• TechFin Consulting

The Risks with Public Blockchain in Web 3 Explained

In Web 3, Blockchain is a digital ledger of cryptocurrency transactions running across a peer-to-peer (P2P) network. It is known for its decentralisation, security, immutability, trust, transparency, improved traceability, and cost reduction. Bitcoin and Coinbase are examples that run on blockchain technology. Blockchain uses consensus algorithms such as Proof-of-Work (PoW) and Proof-of-Stake (PoS). Each block in the chain contains several transactions, and a record of a new transaction will be added to every participant’s ledger. A decentralised database managed by various participants is known as Distributed Ledger Technology (DLT).


For business owners or entrepreneurs looking to adopt a Decentralised Autonomous Organisation (DAO) structure, there are two main types of blockchains to consider - Public blockchain & Private blockchain.


Public blockchains, as the name suggests, are permissionless blockchains. This allows anyone to participate or leave the network without any management. In comparison, private blockchains are completely secure with a faster transaction process due to the centralised network.


Anyone can read and write in Public blockchain without explicit authorization and permission. Public blockchain follows complex rules and consensus algorithms for better security and is costly to mine and add a block.


a comparison between public blockchain and private blockchain: public blockchain is permissionless while private blockchain requires permission for access
Source: Medium.com

3 Types of Attacks on Public Blockchains in Web 3


51% Attack

51% Attack is often used on blockchains that have consensus protocol based on majority such as PoW-based systems.


PoW is the process of trying numerous solutions to solve a complex cryptographic puzzle. PoW uses a competitive validation method to confirm cryptocurrency transactions. Block production has a linear relationship with the difficulty of mining in order to keep block production at a stable rate. There will be a higher difficulty in mining when there is a higher computing power working to mine a digital currency, and vice versa.


51% Attack is possible by a group of miners who control more than 50% of the network’s mining hash rate. Although changing historical blocks is difficult due to the hard-coding of past transactions, attackers with majority network control can interrupt the recording of new blocks by preventing other miners from completing blocks. However, a successful attack on large public blockchains such as Bitcoin is unlikely as the attack will need to hijack 51% of the organisation.


In web 3, even a blockchain that utilises a PoS mechanism is susceptible to such attacks. In the PoS system, a validator is randomly chosen based on the coins that they possess within the blockchain network. The validator will be rewarded with a cryptocurrency coin for each validated transaction. This allows the intruder to corrupt transactions once a single miner gets more than 50% of the total cryptocurrency coins in the PoS network. They will be able to surpass all other users in the network and steal other users’ assets through manipulation of the system, and more.


However, compared to PoW, PoS networks greatly decrease the chances of a 51% Attack. This is also possible in DAO, where votes may be manipulated with disregard for the company’s growth. Effective ways to prevent 51% Attack is to monitor and ensure that no single user or a group of users owns more than 50% of the network’s computing power, or hop onto PoS to significantly decrease the risk of 51% Attack.


one user using a coin for two separate user
Source: DCX Learn

Vector 76 Attack

Vector 76 Attack is a type of double-spend attack that exploits a small bug in the blockchain, even in a PoW network. Stolen cryptocurrency funds and damages to its victims are some of the outcomes of this attack. It is named after the first user who discovered this attack, vector76, on the Bitcoin talk forum.


Despite the current advancement of technology in web 3, double spending still presents a serious issue even in the seemingly secure blockchain technology. This would not be an issue in centralised digital currencies, as it can be easily overcome by having all control in one core. In the decentralised nature of digital currencies, there will always be points of failure that cybercriminals can take advantage of.


In Vector 76 Attack, the attacker sends a self-build block to the decentralised network for confirmation that the block is valid. The attacker would seize cryptocurrency funds before the system detects this problem. This enables the attacker to inject a double spend transaction in a single block. In DAO, this is crucial to prevent double votes during the company’s decision-making process.


However, Vector 76 Attack is not common as the process of this attack requires withdrawal payments of an exchange service after just one confirmation. Most exchanges typically require 2 to 6 confirmations before the user can withdraw its payment. Although, it is good to be aware and stay protected against such attacks. Users can protect themselves by using exchange systems that have more than one confirmation upon each transaction, or have inbound connections from well-recognized computers.



Sybil Attack

A Sybil attack is a security threat in web 3 where one user tries to take over the blockchain network by creating multiple accounts, nodes or computers within the decentralised network. This type of attack aims to weaken the authority or power in a reputable system by gaining the majority of influence in the network. It has its name derived from a case study about a woman named Sybil Dorsett, who was treated for Multiple Personality Disorder.


In Sybil attacks, the attackers may be able to out-vote the honest nodes on the network by creating sufficient fake identities. This grants them the ability to refuse to receive or transmit blocks, in turn effectively blocking users from the network. Attackers may also carry out 51% attacks in an extremely large-scale Sybil attack. They may gain control over cryptocurrency transactions, allowing them to reverse transactions that can result in double spending. They may also change the ordering of transactions, and prevent transactions from being confirmed.


Gaining disproportionate influence over the decisions made in the decentralised network is the main goal of a Sybil attack on a blockchain network. This effect is achieved by creating and controlling several aliases. In the context of DAO, Sybil Attack works similarly but is primarily focused on passing malicious proposals that may compromise the integrity and best interest of the DAO.


In turn, blockchains use different algorithms to tackle Sybil attacks in web 3, such as through PoW, PoS and Delegated Proof-of-Stake (PoS).


These algorithms help defend against Sybil attacks by making it impractical for an attacker to carry out a Sybil attack. One example would be Bitcoin’s blockchain. In the Bitcoin network, the ability to create a block has to be proportional to the total processing power of the PoW mechanism. This means that the attacker has to own the high computing power required to create a new Bitcoin block, making it difficult and costly to be performed. Miners will be rewarded with a strong incentive to keep mining Bitcoin compared to attempting a Sybil attack.


Conclusion

As blockchain continues to evolve and expand with the growth of web 3, it’ll carry its unique traits and risks. Understanding your business requirements is the first step to discovering a suitable blockchain. DAO, which runs on a blockchain, may be affected the same concerning the company’s best interest. Business owners may consider the risks discussed today to design and implement their decentralised enterprise blockchain to reduce the potential attacks.


Interested in implementing blockchain technology in your organisation? Explore Decentralised Autonomous Organisations with Techfin x SMU Academy 1-Day course on “Understanding DAO” to find out how you can take blockchain technology to YOUR advantage! Sign up here today!