Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/demining/vector76-attack

Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data
https://github.com/demining/vector76-attack

attack bitcoin bitcoin-hacking bitcoin-transaction blockchain cryptanalysis cryptocurrency cryptography double-spending vector76 vector76-attack vulnerability

Last synced: 3 days ago
JSON representation

Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

Awesome Lists containing this project

README

        

Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

With the development of cryptocurrency technologies and the increasing popularity of Bitcoin, various software such as Flash Bitcoin Software and Fake BTC Software have appeared in the market . These programs can lead to disastrous consequences on the Bitcoin ecosystem . In this article, we will look at what these softwares are, how they work and what impact they have on the Bitcoin cryptocurrency using real data , as well as how these various softwares use the Vector76 Attack mechanism , which is a type of double-spending attack , in which an attacker tries to conduct the same transaction twice. Unlike the classic double-spending attack, Vector76 exploits vulnerabilities in transaction confirmation mechanisms and time delays in the propagation of blocks across the Bitcoin network.

---

* Tutorial: https://youtu.be/Mk_BPBCXd3I
* Tutorial: https://cryptodeeptech.ru/vector76-attack
* Google Colab: https://github.com/demining/CryptoDeepTools/blob/main/34Vector76Attack/Vector76_Attack.ipynb

---

In a Vector76 attack, the attacker first creates two transactions: one to send funds to their Bitcoin address and one to send the same funds to the merchant’s Bitcoin address. They then try to convince the merchant to accept the unconfirmed transaction while simultaneously broadcasting the other transaction to the network. If the attacker manages to complete their transaction before the merchant receives confirmation, the funds will be sent to the attacker’s address rather than the merchant’s.


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


https://youtube.com/watch?v=Mk_BPBCXd3I%3Fsi%3DYeJcsqeJKlbmKF-U


Software

Software makes it easy for an attacker to time-slot the time between a transaction being confirmed on the local network and being propagated to the entire Bitcoin network. The attacker creates two transactions: one that is sent to the local network and one that is sent to the main network. If the attacker manages to send the first transaction before the second is confirmed, they can trick the recipient into believing that the first transaction is genuine. Let’s look at some of the most well-known software that uses time-slotting to successfully confirm a Bitcoin transaction.

Flash Bitcoin Software

Flash Bitcoin Software is a software that allows users to temporarily increase their Bitcoin wallet balance. This is done by creating transactions that appear legitimate but are not actually confirmed on the blockchain. Such transactions can be used to deceive users and services that accept Bitcoin.


Fake BTC Software

Fake BTC Software , in turn, is designed to create fake Bitcoin transactions. These transactions can be used for fraud, as they create the appearance of a transfer of funds, although in reality no funds are transferred. This software can be used to deceive sellers and buyers in cryptocurrency transactions.


Dockeyhunt Vector76 Attack

Dockeyhunt Vector76 Attack is designed to create two or more Raw transactions with the purpose of confirmation via Broadcast Bitcoin Transaction for a double-spend scenario with the same Bitcoin. The essence of the attack is that the attacker sends the same transaction to two different parts of the network, creating a temporary discrepancy in the Bitcoin blockchain. This software can also be used to deceive sellers and buyers in cryptocurrency transactions and operations where different tokens and various well-known cryptocurrencies are accepted Bitcoin, Etherium, etc.


CGMiner и BFGMiner

CGMiner and BFGMiner these software are designed for mining and can be used to implement Selfish Mining attacks , as they allow miners to control the process of mining blocks.


Wireshark

Wireshark is a network analysis software and can be used to analyze network traffic and implement Sybil Attack and Eclipse Attack . Fraudsters can use modified versions of the Bitcoin Core client to perform various attacks on the consensus mechanism.


BlockSci

BlockSci – This software allows you to analyze the blockchain and can be used to conduct transaction analysis and Dusting Attack (DUST ATTACK) .


Impact of the attack on the Bitcoin network

Vector76 Attack was first described in 2011 and is a combination of Finney and Race attacks . The attack exploits vulnerabilities in the Bitcoin network transaction confirmation process. The basic idea is to create two conflicting transactions and run them through different nodes in the network, allowing the attacker to trick the recipient into double spending.

In a Race Attack , an attacker attempts to conduct two transactions simultaneously, one of which he attempts to reverse.

In a Finney Attack , an attacker pre-mines a block with a transaction and then attempts to conduct another transaction with the same coins.

In the Vector76 Attack , the attacker uses elements of both attacks to create a double spending attack.

The Vector76 attack could have serious consequences for the Bitcoin network. It undermines trust in the system, as users could lose funds due to double spending. In addition, the attack could cause delays in transaction confirmations and increase network congestion.

