{"id":19915576,"url":"https://github.com/demining/blockchain-attack-vectors","last_synced_at":"2025-06-25T00:07:55.259Z","repository":{"id":144620907,"uuid":"580076024","full_name":"demining/Blockchain-Attack-Vectors","owner":"demining","description":"Blockchain Attack Vectors \u0026 Vulnerabilities to Smart Contracts","archived":false,"fork":false,"pushed_at":"2022-12-27T09:47:33.000Z","size":12511,"stargazers_count":26,"open_issues_count":0,"forks_count":10,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-02T06:35:52.614Z","etag":null,"topics":["attack","attacker","attacks","bitcoin","blockchain","blockchain-technology","cryptocurrency","ethereum","exploit","exploiting","exploiting-vulnerabilities","hack","hacking","smart-contracts","vulnerabilities","vulnerability","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"https://cryptodeeptech.ru/blockchain-attack-vectors","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/demining.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-19T16:54:34.000Z","updated_at":"2025-03-13T09:03:34.000Z","dependencies_parsed_at":null,"dependency_job_id":"fecb1c4c-c6bb-477f-bb39-7345d898a4c1","html_url":"https://github.com/demining/Blockchain-Attack-Vectors","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/demining/Blockchain-Attack-Vectors","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/demining%2FBlockchain-Attack-Vectors","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/demining%2FBlockchain-Attack-Vectors/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/demining%2FBlockchain-Attack-Vectors/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/demining%2FBlockchain-Attack-Vectors/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/demining","download_url":"https://codeload.github.com/demining/Blockchain-Attack-Vectors/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/demining%2FBlockchain-Attack-Vectors/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261777695,"owners_count":23208126,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attack","attacker","attacks","bitcoin","blockchain","blockchain-technology","cryptocurrency","ethereum","exploit","exploiting","exploiting-vulnerabilities","hack","hacking","smart-contracts","vulnerabilities","vulnerability","vulnerability-scanners"],"created_at":"2024-11-12T21:41:04.329Z","updated_at":"2025-06-25T00:07:55.119Z","avatar_url":"https://github.com/demining.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-large\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"576\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/029-2-1024x576.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1593\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/029-2-1024x576.png 1024w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/029-2-300x169.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/029-2-768x432.png 768w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/029-2.png 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eIn this article, we will talk about all known attacks on the blockchain, as well as smart contract vulnerabilities. Blockchain isn’t really as secure as we tend to think. Though security is integrated throughout all blockchain technology, even the strongest blockchains come under attack by modern cybercriminals.\u003c/p\u003e\n\n\n\n\u003cp\u003eBlockchains can resist traditional cyber attacks quite well, but cybercriminals are coming up with new approaches specifically for hacking blockchain technology. In this article, we describe the main attack vectors against blockchain technology and take a look at the most significant blockchain attacks to date.\u003c/p\u003e\n\n\n\n\u003cp\u003eCybercriminals have already managed to misuse blockchains to perform malicious actions.\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/publication/#/dev-blog/465-ransomware-mechanisms-protection\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eRansomware attacks\u003c/a\u003e\u0026nbsp;like\u0026nbsp;\u003ca href=\"https://en.wikipedia.org/wiki/WannaCry_ransomware_attack\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eWannaCry\u003c/a\u003e\u0026nbsp;and\u0026nbsp;\u003ca href=\"https://en.wikipedia.org/wiki/Petya_(malware)\" target=\"_blank\" rel=\"noreferrer noopener\"\u003ePetya\u003c/a\u003e\u0026nbsp;wouldn’t have been so massive if attackers hadn’t received their rewards in cryptocurrencies. Now, it looks like hackers consider exploiting blockchain security vulnerabilities as their main source of revenue.\u003c/p\u003e\n\n\n\n\u003cp\u003eIn March 2019, white hat hackers\u0026nbsp;\u003ca href=\"https://thenextweb.com/hardfork/2019/03/14/blockchain-cryptocurrency-vulnerability-bug\" target=\"_blank\" rel=\"noreferrer noopener\"\u003efound 43 bugs\u003c/a\u003e\u0026nbsp;in various blockchain and cryptocurrency platforms in just 30 days. They even found vulnerabilities in such famous platforms as\u0026nbsp;\u003ca href=\"https://www.coinbase.com/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eCoinbase\u003c/a\u003e,\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/publication/#/dev-blog/553-eos-smart-contract-vulnerability\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eEOS\u003c/a\u003e, and\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/publication/#/dev-blog/602-tezos-blockchain-smart-contract-overview\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eTezos\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\u003cp\u003eHowever, weak spots are often challenging to detect, since they can be hidden in unobvious places. For instance, the\u0026nbsp;\u003ca href=\"https://cointelegraph.com/news/parity-multisig-wallet-hacked-or-how-come\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eParity multisig wallet was hacked\u003c/a\u003e\u0026nbsp;by breaking a library that had a withdraw function in it. The attacker managed to initialize the library itself as a wallet and claim owner rights to it. As a result, 573 wallets were affected, $30 million worth of crypto was stolen, and another $180 million rescued by a white hat hacker group was later returned to the rightful owners.\u003c/p\u003e\n\n\n----\n\n* Tutorial: https://youtu.be/7pqVNbcGzls\n* Tutorial: https://cryptodeeptech.ru/blockchain-attack-vectors\n\n----\n\n\n\u003cp\u003eBy attacking such huge networks as\u0026nbsp;\u003ca href=\"https://bitcoin.org/en\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eBitcoin\u003c/a\u003e\u0026nbsp;and\u0026nbsp;\u003ca href=\"https://ethereum.org/en\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eEthereum\u003c/a\u003e, cybercriminals show that they’re clever enough to disprove the myth of blockchain security. Let’s consider the five most common blockchain attack vectors:\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"850\" height=\"774\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/Different-types-of-attacks-on-blockchain-alternative-history-attacks-blockchain-1.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1471\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/Different-types-of-attacks-on-blockchain-alternative-history-attacks-blockchain-1.png 850w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/Different-types-of-attacks-on-blockchain-alternative-history-attacks-blockchain-1-300x273.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/Different-types-of-attacks-on-blockchain-alternative-history-attacks-blockchain-1-768x699.png 768w\" sizes=\"(max-width: 850px) 100vw, 850px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2\u003e\u003ca href=\"https://cryptodeep.ru/doc/Blockchain_network_attacks.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eBlockchain Network Attacks\u003c/a\u003e\u003c/h2\u003e\n\n\n\n\u003cp\u003eA blockchain network includes nodes that create and run transactions and provide other services. For instance, the Bitcoin network is formed by nodes that send and receive transactions and miners that add approved transactions to blocks. Cybercriminals look for network vulnerabilities and exploit them with the following types of attacks.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full is-resized\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-42.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1534\" width=\"844\" height=\"1047\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-42.png 520w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-42-242x300.png 242w\" sizes=\"(max-width: 844px) 100vw, 844px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/DISTRIBUTED_DENIAL_OF_SERVICE_(DDOS)_ATTACKS_DETECTION_MECHANISM.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eDistributed Denial of Service\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003e\u003ca href=\"https://cryptodeep.ru/doc/DISTRIBUTED_DENIAL_OF_SERVICE_(DDOS)_ATTACKS_DETECTION_MECHANISM.pdf\"\u003eDistributed denial of service\u0026nbsp;(DDoS) attacks\u003c/a\u003e are hard to execute on a blockchain network, but they’re possible.\u003c/p\u003e\n\n\n\n\u003cp\u003eWhen attacking a blockchain network using DDoS, hackers intend to bring down a server by consuming all its processing resources with numerous requests. DDoS attackers aim to disconnect a network’s mining pools, e-wallets, crypto exchanges, and other financial services. A blockchain can also be hacked with DDoS at its application layer using DDoS botnets.\u003c/p\u003e\n\n\n\n\u003cp\u003eIn 2017, Bitfinex suffered from a\u0026nbsp;\u003ca href=\"https://www.infosecurity-magazine.com/news/worlds-largest-bitcoin-exchange\" target=\"_blank\" rel=\"noreferrer noopener\"\u003emassive DDoS attack\u003c/a\u003e. It was especially inconvenient for the IOTA Foundation, which had launched their IOTA token on the platform the day before Bitfinex informed users about the attack. Three years later, in February 2020, Bitfinex\u0026nbsp;\u003ca href=\"https://thenextweb.com/hardfork/2020/02/28/bitfinex-cryptocurrency-okex-ddos-hacker-denial-of-service-blockchain\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eexperienced another DDoS attack\u003c/a\u003e\u0026nbsp;just a day after the OKEx cryptocurrency exchange noticed a similar attack.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"920\" height=\"446\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-41.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1531\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-41.png 920w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-41-300x145.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-41-768x372.png 768w\" sizes=\"(max-width: 920px) 100vw, 920px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Bitcoin_Transaction_Malleability_and_MtGox.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eTransaction Malleability Attacks\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eA transaction malleability attack is intended to trick the victim into paying twice. In the Bitcoin network, every transaction has a hash that’s a transaction ID. If attackers manage to alter a transaction’s ID, they can try to broadcast the transaction with a changed hash to the network and have it confirmed before the original transaction. If this succeeds, the sender will believe the initial transaction has failed, while the funds will still be withdrawn from the sender’s account. And if the sender repeats the transaction, the same amount will be debited twice. This hack is successful once the two transactions are confirmed by miners.\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003ca href=\"https://www.darkreading.com/attacks-and-breaches/mt-gox-bitcoin-meltdown-what-went-wrong\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eMt. Gox\u003c/a\u003e, a Bitcoin exchange, went bankrupt as the result of a malleability attack in 2014. However, Bitcoin seems to have\u0026nbsp;\u003ca href=\"https://medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4\" target=\"_blank\" rel=\"noreferrer noopener\"\u003esolved this issue\u003c/a\u003e\u0026nbsp;by introducing the Segregated Witness (SegWit) process, which separates signature data from Bitcoin transactions and replaces it with a non-malleable hash commitment to each signature.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"672\" height=\"739\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-28-1.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1430\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-28-1.png 672w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-28-1-273x300.png 273w\" sizes=\"(max-width: 672px) 100vw, 672px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Vulnerabilities_and_Security_Breaches_in_Cryptocurrencies.