Content uploaded by Tauheed Khan Mohd
Author content
All content in this area was uploaded by Tauheed Khan Mohd on Aug 27, 2022
Content may be subject to copyright.
Risks in Blockchain - A Survey about Recent
Attacks with Mitigation Methods and Solutions for
Overall
Kristian Mrazek
Dept. of Math and Computer Science
Augustana College
Rock Island, United States
kristianmrazek17@augustana.edu
Brian Holton
Dept. of Math and Computer Science
Augustana College
Rock Island, United States
brianholton19@augustana.edu
Charles Cathcart
Dept. of Math and Computer Science
Augustana College
Rock Island, United States
charlescathcart19@augustana.edu
Jacob Speirer
Dept. of Math and Computer Science
Augustana College
Rock Island, United States
jacobspeirer19@augustana.edu
John Do
Dept. of Math and Computer Science
Augustana College
Rock Island, United States
johndo19@augustana.edu
Tauheed Khan Mohd
Dept. of Math and Computer Science
Augustana College
Rock Island, United States
tauheedkhanmohd@augustana.edu
Abstract—The purpose of this paper is to analyze the context
and attack surface of a variety of security breaches and attacks
on cryptocurrency blockchains. For many different types of
blockchain attacks, such as distributed denial-of-service (DDoS)
attacks and majority (51%) attacks, there is very little literature
investigating and comparing particular attack instances as op-
posed to focusing on general theoretical studies and mitigation
techniques. The attacks investigated here include a series of DDoS
attacks on the Bitfinex cryptocurrency exchange and a group of
instances of the 51% attack on thirteen different cryptocurrency
blockchains. The goal of this research is to find traits in the
context and attack surface that exacerbate the losses caused by
certain attacks as opposed to others. It will then propose solutions
and mitigation techniques based on the circumstances of the cases
where the impact of the attack was less serious.
Index Terms—blockchain, technology, security, bitcoin, online
markets
I. INTRODUCTION
The world of technology is constantly expanding, and new
technologies are being implemented to improve the efficiency
and accuracy of automated services and fulfill various needs.
One of these needs is the need to contain and store information
in order to process it and retain it for further use. The most di-
rect way of doing this using technology is to utilize databases.
Databases are structures that store digital information in a
computer system or, perhaps, a network of servers.
Databases are designed with the goal of containing large
amounts of information that can be conveniently accessed or
altered by users in various ways. The information in a database
is generally stored in a table format to allow users to view the
data in an intuitive manner.
The servers that the databases reside in are powered by
heavy-duty computers, so as to be able to deal with the
constant streams of bulky information being sent in and out.
This could be a large quantity of computers all hooked up to
one another in order to have as much capacity as is needed
by the users, as well as for the users to be able to access the
information more quickly. Although users can access and alter
information in the database, they generally cannot go much
further than that, as whoever maintains the database will most
likely be the only one with authorization to delve deeper into
that information.
In order to help mitigate the complexity caused by the vast
amounts of information that are constantly being stored within
databases, blockchain technology helps ease the process and
stores the information in a more streamlined way. This is done
through chaining data blocks in an order (generally chrono-
logical), with each block including a reference connecting it
to the preceding block.
In order to see the value of blockchain, one must be able
to see how blockchain differs from traditional databases. The
main difference between blockchain and normal databases is
the method in which blockchain’s information and data is
organized. A blockchain stores data in units or groups of
spaces called blocks. Each block has certain storage capacities
and once that capacity has been reached, the block will then
create a link, or ”chain,” with the block before, which has also
been filled to capacity. All these blocks of information chained
together create a ”blockchain” [1]. The iterative process of
creating new blocks and chaining them together is the main
focal point of the blockchain technology.
It is common to think of a blockchain as a ledger on which
a long series of transactions is permanently recorded over
time. When a transaction, such as a transfer of cryptocurrency,
occurs, the information regarding the transaction is first stored
in a block. The transaction is then broadcast out to every
computer on the same network to confirm that the transaction
is indeed legitimate. If the other users decide to confirm the
transaction, the block is appended to the current blockchain.