Attack stages:



  1. Create two transactions: The attacker creates two transactions with the same amount but different recipients. One transaction is sent to the network, and the other is held in an isolated part of the Bitcoin network.

  2. Sending the first transaction: The first transaction is sent to the local network, where it is quickly confirmed.

  3. Sending the second transaction: The second transaction is sent to the Bitcoin main network.

  4. First Transaction Confirmation: The recipient of the first transaction believes it is genuine and provides the product or service.

  5. Second transaction confirmation: The second transaction is confirmed on the main network and the first transaction becomes invalid.

  6. Conflict and Double Spend : As a result, a conflict occurs and one of the transactions may be included in the blockchain, resulting in a double spend.

  7. Network Merge : When an isolated part of the network merges with the main network, a conflict occurs and one of the transactions is cancelled.


Vector76 Attack Detection and Prevention Mechanisms:

To protect the Bitcoin network from Vector76 attacks, various mechanisms for detecting and preventing attacks are used, and effective algorithms and systems for detecting suspicious transactions must be implemented. Let’s consider several approaches :



  1. Block and transaction analysis: Mining software and network nodes analyze blocks and transactions for conflicts and anomalies.

  2. Increase the number of confirmations: It is recommended to wait for a larger number of confirmations (e.g. 6 or more) before considering a transaction as finally confirmed. Increasing the time to wait for a transaction to be confirmed can reduce the likelihood of a successful attack.

  3. Using Machine Learning Algorithms: Modern machine learning techniques can be used to detect suspicious patterns in transactions and blocks.

  4. Network Monitoring : Using specialized software to monitor the network for suspicious transactions and behavior.

  5. Multi-Level Confirmation: Using multiple levels of transaction confirmation can improve security.

  6. Anomaly Analysis: Implementation of anomaly analysis systems to identify suspicious transactions and blockchains.

  7. Updating Protocols : Regularly updating security protocols and implementing new security methods can improve the network’s resilience to attacks.

  8. Strengthening the consensus mechanism : Implementing additional checks and confirmations for transactions, which will make it more difficult to carry out attacks.


Distribution of an alternative block for carrying out Vector76 Attack:



  1. Creating Two Conflicting Transactions: An attacker creates two transactions that use the same inputs but have different recipients.

  2. First Transaction Propagation: The first transaction is sent to the network and included in a block that miners begin to confirm.

  3. Creating an alternative block: The attacker uses their own mining software to create an alternative block containing the second transaction.

  4. Propagation of an alternative block: At a time when the first transaction has already received several confirmations, the attacker propagates an alternative block that may be accepted by the network if it contains more confirmations.


Structure of Vector76 Attack:



  1. Setup : The attacker creates two transactions: one for the victim (T1) and one for himself (T2) .

  2. Block mining : An attacker mines a block that includes T2 but does not publish it.

  3. T1 execution : The attacker sends T1 to the network and the victim accepts it after one confirmation.

  4. Block Publishing : The attacker publishes a block with T2 , which cancels T1 .


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


Practical part

Let’s look at an example of this attack using the Dockeyhunt Vector76 Attack software.

Download the software from the official website: www.dockeyhunt.com


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


We will install all the necessary packages and libraries and run the setup.exe file.


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data



Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


To carry out a successful attack, it is very important for us to create a second transaction ( for ourselves T2 ) for this, we need to prepare a Bitcoin Wallet in advance where we will send all our BTC coins for further storage in a cold wallet. Open the folder and run Cold Bitcoin Wallet.exe to generate a new Bitcoin Address


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


Click Generate Address


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


Our new Bitcoin Address details for further storage in a cold wallet.



Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


https://youtube.com/watch?v=VCeQpYsh-Ts%3Fsi%3DZ6YV233mXvbY-SIt


Now we establish a connection with the recipient, in our case the pseudo-recipient is a user of the Huobi crypto exchange


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

Bitcoin Pseudo-recipient address:

Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

https://bitinfocharts.com/bitcoin/address/143gLvWYUojXaWZRrxquRKpVNTkhmr415B



Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

Creating Raw Transaction T1 (Victim)

The pseudo-recipient (victim) is a user of the Huobi crypto exchange and expects from the sender (attacker) an amount of: 1.17506256 BTC (in Bitcoin cryptocurrency )

Sender’s Bitcoin Wallet for the amount: 1.17521256 BTC

Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

https://btc1.trezor.io/address/1888dvSYUx23z2NNow let’s use the Python script: pushtx.py to send Bitcoin Transaction RawTXF79NyCaYQ8dxcWCjHDz


Let’s open a new notebook in Google Colab : https://colab.research.google.com

Clone the Broadcast-Bitcoin-Transaction repository


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


Run Python script bitcoin_info.py (to check the Bitcoin sender address)