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eTimejacking Attack\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eTimejacking exploits a theoretical vulnerability in Bitcoin timestamp handling. During a timejacking attack, a hacker alters the network time counter of the node and forces the node to accept an alternative blockchain. This can be achieved when a malicious user adds multiple fake peers to the network with inaccurate timestamps. However, a timejacking attack can be prevented by restricting acceptance time ranges or using the node’s system time.\u003c/p\u003e\n\n\n\n\u003cp\u003eThe timejacking attack is also an extension of the Sybil attack. Each node maintains a time counter which is based on the median time of its peers, and if the median time differs from the system time by a certain value, then the node reverts to the system time. An attacker can flood the network with nodes reporting inaccurate timestamps, which can cause the network to slow down or speed up, leading to a desynchronization.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"820\" height=\"560\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-26.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1412\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-26.png 820w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-26-300x205.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-26-768x524.png 768w\" sizes=\"(max-width: 820px) 100vw, 820px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Routing_Attacks_on_Cryptocurrencies.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eRouting Attacks on Cryptocurrencies\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eA routing attack can impact both individual nodes and the whole network. The idea of this hack is to tamper with transactions before pushing them to peers. It’s nearly impossible for other nodes to detect this tampering, as the hacker divides the network into partitions that are unable to communicate with each other. Routing attacks actually consist of two separate attacks:\u003c/p\u003e\n\n\n\n\u003col\u003e\n\u003cli\u003eA partition attack, which divides the network nodes into separate groups\u003c/li\u003e\n\n\n\n\u003cli\u003eA delay attack, which tampers with propagating messages and sends them to the network\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003c/li\u003e\n\u003c/ol\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"895\" height=\"345\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-27.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1426\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-27.png 895w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-27-300x116.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-27-768x296.png 768w\" sizes=\"(max-width: 895px) 100vw, 895px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Sybil_Attacks_in_Cryptocurrency_Mixers.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eSybil Attacks in Cryptocurrency Mixers\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eA\u0026nbsp;\u003ca href=\"https://en.wikipedia.org/wiki/Sybil_attack\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eSybil attack\u003c/a\u003e\u0026nbsp;is arranged by assigning several identifiers to the same node. Blockchain networks have no trusted nodes, and every request is sent to a number of nodes.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"730\" height=\"350\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/figure2-sybil-attack.webp\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1425\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/figure2-sybil-attack.webp 730w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/figure2-sybil-attack-300x144.webp 300w\" sizes=\"(max-width: 730px) 100vw, 730px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp class=\"has-text-align-center\"\u003e\u003cem\u003eFigure 1. Sybil attack\u003c/em\u003e\u003c/p\u003e\n\n\n\n\u003cp\u003eDuring a Sybil attack, a hacker takes control of multiple nodes in the network. Then the victim is surrounded by fake nodes that close up all their transactions. Finally, the victim becomes open to\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/publication/#/dev-blog/578-blockchain-attack-vectors#double\"\u003edouble-spending attacks\u003c/a\u003e. A Sybil attack is quite difficult to detect and prevent, but the following measures can be effective: increasing the cost of creating a new identity, requiring some type of trust for joining the network, or determining\u0026nbsp;\u003ca href=\"https://delaat.net/rp/2017-2018/p97/report.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003euser power based on reputation\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\u003cp\u003eA sybil attack is defined by Wikipedia as “\u003cem\u003ea type of attack on a computer network service in which an attacker subverts the service’s reputation system by creating a large number of pseudonymous identities and uses them to gain a disproportionately large influence.\u003c/em\u003e” If the network does not keep the count of the nodes, then the attacker can completely isolate the victim node from the network. The sybil attack on blockchain also works similarly, where an attacker tries to flood the network with their controlled nodes so that the victim only connects to the attacker controlled nodes. This can lead to a wide variety of damages where the attacker can prevent genuine blocks from being added to the chain, the attacker can add their own blocks to the chain, or they can cause confusion among the nodes, hampering the general functioning of the blockchain network.\u003c/p\u003e\n\n\n\n\u003cp\u003eIn the above visual representation, the red nodes are controlled by the attacker, and they flood the network, making the victim connect only to a malicious node.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2\u003e\u003ca href=\"https://cryptodeep.ru/doc/Sybil_Attacks_on_Identity-Augmented_Proof-of-Stake.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eSybil Attacks on Identity-Augmented Proof-of-Stake\u003c/a\u003e\u003c/h2\u003e\n\n\n\n\u003cp\u003eIdAPoS is an identity-based consensus protocol for decentralised Blockchain networks that implements a trustless reputation system by extending Proof-of-Stake to facilitate leader selection in non-economic contexts. Like any protocol operating in a public/permissionless setting, it is vulnerable to Sybil attacks in which byzantine actors interfere with peer sampling by presenting artificially large numbers of identities. This paper demonstrates what influence these attacks have on the stability of member selection of a Blockchain system using the IdAPoS protocol and investigates how attacks can be mitigated. As a novel protocol, its vulnerability to this type of attack has not previously been researched. The research question is approached via an agent-based model of an IdAPoS system in which both honest and malicious actors are represented as agents. Simulations are run on some reasonable configurations of an IdAPoS system that employ different attack mitigation strategies. The results show that a super strategy that combines multiple individual mitigation strategies is more effective for containing Sybil attacks than the unmitigated protocol and any other individual strategies proposed. In the simulation this strategy extended the time until a system was taken over by a malicious entity approximately by a factor of 5. These positive initial results indicate that further research into the practical viability of the protocol is warranted\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"704\" height=\"482\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-43.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1538\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-43.png 704w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-43-300x205.png 300w\" sizes=\"(max-width: 704px) 100vw, 704px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Eclipse_Attacks_on_Bitcoin.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eEclipse Attacks on Bitcoin\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eAn eclipse attack requires a hacker to control a large number of IP addresses or to have a distributed botnet. Then the attacker overwrites the addresses in the “tried” table of the victim node and waits until the victim node is restarted. After restarting, all outgoing connections of the victim node will be redirected to the IP addresses controlled by the attacker. This makes the victim unable to obtain transactions they’re interested in. Researchers from Boston University\u0026nbsp;\u003ca href=\"https://bitcoinmagazine.com/articles/researchers-explore-eclipse-attacks-ethereum-blockchain\" target=\"_blank\" rel=\"noreferrer noopener\"\u003einitiated\u003c/a\u003e\u0026nbsp;an eclipse attack on the Ethereum network and managed to do it using just one or two machines.\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003ca href=\"https://cointelegraph.com/explained/what-is-an-eclipse-attack\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eEclipse attack\u003c/a\u003e\u0026nbsp;arises in the blockchains, where the architecture partitions workloads and assigns tasks among the peers. As an example, if a chain has a node that has only eight outgoing connections and can support at most 128 threads at any given moment, each node has view access to only the nodes that are connected to it. The view of the chain for the victim node can be changed if an attacker attacks a specific node and\u0026nbsp;\u003ca href=\"https://www.gemini.com/cryptopedia/eclipse-attacks-defense-bitcoin#section-how-are-cryptocurrency-eclipse-attacks-executed\" target=\"_blank\" rel=\"noreferrer noopener\"\u003egains control of the eight nodes\u003c/a\u003e\u0026nbsp;connected to it. This can lead to a wide variety of damages that include double spending of the coins by tricking a victim that a particular transaction has not occurred, and also the attacks against the second layer protocols. The attacker can make the victim believe that a payment channel is open when it is closed, tricking the victim to initiate a transaction. The following diagram demonstrates a node under Eclipse attack.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-large\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"268\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/Blockchain-1-1024x268.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1432\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/Blockchain-1-1024x268.png 1024w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/Blockchain-1-300x78.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/Blockchain-1-768x201.png 768w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/Blockchain-1.png 1450w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp class=\"has-text-align-center\" id=\"caption-attachment-31671\"\u003e\u003ca href=\"https://cryptodeep.ru/doc/Eclipse_Attacks_on_Bitcoin.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eFigure : Eclipse Attack\u003c/a\u003e\u003c/p\u003e\n\n\n\n\u003cp\u003eIn the above visual representation, the red nodes are controlled by the attacker, and they can change the copy of the chain of the victim node by making it connect to attacker controlled nodes.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2\u003e\u003ca href=\"https://cryptodeep.ru/doc/Eclipse_Attacks_on_Ethereum.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eEclipse Attacks on Ethereum\u003c/a\u003e\u003c/h2\u003e\n\n\n\n\u003cp\u003eIn this technical report, we present three vulnerabilities affecting the Ethereum blockchain network and client. First, we outline an eclipse attack that allows an adversary to partition the peer-to-peer network without monopolizing the connections of the victim. This is attack is possible by exploiting the block propagation design of Ethereum. Second, we present an exploit to force a node to accept a longer chain with lower total difficulty than the main chain. Finally, we outline a bug in Ethereum’s difficulty calculation. We provide countermeasure proposals for each reported vulnerability.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full is-resized\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-44.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1541\" width=\"981\" height=\"1016\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-44.png 696w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-44-290x300.png 290w\" sizes=\"(max-width: 981px) 100vw, 981px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Long-Range_Attacks_in_Proof-of-Stake_Systems.