SlideShare una empresa de Scribd logo

Real Attacks on Blockchain Systems & Countermeasures

N
NUS-ISS

In this talk, the speaker will survey the security attacks on blockchain and compartmentalise attacks that are generic to IT systems, singling out real attacks specific to blockchain and their countermeasures.

Tecnología
1 de 38
Descargar para leer sin conexión
Real Attacks on Blockchain Systems & Countermeasures Ng Kok Leong #ISSLearningFest
“51% Attack on blockchain is Real” #ISSLearningFest https://www.investopedia.com/news/bitcoin-gold-hack-shows-51-attack-real/
Real Attacks on Blockchain #ISSLearningFest
List of Attacks on Blockchain (grouped by security domains) #ISSLearningFest Attack  Year Category Exploit Value Root Cause (1) Blockchain  Vulnerability (2) System  Vulnerability (3) Software  Vulnerability (4) Network  Vulnerability Unknown  Mt. Gox 2011 C1 Several thousand BTC Deficiencies in network protocols 1 Bitfloor  2012 C2 24,000 BTC ($250K) Bitfloor’s server was hacked to leak an  unencrypted backup of the wallet keys 1 Instawallet  2013 C4 35,000 BTC Instawallet was hacked 1 Bitcoin Foundation 2013 C6 A generation bug with old pseudo random number 1 Sheep Marketplace 2013 C4  5400 BTC  One site vendor exploited a vulnerability 1 Mt. Gox 2014 C4 650,000 BTC ($450M) A bug in software to allow users to modify transaction IDs 1 Dell SecureWorks 2014 C1 $83,000 BGP hijack 0.5 0.5 DAO 2016 C4 $50M  Code weakness: subtle game‐theoretic weaknesses 1 1 Bitfinex  2016 C2 & C4 119,756 BTC ($65M) Hackers stole BTC. 1 Ethereum network 2016 C1 & C4 DDoS attack: calling EXTCODESIZE opcode roughly 50,000 times per block 1 Gold HKG  2017 C4 A bug with contract code that read “=+” instead of “+=” 1 Parity Wallet  2017 C4 $30M Addresses were comprised (Delegate call+exposed self‐destruct) 1 SmartBillions  2017 C4 400 ETH ($120,000) Broke into smart contract Broken caching mechanism 1 Parity Wallet  2017 C4 $300M An undiscovered bug of not proper initialization (Delegate call+unspecified modifier) 1 Cryptojacking  2017 – 2018 C2 & C4 ‐ Hacked and inserted cryptomining script or cryptojacking code 1 PoWH 2018 C4 888 ETH a bug on Integer overflow 1 Spankchain 2018 C4 165.38 ETH Reentrancy attack 1 Bitcoin Gold (BTG) 2017 July $18m 51% attack 1 IOTA 2019 C2 $3.9M A phishing attack to collect the users' privacy keys 1 IOTA 2020 C4 Custom‐made hash‐function was broken 1 Cashaa 2020 C2 More than 336 BTC Suspect a piece of malware was installed onto the system 1 2gether 2020 C2 $1.3M 2gether's servers was hacked 1 Bitcoin Gold (BTG) 2020 Jan $70k 51% attack 1 Ethereum Classic (ETC) 2020 July $5.6m 51% attack 1 Bitcoin SV (BSV) 2021 Aug 51% attack 1
Attacks specific to Blockchain Vulnerability • 51% attack – cryptocurrency • Reentrancy attack – smart contract #ISSLearningFest
51% Attack #ISSLearningFest
Case: Attacker stole 807k ETC ($5.6 million) in Ethereum Classic 51% Attack, 31/Jul/2020 #ISSLearningFest Image - https://medium.com/hackernoon/ethereum-classic- attacked-how-does-the-51-attack-occur-a5f3fa5d852e
Double Spending #ISSLearningFest
Definition: Double-spending #ISSLearningFest Source - https://www.investopedia.com/terms/d/doublespending.asp
Definition: Double-spending > Double-spending problem #ISSLearningFest Double-spending is a potential flaw in a digital cash scheme in which the same single digital token can be spent more than once. This is possible because a digital token consists of a digital file that can be duplicated or falsified. Source - https://en.bitcoinwiki.org/wiki/Double-spending
Definition: Double-spending > Two Necessary Properties of Cryptocurrency 1. Unforgeability – achieved using digital signature 2. No double spending – achieved using blockchain (as public ledger, anyone can see the spending) #ISSLearningFest
Blockchain > The Block #ISSLearningFest
Bitcoin utilizes blockchain to achieve no double spending #ISSLearningFest Image - https://www.gemini.com/cryptopedia/what-is-bitcoin- and-how-does-it-work#section-understanding-bitcoin