This is generally done using cryptographic hashing, where
the hash of a block depends on both the data stored and the
location of storage. The added block is given both its own hash
pointer as well as a pointer referencing the block preceding
it in the chain. The latter is what chains the blocks together,
since from one block it is possible to determine the block that
came before it in the sequence. The only block that lacks a
reference to a preceding block is the genesis, the first block
in the chain.
Cryptographic hashing also functions as a security measure
in and of itself. This is because if the data in any given
block is tampered with, the hash associated with it changes
completely and pseudo-randomly, allowing other users to
notice. To successfully fool the rest of the network, one needs
to now change the hash of every other block in the chain. Not
only can this require vast amounts of resources to accomplish,
but it is also futile: if the hash of the genesis block is known
to the community, it will be impossible to forge. The result of
this is that the blockchain is effectively immutable.
One of the most important unique traits of blockchain
as opposed to other data structures is the fact that it is
decentralized. This means that there is no central authority
to appeal to regarding the validity of information; validations
are done on a consensus basis. Every user on the network has
their own copy of the ledger, and the user will update their
copy depending on the transaction broadcasts they hear. The
correct chain will always be determined by what the majority
agrees on; that is, the consensus. By contrast, with other types
of databases, all machines on the network are generally housed
under one building, and one person or organization generally
holds the rights to determine the validity of information.
Despite the impressive security of blockchains, there are still
faults in the system that can yield disastrous consequences
if exploited. One of the most well-known is the majority
attack, or 51% attack, in which the attacker or attackers are
able to get control 51% or more of a network’s hashing
power [2]. Another common variety is the distributed denial-
of-service (DDoS) attack, which disrupts the functionality of
the blockchain, often making it impossible to add new blocks
[2]. A third type is selfish mining, in which data miners (the
individuals responsible for building the chain) work on their
own private blockchains with the goal of creating a longer
chain than the public one [2]. These will be explained later
on in greater detail.
The reason why more countermeasure upgrades to the
blockchain technology is so vital to the bitcoin market and
transactions systems is that it has real world consequences
if these issues are not addressed soon enough. Since online
transactions have become more common in today’s current
stock markets and virtual trading sites, so too has the use
of Bitcoin. The widespread use of Bitcoin brings problems
caused by malicious codes created by hackers to target the
transactions of Bitcoins. Many billion dollar companies have
lost millions due to these scripts. For example, a Japanese
bitcoin exchange company called Mt. Gox located in Tokyo,
Japan, reported a loss of 8.75 million USD due to hacking
as most likely caused by DDoS attacks in the month of June
2011 [3]. Mt. Gox suffered through even more hacking attacks
due to faulty security systems and lost an astounding 470
million USD in February 2014 which resulted in them filing
for bankruptcy [3].
These problems have real world consequences that can
affect the digital economy, and they have clearly raised aware-
ness of the need for better security systems for blockchain
technology. Since blockchain is the most common piece of
technology when it comes to protecting the integrity of digital
money transactions, the danger caused by security and privacy
vulnerabilities is severe. This is exemplified by instances of
hackers stealing millions of profits. These consequences are
why it is so important to understand the impact that blockchain
can have since it can carry with it a vast amount of growth or
decline in digital markets.
The goal of this survey is to collect information on and
analyze a series of attacks on blockchain systems throughout
the past five years. It will also be determined what additional
security measures could have been used to prevent or mitigate
the effects of these attacks.
II. RE LATE D WORK
Many experiments and studies have been done in re-
cent years to test out the integrity and resourcefulness of
Blockchain. In order to ensure that Blockchain is as secure
as possible, one must explore its security features to ensure
that its protocols are up-to-date.
In order to understand Blockchain, it is important to first
understand smart contracts. According to Atzei et. al. [4],
smart contracts are computer programs that can be correctly
executed by a network of mutually distrusting nodes without
the need of an external trusted authority. The advantages
of a smart contract are the lack of a central mediator as
well as a reduction in enforcement costs and negotiations.
