Erebus – attacks on blockchain

Erebus is a type of attack that can affect the network of cryptocurrencies, such as Bitcoin and derivatives, change its operation, and even make its normal operation impossible.

Erebus attack-a dangerous enemy for cryptocurrency networks

Among the less known threats in the world of cryptocurrencies, the Erebus attack has recently appeared. This is a type of attack based on a distributed denial of service or DDoS attack that can take control of the entire cryptocurrency network to the point that it becomes unusable. Undoubtedly, this is a serious threat to the functioning of cryptocurrencies, which can disrupt efforts to create a decentralized world. Fortunately, the developers of the cryptocurrency are not only aware of the cyber threat, but have also created countermeasures to prevent such an outcome.

But how is it possible that Erebus can disable the cryptocurrency blockchain? What measures have been taken to avoid this problem? Well, this and much more we will explain to you in this article.

What is an Erebus attack?

The well-studied Erebus attack is actually a distributed denial of service (DDoS) attack, meaning it is a cyberattack that aims to interrupt the proper functioning of the network, making it inaccessible to users. Thus, no user (or a significant part of them) can perform transactions with cryptocurrency in the attacked network.

To achieve this, the Erebus attack works in two stages:

  • First, it creates a point of intervention and control using malicious nodes, the purpose of which is to manipulate the connections of other network nodes and divide the network.
  • Secondly, it manipulates the information that is transmitted over the network and does not allow it to reach its destination.

These types of attacks pose a serious risk to the security of cryptocurrency blockchains and users. The work that led to the discovery of this form of threat was carried out by researchers Muoi Tran, Inho Choi, Gi Joon Moon, Anh Woo. Woo and Min Seok Kang, who developed the theory and functional proof of concept in July 2019, in their paper “Bitcoin Peer-to-Peer Covert Attack”.

From that moment, the developers of the cryptocurrency began to take measures to prevent such attacks. And Bitcoin developers were the first to take measures to prevent this type of attack on the network.

How does the Erebus attack work?

How does the Erebus attack work?

Now, to understand how the Erebus attack works, you must first understand how the cryptocurrency network works. In this sense, it is good to note that the cryptocurrency network is nothing more than a swarm of computers that have software installed on them that allows them to communicate with each other. These computers send and receive information over the Internet using a common language or protocol that allows them to work together. For example, a computer with Bitcoin software located in Russia can send and receive information to other computers located in any other part of the world, all without intermediaries and in a decentralized manner. This is what we call a peer-to-peer, or P2P network.

Now, although the network of Bitcoin and other cryptocurrencies is organized in a highly decentralized manner, the Internet, the communication bridge between the nodes of these networks is a very different story. The Internet is a network of millions of computers, but it is not completely decentralized. In fact, there are moments that are so important that manipulating them will deprive millions of people of access to the Internet. In addition, your Internet service provider may also manipulate your connection and, for example, deny you access to a particular website or service.

At the moment, it is clear that the Internet is a weak point in the work of the cryptocurrency network. Especially if there is someone who can manipulate such connections at a low level, causing the cryptocurrency network to work incorrectly.

Well, that’s exactly what the Erebus attack does. Taking advantage of the capabilities of a cryptocurrency protocol such as Bitcoin to connect various network nodes, it performs a man-in-the-middle (MITM) attack to control the connections of these connected nodes. MITM occurs when someone can intercept a connection between two machines in order to listen and even manage all the information shared by the two machines during the connection. So basically, the one who does the MITM is the spy, the one who can see all the information that we share with the rest.

To implement an Erebus attack, you need to use two weak points:

  1. A section of the Internet that is managed by an AS (autonomous system). This allows the companies or governments that control them to manipulate the traffic of their networks and subnets as they see fit.
  2. Weak selection and variability of node connections to other nodes in the network. Because of this, anyone who controls the AS can manipulate node connections so that they connect to managed nodes within the range of the malicious AS.

Scope and danger of attack

Scope and danger of attack

As a result of these two weaknesses, an Erebus attack can manipulate the connections of the victim nodes and redirect them at will. This will, for example, make the following scenarios possible:

  • Impact on cryptocurrency consensus rules.

