Blockchains must be designed to be protected against a number of different attacks. While these attacks are difficult to prevent entirely, the goal is to deter would be-attackers by making assaults difficult, time-consuming and — above all else — expensive. There are a number of different forms of attacks that blockchains face.

Sybil Attack

What is it?

Sybil Attacks affect all decentralized/permissionless networks. Because there is no central entity approving new users on the network, a malicious actor could create multiple users. The actor could then use these identities to enforce their will across the network if there is no mechanism to prevent it. On a blockchain, for example, they could block transactions (as they would control the routes through which transactions are made) and create more blocks than the rest of the users on the network could make (which opens up additional attack vectors, like Double Spend Attacks).

How to prevent it?

A permissionless network such as Ethereum is protected against Sybil Attacks by utilizing Proof of Work. Proof of Work means that actors are limited by the share of the total mining power they can bring to bear, not by the amount of nodes they can create, ensuring that creating millions of users is pointless.

Double Spend Attack

What is it?

There are a number of different varieties of Double Spend Attacks but all essentially allow for the same funds to be spent twice. Varieties include:

Race Attack: Sending two transactions at the same time to two merchants (or a merchant and the user themselves). The attacker, therefore, receives two sets of goods or receives the goods and the original transaction cost back.

Sending two transactions at the same time to two merchants (or a merchant and the user themselves). The attacker, therefore, receives two sets of goods or receives the goods and the original transaction cost back. Finney Attack: A miner mines a block (or series of blocks) in which they send funds to themselves. The mined block isn’t published, but rather is held back while the miner sends a transaction to a merchant. The merchant then releases the goods paid for, before the miner publishes the block that they had already mined. This erases the transaction to the merchant, leaving them with out of pocket costs.

A miner mines a block (or series of blocks) in which they send funds to themselves. The mined block isn’t published, but rather is held back while the miner sends a transaction to a merchant. The merchant then releases the goods paid for, before the miner publishes the block that they had already mined. This erases the transaction to the merchant, leaving them with out of pocket costs. Withhold Attack: This occurs when a malicious actor mines an entirely separate blockchain fork. They spend the funds on the public fork, receiving goods from unwitting merchants. At this point, the attacker publishes their fork which, if it contains more blocks than the public counterpart, replaces all prior duplicate transactions.

How to prevent it?

The more confirmations that users wait for upon receiving a transaction, the more confidence can be had that the transaction cannot be reversed. On Bitcoin, for example, this is generally estimated as six confirmations. However, networks do not suffer Double Spend Attacks equally. The more valuable the network and the more mining power behind it, the harder it is to carry out a successful attack.

51% Attack

What is it?

51% Attacks are an extension of Withhold Attacks. They take their name from an individual being able to control more than 50% of the network mining power. This would then let the attacker publish blocks quicker than the rest of the network. Since this is typically an expensive operation, it is often used to target exchanges. An example of this was seen in January, when a 51% attack of Ethereum Classic cost the exchange Gate.io an estimated $271,500.

How to prevent it?

It is very difficult to defend against a 51% attack, because if a user or entity is in sole control of over 50% of the mining power they can effectively control the network. The greatest defense is simply to ensure the attack costs an extortionate sum, which is why having a large amount of committed mining power on a network such as Ethereum is vital to protection.

Eclipse Attack

What is it?

The Eclipse Attack is similar to the Sybil Attack, except it targets a user rather than the wider network. Nodes on decentralized networks such as Ethereum don’t connect to every other node, but rather only to a small amount (13 in the case of Ethereum) to prevent the network from becoming too slow and cumbersome.

The attacker may attempt to control all of these outgoing connections to its target. Once this has been achieved, the victim can no longer see the true state of the blockchain. This could then be used to, for example, target a merchant through a Double Spend Attack. The attacker sends ETH to another address it controls before, subsequently, sending the same ETH to the merchant. The merchant would then release the goods to the attacker, not realizing that they had just been duped.

How to prevent it?

Eclipse Attacks can be minimized through limiting the number of nodes that can be operated per IP address, increasing the number of outgoing connections, as well as randomizing them to stop attackers from being able to target specific nodes.

Denial of Service Attack

What is it?

A Denial of Service Attack is an attempt to slow down a network. This can be achieved by creating lots of transactions at the same time and can ultimately bring the network to a halt. As the time taken to confirm a new transaction may continue to rise. the backlog builds and users have to pay much higher fees if they want their transaction processed in a timely fashion. Ethereum has previously suffered from two such incidences, the EXTCODESIZE and SUICIDE attacks. Denial of Service Attacks can also be used to target mining pools (to take certain miners offline) or otherwise disrupt network operations (for example, by targeting nodes).

How to prevent it?

The Ethereum Denial of Service Attacks referenced above were a result of an attacker exploiting a means by which many cheap transactions could be created. One of the means by which networks can be protected is to ensure that larger or harder transactions to process are costed appropriately. However, it is difficult to fully protect against a Denial of Service Attack other than to making them expensive to carry out.

Network Split Attack

What is it?

Network Split Attacks are a means by which, as the name suggests, the network is divided into two or more pieces. It differs from the Withhold Attack owing to its size and scale, as well as the means by which it is achieved. A typical example of a Network Split Attack sees an entire geographic region physically separated (e.g. as a result of the entire region being disconnected or blocked from the wider Internet). This would see two blockchains come into existence. Any duplicate transactions made on the smaller chain would then be lost when the two regions rejoined one another, meaning that an attacker able to spend on both chains during the period of separation could take advantage of Double Spend Attacks at will.

How to prevent it?

Network Split Attacks are costly and difficult, requiring some form of physically separating a country or region from the wider world. This alone makes them hard to carry out.