All articles
blockchain

Bitcoin Weaknesses & Attacks

Share this article

Share on LinkedIn Share on X (formerly Twitter)

For more info: https://en.bitcoin.it/wiki/Weaknesses

This article is a kind of course notes for https://academy.moralis.io/courses/bitcoin-attacks

Weak or Reused Private Keys

  • Private key stored in an unencrypted format on your computer
  • Private key encrypted with your password, and the password used is compromised
  • Private key encrypted with your old weak password
    • and you created a strong new password
    • the wallet deleted the file which contains private key encrypted with old password
    • and attacker was able to retrieve the deleted file and somehow able to get your old password

When in doubt, create a new account - new private key and transfer you assets to the new account

Sybil attack

  • Attacker creates a bunch of nodes which surround your node and provides false data.
  • Or you connect to a single faulty node for a long time

Do not trust a single node, change you connections frequently

Packet Sniffing

  • If someone can see your packets through some software like wireshark, they can see the transactions originating from your IP
  • This is also possible through IRS (Internet Relay Service)
  • Sometimes you cannot trust your ISP (Internet Service Provider)

Use TOR, for example you have the tor integrated in bitcoin_qt client

DoS attacks

  • Attacker sends garbage data to blockchain, which consumes resources and block the network for legit users.

Consensus limits like 1 MB Block, etc., try to mitigate this kind of attacks

Illegal content

  • Some techniques like Steganography can be used to put illegal content on blockchain.
  • Since blockchain is public it's hard to protect against this kind of issues

Breaking Cryptography

  • New hashing algorithms might evolve in future, if that happens blockchains will migrate to the new algorithms slowly
  • In future, technologies which can break the cryptography used in blockchain, through which an attacker can obtain the private key by just knowing the public key or address

Whole internet will break if such kind of technology becomes available, so it's a lot bigger problem

Segmentation

  • For example your country is disconnect from the world. And your node only communicates with the nodes within your country.
  • When the connection is back the nodes will contain different data and the nodes with longer chain wins and replaces the network with smaller chain

51% Attack

  • If possible attacker can do shadow mining
    • Reverse transactions
    • Create double spend
    • Censor

Malicious Clients

  • Download software from official sources and prefer open source

Closed source softwares are not encouraged in crypto since they are risky

Lost coins

  • Lost coins are never a problem

Increasing the decimals can solve this problem

Guessing private keys

  • Somehow you generated a private key of an address which contains a valuable assets.
  • Theoretically possible, since it's like generating a random number

Practically not possible, explained nicely in https://www.youtube.com/watch?v=ObiqJzfyACM

Comments