Can the Blockchain be hacked?

Basem Dabbour
Aug 2, 2018 · 13 min read

[EDITED] This blog about the introduction of the blockchain, how it works and answering a few questions about the possibility to hack a Blockchain Network

Blockchain technology is a robust and promising technology. A lot of people think that Blockchain is the new technology that stops all penetration, and a new internet infrastructure to solve the problems that centralized systems have. To stop hackers from breaking in and expose personal data or manipulating metadata between users by employing strong cryptography to maintain individual control over the data by its ownership/end-user.

Its really difficult to list everything in one single blog, but answering some questions about Blockchain could be useful for all of us to understand this technology and give real life and theoretical scenarios

What is the basic definition of Blockchain?

Its where all transactions that take place within the network are recorded in Blockchain, which is a public ledger that can be seen by anyone but change by no one.

This ledger is made up of connected blocks that fit together cryptographically (when sender “A” sends a transaction to receiver “B”, “A” create a message with “B”s new owner public key and sign it with “A”s private key, and when the transaction published to the public ledger, everyone will know the new owner “B” of the transferred coins is the owner of the new key and “A”s digital signature on this message/transaction verifies for everyone that the transaction is authentic).

Image source:

The complete history of all transactions stored in Blockchain in sequence mode of blocks and is kept by everyone on the Blockchain network and anyone who has copy of that Blockchain ledger can verify who is the current owner of any coins ( “C” node will know that “A” node transferred for example 1 bitcoin to “B”). So each block of the Blockchain containing a set or group of transactions that have been sent since the previous block.

But, how the blocks chained together?

Each block in the chain confirms the integrity of the previous block all the way back to the first one in that chain.

Image source:

OK, how can we generate bitcoins or Mining a block?

To generate Bitcoins, cost function should be used.

A cryptographic hash function takes input data of arbitrary size(any size) and mapping the data by transforming it to bit string of a fixed size (hash), for example, the case of SHA-256 the hash is 256 bits which is 32 bytes (256/8) , but you may ask what is the benefit of adding the hash function in use?

The answer is to identify the blocks by their hash, so the hash is the identity (ID number or serial number) of each block in the Blockchain.

It's really difficult to produce a block and attach it to Blockchain as it requires time processing power (electricity power) to accomplish this task. A node who managed to produce a block gets a reward and this reward which claimed by block producer break into two parts: number of the earned bitcoins as a result of block produce during the mining process and the transaction fees that present in the transactions listed in the block.

Image source:

What is approximately the number of produced blocks per time?

The network has rules and nobody can simply produce a block and mine coins. These rules can be set up and adjusted to produce 1 bock per 10 minutes.

Which means the more number of miners engaged in the mining activity the harder it gets for the miners to produce a block and get reward, on the other hand the higher total difficulty to produce a block or mining a coins , the harder is for attacker to sneak into the Blockchain and replace some blocks with their own blocks that give the opportunity for the attacker to double spend the coins (will talk about double spending problem later on in this blog)

Image source:

How to stop Sybil attacks from being happening?

Bitcoin, for example, developed Proof-of-work algorithm involving the end-users/nodes/miners to participate in the network by consuming energy for mining bitcoins and confirm transactions between nodes of the network to get reward, and Ethereum developed a different algorithm Proof-of-individuality that deploy a decentralized Sybil proof with almost same functionality of POW, at the end the nodes should trust the algorithm to do its work and maybe not anonymous nodes on the network.

Well, after preventing Sybil attacks from happening!, How Blockchain can be hacked theoretically?

1. Routing Attacks:

There is research done at Eidgenössische Technische Hochschule (ETH Zürich) in may-2017 that studied malicious internet service providers (ISP) that host bitcoin platforms and the impact can have on Bitcoin cryptocurrency.

The study shows most of the Bitcoin nodes are hosted in 13 ISPs (0.026% of all ISPs) = 30% of the entire Bitcoin network and only 3 ISPs can monitor 60% of all Bitcoin traffic, both characteristics make it easier somehow for the attacker to prevent or delay a lot of traffic between nodes and group of nodes hosted on few numbers of ISPs.

The study listed 2 possible attacks:

  • Partition attack:

Partitioning the whole network into two or more disjoint networks, attacker can make a partition of the Bitcoin network by taking over a group of IP addresses, corrupting the Border Gateway Protocol (BGP) that maintain the routing tables and used to exchange information between autonomous systems on the internet, that’s why its called Border! :-) and this type of attack called BGP hijacking.

