Cryptocurrency is billed as the currency of the future. This is thanks to the robust network security that it offers as part of its decentralized nature backed by blockchain technology.
A decentralized blockchain is constantly updated with consensus protocols, such as Proof of Work (PoW), and kept in sync using cryptography to ensure maximum protection against cyber attacks. However, this does not mean that it is completely impenetrable against all cyber threats on the internet.
On Tuesday (August 10), in what may be the largest attack in decentralized finance, or DeFi, unknown hackers used an exploit on cross-chain protocol Poly Network to remove at least $600 million from three chains.
According to Poly Network on Twitter, the attacks had removed assets from Binance Chain, Ethereum and the Polygon network.
Blockchain data from the respective networks shows the hackers stole roughly $273 million from Ethereum, $85 million in USD Coin (USDC) from the Polygon network, and $253 million from the Binance Smart Chain.
There has also been multiple attacks on blockchains over the years. Here are five of the most common types of blockchain attacks, and tips on how to avoid becoming the next victim.
1. 51% Attack
Perhaps the most common type of cryptocurrency attack is the infamous 51% attack, most commonly executed in relation to Bitcoin due to its PoW consensus protocol. A 51% attack occurs when one party or more takes control of a cryptocurrency’s hash rate on the blockchain.
A hash rate refers to the computational power that is required to perform PoW transactions. In a decentralized network, no one on the blockchain holds the majority of a hash rate to ensure fairness and legitimacy in cryptocurrency transactions. Thus, a 51% attack aims to interfere with this status quo.
When a miner successfully executes a 51% attack, they will be able to run a range of cryptocurrency commands that cater to their self interest, such as double spending, blocking transactions, modifying transaction details, and so on.
Notable 51% attacks that have happened in the past include: Bitcoin Gold’s (BTG) 51% attack in 2018 where an attacker double spent around $18 million in BTG; and Ethereum Classic’s (ETC) 51% attack in 2019, where hackers stole around $1 million in ETC.
2. Sybil Attack
A Sybil attack occurs when a single attacker attempts to take majority control of the entire blockchain network by creating multiple imposter accounts with multiple computers or IP addresses.
When a Sybil attack is successfully executed, the attacker essentially takes over the consensus protocol, and has the power to dictate what the blockchain will do.
Cryptocurrency consensus protocols including PoW and Proof of Stake (PoS) have been successful at preventing Sybil attacks. There has not been a major case of a Sybil attack on a cryptocurrency, but this does not mean that crypto developers are free from the threat: Sybil attacks are notoriously hard to detect, and they are typically identified after an attack is already underway.
3. Distributed Denial-of-Service (DDoS) Attack
A Distributed Denial-of-Service (DDoS) attack does not zoom in to attack a cryptocurrency per se, but targets the entire infrastructure that hosts it, like a cryptocurrency exchange. DDoS attacks occur when attackers attempt to overwhelm a website’s traffic by essentially spamming it with large amounts of data.
Attackers do so by deploying a variety of malware that will flood a website’s traffic and render it unusable. As a result, a website will crash and experience extended down time.
A notable DDoS attack is one launched against Bitcoin.org in late 2020, where attackers not only brought down the site, but also demanded an unspecified amount of Bitcoin as ransom.
4. DAO Attack
To understand the DAO attack, one has to refer back to the history of DAO itself.
The Decentralized Autonomous Organization, or DAO, is an online organization where members adhere to the rules of decentralization, and they do so by deploying blockchain technology and smart contracts.
DAO was conceived by a group of Ethereum engineers and the platform was subsequently launched in May 2016. The launch came with a 28-day funding window that encouraged interested parties to invest onto the platform in exchange for DAO tokens, which would then allow holders of those tokens to exercise a variety of voting rights on DAO.
However, on 18th June 2016, in the middle of the funding window, the DAO attack took place: a hacker managed to infiltrate DAO’s blockchain and siphon 3.6 million ETH coins, equivalent to $70 million at the time.
The DAO attack was a one-time incident, but it set a painful precedence for the community and thenceforth became an important case study for new DAOs that are brewing in the space.
As cryptocurrencies continue to experience a surge in use and circulation, so does cryptojacking. Cryptojacking is classified as a cybercrime, and it is when an attacker attempts to hack into another device without permission to steal or mine cryptocurrency.
Attackers carry out cryptojacking by deploying malware to infect a device, such as a malicious link. When a victim clicks on the link, their device — be it a computer, a tablet, or a smartphone — will be infected by the malware’s code. The code then takes control of a device’s computing power and starts to siphon the cryptocurrency to itself.
Hackers carry out cryptojacking to essentially enjoy a “free ride” over crypto mining efforts. Mining cryptocurrency is a labour that requires immense
In February 2018, it was discovered that Tesla had been the victim of cryptojacking. According to reports, the company’s Amazon Web Services cloud infrastructure was running mining malware. Even though the data exposure was discovered to be minimal, it posed a broad security threat for the company.
How Can You Stay Safe?
Cryptocurrency and blockchain attacks do not happen often, but when they do, all parties involved in a network incur huge losses.
There is no one-size-fits-all way to protect yourself against such attacks, but staying informed about the different kinds of attacks, as well as phishing and trading scams, and fake giveaways and Airdrops.
Before investing in a cryptocurrency, it is also useful to perform due diligence and make sure if the cryptocurrency has not experienced any major cyber attacks. Reading a crypto’s whitepaper thoroughly and critically evaluating its use cases also helps.
Reddit user u/xCryptoPandax has a comprehensive guide on the forum on how to keep your computer and cryptocurrencies safe. Essentially, you should be using two-factor authentication (2FA) tools or password managers, and cold wallets to make sure that your passwords are encrypted, and your crypto wallets are not connected to the Internet.
Furthermore, even though cryptocurrency is all the rage right now, it’s still in its infancy. Investing in something that’s new comes with challenges, so be prepared to research first, and invest conservatively if you are worried about the risks.