Note: This post is largely relevant to blockchains created using the Ethereum protocol. Some points are still salient for other blockchains, including ideas about attack mitigation.
What kind of attacks do blockchains face?
Aside from the classic Denial-of-Service attacks or bugs that haven’t yet been discovered, the very nature of Ethereum and blockchain in general make it susceptible to a few methods of subversion, especially when you’ve made your own altcoin on your own blockchain and your mining pool hashrate is still on the small side. Other attacks, such as replay attacks, are enabled by intentionally or unintentionally not enabling protection for them.
Do I need to worry about replay attacks off the Ethereum Mainnet?
That will depend on if you remembered to set the “chainId” in your genesis file to something different than a value of “1”. Replay attacks are when an attacker tries to copy a transaction from one blockchain to another built on the same technology. EIP-155 implements protection against someone re-transmitting a transaction from, for example, the Ethereum Mainnet on your blockchain by implementing the chain ID into the hash for the transaction.
Make sure you’re also specifying the EIP-155 field “eip155Block” as 0 in your genesis file to begin protection at the beginning of your blockchain, rather than whatever block the Mainnet was on when they made that fix. Coinpress.cc coins are by default created with unique chain IDs and EIP-155 blocks set to 0, and most guides floating around the internet incorporate the setting so there’s a good chance you’ve accidentally enabled it even if you don’t remember doing it.
Do I need to worry about 51% attacks?
The security of a proof-of-work blockchain comes from mining being distributed. The lower the hashrate of the network overall, the easier it is to attack. This problem is compounded by services such as Nicehash where you can immediately and affordably purchase massive mining power on-demand for minutes to days, dramatically dropping the capital outlay and time investment to attack blockchains in the short term.
If you’re using an ERC20 token, you’re not directly targetable per-se, but the underlying blockchain would be.
What do the attackers want to do with my blockchain?
In most instances, 51% attacks come with a ransom directed at the coin creators if they can be located. The demand is typically payment in the form of some other major crypto currency such as Bitcoin, Ethereum, or more commonly recently Monero due to the lack of traceability. No remediation is offered and the attackers generally offer to simply go away if payment is made, but with no real enforceable guarantee.
In other instances, a 51% attack could be used to double-spend your coins. Essentially, the attacker solves blocks faster than the rest of the network, writing their own version of history over the time of the attack and making sure the raw number of block solutions they have solved is higher than what the rest of the network has. They then spend their crypto coins on the legitimate blockchain, wait for their transaction to clear, and then merge in their version of the blockchain that says they never spent anything. Their version then becomes the official version by pure virtue of just having more blocks in it, as the Ethereum consensus protocol basically says whoever has the longest working chain wins. It’s a lot like buying things with a credit card, and then convincing the credit card company that you never made the purchases.
If attackers aren’t successful with the demand, they’ll typically threaten the double-spend attack. Even if they can’t profit from the double-spend, merging in a lot of fraudulent blocks is likely to wreak havoc on transactions and contracts. Due to the primary motivation being extortion, it’s not safe to assume that your crypto currency is safe purely by virtue of being small and unremarkable. In fact, you become a much cheaper and easier target.
What can I do if I’m the victim of a 51% attack?
It can be extremely tempting to simply give in to the attackers. After all that hard work and resources you’ve put into developing, marketing, and using your crypto coin, it can seem cheaper to simply pay them to go away. But you don’t have any guarantee that they actually will, or that they won’t simply come back under another name, purporting to be a totally new attacker whom must be paid off as well. Instead, you should consider these counterpoints to paying the ransom:
Time is on your side.
To maintain a 51% attack for any period of time is expensive. It means you have to buy or rent hashing hardware for the entirety of the attack, and if an attacker loses their lead on their number of solved blocks they will have wasted their time and money. Remember that all the hardware that is being used to attack your network could also be used to mine legitimate coins on a major blockchain that’s much easier to liquidate than your private blockchain. With costs ticking away by the minute, attackers have every reason to attempt to pressure you into settling as soon as possible before you become unprofitable.
The attacker doesn’t want your coins, just your money.
If they did, they’d just be mining with all that hashing power instead of wrecking your day. After-all, the margins on mining are already razor thin, especially if you’re renting hashing power, and dominating and dumping the coins from a small blockchain would tank the value of that coin. The attacker may damage the reputation of the coin by merging in fraudulent blocks or double-spending, but is extremely unlikely to have a positive return on investment from the practice.
How would I protect against a 51% attack?
While it’s impossible to prevent a 51% attack completely in a proof-of-work model, there are a few ways to reduce the attack vector.
Choice of algorithm can play a role in what kinds of attacks you will attract. For example, a coin based on Monero’s CryptoNight algorithm might be more vulnerable to botnets as Monero’s algorithm intentionally preferences CPU mining, a resource found in every compromised computer. Coinpress coins use Ethereum’s Ethash algorithm, which skews the mining power to computers equipped with expensive GPUs that tend to produce noticeable noise and heat when redlined for days. It’s possible to still acquire that power, as many GPU owners willingly sell their extra clock cycles to places like Nicehash, but at least it comes at a far higher cost than the clock cycles off infected machines. One approach taken by Reddit’s Garlicoin to avoid ASIC miners and Nicehash was hard forking in the middle of its popularity to an algorithm that neither the miner nor Nicehash supported, called Allium. There’s no guarantee Nicehash won’t simply add this algorithm in the future, however. Attacks shouldn’t be the primary consideration when making algorithm choices, but all factors should be considered when designing a new blockchain.
As mentioned above, the more hashing power a network has, the harder it is to attack. Fortunately, this generally means if you’re valued or big enough to be worth attacking, you’re probably also valued or big enough to attract substantial amounts of miners.
How do you get more hashing power into your network? Promote your crypto coin to miners and encourage multiple, competing mining pools. Announce it on Bitcointalk. Take a look around /r/altcoin for inspiration. For every additional piece of hardware mining your coin, an attacker would need to add an even faster piece of hardware to maintain hashrate superiority. This is the only option that wouldn’t require a hard fork of the entire chain.
Convert to Proof-of-Stake
Bit of a nuclear option, and covering this in anywhere near its entirety is out of the scope of this article, but proof-of-stake would severely hamper the ability of an attacker to hit your network. In a PoS setup, mining is by virtue of coin ownership rather than virtue of computing power. Essentially, in order to perform a 51% attack (barring a vulnerability), an attacker would have to own 51% of the coins. At that point, one could argue that it’s no longer an attack but instead a hostile acquisition.
Some risks are preventable and some can only be mitigated, depending on your goals for your platform. There’s a sweet spot where blockchains are large enough to be worth attacking yet small enough to make attacking them feasible. Most attacks are motivated by extortion and tend to be expensive to keep up for any length of time. Encouraging diverse groups of miners will keep the price of an attack high and keep your crypto coin from being an easy target.