On the evening of August 10, the cross-chain decentralized finance (DeFi) platform Poly Network was attacked, with the alleged hacker draining roughly $611 million cryptocurrencies including ETH, BNB, and USDT, which were later transferred to three addresses. The incident ranks as one of the largest cryptocurrency heists to date, raising a sensation once again about the security of on-chain data.
According to reports, in 2020 alone, some $2.5 billion worth of cryptocurrencies were stolen in more than 100 hacker attacks. Data security on the chain is facing major challenges, and for the operators and investors, it is essential to learn about the usual hacker attacks to avoid such incidents.
1. Double Spending Attack (Or 51% Attack)
As the most infamous attack on the chain, a double spending attack happens when a miner controls 51% or more of the hashrates of the blockchain network. In a PoW network, the hashrates equal the control over the network. And once the user has the majority control over transactions, he can find the random number required to mine the block faster than others. Therefore, he actually has the absolute advantage of obtaining the bookkeeping right, and he can arbitrarily tamper with the blockchain data, which is a double spending attack.
Such attacks cannot be prevented by technology but can be avoided by increasing the network hashrates. Taking Bitcoin as an example, the hashrates of the entire network has reached as high as 120E. As it is known that the current mining machine with the highest hashrate has about 110T, so approximately 1 million such machines are needed to launch a 51% attack. Yet the possibility of a 51% attack is higher among small-sized cryptocurrencies, as evidenced by history.
2. Dusting Attack
A dusting attack is a new type of malicious attack in which a negligible amount of crypto is sent to hundreds of thousands of addresses by hackers, which will result in congestion of the network. For example, the hacker transfers 0.0001 BTH from address A to each of addresses B, C, D, etc. These large numbers of small transactions clog the transaction queue, driving up fees and prolonging confirmation time. The biggest harm is the congested BTC network.
3. Sybil Attack
A Sybil attack is a kind of security threat where the attacker floods the network with fake peers. In this kind of attack, a small number of nodes are masqueraded as a large number of nodes to take over the entire network.
4. Eclipse Attack
An eclipse attack is a relatively simple one, which targets a specific node or cluster of nodes, thus splitting the network. It prevents the targeted node from obtaining effective information on the peer-to-peer network, thus causing network interruption and making the network vulnerable to more complex attacks such as a double spending attack.
5. Empty Block Attack
The empty block attack is one where a majority of mining power would be directed at mining only empty blocks. We know that in addition to the block reward, there is also a package transaction fee as reward. If a miner rejects the transaction fee reward and doesn’t package the transaction, then an "empty block" is created, leading to a larger memory pool for transactions to be confirmed and a longer confirmation time.
6. Distributed Denial of Service Attack
A distributed denial-of-service (DDoS) attack is one of the most threatening security attacks on blockchain networks. It occurs when the attacker utilizes massive nodes online simultaneously across the world to attack one or several targeted hosts to stop them from functioning normally.
Nowadays, we usually see hackers launch attacks and successfully steal a large number of digital assets by exploiting loopholes on the chain. Due to the immutable and anonymous nature of the blockchain itself, it is more difficult to recover losses after an attack occurs. Although the Ethereum team managed to forcibly recover losses through a hard fork, that is not the best method. Therefore, a safety audit is of vital importance before each project goes online.