What is the block in blockchain: Bitcoin transactions are grouped together into “blocks” #ISSLearningFest Image - https://www.gemini.com/cryptopedia/what-is-bitcoin- and-how-does-it-work#section-understanding-bitcoin
Blockchain > Chaining the blocks #ISSLearningFest
What is the chain in blockchain: Each block is chained onto previous block through hash function #ISSLearningFest Image - https://www.ig.com/en/trading-strategies/what-is-blockchain- technology--200710
Cryptographic One-Way Hashing Hash output is like a fingerprint in digital world #ISSLearningFest Image - https://www.freecodecamp.org/news/how-bitcoin-mining-really-works- 38563ec38c87/
Blockchain > Distributed Ledger (database) #ISSLearningFest
Any node in public ledger can create the block #ISSLearningFest Image - https://www.researchgate.net/publication/320127088_Blockchain_Implem entation_Quality_Challenges_A_Literature_Review/figures?lo=1
The first miner to solve the math puzzle get to create the block and receive bitcoin as reward #ISSLearningFest Image - https://forkast.news/proof-of-work-what-is-it-bitcoin-halving/
Blockchain > Resolving Blockchain Conflict #ISSLearningFest
Blockchain Conflict #ISSLearningFest In scenario where 2 different miners solve the math puzzle at the same time, and add their blocks to the last known block in the chain, would result in blockchain conflict. The two branches after Block 103 are valid. The next mined block may be added in either of the branches. Image - https://www.tutorialspoint.com/blockchain/blockchain_resolving_conflicts.htm
Resolving Blockchain Conflict #ISSLearningFest Suppose, the miner adds the newly mined block to Block 104-A, the branch containing Block 104-A will be longer than the branch containing Block 104-B. In Bitcoin architecture, the longest branch always wins, and the shorter ones are purged. So Block 104-B has to be purged. Image - https://www.tutorialspoint.com/blockchain/blockchain_resolving_conflicts.htm
How to double spend? #ISSLearningFest Alice has $10 Alice > Bob $10 Alice has $0 Alice has $10 Create a fake branch faster than the authentic branch
51% Attack #ISSLearningFest
Definition: 51% attack #ISSLearningFest Source - https://www.thebalance.com/what-is-a-51-attack-5207550
Mining Power measured by Hashrate #ISSLearningFest Source - https://bitflyer.com/en-eu/s/glossary/hashrate
Bitcoin Hashrate #ISSLearningFest Image - https://www.bitcoinmarketjournal.com/wp- content/uploads/2021/06/bitcoin-hashrate-chart.jpg
51% Attack > Ethereum Classic 51% Attack #ISSLearningFest
Case: Attacker stole 807k ETC ($5.6 million) in Ethereum Classic 51% Attack, 31/Jul/2020 #ISSLearningFest Image - https://medium.com/hackernoon/ethereum-classic- attacked-how-does-the-51-attack-occur-a5f3fa5d852e • Double-spent 807,260 ETC ($5.6 million) • Spent 17.5 BTC ($129k) to acquire the hash power for the attack. • Received 13K ETC as block mining reward
51% Attack > Countermeasures #ISSLearningFest
Countermeasures 1: Higher Hashrate #ISSLearningFest Source: BitInfoCharts
Estimate: Cost of 51% attack on Bitcoin is USD 15 billion #ISSLearningFest https://www.bitpanda.com/academy/en/lessons/what-is-a-51-attack-and-how-is- it-prevented/
Countermeasures 2: Truly Decentralized Network #ISSLearningFest “It’s almost impossible to pull that (51% attack) off in established blockchains like Bitcoin and Ethereum. This phenomenon has been experienced by some small chains that are not really decentralized” Avinash Shekhar, Co-CEO, ZebPay Source - https://economictimes.indiatimes.com/markets/cryptocurrency/what-are-51-attacks-in- cryptocurrencies/articleshow/85802504.cms?from=mdr
Global distribution of bitcoin nodes #ISSLearningFest Image - https://medium.datadriveninvestor.com/blockchain-getting- started-what-is-bitcoin-full-node-40460f3acafa
Countermeasures 3: ETC response on countermeasure #ISSLearningFest https://coingeek.com/ethereum-classic-rolls-out-51-attack-protection-plan/
Give Us Your Feedback #ISSLearningFest Day 1 Programme
Thank You! kokleong@nus.edu.sg #ISSLearningFest

