An Analysis of Attacks on Blockchain Consensus

Bissias, George; Levine, Brian Neil; Ozisik, A. Pinar; Andresen, Gavin

doi:10.48550/arxiv.1610.07985

Cited by 7 publications

(10 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other consensus attacks [12,53,58] exist but are less related to oracles. We omit discussion of them.…”

Section: Consensusmentioning

confidence: 99%

SoK: Oracles from the Ground Truth to Market Manipulation

Eskandari,

Salehi,

et al. 2021

Preprint

View full text Add to dashboard Cite

One fundamental limitation of blockchain-based smart contracts is that they execute in a closed environment and only have access to the data and functionality that is either already on the blockchain or fed into the blockchain. Thus any interactions with the real world need to be mediated by a bridge service, which is called an oracle. As decentralized applications mature, oracles are playing an increasingly prominent role. With their evolution comes more attacks, necessitating a greater attention to the trust model of using oracles. In this SoK, we systemize the design alternatives for oracles, showcase attacks, and discuss attack mitigation strategies.1 A Solidity mapping was simply a key-value database stored on a smart contract.

show abstract

“…Other consensus attacks [12,53,58] exist but are less related to oracles. We omit discussion of them.…”

Section: Consensusmentioning

confidence: 99%

SoK: Oracles from the Ground Truth to Market Manipulation

Eskandari,

Salehi,

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Most of them were focused on detecting the ponzi schemes [12,13,16]. Besides, a large number of studies focused on detecting and analyzing attacks from different levels, including blockchain consensus [14], smart contract [11], abnormal transactions [15,18], etc. Despite cryptocurrency exchanges are the key infrastructure of the blockchain ecosystem, however, the security-related issues, including the scam problem studied in this work, have not been well-studied yet.…”

Section: Related Workmentioning

confidence: 99%

“…The benefit is usually a portion of commission fee, depending on the referral rules of different exchanges 13 . Figure 12(4) is a code snippet of a Bithumb trojan app 14 . As highlighted in the decompiled code, it will collect users' text messages, contracts, and call logs secretly, and then upload them to http://bithumbinback.pro/, which was the attacker's private server.…”

Section: Classification Of Fake Appsmentioning

confidence: 99%

Characterizing Cryptocurrency Exchange Scams

Xia¹,

Zhang²,

Ji³

et al. 2020

Preprint

View full text Add to dashboard Cite

As the indispensable trading platforms of the ecosystem, hundreds of cryptocurrency exchanges are emerging to facilitate the trading of digital assets. While, it also attracts the attentions of attackers. A number of scam attacks were reported targeting cryptocurrency exchanges, leading to a huge mount of financial loss. However, no previous work in our research community has systematically studied this problem. In this paper, we make the first effort to identify and characterize the cryptocurrency exchange scams. We first identify over 1,500 scam domains and over 300 fake apps, by collecting existing reports and using typosquatting generation techniques. Then we investigate the relationship between them, and identify 94 scam domain families and 30 fake app families. We further characterize the impacts of such scams, and reveal that these scams have incurred financial loss of 520k US dollars at least. We further observe that the fake apps have been sneaked to major app markets (including Google Play) to infect unsuspicious users. Our findings demonstrate the urgency to identify and prevent cryptocurrency exchange scams. To facilitate future research, we have publicly released all the identified scam domains and fake apps to the community.

show abstract

“…We will answer this question in a forthcoming article. In [3], the authors study the profitability of a double-spend attack with a cut-off time strategy, S z+1 ∧ S z+1 (in our notation). In [14] the authors consider a fixed cut-off time (in case of failure, the attack ends at a fixed time).…”

Section: Related Workmentioning

confidence: 99%

On Profitability of Nakamoto double spend

Grunspan,

Pérez-Marco

2019

Preprint

View full text Add to dashboard Cite

Nakamoto double spend strategy, described in Bitcoin foundational article, leads to total ruin with positive probability and does not make sense from the profitability point of view. The simplest strategy that can be profitable incorporates a stopping threshold when success is unlikely. We solve and compute the exact profitability for this strategy. We compute the minimal amount of the double spend that is profitable. For a given amount of the transaction, we determine the minimal number of confirmations to be requested by the recipient such that this double spend strategy is non-profitable. We find that this number of confirmations is only 1 or 2 for average transactions and a small hashrate of the attacker. This is substantially lower than the original Nakamoto numbers that are widely used and are only based on the success probability instead of the profitability.

show abstract

An Analysis of Attacks on Blockchain Consensus

Cited by 7 publications

References 0 publications

SoK: Oracles from the Ground Truth to Market Manipulation

SoK: Oracles from the Ground Truth to Market Manipulation

Characterizing Cryptocurrency Exchange Scams

On Profitability of Nakamoto double spend

Contact Info

Product

Resources

About