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eLong-Range Attacks in Proof-of-Stake Systems\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eLong range attacks target networks that use the\u0026nbsp;\u003ca href=\"https://en.wikipedia.org/wiki/Proof_of_stake\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eproof of stake\u003c/a\u003e\u0026nbsp;(PoS) consensus algorithm, in which users can mine or validate block transactions according to how many coins they hold.\u003c/p\u003e\n\n\n\n\u003cp\u003eThese attacks can be categorized into three types:\u003c/p\u003e\n\n\n\n\u003col\u003e\n\u003cli\u003e\u003ca href=\"https://blog.positive.com/rewriting-history-a-brief-introduction-to-long-range-attacks-54e473acdba9\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eSimple\u003c/a\u003e\u0026nbsp;— A naive implementation of the proof of stake protocol, when nodes don’t check block timestamps\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ca href=\"https://github.com/filecoin-project/consensus/issues/17\" target=\"_blank\" rel=\"noreferrer noopener\"\u003ePosterior corruption\u003c/a\u003e\u0026nbsp;— An attempt to mint more blocks than the main chain in a given time frame\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ca href=\"https://eprint.iacr.org/2018/248.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eStake bleeding\u003c/a\u003e\u0026nbsp;— Copying a transaction from the honestly maintained blockchain to a private blockchain maintained by the attacker\n\u003cul\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-large\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"231\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-45-1024x231.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1544\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-45-1024x231.png 1024w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-45-300x68.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-45-768x173.png 768w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-45.png 1262w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eWhen conducting a long-range attack, a hacker uses a purchased or stolen private key of a sizable token balance that has already been used for validating in the past. Then, the hacker can generate an alternative history of the blockchain and increase rewards based on PoS validation.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"727\" height=\"559\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-25.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1410\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-25.png 727w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-25-300x231.png 300w\" sizes=\"(max-width: 727px) 100vw, 727px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2\u003e2. \u003ca href=\"https://cryptodeep.ru/doc/User_Wallet_Attacks.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eUser Wallet Attacks\u003c/a\u003e\u003c/h2\u003e\n\n\n\n\u003cp\u003eActually, blockchains and cybersecurity go together like salt and pepper until people interact with them. It may sound surprising, but blockchain users pose the greatest security threat. People know about the use of\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/publication/#/dev-blog/462-blockchain-cybersecurity-pros-cons\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eblockchain in cybersecurity\u003c/a\u003e, and tend to overestimate the security of the blockchain and overlook its weaknesses. User wallet credentials are the main target for cybercriminals.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-large\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"574\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-46-1024x574.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1545\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-46-1024x574.png 1024w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-46-300x168.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-46-768x431.png 768w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-46.png 1131w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eTo obtain wallet credentials, hackers try to use both traditional methods like phishing and dictionary attacks and new sophisticated methods like finding weaknesses in cryptographic algorithms. Here’s an overview of the most common ways of attacking user wallets.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"800\" height=\"400\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/Digital-Wallet.jpg\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1435\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/Digital-Wallet.jpg 800w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/Digital-Wallet-300x150.jpg 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/Digital-Wallet-768x384.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Phishing_Attacks.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003ePhishing Attacks\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eIn 2018, there was an\u0026nbsp;\u003ca href=\"https://alex.studer.dev/2018/01/28/iotaseed.html\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eattack\u003c/a\u003e\u0026nbsp;on IOTA wallets initiated with iotaseed.io (now offline), a fake online seed generator. Hackers conducted a phishing campaign with this service and collected logs with secret seeds. As a result, in January 2018, hackers successfully stole more than $4 million worth of IOTA from victims’ wallets.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"858\" height=\"658\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-47.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1548\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-47.png 858w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-47-300x230.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-47-768x589.png 768w\" sizes=\"(max-width: 858px) 100vw, 858px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"889\" height=\"566\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-22.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1403\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-22.png 889w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-22-300x191.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-22-768x489.png 768w\" sizes=\"(max-width: 889px) 100vw, 889px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Dictionary_Attacks.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eDictionary Attacks\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eDuring these attacks, a hacker attempts to break a victim’s cryptographic hash and\u0026nbsp;\u003ca href=\"https://en.wikipedia.org/wiki/Salt_(cryptography)\" target=\"_blank\" rel=\"noreferrer noopener\"\u003esalt\u003c/a\u003e\u0026nbsp;by trying hash values of common passwords like password1. By translating clear text passwords to cryptographic hashes, attackers can find wallet credentials.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"739\" height=\"569\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/how-dictionary-attack-works.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1437\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/how-dictionary-attack-works.png 739w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/how-dictionary-attack-works-300x231.png 300w\" sizes=\"(max-width: 739px) 100vw, 739px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeeptech.ru/lattice-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eVulnerable Signatures\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eBlockchain networks use various cryptographic algorithms to create user signatures, but they may also have vulnerabilities. For example, Bitcoin uses the\u0026nbsp;\u003ca href=\"https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eECDSA cryptographic algorithm\u003c/a\u003e\u0026nbsp;to automatically generate unique private keys. However, it appears that ECDSA has insufficient\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/publication/#/dev-blog/535-entropy-as-a-service\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eentropy\u003c/a\u003e, which can result in the same random value in more than one signature. IOTA also faced cryptographic problems with its old\u0026nbsp;\u003ca href=\"https://www.boazbarak.org/cs127/Projects/iota.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eCurl hash function\u003c/a\u003e.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"455\" height=\"154\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/signECDSA.jpg\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1439\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/signECDSA.jpg 455w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/signECDSA-300x102.jpg 300w\" sizes=\"(max-width: 455px) 100vw, 455px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Security_Threats_Classification_in_Blockchains.pdf\"\u003eFlawed Key Generation\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eExploiting vulnerabilities in key generation, the hacker known as Johoe got access to private keys provided by Blockchain.info in December 2014. The\u0026nbsp;\u003ca href=\"https://cointelegraph.com/news/ceo-nicholas-cary-around-250-btc-gone-in-blockchaininfo-security-lapse\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eattack happened\u003c/a\u003e\u0026nbsp;as the result of a mistake that appeared during a code update that resulted in poor randomness of inputs for generating public user keys. Though this vulnerability was quickly mitigated, the flaw is still possible with the ECDSA algorithm.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"987\" height=\"458\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-48.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1553\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-48.png 987w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-48-300x139.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-48-768x356.png 768w\" sizes=\"(max-width: 987px) 100vw, 987px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2\u003e\u003ca href=\"https://cryptodeeptech.ru/lattice-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eLattice Attack\u003c/a\u003e\u003c/h2\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote\"\u003e\n\u003cp\u003eIf\u0026nbsp; the signing\u0026nbsp;\u003cem\u003e\u003cu\u003enonce\u0026nbsp;\u003c/u\u003e\u003c/em\u003e\u003ccode\u003eNONCES\u003c/code\u003e\u0026nbsp;\u0026nbsp;is ever disclosed, the\u0026nbsp;\u0026nbsp;\u003cem\u003eprivate key\u003c/em\u003e\u0026nbsp;can be immediately\u0026nbsp;\u0026nbsp;\u003cem\u003e\u003cu\u003erecovered\u003c/u\u003e\u003c/em\u003e\u0026nbsp;, which\u0026nbsp;\u0026nbsp;\u003cstrong\u003e\u003cu\u003ebreaks our entire signature scheme\u003c/u\u003e\u003c/strong\u003e\u0026nbsp;.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003cp\u003eAlso, if two nonces ever repeat, no matter what the messages are,\u0026nbsp;\u0026nbsp;\u003cem\u003ean attacker\u003c/em\u003e\u0026nbsp;\u0026nbsp;can easily detect this and immediately\u0026nbsp;\u0026nbsp;\u003cstrong\u003erecover the secret key\u003c/strong\u003e\u0026nbsp;, again breaking our whole scheme.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003ca href=\"https://cryptodeeptech.ru/lattice-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"657\" height=\"91\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-33.