Defining Race Attack
Vector Attack 76 is a type of double-spend attack that exploits a small bug in the Bitcoin consensus system to launch. As a result, an attacker can steal funds and cause damage to their victims.
Despite advanced technologies, including blockchain, they have attack vectors that cybercriminals can use to their advantage. In the cryptocurrency world, one of the least known such attacks is Vector Attack 76.
With the advent of digital currencies and cryptocurrencies, there is a serious problem — double spending. In centralized digital currencies, this problem is easily solved if all control is in one core. But in decentralized currencies like Bitcoin, the problem is much more serious. In fact, Bitcoin’s design minimizes the problem of double spending. You can even say that it “removes” it, but due to the decentralized nature of the PTS, there will always be some point of failure that can be used to double the costs.
This is where the action of Vector Attack 76 will begin. This attack allows an attacker to include a double-spend transaction in a single block, and use it to their advantage. This is achieved by sending a self-created block to the network to give confirmation that the block is valid. Thus, an attacker can seize a certain amount of funds before the network realizes the problem. This attack was first described by the user vector76 on the Bitcointalk forum.
How does Race Attack work?
This attack is a combination of the Race and Finney attacks. Its main purpose is exchanges or exchange offices, where attackers can buy and sell their cryptocurrencies and tokens without being detected. But how is this possible?
Vector Attack 76 is executed when an unscrupulous miner who controls a network with two full nodes connects one of them (node A) directly to the exchange service. Then the second full node (node B) connects it to other nodes that are located in the block chain network. To know which nodes to connect to, the miner must track the moment at which the nodes transmit transactions, and how they then propagate them to other nodes in the network. This way, you will be able to find out which nodes are the first to transmit operations, and will be able to connect to the target service and to well-positioned nodes.
After establishing the necessary connections, the miner privately generates a valid block. At this point, a pair of transactions is created that will have different values: a high-value transaction, and a low-value transaction. For example, the first transaction may be 25 BTC or more, and the second transaction may be just 0.1 BTC. Subsequently, the miner holds the extracted block in standby mode and assigns node A a high-value transaction, i.e. a 25 BTC transaction. This is a transaction that will be sent to make a deposit in the exchange service.
When a miner discovers a proposed block on the network, it immediately passes the block it interrupted directly to the exchange service, along with the newly generated block on the network. This is in the hope that the other nodes will consider their block valid and accept it as part of the main chain. So this block will be confirmed, and hence the 25 BTC transaction included in it will be confirmed.
As soon as the exchange service confirms the 25 BTC transaction, the attacker withdraws from the exchange the same amount of cryptocurrencies that they contributed to the previous transaction (25 BTC). The attacker then sends the second created transaction, a 0.1 BTC transaction, to the network from node B to create a fork that causes the network to reject and cancel the first transaction. If this fork survives, the first transaction with a deposit of 25 BTC will be invalidated, but the withdrawal will be made. Thus, the attacker will succeed, and the exchange will lose 25 BTC.
Success rates of Race Attacks
All these processes occur at once and simultaneously, so it is very likely that a 0.1 BTC transaction will be accepted as the main chain. But after a couple of blocks, the 25 BTC deposit transaction becomes invalid. This is because node B, which transmits a 0.1 BTC transaction, is connected to well-located nodes that transmit this transaction much faster on the network. While node A, containing a 25 BTC deposit transaction, is directly connected only to the exchange service. This node will have to retransmit the specified transaction to other nodes, which will make it much slower than node B.
Having explained this, it can be found that there is a high probability of success when performing this type of attack. Even so, this is not common, because the exchange is required to agree to withdraw funds after one confirmation, and the vast majority of exchanges usually require 2 to 6 confirmations.
However, companies offering digital goods or services can also fall victim to this type of attack.
All systems have vulnerabilities due to their infrastructure, but knowing these bugs and fixing them is important to improve security. Bitcoin is the best example of this. The Vector 76 attack is something structural, but this is only possible if the specified structure is not sufficiently extensive and decentralized.
How to avoid Race Attacks?
To protect yourself from such attacks, here are some recommendations to keep in mind:
- Use systems that do not accept single-confirmation transactions. Vector Attack 76 requires this to be possible for the attack to succeed. Instead, at a minimum, you should expect 2 or even 6 confirmations, as is highly recommended.
- The node you are using should avoid enabling incoming connections or, if this fails, detect incoming connections from well-known computers. This prevents an attacker from entering false information about the blockchain into our node.
- Outgoing node connections should also be monitored and allowed only to well-known nodes. This prevents your nodes from providing information about the state of the chain you are processing.
With these measures, you can easily protect yourself from this type of attack.
Final Thoughts
The blockchain technology has experienced its share of cyber attacks and security breaches in the past years. Hackers have stolen millions from crypto companies, such as the KuCoin exchange, while several DeFi (decentralized finance) platforms faced cybersecurity violations. Cybersecurity and crypto industry experts believe that cyber attacks targeting DeFi platforms, individual users, and smart contracts will be more prevalent in the coming years. Meanwhile, increased institutional investment in cybersecurity will improve the standards and security measures of most exchanges.