© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

“Misleading attack” threatens blockchain security

A newly identified “misleading attack” is endangering blockchain security used in critical infrastructure, says a joint study from Charles Darwin University (CDU) and the University of Tehran in Iran.

The cyber threat received such a name due to its misleading nature: as such, it attempts to deceive miners – those who mine digital currencies and validate transactions on a blockchain.

Specifically, the attack steals some of their computational power and redirects it to a different chain.

“The misleading attack is orchestrated by someone who redirects some miners computational power to a different chain, so that it (the attacker) can outrun the main chain and thus make its fork the dominant one,” CDU Professor Mamoun Alazab said.

According to Alazab, through a series of competition losses, the threat actor’s chain becomes the dominant one. Not only does this attack have a high success rate, but it also increases the success rates of other blockchain attacks.

Despite a common perception of cryptocurrencies being secure from cybercriminals, that is a dangerous misconception, Alazab explains, adding: “But this new misleading attack, along with some high-profile attacks that have cost millions of dollars, has shown that blockchain technology, particularly Bitcoin, is not as secure as we think, or as it needs to be for use in critical infrastructure.”

Two of the offered potential solutions to this attack vector include changing the design and removing the block reward or introducing an uncle block reward, similar to that of Ethereum.

“If preventive or compensative measures are not taken, this attack can undermine the trust to a blockchain security and lower its value,” University of Tehran’s Dr Ghader Ebrahimpour commented, adding that similar attacks on a blockchain used in critical infrastructure can have devastating effects.

More from Cybernews:

Weekly recap: from lawsuit against TikTok to viral Chat GPT

One year on: Log4Shell’s Armageddon that never was

Russia blocks 15k websites in one week

Metropolitan Opera hit by cyberattack

Crooks stole Daily Loud’s Twitter, posted scam messages

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked