CertiK Logo
CertiK Logo
Products
Company
incident-response
Back to all stories
Technology
What is an Online Attack?
5/8/2022
What is an Online Attack?

As the internet has increasingly become the primary space for financial exchange, hackers and malicious actors have taken every chance they can get to exploit vulnerabilities in the technology for their self-interest. One of the promises of blockchain technology is its ability to bolster the safety of online activity through the greater security afforded by decentralization. Many online attacks hinge on there being a single point of failure in the system, commonly known as a vulnerability, with this vulnerability exploited through what is known as an Attack Vector. By decentralizing a database across a wide network of nodes, the early blockchain developers devised a way for the pain points of centralization to be avoided.

However, despite this added security, it is naive to assume that online attacks will just go away. Rather, blockchain analytics continue to show how blockchains can be susceptible to online attacks, and that, despite blockchains cultivating far greater security in online activity, they also provide a new frontline for hackers and bad actors to target. With that in mind, this post provides an overview of some of the most infamous online attacks, how they intersect with blockchain technology, and some of the ways of defending against such attacks through measures like blockchain analytics, smart contract audits, and best practices for developers.

DDoS Attack

A DDoS attack is one of the oldest and most common tricks in the online attacker’s playbook, especially in Web2 networks. It’s also a style of attack that is showing up in Web3. The acronym stands for Distributed Denial of Service and involves a malicious actor or actors shutting down an online platform by overloading its network with demands. This then makes it inaccessible to its intended users and denies them the service of the particular platform.

DDoS attacks have been heavily mitigated by the decentralization enabled by blockchains. It is hard to target a particular server to overload when that server is distributed across multiple nodes in countless locations. Indeed, many have said that it is impossible for a DDoS attack to affect blockchain, however that is not strictly true. In one recent example, the Solana network was offline for 17 hours after the launch of a new project that enabled bots to generate a high number of transactions and flood the network.

In blockchain, DDoS attacks will typically target crypto exchanges or mining pools. This is in part because, as the name suggests, these attacks are designed to cut off a network’s ability to provide a service, and so in blockchain they naturally target the platforms that provide services to users. Another reason for these targets is that they constitute points of increased centralization within the blockchain ecosystem, and are therefore more susceptible to attack.

To properly prepare and defend against the risk of DDoS attacks, blockchain projects can take a number of precautions. Firstly, blockchain analytics tools such as CertiK’s Skynet monitor on-chain activity and can alert if an attacker is flooding transactions into a smart contract or chain. Alongside this, developers should seek to implement decentralized practices and structures whenever and wherever they can when designing their projects. They should also ensure that nodes in the network have adequate storage, processing power, and bandwidth, as this greatly reduces an attacker’s ability to overload a node.

Eclipse Attack

Where DDoS attacks are attacks against an entire network, Eclipse attacks target a single node by isolating it within an artificial environment of attacker controlled nodes. By isolating a node in this way, the attacker can block, redirect, and manipulate messages with neighboring nodes in an attempt to make illegitimate transactions. Due to the decentralized nature of most blockchains, isolating a node in this way is extremely difficult and consequently, eclipse attacks are very rare. In attempting one, the attacker will attempt to overwhelm the targeted node by flooding it with ip addresses generated by a phantom network. It would then wait for the node to reconnect to the network, or force it to do so through a DDoS attack.

Whilst Eclipse attacks are increasingly rare given the better understanding and implementation of blockchain security, having an awareness of what they are and how to protect against them provides a useful way to understanding some of the fundamentals of building a secure decentralized network. As the sector has grown, we have come to see that not all decentralized structures are equal. Projects that better embed their nodes in a structure by increasing a node’s connections, randomizing the connections made between nodes, or conversely, by providing a node with a fixed set of ip addresses, all make it far more difficult for an attacker to conduct an Eclipse attack. Furthermore, projects should strive to be as attuned as possible to any anomalies that occur within their network. Whilst this may seem like a herculean task, particularly given the scale of the project, blockchain analytics that use the above mentioned tools such as Skynet are the best way of staying abreast of any malicious activity.

51% Attack

Whilst blockchain projects are typically designed to resist Sybil attacks through their consensus mechanisms, the species of Sybil attack known as the 51% attack has historically been shown to pierce the armor of some of the biggest crypto projects.

A 51% attack occurs when a single person or entity gains control of 50% or more of a network mining hashrate. This then allows the attacker to cause double spending attacks, alter the block order, and reject or submit false transactions. Essentially, in a 51% attack, power over the blockchain goes from being decentralized to being centralized in the hands of a malicious actor.

Notorious 51% Attacks have been conducted against some of the biggest blockchains, including Bitcoin SV, Verge and Ethereum Classic. However, as a blockchain network grows over time and the number of honest nodes proliferates, the ability to conduct a successful 51% attack becomes infeasible as the computational power needed to successfully operate a majority of nodes becomes astronomical. However, all projects, both big and small, should stay vigilant against the possibility of a 51% attack. Blockchain analytics can help with this, as it provides an in time overview of the activity in a blockchain, and can alert projects to any suspicious activity occurring on-chain.

Blockchain Analytics: The Last Line of Defense

The best and most secure defense against any species of online attack will always take place before a project is launched. Blockchain security is forged in appropriate planning, sophisticated coding, and rigorous testing through third party audits. There are no shortcuts to appropriate planning and preparation, and making security alterations after a project is launched is never ideal.

With that being said, once a project is launched, the best way to prevent an attack is through the monitoring provided by blockchain analytics tools like CertiK’s Skynet. Whilst blockchain analytics will never replace best practice measures and failsafes at the level of code, it is a vital tool for any project looking to keep their project secure post-launch. New forms of attack are always around the corner, and even the best developers miss something sometimes. Blockchain analytics keeps you in the know and is a great tool for keeping you secure. Stay safe out there!