Smart contracts are also designed to reduce the prevalence of
malicious and accidental exceptions. One may wish to think of
smart contracts as a vending machine, as described by Nick
Sbazo: with the right inputs, a certain output is guaranteed.
A smart contract has the logic placed into it, and therefore
eliminates the need for intermediaries in many industries.
Ethereum is a decentralized open-source blockchain featuring
smart contracts. Ether, which is the native currency of the
platform, is the second largest cryptocurrency behind Bitcoin
based on market capitalization. Atzei et. al. go into depth about
the recent attacks on Ethereum smart contracts.
Risks in blockchain apply to both the organizational envi-
ronment and the competitive one. Organizational risks include
network effects (one user’s impact on another, whether positive
or negative), digital payment platforms (technical glitches or
the finality of the transactions), and new business models (such
as a company taking care of the conversion of cryptocurrency
to paper or traditional currency) [5]. One of the most serious
problems with a competitive environment are consumers’
payment behaviors, as any large scale disruption can have
instant negative effects must be substantially decreased before
large scale adoption by the consumers is likely. The paper
by Lindman et. al. goes more into depth about each of these
issues and poses questions regarding each of them.
Since Bitcoin was introduced in 2009, cryptocurrencies
have seen a rise in popularity and significance. Blockchain
was introduced to make peer-to-peer payments, though it is
now used for smart contracts, which can encode any set of
rules in a programming language [6]. A contract can execute
transfers when certain events happen, like making deposits
on a mortgage. Ethereum and Bitcoin allow you to order
transactions, decide which transactions to accept, set a block
timestamp, and so on. Luu, Chu, Olickel, and company, the
people that wrote Making Smart Contracts Smarter, go on to
document new classes of bugs in the security of Ethereum,
propose solutions to said bugs, provide and run OYENTE,
which they describe as a symbolic execution tool which
analyses Ethereum smart contracts to detect bugs.
In 2017, Lindman et. al. [5] present a comprehensive
research agenda for the study of development and utilization
of blockchain technology. This publication also introduces
possible research problems and derives research questions
from these. One potential development is having financial
instrumentation built into blockchain technology, which can
prevent repercussions such as false disputes and forgeries.
One major issue that has not yet been raised is the legal
situation of blockchain, discussed by Zetzsche et. al. [7]. Some
of these risks are investment fraud, derivatives, commodities,
central bank functions, money laundering, and taxation. This
paper goes into the potential liability of distributed ledger
technology (DLT) participants. Distributed ledgers are often
hailed as the answer to ever-increasing cybersecurity risks, and
it is even commonly believed that legal liability will simply
go away with DLT. While distributed ledgers may be more
secure than traditional centralized ledgers, recent events call
for an analysis of who will bear losses and responsibility for
damages in connection with a blockchain [7]. The paper then
gives examples of this and further explains the legal risks of
blockchain.
In early 2019, Dasgupta et. al. [8] performed a general
inquiry into the structure of Blockchain with an emphasis on
the technology’s security features and vulnerabilities. Early on
in this paper, it was attempted to cover every major type of
possible attack on blockchain in some level of detail. These
include double-spending attacks, 51% attacks, and DDoS
attacks. It groups the vulnerabilities and attacks into eight dif-
ferent categories: vulnerabilities resulting from cryptography
limitations, vulnerabilities in identity, manipulation attacks,
vulnerabilities caused by the rise of quantum computing,
attacks caused through the use of a strong reputation, ser-
vice vulnerabilities (e.g. DDoS attacks), malware attacks, and
vulnerabilities caused by third-party applications.
Later in 2019, Saad et. al. [2] released survey of a similar
nature. In contrast to the one released by Dasgupta et. al.,
which was an overview of blockchain with a focus on security,
this work focused almost entirely on theoretical explanations
of different types of weaknesses in blockchain and ways
in which these weaknesses could be exploited. The chief
purpose of the paper was to recognize the limitations and
vulnerabilities caused by the structure of blockchain, namely
the fact that the structure of the network is easily compromised
by internal and external parties alike. It was also claimed that
the primary consensus protocols used in blockchain (”Proof of
Work” and ”Proof of State”) encourage selfish behavior among
data miners.
Later that year, Zhang et. al. [9] remarked on the lack
of scholarly work on the properties of blockchain’s existing
security features. Most works related to blockchain focused
on either analyzing specific attacks or proposing new security
measures to combat particular types of attacks. The survey
proposed by Zhang et. al. covered security features inherent
to the structure of blockchain (e.g. cryptography) as well as
extra security measures that were either implemented or in
the process of being implemented at the time. It also covered
the types of attacks seen in the works of Dasgupta et. al. and
Saad et. al., but additionally discussed how different security
features work to combat or mitigate them.
A 2020 survey by Li et. al. [10] goes in depth about the
security and the risks of blockchain. These range from general
risks such as vulnerability at 51%, criminal activity, and
double spending, to specific risks, like under-optimized smart
contracts. Some vulnerabilities to smart contracts include
exception disorder, reentrancy vulnerabilities, the randomness
bug, or timestamp dependency. There are more vulnerabilities
and risks than are listed here, and the paper goes in-depth
about each risk/vulnerability, but they all revolve around smart
contracts, some of which are on Ethereum.
III. FINDINGS
This paper will go into depth primarily about two different
types of attack: distributed denial-of-service (DDoS) and ma-
jority (or 51%) attacks. The reason for this is that these are
generally large-scale attacks with network-wide consequences,
since they involve an attacker either drastically decreasing the
efficiency of the network or gaining enough power to seize
control of its operations. Many other types of attack, such as
Eclipse attacks and selfish mining, still have the potential to
cause a significant negative impact on the network. However,
they are generally more damaging on a peer-to-peer level
than a system-wide one, and therefore have fewer particularly
significant and well-documented cases by comparison. Hence,
DDoS and 51% will be the main focus of the rest of this paper.
A. Distributed Denial of Service (DDoS) Attacks
The first kind of attack that will be addressed here is the
distributed denial of service (DDoS) attack. DDoS attacks are
virtual attacks on users’ computers that will flood their servers
with numerous requests that will lead to a malfunction by
overloading the system [3]. This will lead to halts in online
transactions and prevent services from continuing. DDoS also
involves attacks that include consuming users’ systems by
exceeding their bandwidth by using the same network and
PPS (Packet Per Second). This leads to an internal system
failure or the prevention of accessing other servers. Another
variant of DDoS is the HTTP flooding attack that transfers vast
quantities of HTTP packets to a server that a hacker wants to
target to again prevent the service of transactions [3]. Since so
many Bitcoin services can be at the mercy of these types of
attacks stemming from DDoS, more precautions and upgrades
to the Blockchain technology are needed in order to mitigate
the faults that Blockchain could possibly fall victim too.
In a DDoS attack, the attacker works to impede the perfor-
mance of the blockchain, usually by flooding the network with
phony ”dust” transactions and slowing it down, if not rendering
it nonfunctional for a period of time. This is often executed by
the attacker creating multiple fake ”Sybil” accounts (or nodes)
to address the transactions to [11]. Among different cryptocur-
rency blockchains, ones with slower transaction processing
rates such as Bitcoin are more vulnerable to DDoS attacks
than ones with faster transaction rates such as Ethereum.
The attacker will then address a large number of dust trans-
actions from their own reserves (called unspent transaction
outputs, or UTXO’s, in Bitcoin) to the Sybil nodes. These
transactions are low in value so that the attacker can divide up
their own resources in a way that generates the most individual
transactions while minimizing the cost. After this, the Sybil
nodes will begin to exchange the transactions with each other,
exacerbating the issue. As this process is computationally-
intensive, it leads to heavy delays in the transactions of honest
nodes as the network focuses on the dust transactions instead.
With cryptocurrencies such as Bitcoin, this results in a large
number of transactions of low value sitting in the mempool.
The mempool is where pending transactions wait until they
are confirmed as legitimate by the rest of the network, mined,
and stored in the blockchain.
