Reflecting on ethereum attacks: why should someone attack a blockchain

in #security8 years ago

Hacker mode on: hood on, matrix soundtrack blasting, cereals on the side because hacking is a energy consuming sport.

Recap'


Ethereum has been under attack since just before the very expected DEVCON2. This resulted in forks. What can be the goal of spamming the network like that?

Price of the attack

It is a short-cut to assume that the attacker pay the high price for the ethers spend in the attack. But that might just not be the case. The attack could have bought it in the early stage, bought more when the DAO fiasco ensue, been a decent miner, or hacked some loaded accounts/pc. So what we know is that the attacker burnt a certain amount of ethers and he could have sold them instead. How did he or she (or they) get those ethers and what were the motivations? Those questions remain opened!

Pure hate

That is the easiest reason to think of: the attacker (organisation, group, individual...) doesn't support Ethereum. It could be he just was disappointed with Ethereum, is a Bitcoin maximalist or want Ethereum Classic to succeed. Although I don't think one include the other. If it is the case, it will be pretty hard to find the perpetrator, but you could ask what we are going to do in that case. Sue him? Hire him? Ask him to work with the DAO attacker?

Tough love

Someone out there think Ethereum is the best think in the world and need to be hardened. So philanthropically, he use his money for the common good. He want to restore Ethereum glory through the fire. Yes, why not?! Some comments on Reddit have this strange connotation.

Money Money Money

There are a bit a way to get back the money invested in the attack

Mining

Relentlessly targeting the Golang implementation gives you advantages, you know your nodes should be on Parity, another Ethereum client. You can also find fixes before everyone or just mine empty blocks. Or another side effect is that miners will stay away from Ethereum for some time and you will get more Ether. Or this will make another currency, say ETC, more attractive. Take a look at this chart:

source

Trading

The market can be resume in a simple way: one currency is down, another one is up. Bitcoin is the security, the other currencies are for the profit. If you can guess the tendencies, that you are inducting with your attacks, you can scrap some $$.

Investments

There has been quite a number of ICOs during the span of the attacks. Some have said that the real target was one of those token. Since the attacks didn't stop right after any ICO, actually they have gotten more and more sophisticated, this point is hard to defend. If this is for real, the target was nicely hidden in the mass.

Conclusion: Jon Snow

All we know is that we know nothing much. The real questions are:

  • Does it matter?
  • What can we do to avoid that in the future?

Tell me what you think.
cryptohazard

Sort:  

Do we really want to avoid "all" attacks? I think at the moment only one attack was perhaps bad for ETH and that was the DAO one. For now the last attacks are only exposing exploits, no major damage like the DAO hacker cause. Then again, i might be guilty of always being to positive ;)

You don't want to avoid attacks, you want to be resilient and "survive with the least scratches". This is specially important for a system worth so much money. Think about it, if such an attack were possible on Steemit, all our interactions would be cut off for the duration of the attack. That would be bad, very bad.