Recomendados

Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
Edureka!
 
Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges
Merlec Mpyana
 
How does blockchain work
How does blockchain workHow does blockchain work
How does blockchain work
Shishir Aryal
 
Blockchain Security and Privacy
Blockchain Security and PrivacyBlockchain Security and Privacy
Blockchain Security and Privacy
Anil John
 
Crypto wallets
Crypto walletsCrypto wallets
Crypto wallets
Christian Kameir
 
Blockchain
BlockchainBlockchain
Blockchain
Mohit Singh
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain Technology
Rashi Singh
 
Blockchain Study(1) - What is Blockchain?
Blockchain Study(1) - What is Blockchain?Blockchain Study(1) - What is Blockchain?
Blockchain Study(1) - What is Blockchain?
Fermat Jade
 

Recomendados

Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
Edureka!
 
Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges
Merlec Mpyana
 
How does blockchain work
How does blockchain workHow does blockchain work
How does blockchain work
Shishir Aryal
 
Blockchain Security and Privacy
Blockchain Security and PrivacyBlockchain Security and Privacy
Blockchain Security and Privacy
Anil John
 
Crypto wallets
Crypto walletsCrypto wallets
Crypto wallets
Christian Kameir
 
Blockchain
BlockchainBlockchain
Blockchain
Mohit Singh
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain Technology
Rashi Singh
 
Blockchain Study(1) - What is Blockchain?
Blockchain Study(1) - What is Blockchain?Blockchain Study(1) - What is Blockchain?
Blockchain Study(1) - What is Blockchain?
Fermat Jade
 
Future of Blockchain
Future of BlockchainFuture of Blockchain
Future of Blockchain
Melanie Swan
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber security
Prateek Panda
 
Blockchain Tutorial For Beginners - 2 | Blockchain Technology | Blockchain Tu...
Blockchain Tutorial For Beginners - 2 | Blockchain Technology | Blockchain Tu...Blockchain Tutorial For Beginners - 2 | Blockchain Technology | Blockchain Tu...
Blockchain Tutorial For Beginners - 2 | Blockchain Technology | Blockchain Tu...
Simplilearn
 
Blockchain Presentation
Blockchain PresentationBlockchain Presentation
Blockchain Presentation
Zied GUESMI
 
Blockchain
BlockchainBlockchain
Blockchain
Sai Nath
 
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
Edureka!
 
Blockchain
BlockchainBlockchain
Blockchain
PedramDehghanpour
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber security
zaarahary
 
Global Future of Blockchain
Global Future of Blockchain Global Future of Blockchain
Global Future of Blockchain
Melanie Swan
 
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
Edureka!
 
Blockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBlockchain for IoT - Smart Home
Blockchain for IoT - Smart Home
Biagio Botticelli
 
What is quorum Blockchain ?
What is quorum Blockchain ?What is quorum Blockchain ?
What is quorum Blockchain ?
Blockchain Council
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrency
Tony Martin-Vegue
 
Blockchain basics
Blockchain basicsBlockchain basics
Blockchain basics
Romit Bose
 
Understanding Blockchain
Understanding BlockchainUnderstanding Blockchain
Understanding Blockchain
Ogilvy Consulting
 
Blockchain
BlockchainBlockchain
Blockchain
Venkatesh Jambulingam
 
Blockchain
BlockchainBlockchain
Blockchain
Frank Schwab
 
Blockchain concepts
Blockchain conceptsBlockchain concepts
Blockchain concepts
Murughan Palaniachari
 
Blockchain Introduction Presentation
Blockchain Introduction PresentationBlockchain Introduction Presentation
Blockchain Introduction Presentation
Amr Alaa Yassen
 
Bitcoin
BitcoinBitcoin
Bitcoin
Joel John
 
Cryptocurrency-Bitcoin
Cryptocurrency-BitcoinCryptocurrency-Bitcoin
Cryptocurrency-Bitcoin
SatwikaHotwani
 
Bitcoin in general - presentation
Bitcoin in general - presentationBitcoin in general - presentation
Bitcoin in general - presentation
Michal Cisárik
 

Más contenido relacionado

La actualidad más candente

Blockchain Tutorial For Beginners - 2 | Blockchain Technology | Blockchain Tu...
Blockchain Tutorial For Beginners - 2 | Blockchain Technology | Blockchain Tu...Blockchain Tutorial For Beginners - 2 | Blockchain Technology | Blockchain Tu...
Blockchain Tutorial For Beginners - 2 | Blockchain Technology | Blockchain Tu...
Simplilearn
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrency
Tony Martin-Vegue
 

La actualidad más candente (20)

Future of Blockchain
Future of BlockchainFuture of Blockchain
Future of Blockchain
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber security
 
Blockchain Tutorial For Beginners - 2 | Blockchain Technology | Blockchain Tu...
Blockchain Tutorial For Beginners - 2 | Blockchain Technology | Blockchain Tu...Blockchain Tutorial For Beginners - 2 | Blockchain Technology | Blockchain Tu...
Blockchain Tutorial For Beginners - 2 | Blockchain Technology | Blockchain Tu...
 
Blockchain Presentation
Blockchain PresentationBlockchain Presentation
Blockchain Presentation
 
Blockchain
BlockchainBlockchain
Blockchain
 
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
 
Blockchain
BlockchainBlockchain
Blockchain
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber security
 
Global Future of Blockchain
Global Future of Blockchain Global Future of Blockchain
Global Future of Blockchain
 
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
 
Blockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBlockchain for IoT - Smart Home
Blockchain for IoT - Smart Home
 
What is quorum Blockchain ?
What is quorum Blockchain ?What is quorum Blockchain ?
What is quorum Blockchain ?
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrency
 
Blockchain basics
Blockchain basicsBlockchain basics
Blockchain basics
 
Understanding Blockchain
Understanding BlockchainUnderstanding Blockchain
Understanding Blockchain
 
Blockchain
BlockchainBlockchain
Blockchain
 
Blockchain
BlockchainBlockchain
Blockchain
 
Blockchain concepts
Blockchain conceptsBlockchain concepts
Blockchain concepts
 
Blockchain Introduction Presentation
Blockchain Introduction PresentationBlockchain Introduction Presentation
Blockchain Introduction Presentation
 
Bitcoin
BitcoinBitcoin
Bitcoin
 

Similar a Real Attacks on Blockchain Systems & Countermeasures

The Blockchain - The Technology behind Bitcoin
The Blockchain - The Technology behind Bitcoin The Blockchain - The Technology behind Bitcoin
The Blockchain - The Technology behind Bitcoin
Jérôme Kehrli
 

Similar a Real Attacks on Blockchain Systems & Countermeasures (20)

Cryptocurrency-Bitcoin
Cryptocurrency-BitcoinCryptocurrency-Bitcoin
Cryptocurrency-Bitcoin
 
Bitcoin in general - presentation
Bitcoin in general - presentationBitcoin in general - presentation
Bitcoin in general - presentation
 