A successful DDoS attack has consequences, some of which
are quite serious. Hence, this is one way in which the decen-
tralized nature of blockchain turns out to be a double-edged
sword. When the attack is targeted towards a cryptocurrency
exchange, the exchange will suffer a negative economic impact
due to the fact that it is not receiving the transaction fee that it
normally charges. The attack also has an economic impact on
the honest users of the exchange, since the users must pay a
mining fee in order to get their transactions mined and added
to the blockchain. The cost of the mining fee becomes greater
when the mempool is crowded with fake transactions [2].
A particularly significant series of examples that will be
analyzed here are the attacks on Bitfinex, a cryptocurrency
exchange in Hong Kong. Between 2016 and 2018, the ex-
change was hit by a series of seventeen DDoS attacks. Of
these attacks, ten rendered the Bitfinex platform temporarily
unavailable while the remaining seven simply decreased its
efficiency. Abishta et. al. [12] constructed a model to estimate
how much cryptocurrency was being exchanged (a measure of
the performance of the exchange’s systems) based on varia-
tions in the price of the cryptocurrency over the period of 2016
to 2018. It was found that, in the case of 13 of 17 of the attacks,
the exchange was able to recover economically the same day
as the attack; hence, these attacks had less severe impacts.
Additionally, the remaining two attacks (which took place on
20th June 2016 and 5th June 2018) had negative economic
impacts on the exchange that lasted for over five days. It
was concluded that these more serious cases resulted from the
fact that multiple different platforms that the exchange were
running were rendered unavailable.
Some solutions have already been proposed to discourage
DDoS attacks on cryptocurrency blockchains. Saad et. al. [11]
proposed and simulated the effectiveness of both fee-based and
age-based methods for deterring DDoS attacks of the mempool
flooding variety. The fee-based design seeks to block the spam
transactions by only admitting transactions into the mempool
if they can afford the relay and mining fees; in contrast, the
age-based design imposes a ”minimum age limit” for the trans-
actions that weeds out the dust transactions. Baek et. al. [13]
focused on early detection instead of prevention, proposing a
prediction algorithm using an unsupervised machine learning
technique called principal component analysis (PCA) as well
as data from Bitcoin. However, this method was stated to have
a weakness in that it has a difficult time showing the difference
between normal blocks and blocks impacted by the DDoS
attack.
The goal of the inquiry performed here will be to isolate
reasons as to why some of these attacks led to more se-
vere consequences (e.g. causing temporary unavailability and
damages lasting longer than five days as opposed to merely
causing brief periods of lag) than others. It is worth noting
that there seems to be a lack of literature on the prevention
and mitigation of DDoS attacks on blockchain, even though
there are many papers discussing the use of blockchain itself
to mitigate DDoS attacks on other services. Mitigation and
prevention techniques will also be proposed to combat attacks
of a similar nature in the future and prevent them from
reaching the levels of severity found in the 20th June 2016
and 5th June 2018 attacks.
B. Majority (51%) Attacks
Another kind of attack is the majority (51%) attack. A 51%
attack is an attack where a miner or a pool of miners gain
control of 51% of the hash rate. Hash rate is the measuring
unit of processing power in a Bitcoin network. The miner who
solves the equation generated by the system gains the ability
to confirm transactions and put them in a block where they
become irreversible. If an attacker gained control, they would
be able to solve their own block of transactions. It would
also result in two conflicting blocks trying to be added to
the blockchain. Since the attacker’s block has the majority of
the mining power of the network, it would be added to the
blockchain [14]. This is because of the fact that the attacker
can add blocks faster than the rest of the network, and the
longest blockchain is the accepted one.
The attacker’s block could include fraudulent transactions
which financially benefit the attacker. The attacker would
also be able to reverse past transactions which need to
be confirmed, or they could cancel their own transactions
before they are confirmed. Cancelling their own transaction
would cause the cryptocurrency to go back to their account
which would create a situation where they can spend the
same cryptocurrency multiple times, a phenomenon known as
double-spending. The attacker would also gain currency from
the miner rewards. Miner rewards are compensation offered
to miners for their efforts in updating the blockchain and
mining coins. The attacker will keep receiving miner rewards
because they hold a majority of the hash power of the network.