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


To create a Raw transaction T1, we need to copy from Bitcoin Address: 1888dvSYUx23z2NF79NyCaYQ8dxcWCjHDz UTXO ( Unspent Transaction Output ) the last TXID as an output of unspent transactions for the sender’s wallet.

https://btc1.trezor.io/tx/3141bd1a32ac5e5b1a0de837faceccbc78f80f277c060855eab23be0fbe6e861


Let’s go back to the root directory and run the Dockeyhunt Vector76 Attack software


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


Option:

When creating a transaction, we need to sign a digital signature with the ECDSA algorithm , insert the private key of the Bitcoin Wallet sender into the field: 1888dvSYUx23z2NF79NyCaYQ8dxcWCjHDz ( for verification, we can use bitaddress )

Copy TXID: 3141bd1a32ac5e5b1a0de837faceccbc78f80f277c060855eab23be0fbe6e861 and paste it into the field. This is necessary to ensure that transactions are fully verified for all Bitcoin network nodes, as all transaction inputs are valid (this is very important and necessary for a successful Vector76 attack to ensure that the sender’s BTC coins are not spent in advance) . UTXO allows for more efficient transaction processing, as each transaction output can only be used once (this simplifies the management of the Bitcoin network state and reduces the complexity of verifying Raw transactions) .

Copy the Bitcoin Address of the pseudo-recipient of the Huobi crypto exchange : 143gLvWYUojXaWZRrxquRKpVNTkhmr415B and paste it into the field.

Copy the total amount of Bitcoin coins and paste it into the field (for this sender this amount is: 1.17521256 BTC the amount must be specified in Satoshi in the amount of: 117521256 )

Let’s specify our own amount in the amount of: 15000 sat/vByte this amount is a commission for the process of processing transactions by the miner. In Bitcoin, when we send a transaction, we pay a commission to the miners for including our created Raw transaction in the blockchain (this commission stimulates miners to process and confirm transactions).

Let’s specify the amount for sending BTC coins in our case when extracting from the total amount of 117521256 sat/vByte and the size of the commission: 15000 sat/vByte the amount to send will be in Satoshi : 117506256

After we have added all the options, click Create Transaction

Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


Result:



Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


https://youtube.com/watch?v=qjcFNV90p8I%3Fsi%3DjlnG-yg3Od3XH2bX


Now let’s use the Python script: pushtx.py to send Bitcoin Transaction RawTX


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

Result:


A pseudo-recipient user of the  Huobi crypto exchange sees a payment on the Bitcoin TX network: e129cd4257b2c9f5061dfb80d8b7a59e62cbaf3cdfba8d3fde2953759e63bcf0

Now the attacker proceeds to the second stage, creating a T2 transaction (for himself) to take all the coins for the sent amount of 1.17506256 BTC (117506256 sat/vByte) from the Bitcoin network to the balance of his cold wallet.



Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

Create Raw transaction T2 (for yourself)

Previously we created a cold Bitcoin Wallet, we did this in advance specifically to create the second transaction ( for ourselves  T2 ) to prepare the Bitcoin Wallet: 1qqQcZbZNvsZoF5x3VcnEcJbzPeXncfKq where we will send from the Bitcoin network all coins in the amount of: 1.17506256 BTC (117506256 sat/vByte) for further storage in a cold wallet).


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

Copy the Bitcoin Address of the new cold wallet:


Let’s re-launch the Dockeyhunt Vector76 Attack software.


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

Let’s add a new option with new data

Option:

All the same, to create a transaction, we need to sign a digital signature with the ECDSA algorithm , insert the private key of the Bitcoin Wallet sender into the field: 1888dvSYUx23z2NF79NyCaYQ8dxcWCjHDz ( for verification, we can use bitaddress )

Copy TXID: 3141bd1a32ac5e5b1a0de837faceccbc78f80f277c060855eab23be0fbe6e861 and paste it into the field. This is necessary to ensure that transactions are fully verified for all Bitcoin network nodes, as all transaction inputs are valid (this is very important and necessary for a successful Vector76 attack to ensure that the sender’s BTC coins are not spent in advance) . UTXO allows for more efficient transaction processing, as each transaction output can only be used once (this simplifies the management of the Bitcoin network state and reduces the complexity of verifying Raw transactions) .

Let’s copy the new Bitcoin Address of the new cold wallet where we will transfer all BTC coins : 1qqQcZbZNvsZoF5x3VcnEcJbzPeXncfKq and paste it into the field.