Blockchain technology
Blockchain technologyBlockchain technology
Blockchain technology
 
Blockchain Fundamentals - Day 3 - PoW consensus and ICOs (new style)
Blockchain Fundamentals - Day 3 - PoW consensus and ICOs (new style)Blockchain Fundamentals - Day 3 - PoW consensus and ICOs (new style)
Blockchain Fundamentals - Day 3 - PoW consensus and ICOs (new style)
 
create your own cryptocurrency
create your own cryptocurrencycreate your own cryptocurrency
create your own cryptocurrency
 
Blockchaintech
BlockchaintechBlockchaintech
Blockchaintech
 
Bitcoin Explained
Bitcoin ExplainedBitcoin Explained
Bitcoin Explained
 
Blockchain & Cryptocurrencies Intro - July 2017
Blockchain & Cryptocurrencies Intro - July 2017Blockchain & Cryptocurrencies Intro - July 2017
Blockchain & Cryptocurrencies Intro - July 2017
 
The Blockchain - The Technology behind Bitcoin
The Blockchain - The Technology behind Bitcoin The Blockchain - The Technology behind Bitcoin
The Blockchain - The Technology behind Bitcoin
 
BLOCKCHAIN PPT.pptx
BLOCKCHAIN PPT.pptxBLOCKCHAIN PPT.pptx
BLOCKCHAIN PPT.pptx
 
Block chain by harsh biltu agarwal
Block chain by harsh biltu agarwalBlock chain by harsh biltu agarwal
Block chain by harsh biltu agarwal
 
Bitcoin- Technology beyond Politics
Bitcoin- Technology beyond PoliticsBitcoin- Technology beyond Politics
Bitcoin- Technology beyond Politics
 
Bitcoin : A fierce decentralized crypto currency - Report
Bitcoin : A fierce decentralized crypto currency - ReportBitcoin : A fierce decentralized crypto currency - Report
Bitcoin : A fierce decentralized crypto currency - Report
 
Introduction to Blockchain Web3 Session
Introduction to Blockchain Web3 SessionIntroduction to Blockchain Web3 Session
Introduction to Blockchain Web3 Session
 
The Basic Theories of Blockchain
The Basic Theories of BlockchainThe Basic Theories of Blockchain
The Basic Theories of Blockchain
 
Komodo Blockchain Security Service Brochure
Komodo Blockchain Security Service BrochureKomodo Blockchain Security Service Brochure
Komodo Blockchain Security Service Brochure
 
BITCOIN GLOSSARY
BITCOIN GLOSSARYBITCOIN GLOSSARY
BITCOIN GLOSSARY
 
Blockchain 101 - public, tokenized blockchains
Blockchain 101 - public, tokenized blockchainsBlockchain 101 - public, tokenized blockchains
Blockchain 101 - public, tokenized blockchains
 
Bitcoin and blockchain engineering
Bitcoin and blockchain engineeringBitcoin and blockchain engineering
Bitcoin and blockchain engineering
 
An Introduction to Blockchain
An Introduction to BlockchainAn Introduction to Blockchain
An Introduction to Blockchain
 

Más de NUS-ISS

Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
NUS-ISS
 
How the World's Leading Independent Automotive Distributor is Reinventing Its...
How the World's Leading Independent Automotive Distributor is Reinventing Its...How the World's Leading Independent Automotive Distributor is Reinventing Its...
How the World's Leading Independent Automotive Distributor is Reinventing Its...
NUS-ISS
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
NUS-ISS
 
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
NUS-ISS
 
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng TszeDigital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
NUS-ISS
 
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
NUS-ISS
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
NUS-ISS
 
Product Management in The Trenches for a Cloud Service
Product Management in The Trenches for a Cloud ServiceProduct Management in The Trenches for a Cloud Service
Product Management in The Trenches for a Cloud Service
NUS-ISS
 
Overview of Data and Analytics Essentials and Foundations
Overview of Data and Analytics Essentials and FoundationsOverview of Data and Analytics Essentials and Foundations
Overview of Data and Analytics Essentials and Foundations
NUS-ISS
 
Feature Engineering for IoT
Feature Engineering for IoTFeature Engineering for IoT
Feature Engineering for IoT
NUS-ISS
 

Más de NUS-ISS (20)

Designing Impactful Services and User Experience - Lim Wee Khee
Designing Impactful Services and User Experience - Lim Wee KheeDesigning Impactful Services and User Experience - Lim Wee Khee
Designing Impactful Services and User Experience - Lim Wee Khee
 
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
 
How the World's Leading Independent Automotive Distributor is Reinventing Its...
How the World's Leading Independent Automotive Distributor is Reinventing Its...How the World's Leading Independent Automotive Distributor is Reinventing Its...
How the World's Leading Independent Automotive Distributor is Reinventing Its...
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
 
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
 
Understanding GenAI/LLM and What is Google Offering - Felix Goh
Understanding GenAI/LLM and What is Google Offering - Felix GohUnderstanding GenAI/LLM and What is Google Offering - Felix Goh
Understanding GenAI/LLM and What is Google Offering - Felix Goh
 
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng TszeDigital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
 
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
 
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
 
Future of Learning - Yap Aye Wee.pdf
Future of Learning - Yap Aye Wee.pdfFuture of Learning - Yap Aye Wee.pdf
Future of Learning - Yap Aye Wee.pdf
 
Future of Learning - Khoong Chan Meng
Future of Learning - Khoong Chan MengFuture of Learning - Khoong Chan Meng
Future of Learning - Khoong Chan Meng
 
Site Reliability Engineer (SRE), We Keep The Lights On 24/7
Site Reliability Engineer (SRE), We Keep The Lights On 24/7Site Reliability Engineer (SRE), We Keep The Lights On 24/7
Site Reliability Engineer (SRE), We Keep The Lights On 24/7
 
Product Management in The Trenches for a Cloud Service
Product Management in The Trenches for a Cloud ServiceProduct Management in The Trenches for a Cloud Service
Product Management in The Trenches for a Cloud Service
 
Overview of Data and Analytics Essentials and Foundations
Overview of Data and Analytics Essentials and FoundationsOverview of Data and Analytics Essentials and Foundations
Overview of Data and Analytics Essentials and Foundations
 
Predictive Analytics
Predictive AnalyticsPredictive Analytics
Predictive Analytics
 
Feature Engineering for IoT
Feature Engineering for IoTFeature Engineering for IoT
Feature Engineering for IoT
 
Master of Technology in Software Engineering
Master of Technology in Software EngineeringMaster of Technology in Software Engineering
Master of Technology in Software Engineering
 
Master of Technology in Enterprise Business Analytics
Master of Technology in Enterprise Business AnalyticsMaster of Technology in Enterprise Business Analytics
Master of Technology in Enterprise Business Analytics
 
Diagnosing Complex Problems Using System Archetypes
Diagnosing Complex Problems Using System ArchetypesDiagnosing Complex Problems Using System Archetypes
Diagnosing Complex Problems Using System Archetypes
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Último (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Real Attacks on Blockchain Systems & Countermeasures

  • 1. Real Attacks on Blockchain Systems & Countermeasures Ng Kok Leong #ISSLearningFest
  • 2. “51% Attack on blockchain is Real” #ISSLearningFest https://www.investopedia.com/news/bitcoin-gold-hack-shows-51-attack-real/
  • 3. Real Attacks on Blockchain #ISSLearningFest
  • 4. List of Attacks on Blockchain (grouped by security domains) #ISSLearningFest Attack  Year Category Exploit Value Root Cause (1) Blockchain  Vulnerability (2) System  Vulnerability (3) Software  Vulnerability (4) Network  Vulnerability Unknown  Mt. Gox 2011 C1 Several thousand BTC Deficiencies in network protocols 1 Bitfloor  2012 C2 24,000 BTC ($250K) Bitfloor’s server was hacked to leak an  unencrypted backup of the wallet keys 1 Instawallet  2013 C4 35,000 BTC Instawallet was hacked 1 Bitcoin Foundation 2013 C6 A generation bug with old pseudo random number 1 Sheep Marketplace 2013 C4  5400 BTC  One site vendor exploited a vulnerability 1 Mt. Gox 2014 C4 650,000 BTC ($450M) A bug in software to allow users to modify transaction IDs 1 Dell SecureWorks 2014 C1 $83,000 BGP hijack 0.5 0.5 DAO 2016 C4 $50M  Code weakness: subtle game‐theoretic weaknesses 1 1 Bitfinex  2016 C2 & C4 119,756 BTC ($65M) Hackers stole BTC. 1 Ethereum network 2016 C1 & C4 DDoS attack: calling EXTCODESIZE opcode roughly 50,000 times per block 1 Gold HKG  2017 C4 A bug with contract code that read “=+” instead of “+=” 1 Parity Wallet  2017 C4 $30M Addresses were comprised (Delegate call+exposed self‐destruct) 1 SmartBillions  2017 C4 400 ETH ($120,000) Broke into smart contract Broken caching mechanism 1 Parity Wallet  2017 C4 $300M An undiscovered bug of not proper initialization (Delegate call+unspecified modifier) 1 Cryptojacking  2017 – 2018 C2 & C4 ‐ Hacked and inserted cryptomining script or cryptojacking code 1 PoWH 2018 C4 888 ETH a bug on Integer overflow 1 Spankchain 2018 C4 165.38 ETH Reentrancy attack 1 Bitcoin Gold (BTG) 2017 July $18m 51% attack 1 IOTA 2019 C2 $3.9M A phishing attack to collect the users' privacy keys 1 IOTA 2020 C4 Custom‐made hash‐function was broken 1 Cashaa 2020 C2 More than 336 BTC Suspect a piece of malware was installed onto the system 1 2gether 2020 C2 $1.3M 2gether's servers was hacked 1 Bitcoin Gold (BTG) 2020 Jan $70k 51% attack 1 Ethereum Classic (ETC) 2020 July $5.6m 51% attack 1 Bitcoin SV (BSV) 2021 Aug 51% attack 1
  • 5. Attacks specific to Blockchain Vulnerability • 51% attack – cryptocurrency • Reentrancy attack – smart contract #ISSLearningFest
  • 7. Case: Attacker stole 807k ETC ($5.6 million) in Ethereum Classic 51% Attack, 31/Jul/2020 #ISSLearningFest Image - https://medium.com/hackernoon/ethereum-classic- attacked-how-does-the-51-attack-occur-a5f3fa5d852e
  • 9. Definition: Double-spending #ISSLearningFest Source - https://www.investopedia.com/terms/d/doublespending.asp
  • 10. Definition: Double-spending > Double-spending problem #ISSLearningFest Double-spending is a potential flaw in a digital cash scheme in which the same single digital token can be spent more than once. This is possible because a digital token consists of a digital file that can be duplicated or falsified. Source - https://en.bitcoinwiki.org/wiki/Double-spending
  • 11. Definition: Double-spending > Two Necessary Properties of Cryptocurrency 1. Unforgeability – achieved using digital signature 2. No double spending – achieved using blockchain (as public ledger, anyone can see the spending) #ISSLearningFest
  • 13. Bitcoin utilizes blockchain to achieve no double spending #ISSLearningFest Image - https://www.gemini.com/cryptopedia/what-is-bitcoin- and-how-does-it-work#section-understanding-bitcoin
  • 14. What is the block in blockchain: Bitcoin transactions are grouped together into “blocks” #ISSLearningFest Image - https://www.gemini.com/cryptopedia/what-is-bitcoin- and-how-does-it-work#section-understanding-bitcoin
  • 15. Blockchain > Chaining the blocks #ISSLearningFest
  • 16. What is the chain in blockchain: Each block is chained onto previous block through hash function #ISSLearningFest Image - https://www.ig.com/en/trading-strategies/what-is-blockchain- technology--200710
  • 17. Cryptographic One-Way Hashing Hash output is like a fingerprint in digital world #ISSLearningFest Image - https://www.freecodecamp.org/news/how-bitcoin-mining-really-works- 38563ec38c87/
  • 18. Blockchain > Distributed Ledger (database) #ISSLearningFest
  • 19. Any node in public ledger can create the block #ISSLearningFest Image - https://www.researchgate.net/publication/320127088_Blockchain_Implem entation_Quality_Challenges_A_Literature_Review/figures?lo=1
  • 20. The first miner to solve the math puzzle get to create the block and receive bitcoin as reward #ISSLearningFest Image - https://forkast.news/proof-of-work-what-is-it-bitcoin-halving/
  • 21. Blockchain > Resolving Blockchain Conflict #ISSLearningFest
  • 22. Blockchain Conflict #ISSLearningFest In scenario where 2 different miners solve the math puzzle at the same time, and add their blocks to the last known block in the chain, would result in blockchain conflict. The two branches after Block 103 are valid. The next mined block may be added in either of the branches. Image - https://www.tutorialspoint.com/blockchain/blockchain_resolving_conflicts.htm
  • 23. Resolving Blockchain Conflict #ISSLearningFest Suppose, the miner adds the newly mined block to Block 104-A, the branch containing Block 104-A will be longer than the branch containing Block 104-B. In Bitcoin architecture, the longest branch always wins, and the shorter ones are purged. So Block 104-B has to be purged. Image - https://www.tutorialspoint.com/blockchain/blockchain_resolving_conflicts.htm
  • 24. How to double spend? #ISSLearningFest Alice has $10 Alice > Bob $10 Alice has $0 Alice has $10 Create a fake branch faster than the authentic branch
  • 26. Definition: 51% attack #ISSLearningFest Source - https://www.thebalance.com/what-is-a-51-attack-5207550
  • 27. Mining Power measured by Hashrate #ISSLearningFest Source - https://bitflyer.com/en-eu/s/glossary/hashrate
  • 28. Bitcoin Hashrate #ISSLearningFest Image - https://www.bitcoinmarketjournal.com/wp- content/uploads/2021/06/bitcoin-hashrate-chart.jpg
  • 29. 51% Attack > Ethereum Classic 51% Attack #ISSLearningFest
  • 30. Case: Attacker stole 807k ETC ($5.6 million) in Ethereum Classic 51% Attack, 31/Jul/2020 #ISSLearningFest Image - https://medium.com/hackernoon/ethereum-classic- attacked-how-does-the-51-attack-occur-a5f3fa5d852e • Double-spent 807,260 ETC ($5.6 million) • Spent 17.5 BTC ($129k) to acquire the hash power for the attack. • Received 13K ETC as block mining reward
  • 32. Countermeasures 1: Higher Hashrate #ISSLearningFest Source: BitInfoCharts
  • 33. Estimate: Cost of 51% attack on Bitcoin is USD 15 billion #ISSLearningFest https://www.bitpanda.com/academy/en/lessons/what-is-a-51-attack-and-how-is- it-prevented/
  • 34. Countermeasures 2: Truly Decentralized Network #ISSLearningFest “It’s almost impossible to pull that (51% attack) off in established blockchains like Bitcoin and Ethereum. This phenomenon has been experienced by some small chains that are not really decentralized” Avinash Shekhar, Co-CEO, ZebPay Source - https://economictimes.indiatimes.com/markets/cryptocurrency/what-are-51-attacks-in- cryptocurrencies/articleshow/85802504.cms?from=mdr
  • 35. Global distribution of bitcoin nodes #ISSLearningFest Image - https://medium.datadriveninvestor.com/blockchain-getting- started-what-is-bitcoin-full-node-40460f3acafa
  • 36. Countermeasures 3: ETC response on countermeasure #ISSLearningFest https://coingeek.com/ethereum-classic-rolls-out-51-attack-protection-plan/
  • 37. Give Us Your Feedback #ISSLearningFest Day 1 Programme