|
A survey on Blockchain Technology and itsBog'liq Huaqun Xingjie - A Survey on blockchain Technology and its Security - 2022 MarchRisk
Description
Network
Attacks
As shown in Table I, Blockchain has the limited number
of transactions per second, DoS attacks may submit
more transactions than the Blockchain’s capability and
cause the Blockchain unavailable.
Besides DoS, BGP attack, routing attack, eclipse attack,
stealthier attack, DNS attacks, remote side-channel
attacks are also under this category.
Endpoint
Security
Endpoints can be heterogeneity which have more
options to exploit the vulnerabilities. Endpoints can be
also homogeneity which a flaw in one system can exist
in all systems.
Intentional
Misuse
As shown in Table I, the attackers may control more
nodes to launch like 51% type of attacks;
Code
Vulnerabilities
Code vulnerabilities can come from smart contract
which anyone can write or the underlying platform
code. The vulnerabilities have the wide-reaching impact
due to the distributed network and the code cannot be
modified once deployed. Intentionally write malicious
smart contract.
Data
Protection
Data protection relies upon the Blockchain instead of
data owners to provide the data integrity and
availability.
Human
Negligence
The log owners may un-monitor their logs.
B. Real Attacks and Bugs on Blockchain Systems
In this paper, we survey some real attacks and bugs on
Blockchain system to raise awareness of the need for security
on Blockchain systems. Users use exchange platforms to
make transactions on Blockchain, and in Blockchain a private
key is kept in a digital wallet. Hence, exchange platforms and
wallets are parts of blockchain systems.
1) Core Software Bug
Occurred in August 2010, the CVE-2010-5139
vulnerability was the most famous software bug in the Bitcoin
network due to an integer overflow vulnerability in its
protocol. Due to this bug, an invalid transaction of 0.5 BTC
replaced with 184 trillion BTC was added in a normal block,
and it took more than 8 hours to resolved this problem [59]. In
addition, when the version of Bitcoin upgraded from v0.7 to
v0.8, there was a bug that a block processed in v0.8 was not
processed in v0.7 because the database used BerkeleyDB in
v0.8 and used LevelDB in v0.7. This bug caused the 6-hours
different Blockchains existed on the nodes with v0.8 and
nodes with v0.7 [59].
2) Attacks
Related
to
Cryptocurrency
Exchange
Platforms
In 2011, attackers took away several thousand BTC from
Mt. Gox of Tokyo-based Bitcoin exchange due to deficiencies
in network protocols, and in March 2014, another 650,000
BTC in its online coffers were stolen by hackers, which caused
the Mt. Gox to file for bankruptcy, due to a bug in the Bitcoin
software to allow users to modify transaction IDs [60]. In
December 2013, anonymous marketplace Sheep Marketplace
had to shut down after it announced that one site vendor
exploited a vulnerability and stole 5400 BTC [61]. In August
2016, the hackers stole 119,756 BTC from the third-largest
Bitcoin exchange Bitfinex [62]. In July 2020, hackers hacked
Cashaa of U.K.-based cryptocurrency exchange and stole
336+ BTC. In August 2020 hackers attacked a European
cryptocurrency trading platform - 2gether’s servers and stole
away $1.39 million [63].
3) Attacks with Wallets
The user's wallet in the Blockchain system stores his/her
credentials and tracks digital assets associated with his/her
address, the user credentials and any other information
associated with his/her account. There were some attacks in
the past 10 years.
T
ABLE
VI.
C
OMPREHENSIVE
B
LOCKCHAIN
S
ECURITY
R
ISK
C
ATEGORIES
|
| |
