According to a detailed study by researchers at Cornell Tech and the Technion Israel Institute of Technology, blockchain networks based on Proof of Work, such as Bitcoin, may be vulnerable to a new attack; the BDoS.
The hitherto unknown Blockchain Denial of Service Attack, BDoS, was described by researchers at Cornell Tech and the Technion Israel Institute of Technology, who published a recent study where they detail how the network Bitcoin (BTC), and others blockchain that use the proof-of-work protocol (Proof of Work, PoW), may be vulnerable to this attack today.
The study was presented at the 2020 ACM SIGSAC Conference, held at the end of November, where specialists in the area of computer and communications security debated several topics of interest, including the possibility that blockchain networks based on PoW are vulnerable to a hitherto unknown attack. The authors, Michael Mirkin, Yan Ji, Jonathan Pang, Ariah Klages-Mundt, Ittay Eya and Ari Juels, note that this It would be the first denial of service attack that can affect blockchain-based networks, as it “exploits the reward mechanism to discourage miners from participating in the network.”
Although this is still research, experts point out that the potential risk exists, while indicating that the new attack can be executed with less than 50% of the network's computing power.
It may interest you: Erebus, an attack that can censor Bitcoin
A 21% attack that discourages miners
According to research, contrary to a 51% attack, the BDoS would only need to control 21% of the power of hash rate, or computational power of a network to be effective, and publish false block headers to trick and discourage a network's miners from abandoning their participation within it. The study points out that the attacker would publish a false proof of work on the blockchain that tells the rest of the connected miners that he has the advantage over the network and that he can mine blocks faster than the rest, which would make the miners “rational.” stop mining if they detect that they are at an operational disadvantage, reducing its computational power.
Source: BDoS: Blockchain Denial-of-Service
“Previous attacks (DoS) against a blockchain require the mining power of an adversary to match that of all other miners. In contrast, BDoS can be executed with far fewer resources; for example, 21% of the power of the Bitcoin network as of March 2020, according to our study.”
Likewise, the researchers point out that if the point reaches where the profitability of mining on the network is very low, the rest of the connected miners, and even the attacker himself, could decide to disconnect from the network, stopping the blockchain completely.
Evolution of DoS attacks
Thanks to the large volume of money handled by blockchain networks like Bitcoin, they have become true targets for cybercriminals, who every day devise and study new possibilities to successfully execute their illicit actions.
Initially, denial of service attacks, or DoS, intended to bombard and plague a network with thousands of fake messages and spam to prevent legitimate users from accessing it, have no effect on blockchains. This is because blockchain-based networks are decentralized, and executing a DoS attack on one is highly costly and unlikely to succeed, as it cannot scale to tens, hundreds or thousands of connected nodes. Thus, it is the decentralized nature of blockchain that makes it resistant to this type of attack.
Now, the derivation pointed out by researchers from Cornell Tech and the Technion Israel Institute of Technology can represent a potential risk for blockchains, especially because its design points to the system's reward mechanism, disturbing the network's miners. .
“Beyond its direct implications for a network's operations, BDoS introduces the novel idea that an adversary can manipulate miners' incentives by proving the existence of fake blocks without actually publishing them.”
A comparison with the wide range of possible attacks
In contrast to other known attacks that can affect isolated elements within blockchain and PoW-based networks, such as Eclipse, Erebus, BGP hijacking, among others, BDoS can stop a blockchain network entirely if it manages to decrease mining profitability to such an extent that it forces miners to go offline completely.
The study on this new form of attack is still in development and several of its authors stated that they are continuing to investigate to answer the questions that remained open, such as the cost of executing this attack, probabilities and what solutions exist that mitigate its risk.
Furthermore, in the study, the researchers also reveal that blockchain networks based on the proof-of-stake protocol (Proof of Stake, PoS) are not vulnerable to this new form of BDoS denial of service attack, as these networks do not use mining resources to approve transactions. In this sense, the new blockchain network Ethereum 2.0 o > , it would not be relevant to a BDoS attacker.
Continue reading: User loses 1.400 BTC stored in an Electrum wallet during phishing attack
