Cryptocurrency attacks and security vulnerabilities

BY KEYHUNTER 03.04.2025

51% attack, Sybil attack, Double-Spend attack. DDoS attacks and their repercussions. Potential flaws of cryptocurrencies.

There were 51% attacks on two large cryptocurrency networks, ZenCash and Bitcoin Gold, in Summer 2018. The total cost covered $550,000 and $18 million respectively. A month before, hackers held the same attack on Verge startup, which lost about a quarter of its funds. Analysis of potential attack risks suggests that, in theory, BTC may also be attacked, so that the network could be controlled by malicious miners. It means that cryptocurrency cannot yet become real payment systems. You will learn from this article about the types of attacks and their outcomes.

Cryptocurrency attacks: types, principles, results

On June 2, one of the most popular cryptocurrencies (especially among miners) ZenCash suffered a 51% attack. It could seem impossible for such a large startup, as ZEN computing power was relatively high at the moment of the attack. Nevertheless, there appeared a group of investors, controlling more than 50% of the hashrate, who got an advantage of it. The investors made double-spending transactions worth about $550,000.

  • Reference: Double-Spending is the situation when someone, owning for example 1 BTC, sends the coin to multiple buyers, receiving the reward from each of them. The real coin is acquired by the first participant of the scam.

A little earlier, but with much more losses, Bitcoin Gold network suffered a 51% attack. On May 24, there blockchain developers officially announced that some unknown miner had acquired over 50% of the hashrate and withdrew to his/her wallet about 388, 000 of coins worth $18.8 million. Having obtained a temporary control over the network, the hacker sent the coins to multiple crypto exchanges, transferring them to his/her wallets at the same time. If the network hadn’t been hacked, the transaction would have been canceled, but the network manipulation allowed the hacker to add into the major blockchain the needed transactions. The attack was being held during three days, since May 16 till May 18.

The matter is if it is possible to avoid similar attacks and how other cryptocurrencies are vulnerable. Read on about the types of cryptocurrency attacks and their consequences.

Cryptocurrency vulnerabilities

The safety of cryptocurrencies is one of the main advantages of the blockchain technology; but there can be nothing perfect. The safety principle is based on that the transaction information is confirmed by other network participants, who are not familiar with each other; it is used by the hackers, who capture the transaction data.

1. 51% attack

It can be compared to the majority shareholding: a person (a group of people with prior agreement), controlling over 50% of a cryptocurrency computing power, can actually do everything with the network. Simply put, computing power is the algorithm of mathematical calculations (hashrate) that allows cryptocurrency mining; that is to solve a task and receive a reward for this. The higher is the hashrate, the higher is the chance to calculate the necessary value to generate a new block, which provides a reward to a miner (basics of PoW consensus algorithm).

At the initial stage, when hardly anybody is interested in a coin, it is not a problem to collect all generating power; from the economic points of view, it makes no sense; but it is a good way to destroy the rivals. Therefore, 51% attack for new startups is kind of viability test.

LiteFinance: 1. 51% attack

But large startups are also attacked. For example, BTC can be hypothetically controlled by means of purchasing the entire batch of BFL ASIC (special mining equipment). The matter is only what is the point? Yes, it will provide total control over the network, but following mass selling off (otherwise, why should they hack the network?), the cryptocurrency value will inevitably drop. And who will buy the coins, knowing about the attack? In addition, the equipment is very expensive, so BTC 51% attack is just a theory. The matter is that it is possible, and the problem of potential 51% attacks on BTC or LTC is not yet solved. As it is clear from Verge example (it will be described a little later), hacker can also operate indirectly, inventing easier ways to carry out the attack.

What can malicious miners do?

  • temporary block network transactions, including own blocks;

send and change their own transactions, including double-spending. Other people’s wallets are not accessed by hackers;

  • not confirm (block) other users’ transactions;
  • remove other users’ correct blocks from the search.

ZenCash case is not clear. According to analysts, there is a probability that the attackers had sufficient hash power themselves, or it was partially rented. Besides, the attack’s cost was relatively low, and so, the potential problem is faced, first of all, by small cryptocurrencies, utilizing PoW algorithm. Below, you can see the results of the research, held by the website crypto51.app, analyzing the theoretical cost of one-hour attack on different coins.

LiteFinance: 1. 51% attack

To compare, the cost of ZenCash attack is about $6.07 million. Although the attack is rather costly, the money stolen completely compensates it.

The protection against 51% attack is not yet perfect. One of the solutions is increased number of confirmations and the blocking the equipment (accounts) of the users, suspected in the attacking. For example, following  the attack on Feathercoin, the number of confirmations for BTC increased from 6 blocks to 100 ones. Bitcoin Gold developers suggested the exchanges should raise the number of confirmations up to 50 blocks. However, it only makes the attack more complicated, but doesn’t eliminate the probability. Hackers only need to obtain more hash power.

ZenCash rate wasn’t affected by the attack, unlike that of another cryptocurrency. On April 5, the media reported an attack on Verge startup. Besides, the malicious miners took control of over a half of the hashrate not for the total computing power, but used only a single algorithm (you can see the examples of algorithms in the corresponding section in the screenshot above). They spoofed timestamps (an interesting bug) and managed to do so that, instead of a number of algorithms, only Scrypt was utilized, where they controlled the majority of hash power. Finally, about 250,000 of coins were stolen during a little over than an hour.

