Other Attacks
Learn some well-known attacks on a blockchain network in this lesson.
We'll cover the following
Besides the general double-spending attacks, there are also some well-known attacks on a blockchain network, such as the attack, the Finney attack, the transaction spamming attack, or the eclipse attack. Each one of these is in fact a special case of a race attack, thus the purpose is always to create a longer chain with a conflicting transaction.
The 51% attack
An attacker who wants to change the blockchain at a certain block would have to mine again all blocks from that block up to the blockchain head, while the network keeps on adding blocks to the blockchain. Hence, the attacker doesn’t only have to redo all the past work, they also have to keep up with the pace of the creation process of new blocks of the entire system and surpass it. As we’ve shown in this theorem
Definition: (51% attack)
A 51% attack is an attempt to get the majority of computational power in order to control the collective decision-making process.
However, as we’ve determined in this section, a successful double-spending attack is possible with any hash rate, i.e., an attack is still possible even if an attacker controls less than half of the computational power of the network. But, in this case, the probability of success depends on the percentage of the computational power the attacker controls and the number of blocks they want to outpace.
In the end, we can say that the trustworthiness of the blockchain relies on the assumption that no single entity can acquire the majority of the accumulated computational power of the whole system. As soon as an entity is able to control the majority of computational power, the blockchain’s integrity is undermined.
Finney attack
This attack is named after
“To cheat you, when he generates a block, he does not broadcast it. Instead, he runs down to your store and makes a payment to your address with his address A. You wait a few seconds, do not hear anything, and transfer the goods. He broadcasts his block now, and his transaction will take precedence over yours.”
In other words, the attacker secretly mines a block before releasing a transaction to the merchant, including in it a conflicting transaction , which sends some of their coins back to themselves without broadcasting this transaction to the network. When they find a block, they don’t broadcast it. Instead, they send a double-spend to a merchant for some goods of service, who just monitors that the transaction has propagated through the network. After the merchant has accepted the payment and provided the service, the attacker would broadcast the secretly mined block. The transaction that sends the value to themselves will then suspend the unconfirmed payment to the merchant.
Note that this attack only works if the merchant accepts unconfirmed transactions. Hence, it’s a zero-confirmation attack. In theory, the attacker can do the attack with any hash rate, in particular significantly less than of the network hash rate, just waiting for the time when they mine the next block.
Transaction spamming
Transaction spamming is an attempt to perform a denial-of-service attack on the network by creating many transactions where the attacker sends the funds to themself. This attack is unlikely to work in practice because there are reasonable countermeasures against it (
-
Only validate the transaction first received: As already mentioned, when a node receives a new unconfirmed transaction that conflicts with a transaction in its unconfirmed transactions’ memory pool, the subsequent transaction is ignored. Hence, the node only validates the transaction it receives first, whilst the other one is discharged, i.e., it’s deleted in the memory pool. This means that the node does not propagate the conflicting transaction further.
-
Introducing fees: A transaction spamming is made unattractive by introducing fees, making such an attack expensive.
Eclipse attack
Since open blockchain networks are decentralized peer-to-peer systems, each user is connected to other nodes to exchange messages in order to update the state of the local replica. To create a long-term connection between the nodes, each node is identified by its own IP address.
Get hands-on with 1400+ tech skills courses.