Copy the total amount of Bitcoin coins and paste it into the field (for this sender this amount is: 1.17521256 BTC the amount must be specified in Satoshi in the amount of: 117521256 )

Let’s specify our own amount in the amount of: 15000 sat/vByte this amount is a commission for the process of processing transactions by the miner. In Bitcoin, when we send a transaction, we pay a commission to the miners for including our created Raw transaction in the blockchain (this commission stimulates miners to process and confirm transactions).

Let’s specify the amount for sending BTC coins in our case when extracting from the total amount of 117521256 sat/vByte and the size of the commission: 15000 sat/vByte the amount to send will be in Satoshi : 117506256

After we have added all the options, click Create Transaction


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


Result:



Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


https://youtube.com/watch?v=HboBRmiCfIQ%3Fsi%3D8RXJPtmeZSKhEdhb


Now let’s use the Python script: pushtx.py to send Bitcoin Transaction RawTX


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

Result:


Now we have received TX: d7b2f7279687abd3abf0367ac31223359dc8b53b32b7adbdfc2d0ada2a8015bc all that remains is to mine the block and publish the block to the main blockchain which includes the T2 transaction (for ourselves) .

Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

Mining and publishing a block to the Bitcoin network main chain

Let’s go back to the root directory, open the folder and run the Block Bitcoin Mining software


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data



Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

To add an option to an empty field, we need to get input data for certain values ​​to configure the mining block. To do this, run the Python script: block_header.py and enter the UTXO value we know, which we previously added to the Prev TXID option hash when creating the Raw transaction Prev TXID : 3141bd1a32ac5e5b1a0de837faceccbc78f80f277c060855eab23be0fbe6e861

UTXO allows for more efficient transaction processing, as each transaction output can only be used once (this simplifies the management of the Bitcoin network state and reduces the complexity of verifying Raw transactions) .


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

Let’s copy the received data:


Let’s add RawTX for T2 transaction (for ourselves)



Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


Once the block for the T2 transaction (for yourself) is mined using the Block Bitcoin Mining software, we will receive a file in JSON format



Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


Our mined block for confirmation in the general blockchain chain is located in the file: block_hash_mining.json

Let’s open the file: block_hash_mining.json using Notepad++



Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


In line #875 we see a new block.



Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data


https://youtube.com/watch?v=Qa0FQJaOrKM%3Fsi%3D__2O5roSMYlQ5sNM


Let’s go back to Google Cola b and run the Python script, enter the TXID of the T2 transaction (for ourselves)


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

EVERYTHING IS CORRECT!!!

The block confirms the authenticity of transaction T2 (to itself) .


Let’s also check the link in the blockchain:

https://btc1.trezor.io/tx/d7b2f7279687abd3abf0367ac31223359dc8b53b32b7adbdfc2d0ada2a8015bc


Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

Payment confirmed by miners



Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

Transaction T1 (victim) is cancelled

Huobi crypto exchange user pseudo-recipient payment   automatically canceled on Bitcoin  TX network: e129cd4257b2c9f5061dfb80d8b7a59e62cbaf3cdfba8d3fde2953759e63bcf0

Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data

https://btc1.trezor.io/tx/e129cd4257b2c9f5061dfb80d8b7a59e62cbaf3cdfba8d3fde2953759e63bcf0


Conclusion:

All these software and tools facilitate the creation of fraudulent schemes, which can lead to an increase in the number of victims and losses of BTC and ETH coins among users. This, in turn, can cause a negative attitude towards cryptocurrencies and the crypto community as a whole.

Damage to Business: Many companies and services that accept Bitcoin may suffer significant losses due to the use of fake transactions. This may lead to the refusal to accept Bitcoin as a means of payment, which will also negatively affect its adoption.

Increased complexity of regulation: The use of such software complicates the work of regulators and law enforcement agencies who are trying to combat fraud and money laundering. This may lead to stricter regulations and restrictions on the use of cryptocurrencies.

Need for improved security : Constant threats require developers and users to implement new security measures and improve existing protection mechanisms. The Bitcoin developer community can take steps to combat fraudulent transactions. This may include improving transaction confirmation algorithms and introducing new security protocols. However, such measures may require significant resources and time.


References:


This material was created for the  CRYPTO DEEP TECH portal  to ensure financial data security and cryptography on elliptic curves  secp256k1 against weak ECDSA  signatures   in the BITCOIN cryptocurrency. The creators of the software are not responsible for the use of materials.


Source

Telegram: https://t.me/cryptodeeptech

Video material: https://youtu.be/Mk_BPBCXd3I

DZEN: https://dzen.ru/video/watch/669558eb4bbd297f7d375e06

Source: https://cryptodeeptech.ru/vector76-attack



Vector76 Attack: Researching and Preventing Threats to the Bitcoin Network Detailed Cryptanalysis Based on Real Data