Additionally, it is worth noting that 51% of the total hashing
power is only needed to gain total control of the network, and
plenty of influence over the network can still be gained with
as little as 25% of the total hashing power [15].
While 51% attacks were a rarity before 2018, with only a
handful of cases being reported, they have rapidly increased in
frequency and magnitude ever since. The success rate of these
kinds of attacks has also increased. In 2018, Shanaev et. al.
[16] performed a study on known 51% attacks on 13 differ-
ent proof-of-work cryptocurrency blockchains: Bitcoin Gold,
Bitcoin Private, Electroneum, Karbo, Feathercoin, Krypton,
Litecoin Cash, MonaCoin, Pigeoncoin, Shift, Terracoin, Verge,
and ZenCash. Aside from Krypton and Shift in 2016 and
Terracoin and Feathercoin in 2013, all of the attacks occurred
in 2018. Verge was particularly notable in that it had suffered
not one, but two instances of the 51% attack over its lifetime
at the time of the experiment. The inquiry used event study
methodology to look into the impact of the attacks on the
value of the currency. For every cryptocurrency, it was found
that there was a significant negative impact on the price and
profitability of the coin for each attack. Furthermore, 70% of
the coins used in the survey had negative cumulative and buy-
and-hold abnormal returns (measures of the difference between
the actual and expected returns) following the attacks.
There appears to be a noteworthy lack of intensive analysis
of specific 51% attacks on blockchain in the literature. Most
studies tend towards theoretical scenarios or techniques for
mitigation and prevention. Likewise, few studies seem to
probe into specific instances of 51% attacks and compare
them to make conclusions about what may have led to and
exacerbated attacks that were more damaging than others.
This likely originates from the fact that 51% attacks are
computationally intensive for the attacker, making them rarer
than other kinds of attacks, though quite serious when they
do happen. Therefore, the goal of this study in analyzing 51%
attacks is to look into the circumstances that resulted in the
more severe attacks detailed by Shanaev et. al. and propose
ways in which they could have been circumvented.
IV. DISCUSSION
This paper has looked at two of the most common types
of blockchain attacks: DDoS and 51% attacks due to the
widespread effect each attack has on the network. There are
prominent examples of both types of attacks and the damage
each attack varies considerably. Despite the potential damage
TABLE I
QUAL ITATIV E COMPARISON BETWE EN DDOSAN D 51% ATTACKS
Blockchain
Attacks Method Consequence Real-life
impact Examples Prevention
Distributed
Denial of
Service
(DDoS)
Attacks
Consumes
users’
systems by
exceeding
bandwidth
Network
servers are
flooded
with ”dust”
transactions
leading to
overload
failures
Mining
fees to add
transactions
to
blockchains
are greater
due to an
overload
of fake
transactions
Bitfinex was
affected by
17 DDoS
attacks that
led to their
transaction
program
being
disabled
and slowed
Fee-based
methods
are able
to block
”Sybil”
transactions
by requiring
a mining fee
to enter the
mempool
Majority
(51%)
Attacks
Blocks are
manipulated
at attacker’s
will because
the longest
blockchain
holds
majority
power
Hackers can
reverse past
transactions
or cancel
them before
confirma-
tion
Hackers
will receive
a large
amount
of miner
rewards for
holding a
majority of
the hash
rate
Bitcoin
Gold,
Mona Coin,
Zen Cash
and other
companies’
cryptocur-
rencies lost
their value
and price
Systems
could be
put in
place to
prevent the
hash rate’s
percentage
from
exceeding
50% with
thresholds
of both types of attack, there is a lack of rigorous analysis of
ways to mitigate and prevent both types of attacks.
