CertiK Logo
Products
Company
Back to all stories
Blogs
What is a DDoS Attack? How Can it Affect Crypto?
1/14/2022
What is a DDoS Attack? How Can it Affect Crypto?

A DDoS attack, which stands for “distributed denial-of-service” is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

Once a DDoS starts on one computer, it will spread to others in the same network, leading to catastrophic failure.

This type of attack takes advantage of the specific capacity limits that apply to any network resources, such as the infrastructure that enables a company’s website. Usually, the attacker’s ultimate aim is the total prevention of the web resource’s normal functioning. In the case of a website or app, you would be unable to access the site. The attacker may also request payment for stopping the attack. In some cases, a DDoS attack may even be an attempt to discredit or damage a competitor’s business. This is why precautions should be taken. 

  • There are over 2,000 DDoS Attacks that are observed world-wide DAILY. 
  • One third of all downtime incidents are attributed to DDoS attacks.
  • $150 can buy a week-long DDoS attack on the black market. 

Types of Attacks 

DDoS attacks come in many different forms, from Smurfs to Teardrops, to Pings of Death.

TCP Connection Attacks - Occupying connections

These attempt to use up all the available connections to infrastructure devices such as load-balancers, firewalls and application servers. Even devices capable of maintaining state on millions of connections can be taken down by these attacks.

Volumetric Attacks - Using up bandwidth

These attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion. 

Fragmentation Attacks - Pieces of packets

These send a flood of TCP or UDP fragments to a victim, overwhelming the victim's ability to re-assemble the streams and severely reducing performance. 

Application Attacks - Targeting applications

These attempt to overwhelm a specific aspect of an application or service and can be effective even with very few attacking machines generating a low traffic rate (making them difficult to detect and mitigate). 

Typical targets for DDoS attacks include:

  • E-commerce sites
  • Online casinos
  • Any business or organization that depends on providing online services

How to identify a DDoS attack

The most obvious symptom of a DDoS attack is a site or service suddenly becoming slow or unavailable. But since a number of causes, such as a legitimate spike in traffic, can create similar performance issues, further investigation is usually required. Penetration Testing offers a safe and in-depth attack simulation to expose the most complex vulnerabilities. Penetration Testing Traffic analytics tools can help you spot some of these telltale signs of a DDoS attack:

  • Suspicious amounts of traffic originating from a single IP address or IP range
  • A flood of traffic from users who share a single behavioral profile, such as device type, geolocation, or web browser version
  • An unexplained surge in requests to a single page or endpoint
  • Odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural (e.g. a spike every 10 minutes)

There are other, more specific signs of DDoS attack that can vary depending on the type of attack.

DDoS attacks vary greatly in length and sophistication. A DDoS attack can take place over a long period of time or be quite brief. Despite being very quick, burst attacks can still actually be extremely damaging. With the advent of internet of things (IoT) devices and increasingly powerful computing devices, it is possible to generate more volumetric traffic than ever before. As a result, attackers can create higher volumes of traffic in a very short period of time. A burst DDoS attack is often advantageous for the attacker because it is more difficult to trace.

  • Long-Term Attack: An attack waged over a period of hours or days is considered a long-term attack. For example, the DDoS attack on AWS caused disruption for three days before finally being mitigated.
  • Burst Attack: Waged over a very short period of time, these DDoS attacks only last a minute or even a few seconds.

DDoS In Crypto

DDoS attacks are mainly a problem seen in the traditional cybersecurity world, but how does this relate to crypto and blockchain? Due to its digital nature, blockchain is susceptible to attack and exploitation. In theory, having a decentralized network distributing computing power worldwide should eliminate single points of failure such as servers or apps. DDoS attacks on a blockchain focus on the protocol layer, with the biggest threat to blockchains being transaction flooding. Traditional DDoS attacks can be executed against a blockchain to slow its operations, and attackers can work within the blockchain ecosystem to perform a DDoS attack.

Most blockchains have a fixed block size and limit how many transactions fit into a block. By sending spam transactions to the blockchain, attackers can fill the blocks and hinder legitimate transactions from being added to the chain. When this happens, all legitimate transactions will end up in the mempool, waiting for the next block. Legitimate transactions not being added to the blockchain is already a system failure.

With the rise of applications of blockchain technology, a new type of DoS attack emerged — a blockchain denial-of-service (BDoS) attack. These attacks focus on blockchains operating under the proof-of-work (PoW) consensus mechanism like Bitcoin. 

Attacks in Crypto

  • In February of 2021, the EXMO Cryptocurrency exchange fell victim to a DDoS attack that rendered the organization inoperable for almost five hours.
  • Solana network went down for around four hours early this month as a result of an apparent DDoS attack. Solana.Status showed the network has been fully operational with 100% uptime over that period.
  • Arbitrum One had a transaction flood overwhelm the Sequencer, knocking it offline for approximately 45 minutes.  Without the Sequencer, transactions were waiting in the queue but no new transactions were being accepted or being added to the blockchain.

Unfortunately, cryptocurrency exchanges have become increasingly targeted by DDoS attacks because of their growing popularity. Since 2020, there have been numerous DDoS attack attempts on some of the major crypto exchanges. Unfortunately, this renders the exchange’s services unavailable for a prolonged period of time. 

In the early to mid-2000s, this kind of criminal activity was quite common. However, the number of successful DDoS attacks has been reducing. This decrease in DDoS attacks is likely to have resulted from police investigations that have resulted in the arrest of criminals across the world and technical countermeasures that have been successful against DDoS attacks. However as the types of attacks evolve, the ways to prevent them will as well as the never ending cyber war wages on. Though the impact of DDoS attacks aren’t severe, they still put a dent in the whole crypto ecosystem. 

The primary ways to defend against them are to ensure that nodes have adequate storage, processing power, and network bandwidth as well as building failsafes into the code. Generally, the more decentralized a blockchain network is, the more secure it is against a DDOS attack. CertiK’s Skynet monitors on-chain activity and can alert if an attacker is flooding transactions into a smart contract or chain. It is vital to stay alert to potential threats. By always being prepared for potential disasters, you should be able to prevent catastrophe.