What is a DDoS attack in blockchain? | The truth

Blockchain Security + blog Z. Oualid today

share close

One of the biggest myths that Blockchain technology has come with was that it is not vulnerable to DDOS attacks. This idea is totally wrong, even Blockchain technology is vulnerable to DDOS attacks, and not only one type of them. So, what is DDos attack in Blockchain?

A DDoS attack or a distributed denial of server attack in Blockchain happens when the Blockchain network is incapable of adding new transactions sent by its clients for a period of time into newly generated blocks. This attack can be performed by targeting one or more layers of Blockchain technology.

In this blog post, we are going to discuss in detail how a DDoS attack could happen on a Blockchain and why. In addition, we are going to see the type of Blockchain DDoS attacks and the vulnerability or the design issue that each one of them exploits to perform such attacks. Moreover, we are going to give you some real examples of such attacks. So if you are interested, just keep reading and leave a comment below.

What is a DDoS attack in blockchain?

A DDoS attack or a distributed deny of server attack in Blockchain happens when the Blockchain network is incapable of adding new transactions sent by its clients for a period of time.  

One of the biggest myths in Blockchain technology is the fact that it is immune to DDOS attacks. This myth comes from the Blockchain design itself that gives this illusion. Blockchain technology is built on the fact that multiple powerful computers are connected to the same network and do the same job which results in the same results no matter what happens.

However, this architecture only protects the Blockchain network from traditional DDOS attacks where the network traffic of a server is targeted to saturate it and stop it from serving others. However, as mentioned in a previous blog post, even in traditional networks, DDOS attacks could target different layers of the OSI model.

This is actually what happens in Blockchain DDOS attacks. Because this network is fully distributed, performing an attack to saturate the bandwidth will simply be impossible or very hard to do. Therefore, attackers try to target different components of the Blockchain network to be able to stop it from correctly performing its functionalities.

In the next section, we are going to describe multiple types of possible Blockchain DDoS attacks that have been used against real Blockchains, or that can be performed. We are also going to explain with some level of technical details what each one of those types the attackers actually exploit to perform a DDOS attack.

What are the types of DDOS attacks in Blockchain?

A Blockchain DDOS attack could target one or more layers of the Blockchain network. Moreover, some of those attacks could be performed, without any technical skills. In this section, you are going to see three types of Blockchain DDOS attacks.

Network-based Blockchain DDoS attack

Network-based Blockchain DDOS attack happens if a Sybil or a routing attack was successfully executed in the blockchain network.

The Sybil attack happens when, an attacker tries to create multiple identities in the Blockchain network, to get more voting power. If the Blockchain is vulnerable to such an attack, then the attacker may try to stop the Blockchain from correctly working causing a denial of service.

The routing attack happens when the attacker tries to route all the transactions through his nodes. This attack could be categorized into two smaller attacks.

  • Partitioning attack: An attacker tries to divide the network into two or more disjoint groups. This can be done by attacking certain points within the network, which act as the linking point between the two groups.
  • Delay attack: An attacker picks up the propagating messages, makes changes to them, and finally transfers them to the side of the network, which has not seen them before.

Doing so, allow the attacker to control the whole network traffic, which means he can at any moment stop all the transactions from spreading correctly in the network.

Both attacks described in this subsection, are very difficult to perform especially for the Sybil attack. As becoming a node in the network require either so much calculation capacities or risking an amount of money by staking it in the Blockchain.

Consensus-based Blockchain DDoS attack

This type of attack is less probable to happen in reality, as it requires too many investments and the gain that this attack will give to the attacker is negligent compared to what he could lose. Consensus-based Blockchain DDOS attack could happen, if a user or a group of users reach 33% of calculation power or stake depending on the used consensus mechanism. At this level, the attacker would be able to disturb the network to not allow it to work correctly.

However, performing a DDOS attack after reaching that level of power in a Blockchain, would not be a good idea for attackers, as making money from it would be way better than destroying it.

Protocole-based Blockchain DDoS attack

The protocol-based Blockchain DDOS attacks happen when the transactions mempool of the network is saturated by the fake transactions. The transaction mempool, is a sort of limited memory of transactions that are already verified but are waiting to get included in a block. The size of blocks that can be created after each interval of time and included in the Blockchain is limited, and all the transactions that didn’t get included in the block, get stored temporarily in that memory zone, waiting for the next block.

Therefore, if the number of transactions that a mempool could hold is reached, the new transaction is dropped from the mempools and the fund will get back to its place. In the case of Ethereum nodes, the default mempool size is 300MB.

Therefore, attackers try to exploit this behavior by sending a big number of fake transactions to the Blockchain trying to reach that limit and make the network unavailable. Unfortunately, this kind of attack does not require too many technical skills to exploit, all that an attacker needs to have is a good budget to cover his attack for the period of time he wants. In addition, even for the budget, the attacker will only pay for the gas fees.

This kind of DDOS attack may seem very difficult to perform, especially because it needs a really good budget. However, this attack did happen on a real Blockchain. Section 4 of this blog post will give you a real example of such an attack.

