Popular Tags


Proof-of-Work algorithm puts Bitcoin and Ethereum at risk of hacker attacks

PoW algorithm is the Achilles' heel of blockchain: a closed blockchain Ethereum is vulnerable to “balance attack”.

A group of researchers from Sydney University (Australia) published a paper stating that the "Proof-of-Work" algorithm (POW) is Achilles’ heel for blockchain, which makes it vulnerable to "balance attack". The paper also provides a detailed description of the new type of attack.

The Balance Attack targets the nodes with balanced mining power. By delaying the network communication between a subgroup of nodes, the attack forces double spend in blockchains such as Ethereum and Bitcoin. The theoretical study of this attack is based on the configurations and other related statistics that are similar to the blockchain infrastructure utilized by the R3 consortium. The researchers from Sydney University have supported their theoretical findings by running an actual setup of Ethereum private chain with parameters similar to the theoretical model. According to the paper, the attacker can choose to send different messages to two subgroups of nodes with balanced mining power. To do that, the attacker will have to issue and broadcast transactions to one of the subgroups labeled as “transaction subgroup”.

Simultaneously, the hacker will be mining on another subgroup called “block subgroup”. Continuing and selective broadcast over a period of time will cause the block subgroup to create a tree that outweighs the one created by transaction subgroup. During the process, the attacker will be able to leverage the GHOST (Greedy Heaviest-Observed Sub-Tree) protocol to isolate a blockchain branch from rest of the nodes completely.

The isolated branch will be presented to another competing node to influence the branch selection process. By affecting the branch selection, the Balance Attack will disrupt the persistence of the main blockchain, rewriting previous transactions which in turn will open the network to double spend attack. In order to execute a successful Balance Attack, the attacker will need at least 20 minutes and have control of at least 5 percent of the network’s hashing power. The Balance Attack theory exposes the vulnerability of Ethereum protocol and private blockchains in particular. However, the same method can potentially disrupt the Bitcoin blockchain as well, given the attacker has access to enough hashing power.

  • February 10, 2017 12:27 PM MSK