This is possible for an attacker, because by manipulating the connection of network nodes and redirecting it to nodes controlled by a set of different consensus rules, they can break the entire network consensus, causing a hard fork. Thus, an attacker can apply any set of consensus rules to the network that they wish.

  • Managing the power of mining in the network.

Since an attacker can change the communication routes in the network, it is possible that he will capture the mining power by splitting the network. Miners depend on the pool nodes for their work, and if these nodes are hacked, the miners ‘ work can go wherever the attacker wants. Thus, with such mining power in its favor, it is possible to perform any other type of attack using schemes such as the 51% attack.

  • This can affect the second-layer protocol and even the side chains that depend on the attacked cryptocurrency network.

So, for example, an Erebus attack on Bitcoin can affect the Lightning Network, and all this is due to the fact that, although LN is a different network, its operation depends on the operation of Bitcoin.

As you can see, the attack range is extensive, but not only. In addition, Erebus has characteristics that make it even more dangerous:

  • The attack is not detected. An attacker can attack the network for days or weeks, and the consequences will not be visible until the malicious action is already performed.
  • This can be done quickly. In fact, any qualified Tier-1 or Tier-2 service provider (large networks or a set of Internet networks) can conduct this kind of cyber attack. According to the study mentioned above, for a layer 2 network, it would be possible to conduct a large-scale attack in less than six weeks using a single computer, and this period can be shortened by using large server complexes, such as Amazon or Google servers.
  • Apply complex countermeasures, which makes solving an attack difficult.

Do these types of threats prove that cryptocurrencies are insecure?

Do these types of threats prove that cryptocurrencies are insecure?

Although an Erebus attack is a threat that can really take a blockchain like Bitcoin out of the game, in practice it is not easy to do this. In fact, the project has already taken action to prevent such an impact on the network. In addition, the idea is to further improve the protection to avoid this type of action and others that may occur in the future.

The researchers behind the discovery of Erebus tested their theory on the example of the Bitcoin network, making the PTS its first cryptocurrency network to be tested.

The reason is that Bitcoin’s P2P communication protocol is vulnerable to this type of cyberattack. In addition, any other cryptocurrency that uses the basis of the Bitcoin P2P communication protocol is also vulnerable. In this sense, such cryptocurrency networks as Bitcoin Cash, Litecoin, Dash (at the node and miner level, not at the masternode), Zcash, Qtum, Bitcoin Gold or DigiByte, and others are susceptible to this attack.

However, a group of cryptocurrencies that use Gossip protocols or their modifications for their work, such as Ethereum, are not susceptible to this type of attack. They can even easily detect an attack by noticing node manipulation.

Solutions to the problem

Despite the danger posed by Erebus, Bitcoin developers have already started working. In fact, with the release of Bitcoin Core 0.20.0, the Bitcoin software offers counter-measures that are thought to complicate the Erebus attack. This function is known as Asmap, the purpose of which is:

  • Prohibit an autonomous system (AS) set of Internet Protocol (IP) routing prefixes connected under the control of one or more network operators from manipulating the routing of node connections in a way that affects the operation of the network.
  • Prevent attackers from using the Edge Gateway Protocol (BGP) to control the routing of packets between different autonomous systems to connect them. At the same time, attackers can effectively intercept node connections and use them to their advantage.

To protect Bitcoin from this problem, the Bitcoin Core development team decided to take some additional actions, including:

  1. Increase the number of node connections to 125 different connections. By default, a node connects to 10 nodes with outgoing connections.
  2. The connections must conform to a grouping system designed to diversify the node connections. This prevents nodes from selecting connections within the same IP group assigned to the same regional AS.

Taken together, these measures make an Erebus attack on Bitcoin even more difficult, but not impossible.

On the other hand, in addition to the actions performed in the PTS, other cryptocurrency derivative projects have also taken the same actions. This is the case, for example, with Litecoin, a project that uses the same network protocol as Bitok, and where they have applied the same rules to protect the network.

In any case, the developers of the cryptocurrency are aware of the risks, and therefore have taken measures to prevent the easy conduct of these attacks. After all, one of the main hallmarks of cryptocurrency is security, and that’s something that will never change.