Different types of crypto attacks

Despite the blockchain technology being famous for its security, this does not mean it is completely safe from malicious users, scammers and hackers. Some of them employ methods which are very hard to detect before they have done a lot of harm, although some of these can be avoided by routinely taking specific measures in advance. But wherever assets and sensitive data are involved, there will always be those who would like ‘to take it all’.

Types of crypto attacks

The list of attacks is as long as life, some of them are quite old and familiar, but have not become less dangerous. A wallet, a smart contract, an exchange or a chair – anything can become an attacker's target. Among the most common and still, unfortunately, successful from time to time are the following:

51% attack. This very common and notorious type of attack resembles the ‘shareholding majority’ situation. A person or a group takes over 51% or more of crypto computing power (or hashrate), which basically allows them to do whatever they want. Due to its origin, it is a common malicious action in the mining sphere. A high level of hashrate gives a better chance to be awarded the right to generate the next block generation and get a miner’s reward. Decentralized networks are designed in a way so that no one should be able to take hold of such a majority, which the attack attempts to pervert. The 51% attack is a simple way to get rid of the competitors and influence other processes with currency (like initiating temporal blockages of network transactions, modifying transactions at will for things like double-spending, refusing other users’ transaction confirmation and even removing other users’ blocks from search outputs) to milk the network dry.
Dusting. This attack aims at depriving users of their anonymity, which is one of the key features ensuring security. The attackers send a small amount of tokens (called ‘dust’) to random wallets in search of potential victims. This typically goes unnoticed since the amount is negligible.. The idea is to track the victim’s address, deanonymize them and get as much sensitive data as possible. Once the attacker collects enough personal data, they may start blackmailing the victim (usually threatening to leak personal data if the victim does not pay a certain amount of crypto, which certainly does not guarantee the stopping of further intimidations). Fortunately for smaller users, they are not often targeted by such attackers.
Cryptojacking. This attack is performed through sneaking mining-specific malware on someone else’s computer to exploit its resources. It does not involve directly stealing someone's funds and is very hard to detect (the malware also continues to work even a reboot). A successful attack leads to enormous electricity bills and the system slowing down. The software is installed with the help of phishing emails and links to corrupted websites and infected applications. It can be countered by checking URLs carefully, avoiding unverified links and suspicious software and updating antivirus regularly. If a computer has slowed down for no reason it is a good reason to check if it has fallen victim to cryptojacking.
Sybil attack. This attack usually takes place when a person wants to take over a blockchain network by creating multiple cloned accounts from different IP addresses. In case of success the attacker can overtake the consensus algorithm and dictate their own will to the blockchain. This type of attack is rather rare, as the protocols are quite successful at preventing it, however, it happens from time to time. And it is extremely hard to detect.
DDos attack. This type of attack is not generally targeted at currencies themselves, but infrastructure like cryptocurrency exchanges. During this attack the attackers overflow the server by means of spamming it with huge amounts of garbage requests. This results in the target crashing or slowing down dramatically for a long time, unable to process requests from honest users. This attack may be used for things such as demanding the exchange owners cryptocurrency in return for a ceasefire. Another type of such an attack is the so-called ‘transaction flooding’ which leads to legitimate transaction failing.
Double spending. This type is as notorious as 51% (and sometimes they go hand-in-hand), and may be also a consequence of other attacks. It happens when one attacker uses a single coin or token in several transactions (such as selling the same thing to different people, getting money from them all, but transferring only to one, who can also be a ‘part of the scheme’. Or not paying at all). This malicious action can be of various types, too, such as ‘finney’ (a pre-mined block is created with one transaction, while another transaction is requested right before the block is released and the next transaction is then dismissed as invalid), ‘race’ (where two identical transactions are created, and while the first is sent to the buyer and accepted without confirmation in the network, the other in confirmed on the blockchain instead), simulated history (the second transaction is based on an alternative fork, and the attacker can invalidate the first transaction using the fork), etc.
Ransomware attack. Malware is used to take over a PC and threaten the victim for a ransom in crypto. In less severe cases this is blatant blackmail (there may be no actual control over the PC), in more serious cases the villain really takes over the victim's device, computer or data and blocks access to them until the ransom is paid. This malware may be installed by means of phishing, infected websites or software. It activates right away, giving the victim no option but to pay. Keeping away from suspicious links and software and updating the antivirus regularly can help to avoid this kind of attack.
Address poisoning. It's a rather new member of the malicious family, which tricks the user into sending their crypto to a wrong address, exploiting the tendency of people to read only the head and tail of addresses. The attacker creates addresses similar to real ones (with the same beginning and end), supposing that the victim would overlook the difference due to the length and complexity of the address. Unfortunately, it happens so quite often. But the attack can fail if the user checks the address up to a single symbol and avoids just copying it from the transaction history.
Eclipse attack. In this case the attackers’ target is a single node, while the rest of the network may remain unharmed. The attacker hijacks the links and isolates the targeted node (taking over several host nodes with unique IPs then makes it restart and its links will be redirected to the wrong, fake IP addresses). That’s where the title comes from: the node’s activity becomes ‘invisible’ for the rest of the world. Then the attackers gain complete control over the victim node and can do whatever they want (steal personal data, run double spending, steal mining power, create a new fork or simply crash it).
Replay attack. The title speaks for itself. The attackers simply copy some transactions or entries and replay them. As a result the villains take over valid data and can, for instance, easily fool the check systems. This type of attack can bring a lot of harm, giving the hacker access to sensitive and important information, however, blockchains can be protected from this by means of setting up timestamps and cutting down the number of possible repetitions for the same transactions.
Zero-day attack. This term describes a collective type of attacks, when a hacker exploits a so-called ‘zero-day’ vulnerability (such vulnerabilities are not detected at the testing stage and hardly ever foreseen, with a patch typically coming only after an attack has already happened). Thus this type might be called the deadliest as it is impossible to prevent and build the defense in advance.

Phishing attacks are also very common and a common starting point to many of the aforementioned cases. Scammers use it to get access to personal data (passwords, seed phrases, private keys) and pretend to be reliable honest people. They use email, fake applications or can even call by phone (so-called ‘vishing’). In order not to fall for this, a user or a wallet owner has to be cautious and keep away from any suspicious offers, emails, websites or applications and use such protection measures as MFA.

What else can be done?

First of all, the statement ‘well-informed means well-armed’ was not said for no reason. Being informed about recent attacks (as much as older ones), scams and pieces of advice given by experts, updating security software and communicating with the community will help keep crypto assets safe.

There is no use of rushing to invest into the first attractive project, either, before studying it carefully. DYOR will help to find the best option. Avoiding suspicious sites and links, using multi-factor authentication, staying in trend and taking care of personal software, system and devices are good practices. Just remember, that one can never be too careful.

previous post

March 28, 2023

Cybersecurity spending analysis of the final quarter 2022

Cybersecurity continues to be in trend according to the market analysis. Spending on cybersecurity projects continued growing steadily in the last quarter of 2022, however, the direct sales seemed to go down. Channel sales rose on the other hand.According to Canalys, the overall spending on cybersecurity technology remained strong in Q4 2022, with significant channel sales offsetting the decline in direct sales. The market grew by 14.5% to ...

Read more
next post

April 6, 2023

Benefits of blockchain technology

Blockchain is based on a distributed ledger technology where each node or device in the chain keeps a copy of the whole network. Each block contains a data set, the current block hash value and the previous block hash. The participants of this peer-to-peer network are able to see the same information in the individual blocks, making any transaction recorded in one place visible to each node or device, with the participants having the option ...

Read more