Decentralized app-based Blockchain DDoS attack

Decentralized app-based Blockchain DDoS attack happens when a smart contract running on the Blockchain continues consuming the whole available gas before finishing its execution.

Every smart contract running on the Blockchain has a limited amount of gas that can be used to correctly run. In addition, when a user tries to run a smart contract, he needs to specify a fixed amount of gas limit to allow the smart contract to correctly finish its operations. If the gas specified by the user is consumed before the smart contract correctly finishes its execution, the transaction is reverted but the gas is not refounded.

In some cases, this behavior could be made continues no matter what level of gas limit is submitted by the users which results in a DOS attack. This type of attack could be the result of a bug in the smart contract itself and can be triggered either intentionally by an attacker, or accidentally after a user operation. To better understand this aspect, here is a realistic example:

Imagine that you have a smart contract that manages user’s accounts in a company. to be able to send money to another account, a msg sender should be part of the organization. Therefore, the smart contract stores its users in a simple array. Therefore, before the smart contract could execute the function, it has to loop on the accounts stored in that array to verify if the msg sender exists in that array, otherwise it reverts the transaction.

With this scenario, if a user creates a big number of accounts within the smart contract, then at each operation of funding the smart contract will consume its gas before correctly executing. This will then result in a DoS attack, as no operation of funding would be possible.

The DDOS attack could happen at this layer of the Blockchain due to multiple reasons. The example explained here talks about infinite loops. However, many other bugs could cause this attack. The real example in the fourth section of this blog post is caused by another bug.

What is the impact of a DDoS attack on the Blockchain?

The impact of the DDOS attack against a Blockchain depends on the nature and the use case of that Blockchain. Every Blockchain serves a certain objective for the business. Therefore, the impact differs from one Blockchain to another. However, in most cases, the impact of a DDOS attack is related to financial losses.

Also, the impact of Blockchain DDOS attack could reach simple users of the Blockchain. When a DDOS attack is performed against a Blockchain, the cost of validating newer transactions gets higher. This simply means that users will have to pay way more than what they were used to. Therefore, the number of transactions that users will start to do will get organically reduced. In some really bad cases, people start to get away from this Blockchain and look for alternatives.

The financial loses are not the only impact of this attack. More technical aspect of the Blockchain is also a victim of such attack.

The Blockchain is a peer-to-peer network, where each node receives a new transaction from a client or a node and sends it back to the other nodes. This operation, actually makes the protocol-based Blockchain DDOS attack even worst, as the attack is emplified. This default behavior of the network actually increases the network congestion.

What make the Blockchain DDOS attack even worst, is the fact that the DDOS attack has a continuous impact on the whole systeme even if the attacker stop sending fake transaction. This is the result of the immunity aspect of the Blockchain ledger. When the fake trasactions are sent to the Blockchain and validated, they are saved in each node.

When the legitimate transactions are sent by users, each node have to verify every transaction from the day the Blockchain was deployed, to be able to validate and include the new transaction. Therefore, the DDOS attack will increase the number of, actions each node will need to do and that increase will remain for ever.

Real examples of a DDoS attack on known Blockchain

Protocole based Blockchain DDOS attack

Some people think that this attack could be the reason behind the behavior of the Blockchain network in 2017. A number of fack transactions was, locked in the mempool, causing an increase in the fees of Bitcoin transactions.

This raise in the transactions fees happens because when the mempool is full of transactions, the node pick up the ones with the highest fees to increase his gains. This behavior results in an increase in transaction fees. For more details about this situation, I highly recommend taking a look at the following blog post.

The behavior of raising the transaction fees could happen in most blockchaines. This is a default behavior of nodes to maximize their gains from each block they validate.

Decentralized app based Blockchain DDos attack

A DDOS attack targeting the application layer of the Blockchain was conducted accidentally by a Blockchain user.

An anonymous user discovered a vulnerability in the “library” smart contract code on Monday, November 6, 2017, at 02:33:47 UTC. This code was published as a common component of all Parity multi-sig wallets distributed after July 20, 2017.

The user took the decision to take advantage of this vulnerability and claim ownership of the library contract. The user subsequently destroyed this component. This operation froze money in 587 wallets holding a total of 513,774.16 Ether and other tokens because Parity multi-signature wallets rely on this component.


The Blockchain DDOS attack truly exists even if the whole design of the Blockchain give a different idea. This attack is even worst in the Blockchain context, because of the immunity aspect of the Blockchain. However, in my opinion for mature Blockchain networks like Bitcoin and Ethereum, this kind of attack will get more and more rare, because of the cost of performing it. In addition, the gain from performing such attack get not attractive day after day.

Written by: Z. Oualid

Rate it

About the author

Z. Oualid

I am a Cyber Security Expert, I have worked with many companies around the globe to secure their applications and their networks. I am certified OSCP and OSCE which are the most recognized and hard technical certifications in the industry of cybersecurity. I am also a Certifed Ethical hacker (CEH). I hope you enjoy my articles :).

Previous post

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *