Crypto DDoS Attacks: What, Why and How?


Have you ever experienced the websites you regularly use suddenly becoming very slow? Chances are, that was the result of a DDoS attack. A Distributed Denial of Service attack seeks to exploit shortcomings in the systems of a website. This causes the website to become slow and sluggish, or, in some cases, not load. Attackers use this as a tool to hold businesses hostage and prevent the website from functioning. So how do DDoS attacks work and what threat does it have to crypto?

What Is a DDoS Attack?

Attempts to overload a website’s systems with a flood of internet traffic are classified as DDoS attacks. This aims to bring the website down or reduce its capacity to function.

Attackers accomplish this by exploiting the bottlenecks in a website’s design. They typically use thousands of bots to connect, use bandwidth or make connections on the website. These bots reduce the resources available to genuine users who cannot connect to the website.

How Does a DDos Attack Work?

DDoS attacks occur mainly for two reasons. The first is holding a website hostage. Attackers may demand the website to pay to stop the attack. In some cases, the business may be forced to pay the attackers if they cannot fix the vulnerability in the website fast enough. 

Second, it may be an attempt to discredit the company. Malicious competitors or those with ill-will towards a company may attack the website to reduce their credibility. This would show that the company is not adequately equipped to counter a DDoS attack. 

These attacks are the most popular and easy tools to bring down websites. Nearly twenty to thirty thousand DDoS attacks occur every day. This is why businesses need to take precautions against them.

Read about: What are Crypto Dust and Dusting Attacks?

Types of DDoS Attacks

There are different ways attackers target your website based on the specific bottleneck. The most common ones are mentioned below.

Volumetric Attacks

These attacks focus on causing congestion on your website. They use up the bandwidth between your website and the rest of the internet, making it difficult to connect.

Application Attacks

These attacks target the application deployed on the website, rather than its surrounding infrastructure. This can be highly effective as the attacker does not need powerful systems. Many smaller systems with low computing power are still capable of causing an application layer attack.

This attack is like pressing the refresh or home button on a website but from thousands of different devices millions of times. This would flood the server with requests and slow down all other users.

Fragmentation Attacks

Fragmentation refers to the packets of data sent to websites. A flood of fragmented data is sent to the website, which must be reassembled by the system to compute it. When the data being sent in packets is too high, it hampers the ability of the website to assemble it fast enough, therefore reducing performance. 

Protocol Attacks

Protocol attacks affect the ability of the network to complete functions. For example, the attackers may send incomplete packets or other data. This causes the server to wait to receive the entire packet or connection request, which never arrives. 

Crypto DDoS Attacks

All the bottlenecks mentioned above usually exist on centralised services. Then shouldn’t blockchains, a decentralised service, be resistant to DDoS attacks? Yes and no.

In a blockchain, there is no single point of failure. Even if a node in the network is down, the blockchain can continue functioning. Therefore, successful DDoS attacks can bring down the entire network, rather than a single system.

The main threat to blockchains is transaction flooding. These attacks target the application by creating thousands of spam transactions. Blockchains operate based on blocks. Each block can only hold a limited number of transactions. When thousands of spam transactions are initiated, legitimate transactions are not included in the current block and are kept in memory. 

Transaction flooding causes all genuine transactions to wait in memory. When they are not included in blocks, the blocks cannot be verified and the transaction does not go through. The blockchain cannot complete transactions at the rate they are coming in and users may have to wait several hours before their blocks are verified. 

Solana Outage

One of the most popular examples of DDoS attacks on crypto is the Solana network attack. On September 14, 2021, a new project was launched on the Solana blockchain. 

Immediately, this project started creating a massive number of transactions that flooded the network with spam. At its peak, it was creating almost 400,000 transactions per second. 

Since transactions had to be pushed back into memory, the memory also began to fill up. Once the network ran out of memory, it crashed, causing an outage that lasted several hours. 

Finally, the problem was fixed by performing a hard fork and rolling back the network to a point that 80% of validators could agree on. Once this was programmed, it took a few hours for the nodes to apply it before the network could be brought back up.

Read about: Solana Under Attack.

How To Prevent a DDoS Attack

Since the primary means of attacking a blockchain is by flooding it with transactions, nodes must ensure they have enough storage, bandwidth and processing power for the network. Another important factor is building a failsafe into the code to prevent the network from instantly crashing.

Second, it is important to filter transactions when the network congestion is very high. Block verification makes it possible to choose which transactions to include in a block. Discarding potential spam transactions maintains the integrity of the blockchain. It also ensures the network stays up and running.

Final Thoughts

DDoS attacks are the most common method used by malicious actors to bring down networks and businesses. Since they occur thousands of times every day, it is important to build preventive measures into your websites and blockchain networks. Blockchain is naturally resistant to a variety of DDoS methods, but transaction flooding remains a problem. Building better failsafes and paying close attention to verification can greatly reduce the risks blockchains face from this menace.

Disclaimer: Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Each investor must do his/her own research or seek independent advice if necessary before initiating any transactions in crypto products and NFTs. The views, thoughts, and opinions expressed in the article belong solely to the author, and not to ZebPay or the author’s employer or other groups or individuals. ZebPay shall not be held liable for any acts or omissions, or losses incurred by the investors. ZebPay has not received any compensation in cash or kind for the above article and the article is provided “as is”, with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information.

Start Trading Now