A distributed denial-of-service, or commonly called DDoS attack, is one of the primary methods of disruption in the modern Internet, especially in the blockchain space. Crypto exchanges and some start-up crypto projects are the most common targets for DDoS attacks. Internet shopping sites, online casinos, booking websites, and other businesses or organizations that depend on providing online services are the other targets of DDoS attacks outside the blockchain space.
By the end of this article, we will learn what a DDoS attack is, what it means for crypto, and how to mitigate this kind of cybercrime.
Defining DDoS attack
A DDoS attack can be defined as a malicious attempt carried out by perpetrators seeking to temporarily block a blockchain network for its users by disrupting the host services. It is essentially done by flooding the incoming traffic using separate sources, which makes it impossible for the host to block a single source and often results in overloaded systems.
Attackers accomplish this by exploiting the bottlenecks in a website’s design. They typically use thousands of bots to connect, use bandwidth or make connections on the website. These bots reduce the resources available to genuine users who cannot connect to the website.
A DDoS attack does not always result in the loss or theft of data or crypto assets. It costs time — more crucial than money.
How does a DDoS attack work?
The decentralization of blockchain networks has made some say that DDoS attacks against a blockchain are impossible. However, this is not strictly true. Traditional DDoS attacks can be executed against a blockchain to slow its operations, and attackers can work within the blockchain ecosystem to perform a DDoS attack.
Many traditional DDoS attacks are performed at the application level rather than at the network level. An organization may have invested in large network links that make it infeasible to overload their capacity. However, this does little good if the application that the traffic is intended for can only handle a few hundred requests at a time.
In the blockchain space, the main DDoS threat is transaction flooding. Most blockchains have a fixed capacity because they create blocks with a certain maximum size at regular intervals. Anything that doesn’t fit in the current block will be stored in memory pools for consideration for the next block.
If an attacker sends many blockchain transactions to the network, they can fill up blocks with spam transactions causing legitimate transactions to sit in memory pools. If legitimate transactions are not included in blocks, the blocks cannot be verified and the transaction does not go through. The blockchain cannot complete transactions at the rate they are coming in and users may have to wait several hours before their blocks are verified.
DDoS Attacks
DDoS attacks on blockchain networks are not just a theoretical threat. On September 14, 2021, two blockchain protocols suffered successful DDoS attacks: Solana and Arbitrum One.
Solana DDoS Attack
On September 14, 2021, the Solana blockchain went offline for several hours. The root cause of this issue was a DDoS attack caused by the launch of a new project on the blockchain. When the said project was launched, bots started generating large amounts of transactions that flooded the network. This traffic peaked at 400,000 transactions per second, causing the “forwarder queue” to grow dramatically. Additionally, the transactions added to blocks were resource-intensive, making them slow and difficult for nodes to process.
The growth of the forwarder queue caused validator processes to run out of memory and crash, bringing those nodes offline and slowing the network. At the same time, block producers — noticing the size of the validator queue and resource-intensive blocks — began suggesting forks of the blockchain. When crashed nodes were restarted, the large backlog of forks that they needed to consider made it impossible for them to catch up with the rest of the network.
In the end, the Solana network agreed to perform a hard fork, rolling back the network to the last place where 80% of validators agreed on the state of the blockchain. After the upgrade was coded and rolled out, nodes applied the patch and the Solana network was back online within a few hours.
Arbitrum One DDoS Attack
Arbitrum One also experienced a DDoS attack on September 14, 2021. It is a layer 2 protocol that runs on top of the Ethereum blockchain.
A transaction flood overwhelmed the Sequencer — Arbitrum’s entity that receives transactions and reorders them within its inbox, knocking it offline for approximately 45 minutes. Without the Sequencer, transactions were waiting in the queue but no new transactions were being accepted or being added to the blockchain.
In the Arbitrum protocol, only the Sequencer can submit transactions without a delay, meaning that a Sequencer outage causes downtime on the system. However, Arbitrum users can also submit their transactions on the Ethereum chain, and Arbitrum will process them after a delay even during a Sequencer outage.
How to identify and avoid DDoS attacks?
The easiest way to identify a DDoS attack is when a network slows down or shuts itself down. The services remain unavailable for a certain period. Although similar scenarios can happen during high traffic, further investigation is necessary to find the real source of the attack. Signs like massive instant traffic or unexplained surge in the requests are some of the obvious signs of a DDoS attack.
Since the primary means of attacking a blockchain is by flooding it with transactions, nodes must ensure they have enough storage, bandwidth and processing power for the network. Another important factor is building a failsafe into the code to prevent the network from instantly crashing.
Second, it is important to filter transactions when the network congestion is very high. Block verification makes it possible to choose which transactions to include in a block. Discarding potential spam transactions maintains the integrity of the blockchain. It also ensures the network stays up and running.
Final Thoughts
The DDoS attack is the most common method used by cybercriminals to bring down networks and businesses. The rising popularity of blockchain, cryptocurrencies and decentralized finance applications has brought bad actors to this illicit method. While the space is filled with revolutionary protocols and innovative platforms, it is also plagued by perpetrators trying to make quick money. Though the impact of DDoS attacks aren’t severe, they still put a dent in the reputation of the entire crypto ecosystem.
No one knows how well DDoS attacks can grow in the near future — their disruptions can be more severe. But with the right safety measures and constant monitoring on networks and applications, businesses will surely benefit from this growing industry.
