The Erebus attack is a type of attack capable of affecting the network of cryptocurrencies such as Bitcoin and derivatives, managing to alter its operation and even making its normal operation impossible. 

Unot of the lesser known attacks in the world of cryptocurrencies is the recently known Erebus attack. This is a type of attack from Distributed denial of services or DDoS, which has the ability to take control of an entire cryptocurrency network to the point of rendering it unusable. Certainly a serious threat to the functioning of cryptocurrencies, and one that can derail efforts for a decentralized world. Fortunately, cryptocurrency developers are not only aware of the attack, but have also created countermeasures to prevent such an outcome. 

But how is it possible that the Erebus attack could disable a cryptocurrency network? What measures have been taken to avoid this problem? Well, that and more is what we will explain to you in this new article from Bit2Me Academy. 

Erebus attack, a dangerous enemy for cryptocurrency networks

The well-known Erebus attack is actually a distributed denial of services (DDoS) attack, that is, it is an attack that seeks to cut off the proper functioning of a network by making it inaccessible to its users. In this way, it is impossible for any user (or a good part of them) to carry out cryptocurrency transactions on the attacked network.

To achieve this, the Erebus attack works in two phases:

  1. First, it creates a point of intervention and control using malicious nodes that will have the objective of manipulating the connections of the rest of the nodes of the network and dividing the network.
  2. Second, it manipulates the information that is transmitted on the network to prevent it from reaching its destination, and even from being manipulated as required by the attackers.

These types of attacks pose a serious risk to the security of cryptocurrency networks and users. The work that led to the discovery of this form of attack was carried out by researchers Muoi Tran, Inho Choi, Gi Jun Moon, Anh V. Vu and Min Suk Kang, who developed the theory and a functional proof of concept in July 2019, in his work "A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network".

From that moment, cryptocurrency developers began to take measures to prevent these types of attacks. And, how could it be otherwise, Bitcoin developers were the first to take measures to prevent this type of attack on the network Bitcoin.

How does the Erebus attack work?

Now, to understand how the Erebus attack works, it is necessary to first understand how a cryptocurrency network works. In this sense, it is good to review that a cryptocurrency network is nothing more than a swarm of computers that run software that allows them to communicate with each other. These computers send and receive information over the Internet using a common language or protocol, which allows them to work together. For example, a computer with Bitcoin software located in Spain can send and receive information to other computers located in any other part of the world, and all this without intermediaries and in a decentralized way. It is what we call a peer-to-peer or P2P network.

Now, although the network of Bitcoin and other cryptocurrencies is organized in a highly decentralized way, the Internet, the communication bridge between the nodes of these networks, is another story. The Internet is a network of millions of computers, but it is not completely decentralized. In reality, there are points that are so vital that manipulating them would put millions of people without Internet service. In addition, your Internet provider can also manipulate your connection and prevent you, for example, from accessing a certain website or service.

For example: Currently in Spain, the main telecommunications operator Movistar, and the government of Spain itself, constantly censor access to websites, in the same way that it happens in China or in many countries where governments want to manipulate information or block access free to it.

At this point it is clear that the Internet is a weak point in the operation of a cryptocurrency network. Especially if there is someone who can manipulate such connections at a low level, causing the cryptocurrency network to not work correctly.

Well, this is precisely what the Erebus attack does. Taking advantage of the capacity of the cryptocurrency protocol such as Bitcoin to connect the different nodes of the network, it performs a man-in-the-middle attack (MITM) to manipulate the connections of those connected nodes. A man-in-the-middle (MITM) attack occurs when someone is able to intercept a connection between two machines to listen to, and even manipulate, all the information shared by those two machines during the connection. Thus, basically whoever performs an MITM is a spy. One that is able to see all the information that we share with the rest.

To carry out the Erebus attack, two weak points have to be exploited:

  1. The partition of Internet networks controlled by the AS (Autonomous System or Autonomous System). These allow the companies or governments that control them, manipulate the traffic of their networks and subnets as desired.
  2. A weakness in the selection and variability in the connections of the nodes with other nodes of the network. Thanks to this, whoever controls an AS can manipulate the connections of the nodes so that they connect to manipulated nodes within the range of action of the malicious AS.