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1492\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-33.png 657w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-33-300x42.png 300w\" sizes=\"(max-width: 657px) 100vw, 657px\"\u003e\u003c/a\u003e\u003cfigcaption class=\"wp-element-caption\"\u003e\u003ca href=\"https://cryptodeeptech.ru/lattice-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003ccode\u003ehttps://cryptodeeptech.ru/lattice-attack/\u003c/code\u003e\u003c/a\u003e\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003ch2\u003eIn the Bitcoin blockchain, we found a certain transaction:\u003c/h2\u003e\n\n\n\n\u003cp\u003etransaction:\u0026nbsp;\u0026nbsp;\u003ca href=\"https://www.blockchain.com/btc/tx/08d917f0fee48b0d765006fa52d62dd3d704563200f2817046973e3bf6d11f1f\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e08d917f0fee48b0d765006fa52d62dd3d704563200f2817046973e3bf6d11f1f\u003c/a\u003e\u003c/p\u003e\n\n\n\n\u003cp\u003efor Bitcoin Addresses:\u0026nbsp;\u0026nbsp;\u003ca href=\"https://www.blockchain.com/btc/address/15N1KY5ohztgCXtEe13BbGRk85x2FPgW8E\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e15N1KY5ohztgCXtEe13BbGRk85x2FPgW8E\u003c/a\u003e\u003c/p\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote\"\u003e\n\u003cp\u003eand we managed to multiply the fake signatures and apply the lattice\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003cp\u003ewhere using the\u0026nbsp;\u0026nbsp;\u003cem\u003ePython script\u0026nbsp;\u003c/em\u003e\u0026nbsp;\u003ca href=\"https://youtu.be/YP4Xj6gUcf4\" target=\"_blank\" rel=\"noreferrer noopener\"\u003ealgorithmLLL.py\u003c/a\u003e\u0026nbsp;\u0026nbsp;with the installation of packages in\u0026nbsp;\u0026nbsp;\u003cstrong\u003eGOOGLE COLAB\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003eINSTALL \u0026gt;\u0026gt; SAGE + ECDSA + BITCOIN + algorithm LLL\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote\"\u003e\n\u003cp\u003eWe managed to get\u0026nbsp;\u0026nbsp;\u003ccode\u003ePrivate Key\u003c/code\u003e\u0026nbsp;to\u0026nbsp;\u0026nbsp;\u003ccode\u003eBitcoin Wallet\u003c/code\u003e\u0026nbsp;from one weak transaction in\u0026nbsp;\u0026nbsp;\u003ccode\u003eECDSA\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003cfigure class=\"wp-block-image\"\u003e\u003cimg decoding=\"async\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/77737e84bb453449fd6956a39c4eb195.png\" alt=\"Installation\" title=\"Installation\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003eInstallation\u003c/figcaption\u003e\u003c/figure\u003e\n\n\n\n\u003cfigure class=\"wp-block-image\"\u003e\u003cimg decoding=\"async\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/ae20b37475bfff1ce38f81cc206a93f3.png\" alt=\"Run Bash script: lattice.sh\" title=\"Run Bash script: lattice.sh\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003eRun Bash script: lattice.sh\u003c/figcaption\u003e\u003c/figure\u003e\n\n\n\n\u003cfigure class=\"wp-block-image\"\u003e\u003cimg decoding=\"async\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/72289e9dab54d5aa568438a94a4c90a6.png\" alt=\"Result in HEX format Private key found!\" title=\"Result in HEX format Private key found!\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003eResult in HEX format Private key found!\u003c/figcaption\u003e\u003c/figure\u003e\n\n\n\n\u003cfigure class=\"wp-block-image\"\u003e\u003cimg decoding=\"async\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/46921784bb73f1218ded9e16bc0f8abd.png\" alt=\"File: ONESIGN.txt (ECDSA Signature R, S, Z Value)\" title=\"File: ONESIGN.txt (ECDSA Signature R, S, Z Value)\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003eFile: ONESIGN.txt (ECDSA Signature R, S, Z Value)\u003c/figcaption\u003e\u003c/figure\u003e\n\n\n\n\u003cfigure class=\"wp-block-image\"\u003e\u003cimg decoding=\"async\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/8cbe22f9cd364064a8e005ac8ea4e99e.png\" alt=\"We propagated fake signatures for the Python script algorithmLLL.py\" title=\"We propagated fake signatures for the Python script algorithmLLL.py\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003eWe propagated fake signatures for the Python script algorithmLLL.py\u003c/figcaption\u003e\u003c/figure\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/83f750d81ba83309039189495a10680a.png\" alt=\"File: PRIVATEKEY.txt\" title=\"File: PRIVATEKEY.txt\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003eFile: PRIVATEKEY.txt\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/2029821051232d8a95744863eaa65049.png\" alt=\"File: ADDRESS.txt\" title=\"File: ADDRESS.txt\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003eFile: ADDRESS.txt\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://cryptodeep.ru/bitaddress.html\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eLet’s open bitaddress\u003c/a\u003e\u003c/strong\u003e\u0026nbsp;and\u0026nbsp;check:\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/4ce93fdd168a7acc734929d342c8949c.png\" alt=\"Checking the private key on the bitaddress website\" title=\"Checking the private key on the bitaddress website\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003e\u003ca href=\"https://cryptodeeptech.ru/lattice-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003ccode\u003eChecking the private key on the bitaddress website\u003c/code\u003e\u003c/a\u003e\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003e\u003cem\u003e\u003cu\u003ePrivate key found!\u003c/u\u003e\u003c/em\u003e\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003ca href=\"https://www.blockchain.com/btc/address/15N1KY5ohztgCXtEe13BbGRk85x2FPgW8E\"\u003ehttps://www.blockchain.com/btc/address/15N1KY5ohztgCXtEe13BbGRk85x2FPgW8E\u003c/a\u003e\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/00cbe70723846c402c4da47bcb6d47b3.png\" alt=\"0.001 BTC\" title=\"0.001 BTC\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003e0.001 BTC\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cpre class=\"wp-block-code\"\u003e\u003ccode\u003eADDR: 15N1KY5ohztgCXtEe13BbGRk85x2FPgW8E\nWIF:  5JCAmNLXeSwi2SCgNH7wRL5qSQhPa7sZvj8eDwxisY5hJm8Uh92\nHEX:  31AFD65CAD430D276E3360B1C762808D1D051154724B6FC15ED978FA9D06B1C1 \u003c/code\u003e\u003c/pre\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2\u003e\u003ca href=\"https://cryptodeeptech.ru/kangaroo/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eRangeNonce\u003c/a\u003e\u003c/h2\u003e\n\n\n\n\u003cp\u003e\u003ccode\u003e«RangeNonce»\u003c/code\u003e\u0026nbsp;is a script to find the range of the secret key\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003ca href=\"https://cryptodeeptech.ru/kangaroo/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"885\" height=\"143\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-37.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1504\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-37.png 885w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-37-300x48.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-37-768x124.png 768w\" sizes=\"(max-width: 885px) 100vw, 885px\"\u003e\u003c/a\u003e\u003cfigcaption class=\"wp-element-caption\"\u003e\u003ca href=\"https://cryptodeeptech.ru/kangaroo/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003ccode\u003ehttps://cryptodeeptech.ru/kangaroo/\u003c/code\u003e\u003c/a\u003e\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eLet’s choose the version for the distribution kit\u0026nbsp;\u0026nbsp;\u003ccode\u003eGNU/Linux\u003c/code\u003e\u0026nbsp;.\u0026nbsp;\u003ccode\u003eGoogle Colab\u003c/code\u003e\u0026nbsp;provides\u0026nbsp;\u003ccode\u003eUBUNTU 18.04\u003c/code\u003e\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/94dd82af4d7155e548aa7241df9b3206.png\" alt=\"RangeNonce\" title=\"RangeNonce\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003e\u003ca href=\"https://cryptodeeptech.ru/kangaroo/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003ccode\u003eRangeNonce\u003c/code\u003e\u003c/a\u003e\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eUpload all files to\u0026nbsp;\u003ccode\u003eGoogle Colab\u003c/code\u003e\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/75191d9a233987a74ed0fa016aa5e2a1.png\" alt=\"RangeNonce + Google Colab\" title=\"RangeNonce + Google Colab\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003eRangeNonce + Google Colab\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eLet’s allow permissions for the script and run the script\u0026nbsp;\u003ccode\u003e«RangeNonce»\u003c/code\u003e\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003eTeams:\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003cpre class=\"wp-block-code\"\u003e\u003ccode\u003echmod +x RangeNonce\n./RangeNonce\ncat Result.txt\u003c/code\u003e\u003c/pre\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/8ff5460c3570ebbbb3c7fb0f6a394fd9.png\" alt=\"Pollard\u0026#39;s Kangaroo find solutions to the discrete logarithm secp256k1 PRIVATE KEY + NONCES in a known range\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003ch4\u003eEverything will be saved to a file: Result.txt\u003c/h4\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/2af471f7eb46f84157b402ed67ea9139.png\" alt=\"result.txt\" title=\"result.txt\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003e\u003ca href=\"https://cryptodeeptech.ru/kangaroo/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eresult.txt\u003c/a\u003e\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003ch2 class=\"has-text-align-center\"\u003eThis is the partial disclosure of bytes of information the value of “K” (NONCES)\u003c/h2\u003e\n\n\n\n\u003cp\u003e\u003cem\u003eSo our\u0026nbsp;\u0026nbsp;\u003cu\u003esecret key\u003c/u\u003e\u0026nbsp;\u0026nbsp;is in\u0026nbsp;\u0026nbsp;\u003cu\u003ethe range\u003c/u\u003e\u0026nbsp;:\u003c/em\u003e\u003c/p\u003e\n\n\n\n\u003cpre class=\"wp-block-code\"\u003e\u003ccode\u003eK = 070239c013e8f40c8c2a0e608ae15a6b00000000000000000000000000000000\nK = 070239c013e8f40c8c2a0e608ae15a6bffffffffffffffffffffffffffffffff\u003c/code\u003e\u003c/pre\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/204ef79845ae3d93a9c93d43f81e484b.png\" alt=\"Pollard\u0026#39;s Kangaroo find solutions to the discrete logarithm secp256k1 PRIVATE KEY + NONCES in a known range\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cblockquote class=\"wp-block-quote\"\u003e\n\u003cp\u003e\u003cstrong\u003ePay attention\u003c/strong\u003e\u0026nbsp;to the initial\u0026nbsp;\u0026nbsp;\u003ccode\u003e32\u003c/code\u003e\u0026nbsp;digits and letters\u0026nbsp;\u0026nbsp;\u003ccode\u003eHEX\u003c/code\u003e\u0026nbsp;of the format, the value of the signature\u0026nbsp;\u0026nbsp;\u003ccode\u003eZ\u003c/code\u003e\u0026nbsp;matches\u0026nbsp;\u0026nbsp;\u003cem\u003e\u003cu\u003ethe range of the secret key\u003c/u\u003e\u003c/em\u003e\u0026nbsp;\u0026nbsp;, that is, the value\u0026nbsp;\u003ccode\u003e\"K\" (NONCES)\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003ch2 class=\"has-text-align-center\"\u003eThis is a very serious ECDSA signature error\u003c/h2\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2\u003e\u003ca href=\"https://cryptodeeptech.ru/frey-ruck-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eFrey-Rück Attack\u003c/a\u003e\u003c/h2\u003e\n\n\n\n\u003cp\u003eWith a critical vulnerability in the Bitcoin blockchain transaction, we can solve the rather difficult discrete logarithm problem to extract the\u0026nbsp;\u003ccode\u003eECDSA\u003c/code\u003e\u0026nbsp;\u003cem\u003esecret key\u003c/em\u003e\u003ccode\u003e\"K\" (NONCE)\u003c/code\u003e\u0026nbsp;from the vulnerable signature in order to ultimately restore the Bitcoin Wallet, since knowing the secret key we can get the private key.\u003c/p\u003e\n\n\n\n\u003cp\u003eTo do this, there are several algorithms from\u0026nbsp;\u003ca href=\"https://attacksafe.ru/list-of-bitcoin-attacks/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003cstrong\u003ethe list of popular attacks on Bitcoin\u003c/strong\u003e\u003c/a\u003e\u0026nbsp;, one of which is\u0026nbsp;\u003cstrong\u003e\u003ca href=\"https://attacksafe.ru/frey-ruck-attack-on-bitcoin/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e“Frey-Rück Attack on Bitcoin”\u003c/a\u003e\u003c/strong\u003e\u0026nbsp;.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003ca href=\"https://cryptodeeptech.ru/frey-ruck-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"925\" height=\"203\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-34.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1499\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-34.png 925w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-34-300x66.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-34-768x169.png 768w\" sizes=\"(max-width: 925px) 100vw, 925px\"\u003e\u003c/a\u003e\u003cfigcaption class=\"wp-element-caption\"\u003e\u003ca href=\"https://cryptodeeptech.ru/frey-ruck-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003ccode\u003ehttps://cryptodeeptech.ru/frey-ruck-attack/\u003c/code\u003e\u003c/a\u003e\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2\u003e\u003ca href=\"https://cryptodeeptech.ru/rowhammer-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eRowhammer Attack\u003c/a\u003e\u003c/h2\u003e\n\n\n\n\u003cp\u003eThe biggest cryptographic strength of the Bitcoin cryptocurrency is a\u0026nbsp;\u003ca href=\"https://cryptodeep.ru/doc/Computational_Discrete_Mathematics.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003ecomputational method in discrete mathematics\u003c/a\u003e\u0026nbsp;that takes the problem of factorization of large integers and the problem of hidden numbers\u0026nbsp;\u003ccode\u003e(HNP)\u003c/code\u003ein the Bitcoin signature transaction as a basis\u0026nbsp;\u003ccode\u003eECDSA\u003c/code\u003e.