In cybersecurity, we often play tabletop scenarios and wargames to simulate how potential attacks could play out. There are plenty of organizations and countries in the world with multi-trillion-dollars in their war chest. Eventually, one of them might be daring enough to attempt to destroy a blockchain.
Scenario: How might a massive organization with $500B USD and 5-10 years of preparation go about attacking each category of blockchain?
- Proof of Work - Small cap - BSV (trivial, considering that it's been attacked multiple times already)
- Proof of Work - Large cap - Bitcoin
- Proof of Stake - Has slashing - Ethereum
- Proof of Stake - No slashing - Cardano
- Proof of Stake - Semi-decentralized - Solana
- Proof of Stake - High-safety/low-liveness - Algorand (note that reorgs are not allowed by protocol)
- Proof of Authority - Has fewer than 5 voting members - Pick your own example
- Proof of Authority - Has more than 20 voting members - Hedera
- Ethereum Layer 2 - Optimistic, at Stage 1 - Arbitrum or Optimism
Directions:
- Pick whichever blockchains you want to attack
- Describe how you would do it
- Estimate the cost
- The attack has to be realistic and have a 90% chance of success
- The attack is not meant to be profitable or economically-motivated. Its purpose to cause catastrophic grief and reputational damage.
- Lastly, describe how the network might respond to fight back and repair the damage, if it's even possible
Acceptable win conditions:
- Reorg a block or transaction 2+ hours deep
- Block/censor transactions for 5+ days
- Double-spend on a dApp
- Permanently damage the reputation of the blockchain or cryptocurrency
- Permanently take over governance of a blockchain
- Permanently destroy 25% of TVL on a blockchain
Unacceptable win conditions:
- Wait for a blockchain to fail by itself. The attacker has to intentionally cause it. Thus letting Solana crash or a client bug surface on its own is not a valid win scenario.
- Create an invalid transaction, or steal crypto the attacker doesn't own. Attacks through invalid transactions are technically impossible on all major blockchains (without accidental node bugs).
- Double-spend on an exchange. Assume that all exchanges run full nodes that check for double-spends, which they do.
- Anything that uses mass assassinations or war crimes, unless completely undetectable until after the attack is completed.
- Spam attacks that increase transaction fees temporarily without also completely blocking transactions for 1+ days
- Breaking the laws of physics or reality
Good luck, especially with the PoA ones!
Example of a high-success attack on any generic PoW blockchain (e.g. Litecoin, Dogecoin, Bitcoin, etc.)
- Build multiple semiconductor plants to produce mining equipment. Also buy up other crypto mining companies whenever one quits the market when it's no longer profitable for them.
- Attacker needs to build up sufficient equipment to exceed the network hash rate, so this will take many years. (Large semiconductor fab plants cost $10-20B, so $500B can build an army of them.)
- Option 1: Execute 51% attack on the network, and produce empty blocks for 5 days
- Option 2: Execute 51% attack on the network, and reorg a block 2-10 hours deep.
Cost: Same cost as producing sufficient mining equipment to exceed the network hash rate. $5B is more than enough for most PoW networks. Bitcoin might require $20-30B.
How to fight back against this attack: Not possible by design of PoW. The attacker is following valid PoW protocol and has over 51% of the network hash rate.
If the defenders hard fork to prevent empty blocks, the attacker can just add spam transactions. If the defenders hard fork to change the hashing protocol, then it would also irreversibly damage all honest miners, who would leave to another network. If the defenders block IP addresses, the attacker can constantly use different IPs and change its attack pattern. All the defenders can do is wait out the attack.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments