A DDoS (Distributed Denial of Service) is a cyber security attack where malicious actors flood and overwhelm a network, application, server or system with spam traffic or fake transactions.
The intention is to slow down and disrupt the system or network therefore preventing the processing and confirmation of legitimate transactions and obstructing genuine users from using the system, network or protocol.
Image credit: horizen
A blockchain is a decentralized distributed ledger that runs on multiple nodes. These nodes make up the blockchain network and they validate or process transactions which are recorded in blocks. The nodes in a blockchain do this through a consensus mechanism.
A key tenet of blockchain technology is ‘decentralized’ there is no one server or focal point in a blockchain each node is part of a larger system that works in agreement via the consensus mechanism of the blockchain.
For this reason, many might simply write off the possibility of a blockchain DDoS attack since if the attacker takes down one node the rest nodes will carry on with the blockchain as no node in a blockchain is indispensable, meaning that any node can go down due to a DDoS attack without taking down the network as a whole.
Despite this being true, blockchains are not immune to DDoS attacks, as we all know nodes validate transactions, and as we have seen in the past attackers can flood blockchains with spam transactions this will slow down the throughput of the blockchain reducing its availability to genuine users as legitimate transactions will not be validated on time.
Manta Network after experiencing a DDoS attack
It is noteworthy to point out that malicious actors may also perform DDoS attacks at the application level (DApps) and not necessarily at the blockchain network level. Crypto exchanges are usually victims of DDoS attacks which usually take them offline for some time before services are restored and they are back online.
Justin Sun’s HTX was the victim of a DDoS in January 2024 reports suggest that the exchange was down for about 15 minutes before services were restored.
Malicious actors often make use of botnets ( these are a network of compromised devices which are infected with malware and controlled by the malicious actor).
Bad actors utilize these compromised devices which are under their control to bombard victims with bogus traffic in a bid to overwhelm the network, at this point normal service is denied to legitimate traffic.
In blockchain, the main type of DDoS attack is transaction flooding, you see most blockchains have a fixed capacity because blocks are created with a certain maximum size at regular intervals.
Anything transaction that doesn’t fit in the current block will be stored in mempools for consideration for the next block.
If an attacker sends many spam blockchain transactions to the network, they can fill up blocks with spam transactions causing genuine transactions to wait in the mempools, legitimate users are forced to either pay absurdly high fees to get their transactions through or wait until the attack subsides, the blockchain becomes very slow.
Some of the following are the effects of DDoS attacks:
Network congestion
The immense magnitude of bogus, fake, and spam transactions can lead to congestion in the blockchain network. This is due to blockchains being peer-to-peer networks, where each node that receives a transaction or block will send a copy to other nodes. A transaction flooding attack already creates large transaction volumes, and the use of a peer-to-peer network amplifies this, leading to network congestion.
Node Failures
Network validators or miners run the blockchain software on devices that meet the requirements of the blockchain software. Each node needs to support the software's needs. While attempting to handle the large volume of spam data received and processed during a DDoS attack, a node may run out of memory or CPU, causing it to crash.
Bloated Ledger
Blockchain records are immutable, which means they cannot be changed. For this reason, transaction flooding has a permanent impact on the blockchain network. The ledger is compelled to include all the spam transactions caused by the attack, inconveniencing every node as they all need to maintain a copy of this ledger
Software Crashes
Blockchain nodes are operated by installing the software of a blockchain; this software may have built-in limits for the number of transactions it can store in its mempool or limits on the amount of memory allocated to it, which can cause issues if these transaction limits are exceeded due to DDoS attacks.
Image credit: Kinsta
DDoS attacks usually target bottlenecks within the software or hardware on a blockchain node. The more decentralized a network is with thousands of nodes the more resilient it is to a DDoS attack.
Some of the ways to prevent and guide against a DDoS attack include:
Adequate capacity: One way to defend against DDoS is to ensure that nodes have adequate storage, processing power, and network bandwidth.
Redundancy and Backup: Systems, DApps and protocols could maintain redundant network infrastructure and backup servers this measure ensures continuity of the system even in the event of an attack. Distributing nodes across multiple geographical locations can minimize the impact of a localized DDoS attack.
CAPTCHA: where possible, CAPTCHA challenges should be implemented to ensure that incoming requests are from legitimate users. This helps prevent automated bots from flooding the network or system with requests and spam.
Stress Testing: Networks and systems can conduct stress tests on the blockchain network or protocols regularly to assess their resilience against DDoS attacks.
This will aid in Identifying potential weaknesses, they can then adjust the network infrastructure and defence mechanisms accordingly.
Blockchain Security Audits: As usual is always a step in the right direction to conduct security audits specifically focused on the unique security requirements of blockchain networks.
This includes but is not limited to analyzing smart contracts, validating consensus algorithms, and auditing the integrity of the blockchain’s data structure.
System/Network Monitoring: The ability to identify a potential attack creates less of an impact than if software suddenly runs out of memory and crashes hard, for this reason, it is ideal that infrastructures should be always under surveillance.
Filtering transactions: From a blockchain network perspective, DDoS attacks can be defended against by filtering transactions. If validators and miners have the choice of which transactions to include in their blocks. Identifying and discarding potential spam transactions can prevent these from being included in the ledger and clogging up the network.
DDoS attacks can degrade the blockchain’s effectiveness by making it incapable of adding legitimate transactions to blocks, resulting in loss of user trust, market value, and reputational damage to the blockchain or protocol.
[Author’s Note: This article does not represent financial advice, everything written here is strictly for educational and informational purposes. Please do your own research before investing.]
Author: Godwin Okhaifo