\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003ccode\u003eRowhammer Attack on Bitcoin\u003c/code\u003e, allows us to efficiently find all zeros for normalized polynomials modulo a certain value, and we adapt this method to a signature algorithm,\u0026nbsp;\u003ccode\u003eECDSA\u003c/code\u003emore precisely, to critically vulnerable transactions in the Bitcoin blockchain.\u003cbr\u003eWe will apply multiplication by different powers of the same element of the finite field, which, oddly enough, can coincide and give us a certain function over the finite field, which can be specified using\u0026nbsp;\u003ca href=\"https://en.wikipedia.org/wiki/Lagrange_polynomial\" target=\"_blank\" rel=\"noreferrer noopener\"\u003ethe Lagrange interpolation polynomial\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003ca href=\"https://cryptodeeptech.ru/rowhammer-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"957\" height=\"198\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-35.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1500\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-35.png 957w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-35-300x62.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-35-768x159.png 768w\" sizes=\"(max-width: 957px) 100vw, 957px\"\u003e\u003c/a\u003e\u003cfigcaption class=\"wp-element-caption\"\u003e\u003ca href=\"https://cryptodeeptech.ru/rowhammer-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003ccode\u003ehttps://cryptodeeptech.ru/rowhammer-attack/\u003c/code\u003e\u003c/a\u003e\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2\u003e\u003ca href=\"https://cryptodeeptech.ru/whitebox-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eWhiteBox Attack\u003c/a\u003e\u003c/h2\u003e\n\n\n\n\u003cp\u003eDifferential fault analysis\u0026nbsp;\u003ccode\u003e(DFA)\u003c/code\u003ewas briefly described in the literature in 1996 when\u0026nbsp;\u003cem\u003ean Israeli cryptographer and cryptanalyst\u003c/em\u003e\u0026nbsp;\u003ccode\u003eEli Biham\u003c/code\u003e\u0026nbsp;and\u0026nbsp;\u003cem\u003ean Israeli scientist\u003c/em\u003e\u0026nbsp;\u003ccode\u003eAdi Shamir\u003c/code\u003e\u0026nbsp;showed that they could use error injection to extract the\u0026nbsp;\u003cem\u003esecret key\u003c/em\u003e\u0026nbsp;and recover the\u0026nbsp;\u003cem\u003eprivate key\u003c/em\u003e\u0026nbsp;using various signature and verification algorithms.\u003c/p\u003e\n\n\n\n\u003cp\u003eWe implement the\u0026nbsp;\u003cstrong\u003e\u003ca href=\"https://attacksafe.ru/whitebox-attack-on-bitcoin\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e“WhiteBox Attack on Bitcoin”\u003c/a\u003e\u003c/strong\u003e\u0026nbsp;with the differential bugs described in this research paper.\u0026nbsp;The classic\u0026nbsp;\u003ccode\u003eDFA\u003c/code\u003ethat we described in the previous\u0026nbsp;\u003ca href=\"https://cryptodeep.ru/rowhammer-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003earticle\u003c/a\u003e\u0026nbsp;is called\u0026nbsp;\u003ccode\u003eF()\u003c/code\u003e.\u0026nbsp;Some of these attacks also require two signature pairs\u0026nbsp;\u003ccode\u003eECDSA\u003c/code\u003e.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003ca href=\"https://cryptodeeptech.ru/whitebox-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"962\" height=\"195\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-36.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1503\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-36.png 962w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-36-300x61.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-36-768x156.png 768w\" sizes=\"(max-width: 962px) 100vw, 962px\"\u003e\u003c/a\u003e\u003cfigcaption class=\"wp-element-caption\"\u003e\u003ca href=\"https://cryptodeeptech.ru/whitebox-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003ccode\u003ehttps://cryptodeeptech.ru/whitebox-attack/\u003c/code\u003e\u003c/a\u003e\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Attacking_Threshold_Wallets.pdf\"\u003eAttacks on Cold Wallets\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eHardware wallets, or cold wallets, can also be hacked. For instance,\u0026nbsp;\u003ca href=\"https://thenextweb.com/hardfork/2018/02/06/cryptocurrency-wallet-ledget-hardware\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eresearchers\u003c/a\u003e\u0026nbsp;initiated an Evil Maid attack by exploiting bugs in the Nano S Ledger wallet. As a result of this hack, researchers obtained the private keys as well as the PINs, recovery seeds, and passphrases of victims.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"815\" height=\"374\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-49.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1554\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-49.png 815w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-49-300x138.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-49-768x352.png 768w\" sizes=\"(max-width: 815px) 100vw, 815px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eOne of the latest cold wallet attacks happened in 2019, when the\u0026nbsp;\u003ca href=\"https://www.hackread.com/upbit-cryptocurrency-exchange-hacked-ether-stolen\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eUPbit\u003c/a\u003e\u0026nbsp;cryptocurrency exchange was transfering funds to a cold wallet. This is a common way to freeze crypto when you’re expecting a cyberattack. The hackers managed to steal 342,000 ETH, apparently because they knew the timing of the transaction.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"750\" height=\"375\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-676.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1441\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-676.png 750w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-676-300x150.png 300w\" sizes=\"(max-width: 750px) 100vw, 750px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Enhancing_Cold_Wallet_Security_with_Native_Multi-Signature_schemes_in_Centralized_Exchanges.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eAttacks on Hot Wallets\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eHot wallets are internet-connected apps for storing private cryptographic keys. Though owners of cryptocurrency exchanges claim they keep their user data in wallets disconnected from the web, a $500 million\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/publication/#/dev-blog/561-coincheck-hack\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eattack\u003c/a\u003e\u0026nbsp;on Coincheck in 2018 proved this isn’t always true.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full is-resized\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-50.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1556\" width=\"778\" height=\"769\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-50.png 602w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-50-300x297.png 300w\" sizes=\"(max-width: 778px) 100vw, 778px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eIn June 2019, an\u0026nbsp;\u003ca href=\"https://gatehub.net/blog/gatehub-update-investigation-continues\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eattack on GateHub\u003c/a\u003e\u0026nbsp;resulted in unauthorized access to dozens of native\u0026nbsp;\u003ca href=\"https://en.wikipedia.org/wiki/Ripple_(payment_protocol)\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eXRP\u003c/a\u003e\u0026nbsp;wallets and the theft of crypto assets. Singapore-based\u0026nbsp;\u003ca href=\"https://cointelegraph.com/news/singaporean-exchange-bitrue-gets-hacked-losing-5-million-in-xrp-cardano\" target=\"_blank\" rel=\"noreferrer noopener\"\u003ecrypto exchange Bitrue\u003c/a\u003e\u0026nbsp;also experienced a hot wallet attack at almost the same time due to a system vulnerability. As a result, hackers managed to steal funds worth over $4.5 million in XRP and $237,500 in ADA.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-large\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"578\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-23-1024x578.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1406\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-23-1024x578.png 1024w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-23-300x169.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-23-768x434.png 768w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-23.png 1188w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2\u003e\u003ca href=\"https://cryptodeep.ru/doc/Smart_Contract_Vulnerability_Detection_Technique.pdf\"\u003eSmart Contract Attacks\u003c/a\u003e\u003c/h2\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"977\" height=\"684\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-51.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1560\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-51.png 977w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-51-300x210.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-51-768x538.png 768w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-51-700x490.png 700w\" sizes=\"(max-width: 977px) 100vw, 977px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full is-resized\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-52.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1561\" width=\"663\" height=\"262\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-52.png 500w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-52-300x119.png 300w\" sizes=\"(max-width: 663px) 100vw, 663px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"1004\" height=\"598\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-53.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1562\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-53.png 1004w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-53-300x179.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-53-768x457.png 768w\" sizes=\"(max-width: 1004px) 100vw, 1004px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-large\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"65\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-55-1024x65.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1564\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-55-1024x65.png 1024w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-55-300x19.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-55-768x49.png 768w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-55.png 1027w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full is-resized\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-56.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1565\" width=\"1010\" height=\"733\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-56.png 975w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-56-300x218.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-56-768x558.png 768w\" sizes=\"(max-width: 1010px) 100vw, 1010px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"922\" height=\"415\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-57.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1566\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-57.png 922w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-57-300x135.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-57-768x346.png 768w\" sizes=\"(max-width: 922px) 100vw, 922px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eWe’ve already accumulated rich experience in analyzing and avoiding vulnerabilities in smart contracts based on the\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/publication/#/dev-blog/562-suspicious-ethereum-transactions\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eEthereum\u003c/a\u003e,\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/publication/#/dev-blog/576-eos-ram-exploit\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eEOS\u003c/a\u003e, and\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/publication/#/dev-blog/571-neo-nep-5-vulnerabilities\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eNEO\u003c/a\u003e\u0026nbsp;platforms. The main blockchain security issues associated with smart contracts relate to bugs in source code, a network’s virtual machine, the runtime environment for smart contracts, and the blockchain itself. Let’s look at each of these attack vectors.\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\n\n\u003cp class=\"has-text-align-center has-medium-font-size\"\u003e\u003ca href=\"https://cryptodeeptech.ru/blockchain-attack-vectors/A%20Survey\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e\u003ca href=\"https://cryptodeep.ru/doc/Smart_Contract_Vulnerability_Detection_Technique.