Scope and dangers of the attack

As a result of these two weaknesses, the Erebus attack is able to manipulate the connections of the victim nodes and redirect them as desired. This for example would make the following scenarios possible:

  1. Affect the consensus rules of the cryptocurrency. This is possible for the attacker since by manipulating the communication of the nodes of the network and redirecting it to nodes manipulated with a set of different consensus rules, these can break the entire consensus of the network, causing a hard fork. Thus, the attacker can apply any set of consensus rules he wants to the network.
  2. Manipulate the mining power of the network. Since the attacker can alter the communication routes of the network, it is possible that he seizes mining power by dividing the network. Miners depend on pool nodes for their work, and if those nodes are tampered with, the miners' work can go where the attacker wishes. Thus, with that mining power in its favor, it is possible to carry out any other type of attack using attack schemes such as the 51% attack.
  3. It can affect the second layer protocol and even sidechains that depend on the attacked cryptocurrency network. Thus, for example, an Erebus attack on Bitcoin could affect the Lightning Network, and all this due to the fact that although LN is a different network, its operation depends on the operation of Bitcoin.

As you can see, the range of the attack is extensive but it is not only there. In addition, an Erebus attack has characteristics that make it even more dangerous:

  1. The attack is undetectable. The attacker can start the same days or weeks before, and the consequences of the attack will not be seen until a malicious action is already being executed outside the known parameters of the network.
  2. It can be carried out quickly. In fact, any Tier-1 or Tier-2 qualified service provider (large networks or set of Internet networks) can carry out the attack without major problems. According to the study mentioned above, for a Tier 2 network it would be possible to carry out a large-scale attack in just under six weeks using a single computer, a period that can be shortened by using large server complexes such as those of Amazon or Google.
  3. Complex countermeasures to apply, which makes solving the attack complex.

How much do you know, cryptonuta?

Do these types of attacks prove that cryptocurrencies are unsafe?


Although the Erebus attack is an attack that can really take a network like Bitcoin out of the game, in practice it is not easy to do so. In fact, the project has already taken actions to prevent these attacks from having such an impact on the network. In addition, the idea is to improve even more to avoid this type of action and others that may arise in the future.

Cryptocurrency networks affected

The researchers behind the discovery of Erebus have tested their theory using the Bitcoin network as an example, making Bitcoin their first cryptocurrency network to be hit by such attacks.

The reason is that Bitcoin's P2P communications protocol is vulnerable to these types of attacks. Additionally, any other cryptocurrency that uses the base of the Bitcoin P2P communication protocol is also vulnerable to this type of attack. In this sense, other cryptocurrency networks susceptible to these attacks are Bitcoin Cash, Litecoin, Dash (at the node and miner level, not at Masternodes), Zcash, Qtum, Bitcoin Gold, or DigiByte, among others.

However, a group of cryptocurrencies that use Gossip protocols or modifications of it for its operation, such as Ethereum, are not affected by this type of attack. They can even detect the attack with some ease by detecting manipulation of the nodes.

Solutions to the problem

Despite the danger posed by the Erebus attack, Bitcoin developers have already got to work. In fact, with the release of Bitcoin Core 0.20.0, the Bitcoin software comes with a countermeasure thought to make the Erebus attack more difficult. This function is known as Asmap, whose objective is:

  1. Prevent an autonomous system (AS) (a collection of Internet Protocol (IP) routing prefixes) connected under the control of one or more network operators (usually ISPs or large companies) from manipulating the routing of the connections of the nodes in a way that affects the operation of the network.
  2. Prevent attackers from using the Border Gateway Protocol (BGP) to control the routing of packets between different autonomous systems to connect them. In doing so, the attackers could effectively hijack the nodes' connections and use them for their own benefit.

To defend Bitcoin from this problem, the Bitcoin Core development team decided to take some additional actions among which we have:

  1. Increase the number of connections of the nodes to 125 different connections. By default, the node connects to 10 nodes with outgoing connections, of which; 8 are full-relay and 2 are block-only relay.
  2. The connections must respect a grouping system designed to diversify the connections of the nodes. This prevents nodes from choosing connections within the same IP group assigned by the same regional AS.

Taken together, these measures make the Erebus attack on Bitcoin even more difficult to carry out, but not impossible.

On the other hand, beyond the actions carried out in Bitcoin, other derivative cryptocurrency projects have also taken the same actions. This is the case, for example, of Litecoin, a project that shares the same network protocol as Bitcoin, and where they have applied the same guidelines to protect the network. In any case, cryptocurrency developers are aware of the risks, and therefore have taken actions to prevent these attacks from being carried out easily. After all, one of the main flags of cryptocurrencies is security, and that is work that never stops.