DDoS attacks in blockchain networks, explained

(Coin Telegraph)-29/05/2024

What are DDoS attacks?

A distributed denial-of-service (DDoS) attack attempts to take down a website, computer or online service by flooding it with requests, depleting its capacity and affecting its ability to respond to valid requests.

A DDoS attack involves hackers inserting malware into possibly thousands of internet-enabled devices, collectively referred to as a botnet, and prompting them to deliver a deluge of requests to the target system simultaneously. These compromised machines, individually termed bots or zombies, could be cellphones, desktops, servers or even Internet of Things (IoT) devices. Attackers usually establish direct control over bots by infecting them with malware without the knowledge of the victims.

The influx of incoming traffic overwhelms the target system’s ability to respond to valid requests because the attack consumes too much bandwidth, processing power or memory. In its Q1 2024 DDoS threat report, Cloudflare noted an alarming 50% rise in DDoS attacks in general.

Is a DDoS attack possible on a blockchain network?

Attacking a blockchain network with a DDoS attack is theoretically feasible, though it is more difficult than targeting centralized systems like websites or servers. Blockchain networks are inherently resistant to such attacks thanks to their decentralization.

A blockchain operates as a decentralized distributed ledger, functioning across an array of nodes, which are responsible for validating and processing transactions and creating blocks. Unlike traditional systems, there is no central point of control within a blockchain network. Decentralization makes a blockchain network harder to attack as attackers need to deal with a multitude of nodes.

One way to disrupt the network is by flooding the blockchain with spam transactions, which overwhelms the network and slows down transaction throughput, hindering the timely validation of legitimate transactions. This queues up transactions from genuine users in the mempool, a mechanism in blockchain nodes that stores unconfirmed transactions.

A well-known instance of a DDoS attack was one on the Solana blockchain network, which lead to a 17-hour downtime in September 2021. During Grape Protocol’s initial decentralized exchange offering (IDO) on the Solana-based DEX Raydium, bots bombarded the network with 400,000 transaction loads per second, causing network congestion.

Moreover, DDoS attacks may target decentralized applications (DApps), which are applications built on top of the blockchain, rather than the blockchain network itself. Cryptocurrency exchanges, which play a key role in ensuring liquidity in a blockchain-based ecosystem, frequently fall victim to DDoS attacks, resulting in temporary service outages.

How can DDoS attacks affect blockchain networks?

DDoS attacks can affect blockchain networks via transaction flooding and compromising smart contracts. The objective is to clog the network with fraudulent transactions, slowing it down and, in worse cases, bringing it to a halt. 

Transaction flooding

Malicious actors can intentionally overload a blockchain network with a voluminous number of transactions, disrupting its normal operations. The attackers would stir up a volley of transaction requests, usually using automated scripts or specialized software. These transactions resemble legitimate transactions but are designed to squeeze the network.

The attackers broadcast these transactions to the nodes. To achieve consensus, the network propagates the transactions across multiple nodes, which work to process these transactions. However, the sheer volume of incoming transactions overwhelms their processing capacity. The network becomes congested and even genuine transactions get stuck in the backlog. The disruption could affect businesses, exchanges and other services reliant on the blockchain network.

Smart contracts

Hackers can identify vulnerable smart contracts in a blockchain network and flood them with transaction requests. These transactions contain fraudulent instructions or excessive computations to exhaust the functionality of the contract and the underlying network. The execution of code in the smart contract becomes increasingly burdensome, leading to inordinate delays in transaction validation.

As smart contracts are a key part of blockchains, the impact of such an attack may propagate across the network, affecting other smart contracts and transactions, disrupting critical operations and rendering services inaccessible to legitimate users. 

Software crashes

Core application software in blockchains has built-in limits regarding the memory allocated and the number of transactions it can process in a block and store in the mempool. When there is a surge in transactions, the software might behave unexpectedly or simply crash.

Moreover, immutability is an inherent characteristic of blockchain transactions, which means they simply cannot be altered once they are recorded in blocks. This mechanism creates a problem when transactions flood the network during an attack. The network gets overloaded with useless transactions, which might be much beyond the software’s ability to handle.

Node failure

Nodes, acting as validators or miners, run the core blockchain software on equipment robust enough to handle the rigorous demand. When malicious actors stream in loads of junk data in a DDoS attack, a node might run out of memory or processing power and crash. A node’s failure due to an attack will increase pressure on the other nodes in the network.

Blockchain networks are essentially an amalgamation of nodes where each receiving node keeps track of the state of the blockchain and broadcasts information regarding transactions to other nodes. Flooding of fraudulent transactions affects the node architecture deleteriously, slowing down the whole network or even pulling it down.

How DDoS attacks affect crypto exchanges

Crypto exchanges are an indispensable part of the blockchain ecosystem, as they make digital assets liquid. They are often the target of the attackers.

When attacking exchanges, the modus operandi of attackers is to exploit vulnerabilities, such as outdated security patches in exchange infrastructure, disrupt operations, extort ransom, or manipulate markets. According to Cloudflare, a major chunk of DDoS attacks on crypto exchanges stemmed from simple service discovery protocol (SSDP) amplification attacks, network time protocol (NTP) amplification attacks and application layer attacks.

An SSDP attack is a reflection-based DDoS attack that exploits universal plug-and-play (UPnP) networking protocols to dispatch a huge amount of traffic to the target system. An NTP attack refers to a technique where the attacker sends a series of small queries that trigger large responses from different bots, multiplying the traffic. An application layer attack refers to an attacker methodology that targets the top layer in the open systems interconnection (OSI) model.

How to prevent DDoS attacks on blockchain networks

To protect blockchain networks from DDoS attacks, security measures are required at the node and network levels. Regular audits take care of vulnerabilities, while redundant infrastructure and stress testing keep the network functioning even during an attack.

Node-level security measures

Nodes should have adequate storage, processing power and network bandwidth to be resilient against DDoS attacks. Strong authentication methods and access controls help to protect network nodes. A completely automated public Turing test to tell computers and humans apart (CAPTCHA) is quite useful in ensuring only legitimate users are able to send transaction requests and prevents bots from infiltrating the network. Load balancing helps in dividing traffic and lessening the effect of node-level attacks.

Network level protection

Putting in place adequate defense mechanisms at the network level is important to safeguard a blockchain network. To identify and reduce the impact of DDoS attacks, firewalls and intrusion detection/prevention systems (IDS/IPS) serve well. Content delivery networks (CDNs) are also helpful in dispersing and absorbing attack traffic. 

Audits

To find and fix any vulnerabilities, a thorough audit of various aspects of the blockchain is important. This should include analyzing smart contracts, auditing the integrity of the blockchain’s data structure and validating consensus algorithms. Fault tolerance in consensus mechanisms should be strong enough to resist attacks. Updating the code regularly is important to keep attackers at bay and improve security.

Stress testing

Networks and systems should perform stress tests on blockchain protocols at regular intervals to evaluate their ability to withstand DDoS attacks. This will facilitate the detection of potential vulnerabilities in time, enabling patching of the network infrastructure and upgrading of defense mechanisms.

Redundancy and backup

Blockchain protocols and DApps need to have redundant network infrastructure and backup servers to ensure that the system keeps functioning even when under attack. Nodes located across multiple geographical locations can hold out against a DDoS attack that is limited to a specific region.