PoW blockchains and cyber attacks
The aeternity blockchain as PoW blockchain was hacked on the December 6 and 7, 2020. The hackers were using superior computing power (hashpower dominating the overall mining power) to make a so called 51% attack on the aeternity blockchain. The main victims were several major crypto exchanges.
The normal users and assets were not the focus of this attack and they were not at risk.
Only users on the online exchanges were expose on the risk to lose their assets during the attack.
The 51% attacks on PoW blockchains have a long history and look as a natural incidents nowadays. The exchanges are known as a honey pot for hackers.
The 51% attacks allows the hackers to create a large amounts of cryptocurrency out of thin air.
The following PoW Blockchains were compromised by 51% attacks:
-
ZENcash(now HoriZen) (ZEN)
-
Bitcoin Gold (BTG)
-
Monacoin (MONA)
-
Ethereum Classic (ETC)
-
Feathercoin (FTC)
-
Vertcoin (VTC)
-
Verge (XVG)
Often some of these blockchains have experience cyber attacks several times in a short period of time.
Applying the same pattern of attacks, hackers had earned average over almost $20 million per year in the last ten years. Naturally in order to increase their profits the hackers need to increase the number of cyber attacks over the years.
Consequence: The online exchanges are exposed on such attacks increasingly over the years.
What do we know about cyber attacks
Some information about the cyber attacks is presented below:
“According to the U.S. Department of Homeland Security, 33 percent of all cryptocurrency exchanges were hacked, and nearly half of the victims were closed between 2009 and 2016 Moreover, according to crypto asset and Blockchain technology digital media, “Coin Desk,” 5 out of 12 victims went out of business due to heists in 2017”
In comparison the U.S. Banks had experience just 1% cyber attacks at the same time.
Some more citations on cyber attacks:
“”
“Cybercriminals can get high rewards and steal lots of money by attacking small and unknown cryptocurrencies,” a Group-IB spokesperson told Hard Fork. “It is just technically easier to compromise relatively unknown cryptocurrencies, which usually do not have the capacity for the rapid response necessary to stop the attacker converting stolen funds to a more stable currency.”
“For smaller cryptocurrency projects to minimize the risk of being controlled by a 51-percent attack, Group-IB declare it necessary to use encryption algorithms different from the ones employed by those big market players.“
“This would allow to avoid the scenario where a mining pool is compromised and has negative effects on other cryptocurrencies that use the same algorithms,” a spokesperson explains.”
“”
In comparison the decentralized ledgers systems experience 32% more cyber attacks then the centralized banks.
How 51% attacks pattern worked on aeternity
The Hackers play the malicious Miners and start mining on the blockchain. Their first step is starting to reorganize the tree by creating private dominant chain, transfer assets, trade.
The next step is publishing (broadcasting) the private long chain to the public network. This leads to the invalidation of the transactions** to the exchanges **. As a result, the hackers get new tokens back and the ultimately double spending has succeeded.
The aeternity 51% attack took longer than 20 Hours and there more than 540 blocks mined on the private chain.
A detail description of the attack can be found here.
AF thanks the Chinese community for their rapid respond, the posts in the forum and the reviews of the attack.
Core and hyperchain developers were successful analyzing the attacks and implemented technical solutions for the exchanges.
AF thanks the core and hyperchain teams for working hard and bring an excellent support.
Unfortunately a long time discussion with the miners and exchanges led to significant delay of applying the developed solution.
AF wants to improve the communication between all the involved parties. A rapid respond with prepared anti-attack plan can lead to prevention of lost of assets from the exchanges.
The miners voting time for technical solution can be considerably improve by using weighted voting in urgent emergency incidents.
AF proposed a weighted voting by defining the weight of miner or mining pool as their percentage in the total mining. If a miner has n% mining power then his vote has a weight n and will be multiply by n in the decision calculation. Then the most dominant miners can lead to fast voting result.
Attack Prevention
What can we do to prevent cyber attacks is a question already posed to many PoW blockchains.
As first step the AF started improving the network monitoring in the new Release 5.6.0 rc and the overall performance of the node.
We study the solutions found by other PoW blockchains and investigate whether they can be useful for us. We can implement filter on the deposits(accounts) for the exchanges and help them set alarm tools. We can discussed with miners the security and see if we can improve the mining algorithm with the next iris hard fork.
There is a good news for aeternity: The PoW algorithm will be change by a hybrid PoW after a few months and the hyperchains will arise. Then the aeternity blockchain will be a securely guarded against 51% attacks. Hyperchains will empower completely new use cases and will provide the higher layers of security to the aeternity network for all users.
The next step is to make an anti-attack plan how to handle 51% attacks next few months.
AF will make ae currency dominant and support exchanges and miners to securely make the aeternity assets safe.
The new anti-attack plan will follow in this topic.
AF wishes a Happy New Year 2021 to the aeternity community!
Lets us make the cyber attacks being unsuccessful on aeternity!