📕 BETTER THAN YESTERDAY WITH BSCSTATION #11: Blockchain Attacks You Should Know Part 4
It's time to absorb helpful knowledge with the “Better Than Yesterday With BSCStation” series.
Today we will carry on with the “Transaction Verification Mechanism Attacks” section.
Cryptocurrency is billed as the currency of the future. This is thanks to the robust network security that it offers as part of its decentralized nature backed by blockchain technology.
Unlike financial institutions, blockchains confirm transactions only after all nodes in the network are in agreement. Until a block with a transaction is verified, the transaction is classified as unverified. However, verification takes a certain amount of time, which creates a perfect vector for cyberattacks.
Double-spending is a common blockchain attack exploiting the transaction verification mechanism. All transactions on a blockchain need to be verified by users in order to be recognized as valid, which takes time. Attackers can use this delay to their advantage and trick the system into using the same coins or tokens in more than one transaction.
Here are the most common types of attacks based on exploiting the intermediate time between a transaction’s initiation and confirmation.
Finney attacks
A Finney attack is possible when one transaction is pre-mined into a block and an identical transaction is created before that pre-mined block is released to the network, thereby invalidating the second identical transaction.
Race Attacks
A race attack is executed when an attacker creates two conflicting transactions. The first transaction is sent to the victim, who accepts the payment (and sends a product, for instance) without waiting for confirmation of the transaction. At the same time, a conflicting transaction returning the same amount of cryptocurrency to the attacker is broadcast to the network, eventually making the first transaction invalid.
Vector76
Vector76 is a combination of two previous attacks. In this case, a malicious miner creates two nodes, one of which is connected only to the exchange node and the other of which is connected to well-connected peers in the blockchain network. After that, the miner creates two transactions, one high-value and one low-value. Then, the attacker premises and withholds a block with a high-value transaction from an exchange service. After a block announcement, the attacker quickly sends the pre-mined block directly to the exchange service. It along with some miners will consider the pre-mined block as the main chain and confirm this transaction. Thus, this attack exploits the fact that one part of the network sees the transaction the attacker has included into a block while the other part of the network doesn’t see this transaction.
After the exchange service confirms the high-value transaction, the attacker sends a low-value transaction to the main network, which finally rejects the high-value transaction. As a result, the attacker’s account is credited the amount of the high-value transaction. Though there’s a high chance for success with this type of attack, it’s not common because it requires a hosted e-wallet that accepts the payment after one confirmation and a node with an incoming transaction.
Alternative History Attacks
An alternative history attack — also called a blockchain reorganization attack — may happen even in the case of multiple confirmations but requires a huge amount of computing power from the hacker. In this case, a malicious user sends a transaction to a recipient and at the same time mines an alternative fork with another transaction that returns the same coins. Even if the recipient considers the transaction valid after n confirmations and sends a product, for instance, the recipient may lose money if the attacker releases a longer chain and gets the coins back.
51% or Majority Attacks
A majority attack is possible when a hacker gets control of 51% of the network hash rate and creates an alternative fork that finally takes precedence over existing forks.
This attack was initially the only known blockchain vulnerability and seemed unrealistic in the near past. However, at least five cryptocurrencies — Verge, ZenCash, Monacoin, Bitcoin Gold, and Litecoin Cash — have already suffered from 51% attacks. In each of these cases, cybercriminals collected enough hashing power to compromise the network and pocket millions of dollars.
Unfortunately, all small cryptocurrencies are still at risk of majority attacks. Since these cryptocurrencies attract fewer miners, attackers can just rent computing power to gain a majority share of the network. The developers of Crypto51 have tried to draw attention to the potential risks of hacking smaller cryptocurrencies. Their website shows the expected costs of a 51% attack on various blockchains.
Conclusion
Possible measures for preventing double-spending attacks include monitoring received transactions during a listening period, forwarding double-spending attempts, inserting other nodes to observe transactions, and rejecting direct incoming connections.
About BSCStation
BSCStation - The fully decentralized protocol for launching new ideas. An all-in-one Incubation Hub with a full-stack Defi platform across all main blockchain networks. We provide exclusive services including IDO/INO Launchpad, Yield farming, NFT Auction, Marketplace, and BSCSwap
BSCStation operates on top of all the main blockchain networks and is designed to offer maximum value to consumers and institutions.
BSCStation platform uses the Sharing Economy Model for the purpose of profit-sharing, helping users to access DeFi platforms in the easiest, safest, and most cost-effective way. BSCStation is the most convenient bridge to connect users and application products on all main blockchain networks.
Website | Telegram | Substack | Twitter | Channel
The information provided in this article is intended for general guidance and information purposes only. Contents of this article are under no circumstances intended to be considered as investment, business, legal or tax advice. We do not accept any responsibility for individual decisions made based on this article and we strongly encourage you to do your own research before taking any action.