LiteFinance: 1. 51% attack

To reverse the effects of the attack, the developers promised to launch a hardfork, so that the blockchain will return to the state that was before the attack. Something like this was with ETH after the DAO hack, which resulted in the appearance of Ethereum Classic. The situation will be settled down, but the cryptocurrencies will be doomed to collapse. What’s the point in trusting startups, which can be altered any moment upon the developers’ decision? Amid the negative news, the coin rate had been almost 25% down.

Other examples of 51% attack:

  • In July 2014, the mining pool ghash.io briefly controlled about 55% of the bitcoin network computing power. At that time cryptocurrencies were not so popular, so one of large pools got the access to the network capacities, though for a short time. The pool soon voluntarily reduced its share of the network, so it didn’t reach 40%, but the rate was almost 25% down.
  • Krypton and Shift, two blockchains based on Ethereum, suffered 51% attacks in August 2016. About 22,000 of coins were acquired through double-spending by the group of malicious miners, calling themselves “51 Crew”.

The fact that hackers are now growing more interested in large cryptocurrencies means that the potential threat is getting stronger.

Double-Spending, the most often result of 51% attack, is now listed as a separate type of attacks. It is subdivided into a few types, like Race attack or Finney attack. They aim at the same goals, to perform double spending and confirm only the needed, illegal transactions. Attacks are hypothetical, as they are useless for hackers.

2. Sybil attack

It is the second most common type of crypto attacks. A Sybil attack happens when a hacker creates multiple IPs and fills the network with controlled blocks and other users connect to the blocks, designed for malicious activities. A malicious user tries to surround the target block by multiple blocks to control all transactions in both directions.

In large projects, like BTC and its equivalents, it is difficult to perform the attack, as the user’s nod choses the network nod to confirm the transaction at random. The probability to be completely surrounded is very low is this case, but it still exists. Sybil attacks mostly challenge young cryptocurrencies of a second tier.

The vulnerability is that when a user’s nod is connecting to the network it doesn’t know the IP of valid nodes and has to request it. If the request gets to the attacker’s nod, the user receives false data. The problem is worsened by the fact that the decentralization principle doesn’t allow to create a permanent list of valid nods. So, a user has to look for new valid nods each time. Although the connection process is random, a hacker can do so that the user’s journal will contain only the attacker’s IPs.

LiteFinance: 2. Sybil attack

Effects of Sybil attack:

  • Attackers block user’s transactions, disrupting the connection with the mutual network.
  • Attackers decide by themselves what nod the user will be connected to. Most often, these are separately created nods where double spending is performed.
  • Attackers track all user’s transactions, using scripts and software

3. DDoS attacks and delays in time

A distributed denial-of-service (DDoS) attack is not aiming at economic benefit. Rather, it is a malicious attempt to damage a startup or switch off the network at all. Attackers are overwhelming the target or its surrounding infrastructure with a flood of Internet traffic, and so disrupt normal traffic of a server, slow down the data transmission, the network updating and creating new blocks. Each project has some kind of protection from this. For example, BTC network has built-in protection form this kind of attacks; some cryptocurrencies charge small commission fees that filter out fake transactions, generated by bots. Huge flood of “spam” transactions results in an increase in commissions. IOTA suffered a strong DDoS attack in November, 2017.

Other cryptocurrency problems include some particular flaws. The problems are bugs in the cryptocurrency code, errors in keys and the encryption methods, and so on. They are particular for each project, and hackers are looking for such vulnerabilities. And they often succeed. For example, IOTA investors lost $4 million in January, 2018. The reason: users utilized an outside resource, which was fraudulent, to generate seed phrases (a part of the encryption process). The following DDoS attack overloaded the network and prevented the users from recovering their money that was instantly converted.

There are some other hypothetical cryptocurrency attacks: cannibalizing pools (selfish destroying of a pool to disrupt the network), Р+Epsilon attack (according to Vitalik Buterin, one of the most annoying problem of PoW algorithm, it means a kind of bribing the network participants by malicious miners, so that the network changes are supported); timejacking (an attempt to manipulate the transaction timestamp). But they aren’t yet interesting for hackers.

Conclusion. Cryptocurrency attacks are performed all the time; sometimes, they are successful. Hackers find out the code flaws, use the disadvantages of blockchain technology and even attack the cryptocurrency exchanges. And the conclusions are not that positive.

  • Safety is one of the cryptocurrency advantages. At least it is claimed to be so. But experience shows that it is more a marketing ploy than the reality. As for payment systems, the BTC and the exchanges suffer attacks much more often than Visa (Mastercard) or banks. Besides, the more complex are the protection algorithms of cryptocurrencies, the more complicated become the hackers’ schemes. The second benefit of cryptocurrencies, confidentiality, is at the same time its vulnerability. Hackers remain undetected, encouraging the new ones to make new attempts. Does it mean that blockchain advantages are, in fact, its drawbacks? It can well be so.
  • Ethereum and Vergo are the examples of how transactions can be canceled by means of a rollback. It threatens the principle of safe information storage.
  • Hacks can dramatically crash the market. And it is not because investors are not confident; it is rather because the stolen money gets into the market (another flaw of confidentiality) and presses the cryptocurrency rates down. One strong attack will be enough to crash the cryptocurrency prices. A vivid example is Mt.Gox, whose coins have been pressing the market down since January, 2018.

Many possible attacks are hypothetical, as they are of no use for hackers. But their possibility, and the attacks that have been already performed mean that the cryptocurrency is not so safe. The balance may shift to both sides. However, the rates volatility can be used in Forex, where you can enter short trades, quickly reverse your positions and hedge against the risks. What do you think about the main cryptocurrency problems and future prospects?