Image source:

An example scenario, the attacker can partition the network into two disjoint groups (Group X, Group Y) by preventing the nodes inside Group X/Group Y to communicate with nodes in Group Y/Group X ,and keep the connection between the nodes of the same Group functioning well, its like using the Border Gateway protocol to control the border between these two groups(X,Y) and to install a big wall between Group X nodes and Group Y nodes with one door to allow the attacker to control the traffic between the two components.

  • Delay Attack:
Image source:

ISP carrying traffic between Bitcoin nodes (A, C), lets say that node “C” ask about the latest block from node “A” by sending a request asking for it, the attacker in the middle will change the content of the data that node “C” requested from “A” two times, 1st time to provide an old block (not updated one) to node “C”, and 2nd time to provide the updated one after 20 minutes delay from old block submission, this attack just to make the work slower.

Both Partition and Delay attacks have a huge impact on Bitcoin, reducing minters profit by consuming time during transactions and manipulating the content of the shared metadata on the network which cause a double spending.

Finally, we can ask what is Double spending and how it works?

Image source:

Double spending is an act of using same bitcoins more than once to buy for example different resources or goods, like using 1 bitcoin to buy MSI laptop and then use the same 1 bitcoin to buy Lenovo laptop and so on so forth).

One core solution for this problem is to set up a verification mechanism (Proof-of-Work) involving the input users/nodes/miners to verify recorded transactions within the Blockchain and get reward token for doing this effort.

Each of the keepers of the network will have a copy of the updated block. The more the transaction has a confirmations from the participants nodes within the network → the harder will be to influence the network with double spending as the attackers should change the entire block that includes the targeted double spending transaction on each copy of the block that nodes have confirmed, to manipulate the ledger and do the changes that they want to do. Otherwise, the participants who confirmed the transaction will prevent the attacker from doing defraud action unless the attacker succeeded to magically inverse all the confirmations. (will talk about this later on here)

2. Direct Denial of Service (DDOS):

Image source:

it’s simply flooding a node with a huge amount of bad transactions that in its part being sent to flood the entire network and slow down or prevent transactions from being processed, this attack is only halting the network activity from functioning without stealing any coins.

Confused !, what is the different between DDOS and Sybil attack?

Sybil attack targeting peer to peer networks that is controlled by one or more entity by creating a large number of fake identities to gain large influence, while DOS/Distributed DOS targeting a node/nodes by flooding it/them with bad requests and invalid transactions from many sources which makes it harder to stop this attack depends on the number of sources that have to be stopped by blocking their flooding messages to one or many nodes.

3. Bitcoin’s Backlog:

Backlog refers to uncompleted work waiting to be done, its like a waiting list and Bitcoin Backlog is the set of amounts of unconfirmed transactions, back in 2017 the Bitcoin Network faced a backlog of over than 135,000 unconfirmed transactions with fees have soared and these results came as consequences of debating about doubling the bitcoin block size.

What is block size?

Block size is the size of all transaction that listed inside each block in Blockchain, for example, Bitcoin blocks are limited to 1MB.

Image source:

There must be a solution to increase the size of the blocks especially it will be led to increasing the number of transactions taking place in the whole Blockchain network, but scaling the size of the blocks could cause what is called “bottleneck” issue when feeding a large number of input transactions through a narrow funnel, this will cause a problem as large amount of Bitcoin transactions data to enter into that funnel will restrict the current amount of transactions that have been processed by Bitcoin network nodes.

As a result of this issue the transactions are written to the Blockchain slower than being created by the end-users/nodes and over the time will cause backlog including unconfirmed transactions, and these transactions may wait on the door a lot of time to be then listed in the block in case they are valid transaction, and not in case flooded by an attacker who will take an advantages of increasing block size feature.

On the other hand, users can make sure to confirm their transactions faster and this will led to backlog issue when a lot of unconfirmed transactions have not been confirmed in case of a valid transaction, or deleted in case of an invalid transaction.

Lets go back to 2015 where a “stress test” has been done by as proof of concept for an impact of increasing the block size by sending thousands of transactions on the network to influence a change of the block size to demonstrate the simplicity of the large scale spam attack on the network and the result of that test flood attack was 80,000 transaction sent to the network and creating a massive backlog of unconfirmed transactions that cleared out by some of largest mining pools then.

