Media Release by Charles Darwin University
A study from Charles Darwin University (CDU) and the University of Tehran in Iran has identified a new cyber threat that brings into doubt blockchain security for use in critical infrastructure.
The joint study has called the new cyberthreat a misleading attack because of its intention of deceiving miners.
Miners make computations to validate transactions on a blockchain to keep it up to date and are given cryptocurrency as payment. This system is under attack with this new strategy to mislead miners.
CDU Professor Mamoun Alazab said the attack misleads blockchain miners by stealing some of their computational power and redirecting it to a different chain or fork.
Miners receive compensation for using their computational power to verify transactions on a specific cryptocurrency’s blockchain.
“The misleading attack is orchestrated by someone who redirects some miners computational power to a different chain, so that it (the attacker) can outrun the main chain and thus make its fork the dominant one,” Professor Alazab said.
“The chain, that miners are being misdirected to, is engineered to lose in the competition, and so is the main chain. All is for the attacker’s chain to win and become dominant. This vulnerability can also boost the success of other types of blockchain attacks.”
Professor Alazab said this new attack method on blockchain was concerning because its rates of success were high and blockchain technology was being used in critical infrastructures.
“There is this perception that blockchain, such as Bitcoin, is safe and secure from attack,” he said.
“But this new misleading attack, along with some high-profile attacks that have cost millions of dollars, has shown that blockchain technology, particularly Bitcoin, is not as secure as we think, or as it needs to be for use in critical infrastructure.”
University of Tehran’s Dr Ghader Ebrahimpour and Dr Mohammad Sayad Haghighi were also involved in the research that uncovered the details of the new malicious attack on Bitcoin.
“If preventive or compensative measures are not taken, this attack can undermine the trust to a blockchain security and lower its value,” Dr Ebrahimpour said.
“If such a blockchain is ever used in critical infrastructure or financial systems, huge impacts can be expected,” Dr Sayad Haghighi said.
The study into misleading attacks, “Can Blockchain be Trusted in Industry 4.0? Study of a Novel Misleading Attack on Bitcoin,” was published recently in the IEEE Transactions on Industrial Informatics.
Professor Alazab said that Bitcoin’s blockchain technology was vulnerable, but that misleading attack was not possible on Ethereum’s blockchain technology because of the tracking system.
Professor Alazab said there may be different solutions to the threat.
“One is to change the design and remove the block reward. The miners then have to be rewarded out of transactions commissions,” he said.
“The concept of uncle block reward, similar to that of Ethereum, can also help in mitigating the problem.”
Professor Alazab said there were other solutions to make block parallel blockchains.