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003ePDF:\u003c/a\u003e\u003c/strong\u003e\u003ca href=\"https://cryptodeeptech.ru/blockchain-attack-vectors/A%20Survey\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e \u003c/a\u003e\u003cem\u003e\u003ca href=\"https://cryptodeep.ru/doc/Smart_Contract_Vulnerability_Detection_Technique.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eSmart Contract Vulnerability Detection Technique: A Survey\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"747\" height=\"722\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-29.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1443\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-29.png 747w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-29-300x290.png 300w\" sizes=\"(max-width: 747px) 100vw, 747px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eThe Smart Contract examples used are issues that have occurred on the Ethereum blockchain. They are applicable to any platform that uses the Ethereum Virtual Machine and the concepts can be applied to any form of smart contracts. The topic will also cover known best practices to mitigate these issues.\u003c/p\u003e\n\n\n\n\u003cp\u003eThe Topology attacks explore possible attack vectors on the Bitcoin network, and subsequently any networks that rely on a controlled amount of peer-peer communication for validation. The issues explored will be on two levels: Vulnerable Smart Contract codes and Topology attacks.\u003c/p\u003e\n\n\n\n\u003cp\u003eJorden Seet’s interest in the Cybersecurity world started in 2013 when he competed in his first CTF after a 2-day penetration testing bootcamp. Ever since, he has grown a passion in cybersecurity and explored many facets of it, from Cryptography to Social Engineering.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-large\"\u003e\u003ca href=\"https://cryptodeeptech.ru/blockchain-attack-vectors/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"514\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-39-1024x514.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1519\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-39-1024x514.png 1024w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-39-300x151.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-39-768x385.png 768w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-39.png 1146w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"\u003e\u003c/a\u003e\u003cfigcaption class=\"wp-element-caption\"\u003e\u003ca href=\"https://youtu.be/LInz2YaDhgQ\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003ccode\u003ehttps://youtu.be/LInz2YaDhgQ\u003c/code\u003e\u003c/a\u003e\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eCurrently, he is working on a National Research Foundation – Tel Aviv University (NRF-TAU) granted project on using Network Topology Analytics for Cyber Attack Deterrence in SMU. He was previously with the Cyber Security Agency of Singapore’s Penetration Testing department as an intern and is currently working with BlockConnectors on Smart Contract Audit and Blockchain development.\u003c/p\u003e\n\n\n\n\u003cp\u003eIn his spare time, he works on Smart Contract Hacking as well as explore potential blockchain attack vectors. He firmly believes that decentralization is a paradigm that could have real potential in revolutionizing the security industry, such as in DDoS prevention, Data integrity and IoT security.\u003c/p\u003e\n\n\n\n\u003cp class=\"has-text-align-center\"\u003e\u003ciframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/LInz2YaDhgQ.html\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen=\"\"\u003e\u003c/iframe\u003e\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeeptech.ru/frey-ruck-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eVulnerabilities in Contract Source Code\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eIf a smart contract has vulnerabilities in its source code, it poses a risk to parties that sign the contract. For instance, bugs discovered in an Ethereum contract\u0026nbsp;\u003ca href=\"https://www.technologyreview.com/2016/06/17/159556/80-million-hack-shows-the-dangers-of-programmable-money\" target=\"_blank\" rel=\"noreferrer noopener\"\u003ecost\u003c/a\u003e\u0026nbsp;its owners $80 million in 2016. One of the common vulnerabilities in Solidity opens up a possibility to delegate control to untrusted functions from other smart contracts, known as a reentrancy attack. During this attack, contract A calls a function from contract B that has an undefined behavior. In turn, contract B can call a function from contract A and use it for malicious purposes.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"807\" height=\"528\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/Classification-of-vulnerabilities-in-Ethereum-smart-contracts.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1445\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/Classification-of-vulnerabilities-in-Ethereum-smart-contracts.png 807w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/Classification-of-vulnerabilities-in-Ethereum-smart-contracts-300x196.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/Classification-of-vulnerabilities-in-Ethereum-smart-contracts-768x502.png 768w\" sizes=\"(max-width: 807px) 100vw, 807px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeeptech.ru/rowhammer-attack/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eVulnerabilities in Virtual Machines\u003c/a\u003e\u003c/h3\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"678\" height=\"254\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/vulnerabilities-introduced-by-virtual.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1448\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/vulnerabilities-introduced-by-virtual.png 678w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/vulnerabilities-introduced-by-virtual-300x112.png 300w\" sizes=\"(max-width: 678px) 100vw, 678px\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003e\u003cem\u003eVulnerabilities in virtual machines\u003c/em\u003e\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eThe Ethereum Virtual Machine (EVM) is a distributed stack-based computer where all smart contracts of Ethereum-based blockchains are executed. The most common vulnerabilities of the EVM are the following:\u003c/p\u003e\n\n\n\n\u003cul\u003e\n\u003cli\u003eImmutable defects\u0026nbsp;— Blockchain blocks are immutable by nature, which means that once a smart contract is created, it can’t be changed. But if a smart contract contains any bugs in its code, they also are impossible to fix. There’s a risk that cybercriminals can discover and exploit code vulnerabilities to steal Ether or create a new fork, as happened with the\u0026nbsp;\u003ca href=\"https://medium.com/swlh/the-story-of-the-dao-its-history-and-consequences-71e6a8a551ee\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eDAO attack\u003c/a\u003e.\u003c/li\u003e\n\n\n\n\u003cli\u003eCryptocurrency lost in transfer\u0026nbsp;— This is possible if Ether is transferred to an orphaned address that doesn’t have any owner or contract.\u003c/li\u003e\n\n\n\n\u003cli\u003eBugs in access control\u0026nbsp;— There’s a\u0026nbsp;\u003ca href=\"https://github.com/crytic/not-so-smart-contracts/tree/master/unprotected_function\" target=\"_blank\" rel=\"noreferrer noopener\"\u003emissed modifier\u003c/a\u003e\u0026nbsp;bug in Ethereum smart contracts that allows a hacker to get access to sensitive functionality in a contract.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ca href=\"https://cryptodeeptech.ru/shortest-ecdsa-signature/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eShort address attack\u003c/a\u003e\u0026nbsp;— This is possible because the EVM can accept incorrectly padded arguments. Hackers can exploit this vulnerability by sending specifically crafted addresses to potential victims. For instance, during a successful attack on the\u0026nbsp;\u003ca href=\"https://medium.com/crypt-bytes-tech/ico-hack-coindash-ed-dd336a4f1052\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eCoindash ICO\u003c/a\u003e\u0026nbsp;in 2017, a modification to the Coindash Ethereum address made victims send their Ether to the hacker’s address.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-large\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"570\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-24-1024x570.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1407\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-24-1024x570.png 1024w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-24-300x167.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-24-768x427.png 768w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-24.png 1026w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eAlso, hackers can compromise smart contracts by applying other methods that are typical for compromising blockchain technology, including DDoS, eclipse, and various low-level attacks.\u003c/p\u003e\n\n\n\n\u003cp\u003eHowever, younger blockchains such as Cardano and Zilliqa use different virtual machines: IELE, KEVM, and others. These new blockchains claim to\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/publication/#/dev-blog/573-contract-security-cardano-zilliqa\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eguarantee smart contract security within their protocols\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2\u003e\u003ca href=\"https://cryptodeep.ru/doc/Transaction_Verification_Mechanism_Attacks.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eTransaction Verification Mechanism Attacks\u003c/a\u003e\u003c/h2\u003e\n\n\n\n\u003cp\u003eUnlike financial institutions, blockchains confirm transactions only after all nodes in the network are in agreement. Until a block with a transaction is verified, the transaction is classified as unverified. However, verification takes a certain amount of time, which creates a perfect vector for cyberattacks.\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003ca href=\"https://en.wikipedia.org/wiki/Double-spending\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eDouble-spending\u003c/a\u003e\u0026nbsp;is a common blockchain attack exploiting the transaction verification mechanism. All transactions on a blockchain need to be verified by users in order to be recognized as valid, which takes time. Attackers can use this delay to their advantage and trick the system into using the same coins or tokens in more than one transaction.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-large\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"591\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/Untitled-2-1024x591.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1417\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/Untitled-2-1024x591.png 1024w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/Untitled-2-300x173.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/Untitled-2-768x443.png 768w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/Untitled-2.png 1300w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eFigure 2. A double-spending attack\u003c/p\u003e\n\n\n\n\u003cp\u003eHere are the most common types of attacks based on exploiting the intermediate time between a transaction’s initiation and confirmation.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Exploring_the_Attack_Surface_of_Blockchain.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eFinney Attacks\u003c/a\u003e\u003c/h3\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"1023\" height=\"402\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-17.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1386\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-17.png 1023w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-17-300x118.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-17-768x302.png 768w\" sizes=\"(max-width: 1023px) 100vw, 1023px\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003e\u003ca href=\"https://cryptodeep.ru/doc/Exploring_the_Attack_Surface_of_Blockchain.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003ehttps://cryptodeep.ru/doc/Exploring_the_Attack_Surface_of_Blockchain.pdf\u003c/a\u003e\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eA \u003ca href=\"https://cryptodeep.ru/doc/Exploring_the_Attack_Surface_of_Blockchain.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eFinney attack\u003c/a\u003e is possible when one transaction is premined into a block and an identical transaction is created before that premined block is released to the network, thereby invalidating the second identical transaction.