4. 51% or Majority Attack:

As we mentioned previously that Blockchain linked to the computer power that each node used to produce a block into the Blockchain and mine a coins as reward, however, there is a threat of an attacker gaining control over the 51% of the hash power on the network and if this really happened, it will allow the attacker to mine blocks faster than the rest of the network combined together and this for sure will open the defraud door for double-spending that we talked about before along with violating the network which causes loss of confidence between the nodes on the networks that has been attacked.

This type of attack is dangerous and carry a lot of fears especially when targeting many platforms that fork the open source cryptocurrency.

At least five cryptocurrencies ( Monacoin , bitcoin gold, zencash, verge, litecoin cash ) that have smaller network have been attacked and the attacker successfully took control over the majority of the computing power, changing the transactions inside the blocks and leave with a lot of coins (=millions of dollars ) without any trace back to its identity. So basically the 51% attack scenario will be easier to take control over small networks that have smaller number of nodes participants and target biggest amounts of transactions, rather than employing more and more resources to attack bigger networks which require more effort and cost more money to invest in attacking larger Blockchain network, but still its not impossible to do it!.

How can an attacker take over a top Blockchain network?

A research has been released in 2017 estimates how much time and money will cost to execute these attacks on a larger Blockchain networks by simply renting power rather than buying all required equipment and take a lot of time to set them up to do the task, however the attackers don’t have the freedom to do whatever they want after overcome the 51% majority of hashing power, but they are able to double spend transactions under certain conditions, by targeting the high-value transactions to get benefit of their investment to steal millions of dollars that will cover the defraud money with more profit on top of it. That’s why the hackers of the five cryptocurrencies targeted the higher exchange amount:

  • The attacker double spend 2 massive amount of transactions in bitcoin gold
  • The attacker double spends 3 massive amount of transactions (21,000 zen token = 500,000 dollars) in Zencash.

To make it a more serious issue, someone created a website (Crypto51) showing some statistics and gave a rough estimation of how expensive it is to 51% attack various Blockchain using mining marketplace.

Image source:

One of marketplace that connects sellers of hashing power with buyers is NiceHash, for example, if you take a look at the website you will see that attacking bytecoin (with 114%) will cost only 627$ per 1 hour attack and this cost might as little as 719$ to attack using rented computing power than buying new equipment to meet the requirements.

Cryoto51 shows that larger cryptocurrencies such as Bitcoin(with 1%) and Ethereum (3%) are harder to be targeted by 51% attack method compared with Litecoin Cash(3,898%) , Zencash (53%), Monacash(458%) or even Bitcoin Cash (10%), because obviously both giants have much larger networks and connected nodes that require more hashing power than NiceHash could handle to overcome their majority.

Is there any other way to hack a Blockchain platform?

The answer is YES!. On 26th of July 2018, “KICKICOa Blockchain platform has been hacked and lost more than 70 million Kick coins = 7.7 million dollars without taking over the 51% majority of the network!.

But how the attacker managed to steal this amount of money without controlling 51% majority of the network?

The attacker managed to obtain the private key of one block to unlock the listed transactions within, and to get direct access to the smart contract of the KickCoin Blockchain network, the attacker managed to take over 40 different address wallets and transferred them to addresses controlled by him leaving no trace.

With all these concerns and attacks scenarios, how can the Blockchain find its own way to enterprise business companies?

Blockchain is a revolutionary technology and needs more time to understand its potential and what solutions exactly provides to the market and to know how it works to find a way to fill all the gaps that prevent an attacker from breaking into the Network and poison it.

However, nothing will happen without start taking the risk of integrating Blockchain as new solution, that’s why a lot of vendors like SAP, IBM, Oracle, Microsoft and Amazon all wants to provide a Blockchain as service for their customers, on the other hand a survey done by UK firm Juniper Research back in July 2017 on 400 large companies found that 6 in 10 companies responded with high interested status in deploying Blockchain technology. Click here for more information about the challenges

Image source:

Thank you for reading ,and yes before you leave!, if you are about to start your own company :), you should check Silicon Valley TV series that talks about a team of developers came out with an idea converted after that into a startup company to develop a decentralized peer to peer internet using network of cellphones which then attached into their app “Pied Piper” and using initial coin offering (Pied Piper ICO) to raise a crowdfunding to fund their project after facing tough situations to convince many investors. This comedy series features a real life 51% attack.

“This work is a part of the PaBlo project which is funded by IFAF Berlin”

Basem Dabbour

Written by

Data Science student, Research Associate at Beuth University

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade