties conspire to artificially inflate (pump) the price of an asset using various manipulation tactics (spoofing, wash selling, layering), in advance of selling (dumping) their stake. The reverse technique can be used to acquire an asset below fair value in a short-selling strategy.
A project such as an ICO or DAO raises substantial capital from investors, before unexpectedly terminating all operations. Rather than returning the capital to investors, the founders disappear with all the funds.
A common DeFi exit scam, whereby creators of a token pair it with a legitimate coin (BTC, ETH) on a DEX. Having attracted a large amount of liquidity (through hype and the promise of high returns) they exchange their own token for the legitimate currency and so drain the reserves.
A classic example is the Ponzi scheme, where investors are led to hand over funds in return for impossible returns. DeFi provides a fertile ground for re-using old investment scams as it provides a new set of terminologies (APY, Rewards) to give the appearance of novelty.
Unconfirmed transactions are visible in the “mempool” prior to execution, providing an opportunity for ‘front-runners’ (typically miners or full-nodes) to trade on this information, placing their order ahead in the queue.
Cons that operate to extract funds from individuals by threat or trickery
Hackers send out a mass email (‘casting the net’) purporting to originate from a legitimate company, directing users to a fake website that mimics the company brand. The fake website harvests personal information such as passwords and bank information.
Unlike ‘net fishing’, this strategy targets a specific person. Hackers conduct research on the individual to provide sufficient background to convincingly impersonate a colleague or senior, and make a fraudulent request (sending private data, wire transfer).
Victims receive an email claiming that the attacker has acquired compromising information or graphic material (e.g. via the victim’s webcam), which they will send to the victim’s contacts or release publicly unless the victim sends payment or shares private keys.
Hackers gain access to a system and encrypt the files. They demand a ransom from the owner in return for sharing the decryption key. RaaS (Ransomware-as-a-Service) providers offer fraudsters the opportunity to ‘partner’ in return for share of the takings.
Excessive trading of securities in an investor’s portfolio by a broker with the sole aim of generating commission revenue. On top of unnecessary fees, the client may be liable for additional capital gains taxes.
A celebrity (e.g. Elon Musk) is represented as making a general offer. E.g. to double the money of any investor who sends funds to their account before a specified date and time. This could be done via a hacked account, faked account, doctored tweet, or fake online event.
Blockchains work by nodes agreeing on what transactions have been made. This system can be bypassed, exploited, and hijacked in numerous ways to favor individuals or cartels.
An attacker mines a block as usual, including a transaction that sends coins to his account. Before broadcasting it, he sends the same coins to a merchant and receives a service. When the originally mined block is broadcast, the transaction to the merchant is erased. (PoW)
The attacker creates two conflicting transactions, one sending payment to the victim, and another returning an identical amount to the attacker. The second transaction invalidates the first transaction, leaving the victim out of pocket. (PoW)
Combination of Finney and Race attacks: attacker broadcasts two transactions to his own account, one high-value and one low-value. The high amount is deposited, but the network accepts and records the low amount. Very hard to achieve in practice. (PoW)
51% majority attack
A miner or group of miners gains control of 51% control of the network, and is able to reverse transactions (e.g. double-spend), creating a new branch of the blockchain. Smaller blockchains are at a higher risk of this attack, as well as chains with mining pools (PoW / PoS).
Also known as costless simulation. An adversary may create an alternative branch to the main chain of a POS-based blockchain starting at any point that he wants without incurring any actual cost. (PoS)
A new node (or node that has been offline for an extended period) will not immediately be able to discern the main branch of the chain. It can be tricked into accepting a malicious one. (PoS)
Also known as BDos (Blockchain Denial of Service). Some or all validators decide to stop publishing blocks, thus bringing the network to a halt. (PoS)
Because validators have the power to confirm or deny transactions, it is in their power to ‘blacklist’ certain addresses, leading to delays or ‘time-outs’. (PoS)
A validator exploits the selection mechanism to increase the frequency of being chosen as a slot leader (i.e. the ability to create a new block). Also called a Grinding Attack. (PoS)
Mining Pool attacks
Collusion between actors to bypass the consensus mechanism by creating forks in the chain is an alternative to the ‘legitimate’ means of consensus hacking by gathering a majority or critical mass of voting power.
Malicious miners/validators deliberately delay the broadcast of mined blocks to the network, and then broadcast them simultaneously to create a new main chain. This wastes the energy of the other miners (PoW) and accumulates rewards for the attacker nodes (PoW, PoS).
The attacker persuades or bribes miners/validators to create a new branch by confirming dishonest transactions, increasing the risk of double-spending. Also called Short-Range attack. (PoW, PoS (lower cost)).
Long-range PoS attacks
The hacker generates a complete alternative history of the blockchain (going back to the genesis block). (PoS)
The attacker secretly creates a rival chain, forging the timestamps on the blocks so that it is not possible for nodes to tell the difference between the forged chain and the real main chain.
Where timestamp-forging is not an option, the attacker can use the private keys of a retired validator (either by theft or with their consent) to sign valid blocks.
When the attacker is given their turn as slot leader, they forfeit their turn (slowing the growth of the main chain), thus steadily ceding their stake to the other validators. Meanwhile, they publish blocks constantly on the rival chain, and so eventually catch up with the main chain.