\u003c/p\u003e\n\n\n\n\u003cp\u003eThe Finney attack can be termed as an extension of the selfish mining attack. The attacker mines a block stealthily and sends the unconfirmed transaction to the other node, possibly to a merchant node. If the merchant node accepts the transaction, then the attacker can further add a new block to the chain in a small-time frame, reversing that transaction and inducing a double spending attack. The attack window in the case of a Finney attack is considerably small, but this can cause a lot of damage if the value of the transaction is large enough.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Security_threats_on_Blockchain_and_its_countermeasures.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eRace Attacks\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eA race attack is executed when an attacker creates two conflicting transactions. The first transaction is sent to the victim, who accepts the payment (and sends a product, for instance) without waiting for confirmation of the transaction. At the same time, a conflicting transaction returning the same amount of cryptocurrency to the attacker is broadcast to the network, eventually making the first transaction invalid. \u003c/p\u003e\n\n\n\n\u003cp\u003eIn a race attack, the attacker does not pre-mine the transaction but simply broadcasts two different transactions, one of them to the merchant and one of them to the network. If the attacker is successful in giving the merchant node the illusion that the transaction received by them is the first one, then they accept it, and the attacker can broadcast a completely different transaction to the entire network.\u003c/p\u003e\n\n\n\n\u003cp\u003eBesides these core blockchain level attacks, there are a number of other attacks that can happen at the application implementation level. One of the most infamous of them was the DAO attack that happened in June 2016, leading to a theft of about $70 million. The attacker contributed to the crowdfunding campaign of a company and requested a withdrawal. However, a recursive function was implemented for the withdrawal that didn’t check the settlement status of the current transaction. To\u0026nbsp;\u003ca href=\"https://en.wikipedia.org/wiki/Ethereum_Classic#The_DAO_bailout\" target=\"_blank\" rel=\"noreferrer noopener\"\u003erecover\u003c/a\u003e\u0026nbsp;the money, the Ethereum chain went into a hard fork, with the old chain continuing on as Ethereum Classic. This severely damaged the reputation of the chain, and the autonomy of the chain also came into question.\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003eSome general measures to prevent these attacks from happening:\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003cul\u003e\n\u003cli\u003eIt should be ensured that there are no logical inconsistencies in the chain code and consensus algorithm.\u003c/li\u003e\n\n\n\n\u003cli\u003eThe peers should be selected with sufficient complexity and caution, and the transactions should be reviewed regularly.\u003c/li\u003e\n\n\n\n\u003cli\u003eIn case any suspicious activity is detected, the network should be vigilant enough to isolate the bad actor node immediately.\u003c/li\u003e\n\n\n\n\u003cli\u003eA proper review process should be deployed for the network for each new node when it joins the network.\u003c/li\u003e\n\n\n\n\u003cli\u003eRate limiting algorithms should be present at all the relevant processes to limit the damage and prevent attacks as and when they happen.\u003c/li\u003e\n\n\n\n\u003cli\u003e2FA should be present at all the concerned authentication points, and it should be ensured that all the authentication level bugs should be fixed at the application level itself to the extent possible\u003c/li\u003e\n\n\n\n\u003cli\u003eMost of the time, the approach of blacklisting and whitelisting does not work due to scalability issues. So, a better approach should be to make the attacks costly enough to be performed and increase the complexity of the system to be resilient enough and make successful exploitation extremely difficult.\u003c/li\u003e\n\u003c/ul\u003e\n\n\n\n\u003cp\u003eMultiple other bugs and\u0026nbsp;\u003ca href=\"https://wesecureapp.com/blog/how-do-cryptocurrencies-affect-cybersecurity/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003evulnerabilities\u003c/a\u003e\u0026nbsp;exist in different kinds of the blockchain networks, the most common and concerning of them being at the smart contract level, but they are a topic for another time.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"878\" height=\"542\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-30.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1451\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-30.png 878w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-30-300x185.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-30-768x474.png 768w\" sizes=\"(max-width: 878px) 100vw, 878px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Bitcoins_Security_Model_Revisited.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eVector76 Attacks\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eVector76 is a combination of two previous attacks. In this\u0026nbsp;\u003ca href=\"https://www.reddit.com/r/Bitcoin/comments/2e7bfa/vector76_double_spend_attack/cjwya6x\" target=\"_blank\" rel=\"noreferrer noopener\"\u003ecase\u003c/a\u003e, a malicious miner creates two nodes, one of which is connected only to the exchange node and the other of which is connected to well-connected peers in the blockchain network. After that, the miner creates two transactions, one high-value and one low-value. Then, the attacker premines and withholds a block with a high-value transaction from an exchange service. After a block announcement, the attacker quickly sends the premined block directly to the exchange service. It along with some miners will consider the premined block as the main chain and confirm this transaction. Thus, this attack exploits the fact that one part of the network sees the transaction the attacker has included into a block while the other part of the network doesn’t see this transaction.\u003c/p\u003e\n\n\n\n\u003cp\u003eAfter the exchange service confirms the high-value transaction, the attacker sends a low-value transaction to the main network, which finally rejects the high-value transaction. As a result, the attacker’s account is credited the amount of the high-value transaction. Though there’s a high chance for success with this type of attack, it’s not common because it requires a hosted e-wallet that accepts the payment after one confirmation and a node with an incoming transaction.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"942\" height=\"292\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/vector76-attack.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1453\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/vector76-attack.png 942w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/vector76-attack-300x93.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/vector76-attack-768x238.png 768w\" sizes=\"(max-width: 942px) 100vw, 942px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/Stake-Bleeding_Attacks_on_Proof-of-Stake_Blockchains.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eAlternative History Attacks\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eAn alternative history attack — also called a\u0026nbsp;\u003ca href=\"https://en.bitcoin.it/wiki/Irreversible_Transactions#Alternative_history_attack\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eblockchain reorganization attack\u003c/a\u003e\u0026nbsp;— may happen even in the case of multiple confirmations but requires a huge amount of computing power from the hacker. In this case, a malicious user sends a transaction to a recipient and at the same time mines an alternative fork with another transaction that returns the same coins. Even if the recipient considers the transaction valid after n confirmations and sends a product, for instance, the recipient may lose money if the attacker releases a longer chain and gets the coins back.\u003c/p\u003e\n\n\n\n\u003cp\u003eOne of the latest blockchain reorganization attacks happened to\u0026nbsp;\u003ca href=\"https://www.coindesk.com/ethereum-classic-undergoes-likely-51-attack-with-3693-block-chain-reorganization\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eEthereum Classic\u003c/a\u003e\u0026nbsp;in August 2020 when a miner used old software and lost access to internet access for a while when mining. A reorganization happened when two versions of the blockchain competed for validity from nodes in the network and resulted in about a\u0026nbsp;\u003ca href=\"https://hackmd.io/@cUBb4hAvQciAEPoU2yfrzQ/Skd4X6MZw\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e3000-block insertion\u003c/a\u003e.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"850\" height=\"774\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/Different-types-of-attacks-on-blockchain-alternative-history-attacks-blockchain.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1456\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/Different-types-of-attacks-on-blockchain-alternative-history-attacks-blockchain.png 850w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/Different-types-of-attacks-on-blockchain-alternative-history-attacks-blockchain-300x273.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/Different-types-of-attacks-on-blockchain-alternative-history-attacks-blockchain-768x699.png 768w\" sizes=\"(max-width: 850px) 100vw, 850px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://cryptodeep.ru/doc/A_Rational_Protocol_Treatment_of_51%25_Attacks.pdf\"\u003e51% or Majority Attacks\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cp\u003eA \u003ca href=\"https://cryptodeep.ru/doc/A_Rational_Protocol_Treatment_of_51%25_Attacks.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003emajority attack\u003c/a\u003e is possible when a hacker gets control of 51% of the network hash rate and creates an alternative fork that finally takes precedence over existing forks. This attack was initially the only known blockchain vulnerability and seemed unrealistic in the near past. However, at least five cryptocurrencies —\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/publication/#/dev-blog/563-verge-mining-hack\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eVerge\u003c/a\u003e, ZenCash, Monacoin, Bitcoin Gold, and Litecoin Cash — have already suffered from 51% attacks. In each of these cases, cybercriminals collected enough hashing power to compromise the network and pocket millions of dollars.\u003c/p\u003e\n\n\n\n\u003cp\u003eThe recent\u0026nbsp;\u003ca href=\"https://cointelegraph.com/news/51-attack-bleeds-more-than-5m-from-ethereum-classic\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e51% attack on Ethereum Classic\u003c/a\u003e\u0026nbsp;(ETC) that happened in August 2020 resulted in approximately $5.6 million worth of the ETC cryptocurrency being double-spent. Apparently, the hacker had good knowledge of the ETC protocol and managed to mine 4,280 blocks over four days until the platform noticed an attack. Just five days after the incident, ETC suffered from\u0026nbsp;\u003ca href=\"https://cointelegraph.com/news/is-etc-102-screwed-after-second-51-attack\" target=\"_blank\" rel=\"noreferrer noopener\"\u003ea second 51% attack\u003c/a\u003e, in which a miner conducted a 4,000-block network reorganization.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"730\" height=\"220\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/figure3-51-percents-attack.webp\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1458\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/figure3-51-percents-attack.webp 730w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/figure3-51-percents-attack-300x90.webp 300w\" sizes=\"(max-width: 730px) 100vw, 730px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp class=\"has-text-align-center\"\u003e\u003cem\u003e \u003ca href=\"https://cryptodeep.ru/doc/A_Rational_Protocol_Treatment_of_51%25_Attacks.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003ccode\u003eMajority attack\u003c/code\u003e\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\n\n\n\u003cp\u003eUnfortunately, all small cryptocurrencies are still at risk of majority attacks. Since these cryptocurrencies attract fewer miners, attackers can just rent computing power to gain a majority share of the network. The developers of\u0026nbsp;\u003ca href=\"https://www.crypto51.app/about.html\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eCrypto51\u003c/a\u003e\u0026nbsp;have tried to draw attention to the potential risks of hacking smaller cryptocurrencies. Their website shows the expected costs of a 51% attack on various blockchains.\u003c/p\u003e\n\n\n\n\u003cp\u003ePossible measures for preventing double-spending attacks include monitoring received transactions during a listening period, forwarding double-spending attempts, inserting other nodes to observe transactions, and rejecting direct incoming connections.\u003c/p\u003e\n\n\n\n\u003cp\u003eMoreover, there’s an innovative technology called the\u0026nbsp;\u003ca href=\"https://lightning.network/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003elightning network\u003c/a\u003e\u0026nbsp;that’s designed to solve the problem of exploiting weaknesses in the transaction verification mechanism. This network allows users to instantly verify transactions through a network of bidirectional payment channels without delegating custody of funds. However, it’s still susceptible to DDoS attacks, one of which already\u0026nbsp;\u003ca href=\"https://www.coindesk.com/researchers-uncover-bitcoin-attack-that-could-slow-or-stop-lightning-payments\" target=\"_blank\" rel=\"noreferrer noopener\"\u003ehappened in March 2018\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\u003cp\u003e51% attack happens when a particular miner or a set of miners gain more than 50% of the processing power of the entire blockchain network, which helps them gain a majority in regard to the consensus algorithm. This attack vector is primarily related to the Proof of Work algorithm, but it can be extended as a test case to other consensus algorithms also, where there is a risk of a single party gaining enough influence in the network to unduly modify the state of the chain. This can lead to multiple damages including rewriting the chain data, adding new blocks, and double spending. The following diagram shows how this attack happens.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-large\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"372\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/image-16-1024x372.png\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1379\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-16-1024x372.png 1024w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-16-300x109.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-16-768x279.png 768w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/image-16.png 1186w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eIn the above visual representation, the red nodes are controlled by the attacker, and they can change the copy of the chain by adding new blocks post gaining majority consensus.\u003c/p\u003e\n\n\n\n\u003cp\u003eSome of the major chains that have suffered a 51% attack are the Bitcoin Gold Blockchain (in May 2018, 388,000 BTG worth around $18 million were stolen from multiple exchanges), Bitcoin Satoshi’s Vision (in August 2021, they suffered a 51% attack after which the coin suffered a 5% loss in value) and the Ethereum Classic blockchain.\u0026nbsp;Rented Hash Power\u0026nbsp;can also lead to 51% attacks. In this method, the attackers can rent computing power on servers to calculate hashes faster than other participants and gain consensus. Mining pools are also an interesting party in this, since they too can sometimes exceed the consensus requirements. In July 2014, the mining pool ghash.io gained more than 50% processing power for a brief period, after which it committed to reducing its power voluntarily.\u003c/p\u003e\n\n\n\n\u003cp\u003eThe culprits behind the recent 51% attacks on Ethereum Classic used rented mining hash power to carry off their heists, exploiting a vulnerability common to cryptocurrencies that rely on “\u003ca href=\"http://forkast.news/proof-of-work-what-is-it-bitcoin-halving/\"\u003eproof of work\u003c/a\u003e” as their underlying technology.\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003eRented mining hash power is at the center of all three attacks on ETC last month, which resulted in millions of dollars in losses and delivered a significant blow to the reputation of PoW protocols previously believed to be\u0026nbsp;\u003ca href=\"https://www.technologyreview.com/2019/02/19/239592/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/\" rel=\"noreferrer noopener\" target=\"_blank\"\u003eimmutable and “unhackable\u003c/a\u003e.”\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e“It’s actually a huge vulnerability in the system,” said Terry Culver, CEO of ETC Labs, an incubator of projects on Ethereum Classic, in an\u003ca href=\"https://forkast.news/ethereum-classic-repeat-hacks-etc-labs-ceo-terry-culver-ben-sauter/\"\u003e\u0026nbsp;interview with\u003cem\u003e\u0026nbsp;Forkast.News\u003c/em\u003e\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e“Three attacks in one month will tell you that security is an issue on Ethereum Classic. And we believe and know that other blockchains get attacked more regularly, maybe with less visibility,” Culver said. “It’s a universal problem.”\u003c/p\u003e\n\n\n\n\u003cp\u003eThe cryptocurrency space has been trying to weed out criminals and tighten up security, including the implementation of “\u003ca href=\"https://forkast.news/could-fatf-travel-rule-make-cryptos-mainstream/\"\u003eknow your customer” and anti-money laundering (KYC/AML) procedures\u003c/a\u003e,\u0026nbsp;\u003ca href=\"https://forkast.news/us-regulators-cftc-occ-sec-fatf-cryptocurrency-rules-trend/\"\u003eincreased regulations\u003c/a\u003e\u0026nbsp;from governments, and enhanced security systems to stave off hacking.\u003c/p\u003e\n\n\n\n\u003cp\u003eBut despite these efforts, malicious actors continue to exploit a core feature of many blockchain systems — decentralization and the requirement that there must be a 51% consensus of the protocol’s nodes to control the network.\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e“The [cryptocurrency] system is maturing, but the hash rental market is actually growing,” Culver said. “Think of it like, you turn the light on, and where do the mice go? [Malicious actors have] left the exchanges for the most part, and they’ve moved into the hash rental market.”\u003c/p\u003e\n\n\n\n\u003cp\u003eProponents of PoW systems would say that the 51% requirement needed to gain consensus would make it very hard to hack large blockchain protocols like Bitcoin and Ethereum. But there is still a theoretical possibility if someone or a group manages to gain 51% control over those networks. The risks of a 51% attack increases for smaller cryptocurrencies that don’t have as many nodes, as it would be relatively easier to take over the network of a smaller network while still turning a profit.\u003c/p\u003e\n\n\n\n\u003cp\u003eFor example, it would take over\u0026nbsp;\u003ca href=\"https://www.crypto51.app/\" rel=\"noreferrer noopener\" target=\"_blank\"\u003eUS$513,000 to perform a 51% attack\u003c/a\u003e\u0026nbsp;(at the time of this publication) for one hour on Bitcoin, but only about US$3,800 for a similar attack on Ethereum Classic, which is why the smaller network may be much easier and more profitable for malicious actors to attack.\u003c/p\u003e\n\n\n\n\u003cp\u003e“The hash rental market is like under a rock somewhere, it’s totally anonymous,” Culver said. “They’re basically money laundering operations. So you could take your BTC from ill-gotten gains, rent hash power, and get out freshly-minted tokens with no provenance.”\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003cimg decoding=\"async\" loading=\"lazy\" width=\"965\" height=\"633\" src=\"./Blockchain Attack Vectors Vulnerabilities to Smart Contracts - CRYPTO DEEP TECH_files/hincehash.webp\" alt=\"Blockchain Attack Vectors \u0026amp; Vulnerabilities to Smart Contracts\" class=\"wp-image-1460\" title=\"Rented hash power for 51% attacks is a ‘huge vulnerability’ for proof-of-work blockchains, says ETC Labs CEO 2\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2022/12/hincehash.webp 965w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/hincehash-300x197.webp 300w, https://cryptodeeptech.ru/wp-content/uploads/2022/12/hincehash-768x504.webp 768w\" sizes=\"(max-width: 965px) 100vw, 965px\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003e\u003cem\u003eThe cost of launching a 51% attack on various top cryptocurrencies through NiceHash. Image:\u0026nbsp;\u003c/em\u003e\u003ca href=\"https://www.crypto51.app/\" rel=\"noreferrer noopener\" target=\"_blank\"\u003e\u003cem\u003eCrypto51\u003c/em\u003e\u003c/a\u003e\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003ch4\u003e\u003cstrong\u003eWhat does renting hashpower do?\u003c/strong\u003e\u003c/h4\u003e\n\n\n\n\u003cp\u003eHow did they do it? The malicious actors behind the first two attacks on ETC in August were able to achieve 51% dominance over the network by renting hash power from NiceHash provider\u0026nbsp;\u003ca href=\"https://www.nicehash.com/algorithm/daggerhashimoto\" rel=\"noreferrer noopener\" target=\"_blank\"\u003edaggerhashimoto\u003c/a\u003e, based on an\u0026nbsp;\u003ca href=\"https://blog.bitquery.io/attacker-stole-807k-etc-in-ethereum-classic-51-attack\" rel=\"noreferrer noopener\" target=\"_blank\"\u003eanalysis\u0026nbsp;\u003c/a\u003eby Bitquery, a data intelligence firm.\u003c/p\u003e\n\n\n\n\u003cp\u003eSlovenia-based NiceHash is an online platform where customers can rent hashing power from sellers providing the computing power to mine cryptocurrencies.\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003eBy using this rented hash power, the attackers behind the\u0026nbsp;\u003ca href=\"https://forkast.news/bitcoin-hong-kong-china-dcep-testing-ethereum-classic-51-attack-current-forkast-25/\"\u003efirst and second attacks\u003c/a\u003e\u0026nbsp;on Ethereum Classic were able to “double spend” over US$7 million by overwriting entries in the blockchain, reversing or even changing the destination of transactions. In other words, the attackers had almost complete control over the network and were able to route money as they pleased.\u003c/p\u003e\n\n\n\n\u003cp\u003eNiceHash has previously been embroiled in controversy. In 2019, its former chief technology officer and co-founder Matjaz Skorjanec was\u0026nbsp;\u003ca href=\"https://www.coindesk.com/former-nicehash-cto-arrested-in-germany-over-us-hacking-charges\" rel=\"noreferrer noopener\" target=\"_blank\"\u003earrested\u003c/a\u003e\u0026nbsp;in Germany over U.S. charges of being involved in a hacking group that organized the theft of millions of dollars.\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003eNiceHash itself was\u0026nbsp;\u003ca href=\"https://www.coindesk.com/nicehash-ceo-confirms-bitcoin-theft-worth-78-million\" rel=\"noreferrer noopener\" target=\"_blank\"\u003ehacked\u0026nbsp;\u003c/a\u003ein 2017, resulting in the loss of an estimated US$78 million in bitcoin.\u003c/p\u003e\n\n\n\n\u003cp\u003eThe August hacks were not the first time Ethereum Classic suffered from such breaches, as a\u0026nbsp;\u003ca href=\"https://decrypt.co/4408/cryptocurrencies-protect-51-attacks\" rel=\"noreferrer noopener\" target=\"_blank\"\u003esimilar 51% attack occurred against ETC in January 2019\u003c/a\u003e. Hackers have also\u0026nbsp;\u003ca href=\"https://www.vice.com/en_us/article/a3a38e/what-is-a-51-percent-attack-silicon-valley-bitcoin-gold-verge-monacoin-cryptocurrency\" rel=\"noreferrer noopener\" target=\"_blank\"\u003elaunched successful 51% attacks\u003c/a\u003e\u0026nbsp;on a number of other smaller cryptocurrencies, including Bitcoin Gold, Verge and Monacoin in 2018.\u003c/p\u003e\n\n\n\n\u003cp\u003e“Computers are getting better, it’s going to keep getting easier and easier to get control of the computer power necessary to do these things,” said Benjamin J. A. Sauter, partner at New York-based international law firm Kobre \u0026amp; Kim, which is representing ETC Labs in investigating and suing the hackers.\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003eMoreover, the concentration of hashing power in China has also been shown to be a risk for cryptocurrencies, as\u0026nbsp;\u003ca href=\"https://forkast.news/yfi-bitcoin-consensys-jpmorgan-quorum","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdemining%2Fblockchain-attack-vectors","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdemining%2Fblockchain-attack-vectors","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdemining%2Fblockchain-attack-vectors/lists"}