Unot of the lesser known attacks in the world of cryptocurrencies is the recently known Erebus attack. This is a type of attack from Distributed denial of services or DDoS, which has the ability to take control of an entire cryptocurrency network to the point of rendering it unusable. Certainly a serious threat to the functioning of cryptocurrencies, and one that can derail efforts for a decentralized world. Fortunately, cryptocurrency developers are not only aware of the attack, but have also created countermeasures to prevent such an outcome.
But how is it possible that the Erebus attack could disable a cryptocurrency network? What measures have been taken to avoid this problem? Well, that and more is what we will explain to you in this new article from Bit2Me Academy.
Erebus attack, a dangerous enemy for cryptocurrency networks
The well-known Erebus attack is actually a distributed denial of services (DDoS) attack, that is, it is an attack that seeks to cut off the proper functioning of a network by making it inaccessible to its users. In this way, it is impossible for any user (or a good part of them) to carry out cryptocurrency transactions on the attacked network.
To achieve this, the Erebus attack works in two phases:
- First, it creates a point of intervention and control using malicious nodes that will have the objective of manipulating the connections of the rest of the nodes of the network and dividing the network.
- Second, it manipulates the information that is transmitted on the network to prevent it from reaching its destination, and even from being manipulated as required by the attackers.
These types of attacks pose a serious risk to the security of cryptocurrency networks and users. The work that led to the discovery of this form of attack was carried out by researchers Muoi Tran, Inho Choi, Gi Jun Moon, Anh V. Vu and Min Suk Kang, who developed the theory and a functional proof of concept in July 2019, in his work "A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network".
From that moment, cryptocurrency developers began to take measures to prevent these types of attacks. And, how could it be otherwise, Bitcoin developers were the first to take measures to prevent this type of attack on the network Bitcoin.
How does the Erebus attack work?
Now, to understand how the Erebus attack works, it is necessary to first understand how a cryptocurrency network works. In this sense, it is good to review that a cryptocurrency network is nothing more than a swarm of computers that run software that allows them to communicate with each other. These computers send and receive information over the Internet using a common language or protocol, which allows them to work together. For example, a computer with Bitcoin software located in Spain can send and receive information to other computers located in any other part of the world, and all this without intermediaries and in a decentralized way. It is what we call a peer-to-peer or P2P network.
Now, although the network of Bitcoin and other cryptocurrencies is organized in a highly decentralized way, the Internet, the communication bridge between the nodes of these networks, is another story. The Internet is a network of millions of computers, but it is not completely decentralized. In reality, there are points that are so vital that manipulating them would put millions of people without Internet service. In addition, your Internet provider can also manipulate your connection and prevent you, for example, from accessing a certain website or service.
For example: Currently in Spain, the main telecommunications operator Movistar, and the government of Spain itself, constantly censor access to websites, in the same way that it happens in China or in many countries where governments want to manipulate information or block access free to it.
At this point it is clear that the Internet is a weak point in the operation of a cryptocurrency network. Especially if there is someone who can manipulate such connections at a low level, causing the cryptocurrency network to not work correctly.
Well, this is precisely what the Erebus attack does. Taking advantage of the capacity of the cryptocurrency protocol such as Bitcoin to connect the different nodes of the network, it performs a man-in-the-middle attack (MITM) to manipulate the connections of those connected nodes. A man-in-the-middle (MITM) attack occurs when someone is able to intercept a connection between two machines to listen to, and even manipulate, all the information shared by those two machines during the connection. Thus, basically whoever performs an MITM is a spy. One that is able to see all the information that we share with the rest.
To carry out the Erebus attack, two weak points have to be exploited:
- The partition of Internet networks controlled by the AS (Autonomous System or Autonomous System). These allow the companies or governments that control them, manipulate the traffic of their networks and subnets as desired.
- A weakness in the selection and variability in the connections of the nodes with other nodes of the network. Thanks to this, whoever controls an AS can manipulate the connections of the nodes so that they connect to manipulated nodes within the range of action of the malicious AS.
Scope and dangers of the attack
As a result of these two weaknesses, the Erebus attack is able to manipulate the connections of the victim nodes and redirect them as desired. This for example would make the following scenarios possible:
- Affect the consensus rules of the cryptocurrency. This is possible for the attacker since by manipulating the communication of the nodes of the network and redirecting it to nodes manipulated with a set of different consensus rules, these can break the entire consensus of the network, causing a hard fork. Thus, the attacker can apply any set of consensus rules he wants to the network.
- Manipulate the mining power of the network. Since the attacker can alter the communication routes of the network, it is possible that he seizes mining power by dividing the network. Miners depend on pool nodes for their work, and if those nodes are tampered with, the miners' work can go where the attacker wishes. Thus, with that mining power in its favor, it is possible to carry out any other type of attack using attack schemes such as the 51% attack.
- It can affect the second layer protocol and even sidechains that depend on the attacked cryptocurrency network. Thus, for example, an Erebus attack on Bitcoin could affect the Lightning Network, and all this due to the fact that although LN is a different network, its operation depends on the operation of Bitcoin.
As you can see, the range of the attack is extensive but it is not only there. In addition, an Erebus attack has characteristics that make it even more dangerous:
- The attack is undetectable. The attacker can start the same days or weeks before, and the consequences of the attack will not be seen until a malicious action is already being executed outside the known parameters of the network.
- It can be carried out quickly. In fact, any Tier-1 or Tier-2 qualified service provider (large networks or set of Internet networks) can carry out the attack without major problems. According to the study mentioned above, for a Tier 2 network it would be possible to carry out a large-scale attack in just under six weeks using a single computer, a period that can be shortened by using large server complexes such as those of Amazon or Google.
- Complex countermeasures to apply, which makes solving the attack complex.