What is Distributed Denial-of-Service（DDoS）Attack?

[TL;DR]
As crypto and blockchain platforms witness a rise in adoption, one can observe a corresponding surge in attacks. Potential users aren’t the only ones flocking to the crypto space; malicious actors are doing the same. Several networks have fallen victim to a wide range of exploits, and a DDoS attack is a prime example.

While some argue that the decentralized nature of the crypto industry should render it immune to DDoS (distributed denial-of-service) attacks, unfortunately, that is not the case. DDoS attacks typically hone in on a single weak point in a system to gain illegal entry; they have plagued the tech sector for a long time but have recently grown more commonplace with blockchain-based platforms.

Due to this, we will explore precisely what DDoS attacks are. How do they affect blockchain networks? Read on to find out.
Keywords; DDoS, Blockchain, Network, Transaction, Attack


What is a DDoS Attack?

---

A distributed denial-of-service attack entails flooding a web server with more traffic than it can handle. The perpetrators send queries from multiple devices to the network to overwhelm it, and the congestion causes an overload on the target server, leading operations to shut down.

In the past, these attacks came from one device sending out numerous access requests. However, because a single IP address is easy to track and block, DDoS attacks were forced to evolve. The multiple machines employed in DDoS attacks are called bots, the bots create an overflow of traffic, and valid users of a server are denied access.

A DDoS attack does not actually aim to gain direct access; instead, it leverages and disrupts existing systems.


Blockchain-Based DDoS Attacks; How Decentralization Comes into Play

---

Decentralization is a central feature of the cryptocurrency industry. Being decentralized means that all data connected to a platform is distributed across a vast network of computers known as nodes or validators. All users can access the information, and control of the network does not rest in the hands of a single entity.

Blockchain technology is also described as distributed ledger technology, a record of data that is open to just about anyone. Transactions are first confirmed by the validators and then added to a ledger where the updates are visible on all the computers that make up the network of nodes. All the machines reflect the same information; if a single node fails to keep up, this will not be the case with the others.

Theoretically, weak points for DDoS attackers should not exist in the crypto and blockchain space. A single faulty node does not affect the rest of the network; regardless, DDoS attacks still occur on the blockchain.


How does DDoS occur in blockchain?

---

Exploiters that target blockchain protocols with DDoS utilize a method called transaction flooding. In this case, the attacker conducts a considerable quantity of false or spam transactions, making it nearly impossible for genuine exchanges to get through and harming operations in other ways.

As mentioned above, DDoS attacks leverage the standard system of operations; here’s how they do that with decentralized platforms.


How Does Transaction Flooding Work?

---

Each block in a blockchain typically has a fixed capacity; there is a data limit per block space. When users complete transactions and the current block has reached the max capacity, the transaction is held in a mempool until the next block is formed.

DDoS attacks take advantage of this by sending illegitimate transactions that fill the blocks. Authentic transactions are assigned to the mempool instead, which is a server failure. Valid data isn’t added to the ledger, and the system cannot perform accordingly.


How Does Transaction Flooding Affect the Network?

---

Aside from holding up transactions, flooding can cause other damages to the network, such as;

Software Crashes

Validators (nodes) access the blockchain as software that runs on specialized equipment. The nodes use this software to receive, process, and record all transactional data that comes their way. At times, the software has a fixed capacity and thus can only hold a limited number of transactions in the mempool or generally handle a specific quantity of data. DDoS attacks can break past this limit and create problems such as a software crash.

Node Failure

The blockchain software is dependent on the node. In order to facilitate the transactions it receives, the software needs the nodes. Transaction flooding may overload the computer with more data than it can handle, and this may cause a system failure. A node crash will call for a restart for the machine to get back online.

Congestion/Excess Traffic

Blockchains utilize a peer-to-peer (p2p) system, and this translates to nodes receiving multiple copies of the data relating to a transaction. With DDoS attacks, the same is true; the network creates multiple copies of the vast amount of spam transactions it receives, and this consumes a record amount of space.

Bloated Ledger

In this case, the DDoS attack also causes damage through a typical feature of blockchains; they are immutable. Transactions on the blockchain are stored permanently across numerous nodes. It is a crucial aspect of their nature that the records cannot be altered; hence all spam transactions from a DDoS attack are permanently added to the distributed ledger.


Examples of Blockchain DDoS Attacks

---

The Solana Network DDoS Attack

On the 14th of September last year, the Solana blockchain fell victim to a DDoS attack. It began when a new project went live on the platform; after the launch, several bots swarmed the project with transactions, thus overloading the network. Solana recorded traffic scaling 400,000 transactions per second; additionally, the transactions in question called for a fair quantity of the network’s resources. Thus, it took a lot of time and effort for the nodes to process.

Source; Solana Blog

Solana went offline soon after because the network’s nodes exhausted their memory and began to crash. As the nodes went offline, the network grew even more congested and, as a result, slower. The resource-intensive transactions queued up with fewer validators available to handle them, prompting block producers to suggest a hard fork.

The blockchain platform eventually took the hard fork route; the reason for this was that once the crashed nodes came online again, they were far behind the rest of the network and were unable to catch up due to the backlog of forks before them. The hard fork took the entire network back to a point where 80% of the validators had been online. The upgrade commenced, and thus after a few hours of inactivity, the Solana network resumed operation. The network later shared a detailed analysis of the shutdown and the cause.


Tether Stablecoin Ecosystem Faced with DDoS Attack

---

More recently, stablecoin network Tether (USDT) experienced a distributed denial-of-service attack. According to Chief Technology Officer Paolo Arduino, the platform received a ransom request to avoid mass DDoS. Arduino reported that the attacker had already made an attempt that saw the Tether network shoot up from its usual 2k requests every 5 minutes to a staggering 8M reqs/5 min.


DDoS mitigation company Cloudflare named “AS-CHOOPA” as the primary ASN for the brief attack, which only succeeded in slowing down the network. Given that USDT is majorly utilized on decentralized networks, the stablecoin was not affected by the attack. The attackers failed to extort funds from the Tether network and soon ceased.

Source; Twitter@paoloardoino

Arduino later posted that the attack had been mitigated; however, Tether was leaving the “I’m under attack mode” to prevent more attacks. The CTO reported that this would not impact redeeming in any way.


How to Protect a Blockchain from Distributed Denial-of-Service Attacks

---

When blockchain platforms are faced with DDoS attacks, the network’s nodes typically fall in the line of fire. These attacks target either the validator software or hardware; thus, a major way to defend the network against a DDoS is to provide nodes with sufficient memory, processing power, and network bandwidth. It is also essential to build failsafes into the code. Being able to spot an incoming attack gives time to facilitate a soft landing which is an improvement over the software suddenly exhausting its storage space and experiencing a jarring disruption.

Additionally, a network can deter DDoS attacks by filtering the transactions that come through. Block creators can decide which transactions make it into their blocks; if they can spot and discard transactions from bots, they can prevent them from being stored on the blockchain and causing network congestion.


Conclusion

---

Distributed denial-of-service attacks can pose a severe risk to blockchain networks. These exploits harm platforms and nodes and, overall, disturb the efficiency of the blockchain. While it might take time to develop more comprehensive strategies for mitigation, it is in the works. Platforms such as Ethereum are nearly immune to DDoS attacks; hopefully, in time, this is the same for other blockchain networks.






Author: Gate.io Observer: M. Olatunji
Disclaimer:
* This article represents only the views of the observers and does not constitute any investment suggestions.
*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all other cases, legal action will be taken due to copyright infringement.