It is clear that more time and energy needs to be devoted
to blockchain security. The lack of literature on the subject of
mitigating and preventing such attacks hinders the network’s
ability to protect itself. The attacks destabilize and damage a
network, it can lead to problems for investors. Real-life cases
of blockchain attacks should be analyzed and examined so that
new blockchain security techniques can be developed. Attacks
like the ones on Bitcoin Gold and Bitfinex are examples of
the flaws in blockchain security and should be used to find
ways to prevent future attacks.
Most of the literature regarding 51% attacks focus on
theoretical situations and mitigation and prevention techniques
in those scenarios. This is not to say that finding solutions to
future problems carries no benefits. However, cybersecurity
techniques for real-world problems should take precedence. If
these problems are not resolved, then they could potentially
lead to larger and more damaging problems. Additionally,
time and money is targeted towards finding solutions for
future problems, attackers will be able to keep using the same
methods to exploit blockchain networks.
A. Possible Solutions for Overall Improvement in Blockchain
Although there has not been much research that has delved
into finding possible mitigation techniques to counteract the
previously mentioned attacks, much scholarly analysis has
been performed to seek solutions for the overall improvement
of Blockchain technology that could in turn reveal new find-
ings that could possibly coincide with the prevention of these
attacks.
In a recent study by Bojana Koteska, Elena Karafiloski and
Anastas Mishev at the University of Ss. Cyril and Methodius, a
number of solutions regarding the improvement of Blockchain
technology were proposed to address issues in Blockchain’s
”scalability, latency, throughput, cost-effectiveness, authenti-
cation, privacy, security, etc.” [17] They went through each
quality issue and proposed a new solution that could improve
Blockchain’s performance in the area, although with a few
caveats. The purpose of this study was to ensure that any
Blockchain implementations be done with the purposes of
providing data integrity, security, reliability, and node privacy.
To work around issues with scalability and to improve
security, Blockchains need large amounts of full nodes to
create a decentralized system. Since there are large numbers
of said nodes, each blockchain, or group of them, needs to be
programmed for different purposes. Some could be used for
specific purposes such as the particular transactions of two
certain customers while the other group of blocks are used
for more generalized tasks such as maintaining the number
of blocks. The reason behind these blocks having different
tasks is that Blockchains could then use each other to provide
security for the other regardless of their purpose.
To this end, a solution regarding the improvement of au-
thentication issues is to utilize the Blue Wallet device which
is a ”Bitcoin hardware token which secure[s] and sign[s]
Bitcoin transactions and communicates by using Bluetooth
Low Energy” [17]. This could help to combat DDoS attacks
due to adding extra security measures. Another solution is
to build a certification system that ensures that transactions
can only be performed by certified users. This system would
also need to ensure that Bitcoin addresses were created by
only trusted authorities. These authorities would be approved
by blocks tasked with verifying their integrity. There is also
the widely used method of two factor authentication that
is used alongside a user’s mobile device, which could be
proposed specifically for Bitcoin wallets. All these solutions
could also help to combat the risk of a user gaining 51% of a
Blockchain’s hashing power by making them go through these
authentication gates and checking to see if they pass.
Another important aspect to consider is the privacy of users’
transactions. This can be addressed by using a permissioned
Blockchain that will allow developers to grant permissions to
participants in order to verify the security, independence, and
source of trust for a digital identity. This can be done with the
implementation of what is called a Chain Anchor system. It
is designed for the aforementioned permissioned Blockchains,
but also adds an extra layer of identity and privacy preserving
methods. It is a human resource information management
system that reduces the risk of authenticity corruption and
provides authentic decision support information to the organi-
zation using it by using consensus mechanism, smart contract,
accounting, and payment functions.
V. CONCLUSIONS
Blockchain is most certainly a useful piece of technology
that has recently been implemented for a variety of different
purposes. However, the more widespread use of it comes
with a need for improvement. This is because issues arise
regarding the vulnerability of the system in the areas of
privacy, authentication, and security.
Many surveys have shown that the most common types of
attacks that could put these areas at risk are the 51% and DDoS
attacks. Much scholarly analysis and research has been done
to try and prevent these outcomes that could prove disastrous
for tech companies, especially in regards to economic impact.