Communication between the nodes is the lifeblood of the blockchain network. Blocking or manipulating these communications is a way to subvert or pervert the proper functioning of the chain.
Attackers conspire to block or delay transactions emanating from a particular node, rendering the mined blocks temporarily or permanently unrecognized by the wider network. This disconnect can be exploited to cause damage to a miner and/or carry out double-spending.
A node creates several fake identities, which it uses to absorb the transactions of the victim node, enabling double-spending. Blockchain-based systems (PoW and PoS) are in general well-protected against such attacks.
DDoS (Distributed Denial of Service)
By flooding the mempool with spam transactions, attackers can cause network congestions, software crashes, and node failures, as well as bloat the ledger with blocks that are full of fake events, while legitimate transactions are stalled.
A form of DDoS attack: the perpetrator takes control of a large number of IP addresses, induces the victim node to restart, and then redirects all outgoing connections to the attacker-controlled IP addresses.
A victim makes a legitimate transaction by sending funds to the attacker. The attacker creates a copy of the transaction, altering the transaction ID to make it appear that the transaction has failed, and then broadcasts it to the network. The victim can thus be tricked into paying twice.
A hacker adds a number of fake peers to the network with inaccurate timestamps to alter the time counter on the victim node. The victim node will reject transactions from the rest of the network, becoming isolated and vulnerable to exploits such as double-spending.
Since wallets are where cryptocurrency is stored, finding ways to bypass wallet security is a prime vector for cybercriminals.
Seizure of Private Keys (Hot Wallets)
Centralized exchange platforms (as opposed to DEXes) store the private keys of their users in databases. Attackers who gain access to these databases can take ownership of the wallets and their contents.
Cold wallet hacks
While more secure than Hot Wallets, hardware-based Cold Wallets have been found to contain exploitable bugs (e.g. Nano S Ledger) that can give hackers access to private data. In some cases, a breach happens prior to delivery (by intercepting & programming the wallet en route).
Attackers use Google Ads to direct consumers searching for legitimate hot wallets (e.g. Metamask) to sites that mimic the genuine interface. Users enter their details which are copied by the attacker, or are maneuvered into sending funds to the attacker’s wallet.
In order to bypass 2-factor authentication security, a hacker impersonates the user in order to convince their phone company to transfer their number to a new SIM controlled by the hacker. The hacker can now gain access to their wallet and lock the user out.
Security phrase handling
Users are at risk of leaving vulnerable seed/passphrases accessible to hackers in an attempt to make them easily accessible to themselves (e.g. storing it on their computer), or being tricked into revealing them (e.g. to a fake customer service representative).
The attacker attempts to break a victim’s password by converting common passwords (e.g. password123) into cryptographic hashes, and then searching for similar combinations to identify hackable wallets.
Private keys are generated by cryptographic algorithms, and are intended to be unbreakable due to their random nature. ECDSA (used in Bitcoin cryptography) has been found to have insufficient entropy and hence ‘weak’ randomness, leaving it vulnerable to decryption strategies.
Smart contract attacks
Smart contracts are immutable, transparent, and capable of holding value. These properties also make them a liability if errors or exploits exist in the code.
The targeted contract makes an external call to the attacker contract, which utilizes a fallback function to interrupt the process and carry out additional actions, potentially draining the victim contract of all funds.
Flash loan exploit
Flash loans are a cheap, fast way to get hold of large sums of money (and hence have a large impact when misused). A smart contract may contain bugs that can be specifically targeted by attackers using flash loans to drain large amounts of funds or heavily influence market prices.
Transaction Order Dependence
When a smart contract is invoked by two transactions, it can be left to the miner to decide the order in which the transactions are recognized. This situation opens the possibility of manipulation, particularly where the outcome concerns price (e.g. front-running).
When the outcome of a smart contract is dependent on the timestamp of a block, the miner has some discretion to assign a timestamp (provided it is within 10-15 seconds of the time of actual validation) that gives them an unfair advantage.
For the same reasons as Timestamp Dependence, making any critical element of the smart contract dependent on the blockhash function (e.g. as a source of randomness) can create an opportunity for a miner to alter the blockhash – and the outcome – in their favor.
An example of an exploitable arithmetic error would be Over/Underflow. When a number is greater / lower than the maximum/minimum range, a parameter can be reduced to zero (e.g. neutralizing contract locktimes).
Short Address Attack
A bug in the ERC20 protocol allows a hacker who deliberately omits the final two zeroes from an address to withdraw 256 times the number of tokens that the victim (likely an exchange) believes are being withdrawn.
The Delegatecall function is a way to leverage the code from an external contract to perform a common operation. Because it gives the external contract power over its own storage, a malicious contract could be used to cause harm or remove value.
Some contract functions (for example conditions for the release of funds) should be private. However, functions within a smart contract are publicly visible by default. Developers may forget to disable visibility for key functions, leaving the contract open to exploitation.
For over 30 years, Marin Ivezic has been protecting critical infrastructure and financial services against cyber, financial crime and regulatory risks posed by complex and emerging technologies.
He held multiple interim CISO and technology leadership roles in Global 2000 companies.