With how recent these attacks are, more study is required
with regards to these attacks, as there is not enough academic
analysis done to investigate these. However, there have been
a number of studies done in order to optimize the overall
stability of Blockchain technology, and these could help lead
to more solutions and mitigation techniques for these attacks.
This would overall further develop Blockchain technologies
for wider and more commercial use by common users and
large companies.
REFERENCES
[1] D. Yaga, P. Mell, N. Roby, and K. Scarfone, “Blockchain technology
overview,” arXiv preprint arXiv:1906.11078, 2019.
[2] M. Saad, J. Spaulding, L. Njilla, C. Kamhoua, S. Shetty, D. Nyang, and
A. Mohaisen, “Exploring the attack surface of blockchain: A systematic
overview,” arXiv preprint arXiv:1904.03487, 2019.
[3] J. H. Park and J. H. Park, “Blockchain security in cloud computing: Use
cases, challenges, and solutions,” Symmetry, vol. 9, no. 8, p. 164, 2017.
[4] N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on ethereum
smart contracts (sok),” in International conference on principles of
security and trust, pp. 164–186, Springer, 2017.
[5] J. Lindman, V. K. Tuunainen, and M. Rossi, “Opportunities and risks
of blockchain technologies–a research agenda,” 2017.
[6] L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making smart
contracts smarter,” in Proceedings of the 2016 ACM SIGSAC conference
on computer and communications security, pp. 254–269, 2016.
[7] D. A. Zetzsche, R. P. Buckley, and D. W. Arner, “The distributed liability
of distributed ledgers: Legal risks of blockchain,” U. Ill. L. Rev., p. 1361,
2018.
[8] D. Dasgupta, J. M. Shrein, and K. D. Gupta, “A survey of blockchain
from security perspective,” Journal of Banking and Financial Technol-
ogy, vol. 3, no. 1, pp. 1–17, 2019.
[9] R. Zhang, R. Xue, and L. Liu, “Security and privacy on blockchain,”
ACM Computing Surveys (CSUR), vol. 52, no. 3, pp. 1–34, 2019.
[10] X. Li, P. Jiang, T. Chen, X. Luo, and Q. Wen, “A survey on the security
of blockchain systems,” Future Generation Computer Systems, vol. 107,
pp. 841–853, 2020.
[11] M. Saad, M. T. Thai, and A. Mohaisen, “Poster: deterring ddos attacks
on blockchain-based cryptocurrencies through mempool optimization,”
in Proceedings of the 2018 on Asia Conference on Computer and
Communications Security, pp. 809–811, 2018.
[12] A. Abhishta, R. Joosten, S. Dragomiretskiy, and L. J. Nieuwenhuis, “Im-
pact of successful ddos attacks on a major crypto-currency exchange,” in
2019 27th Euromicro International Conference on Parallel, Distributed
and Network-Based Processing (PDP), pp. 379–384, IEEE, 2019.
[13] U.-J. Baek, S.-H. Ji, J. T. Park, M.-S. Lee, J.-S. Park, and M.-S. Kim,
“Ddos attack detection on bitcoin ecosystem using deep-learning,” in
2019 20th Asia-Pacific Network Operations and Management Sympo-
sium (APNOMS), pp. 1–4, IEEE, 2019.
[14] D. Bradbury, “The problem with bitcoin,” Computer Fraud & Security,
vol. 2013, no. 11, pp. 5–8, 2013.
[15] P. Stetsenko, G. Khalimov, and Y. Kotukh, “Analysis of attack surfaces
on blockchain systems,” 2020.
[16] S. Shanaev, A. Shuraeva, M. Vasenin, and M. Kuznetsov, “Cryptocur-
rency value and 51% attacks: evidence from event studies,” The Journal
of Alternative Investments, vol. 22, no. 3, pp. 65–77, 2019.
[17] B. Koteska, E. Karafiloski, and A. Mishev, “Blockchain implementation
quality challenges: a literature,” in SQAMIA 2017: 6th Workshop of
Software Quality, Analysis, Monitoring, Improvement, and Applications,
pp. 11–13, 2017.
