There are many theorised methods of attacking Bitcoin however all must be executed at significant cost to the attacker. As of this writing, there hasn’t yet been an attack defined on the Bitcoin network which comes with an economic benefit to the attacker from within Bitcoin.
Below are details on the attack methods that have been discussed in the past.
Transaction Based Attacks
Transaction based attacks involve attackers creating or sending transactions which cause nodes that are not sufficiently protected to undergo performance degradation or even failure. There are several types of transaction based attacks.
Script Validation Attack
A script validation attack involves the creation and submission of a transaction to the network that includes a script which causes severe memory usage to take place within the script evaluation engine with the aim of causing the engine to break down. An example of such a script is:
OP_DUP OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DUP OP_CAT OP_DROP <pubkey> OP_CHECKSIG OP_RETURN
This script is just 99 bytes long. It takes the signature provided (approx 72 bytes), duplicates it twice, then concatenate the two duplicate items to create a 144 byte data item. It then duplicates the 144 byte data data item and duplicates it and concatenates the result. The duplication and concatenation is repeated 32 times in an attempt to create a data item up to 309GB in size on the stack, which it then drops before validating the signature. If the correct signature was provided and a majority of nodes in the core network were capable of handling a 307GB data item, this transaction could theoretically be accepted and mined.
Prior to the Genesis upgrage, the script evaluation engine was protected by the ‘isStandard’ test which only allows transactions conforming to some very specific templates to be validated. Post genesis, miners have had to implement memory management routines that reject transactions once they begin to consume large quantities of memory. Moving forward it is expected that most transactions will still conform to a relatively small number of templates, and that transactions which are uncommon or unique may be passed through an extra layer of simulation or test before being validated.
Transaction Volume Attack
This attack is similar to a Distributed Denial of Service attack whereby a peer or many peers on the network is used to create extremely large volumes of transactions for propagation across the network. A well intentioned example of this kind of attack could be seen during the Bitcoin Stress tests conducted throughout 2018 using the Satoshi Shotgun: a large transaction volume bot, which resulted in service degradation across most wallets and services and within the network itself. The tests were not successful in preventing the network mining function from operating in a normal manner, however they did make it difficult for users to make transactions or use services.
This attack is largely mitigated at scale with transaction fees. The cost of creating and sending millions of transactions, and the core network’s ability to receive, timestamp and archive the millions of transaction records results in the attack being absorbed by the network.
Memory Depletion Attack
This attack relies on miners using settings in their node’s client software which cause it to keep and hold transactions that it is not planning to mine in the case that they are mined by other nodes and need to be quickly validated. The attacker must have intimate knowledge of miner settings which would require some sort of information release or deceptive social engineering. The attack involves sending thousands of transactions directly to the node being attacked in order to cause memory overflow issues. The attack can also prevent transactions of a certain type which are not part of the attack from being propagated over the network by causing nodes to start blocking bulk sending of those transactions.
The attack can largely be mitigated by miners having an intimate understanding of the settings they are using and how they determine what the node client software does with transactions it is not planning to mine. Node clients also have memory pool limits which can prevent overflows from happening in many cases.
Block Based Attacks
These are attacks perpetrated by malicious miners seeking to overpower or subvert the honest miners on the network.
A 51% attack is a theoretical attack in which a miner accumulates over 51% of the hashpower on the network. The attack is discussed first in section detail in section 6 of the Bitcoin whitepaper which discusses incentives.
The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.
The attack is discussed in further detail in section 11 where the attacking node’s performance is analysed to show that even with an overwhelming hashrate, it still becomes exceptionally expensive for an attacker to maintain and extend an invalid chain of blocks, largely dispelling the validity of the attack.
There have been no recorded instances of a 51% attack in the history of Bitcoin however other smaller capacity cryptocurrency networks have been attacked and devalued through the use of these tactics.
Small Block Attack
The small block attack represents one of the most successful and dangerous attacks on Bitcoin and was in execution phase on The Bitcoin Network from around 2013 until the ledger was duplicated by BCH devleopers with support of miners who abandoned the original protocol and ledger to miners using the BitcoinSV mining client in November 2018. The desired final outcome of the Small Block Attack can currently be seen on the BTC network where users are saddled with unknown performance on any given day, high fees and a lack of functionality due to the need to keep transactions as small and simple as possible, with the possibility of a chain death event taking place at some point due to lack of accessibility to users.
The Small Block Attack began after Satoshi Nakamoto limited the Bitcoin blocksize to 1MB as an anti-spam measure in 2010. This change was always meant to be temporary however the attackers seized on it as an means to impose many more arbitrary limits on Bitcoin, eventually backtracking from any plans to remove the limit. Over the years many layers of restrictive rules were embedded into the Bitcoin client and enforced as consensus rules on the network. The Genesis upgrade in February 2020 saw almost all of these limits removed and placed with miner configurable node specific limits, allowing the network’s economic incentives to define the boundaries of the protocol’s utility at any given moment.
The attack engineers began a narrative that would vilify so-called ‘Hard Forks’ which require all mining nodes on the network to upgrade simultaneously, and propagated the idea that nodes on the Bitcoin network should never be required to upgrade as would be required for the block size cap to be removed.
The narrative was used to great effect in galvanising public opposition to even smaller, slower scaling proposals than are currently being implemented on BitcoinSV, and became a vector for the introduction of so-called ‘Soft Forks’ which are changes that exploit the protocol to create changes in the way Bitcoin transactions and blocks are evaluated which are still technically valid, but which change the way Bitcoin works. Examples of such changes include Segregated Witness and Pay to Script Hash.
Selfish mining was a proposed attack where a miner with just 31% of the network hashrate could compete with the rest of the network and win more than 31% of the blocks.
The attack relied on the selfish miner acting in secret and mining consecutive blocks for release in the moments after a competing block to the selfish miner’s first block is found by an honest miner. This would supposedly result in the honest miner’s block being orphaned and improving the profitability of the attacker’s node.
The theory behind the attack used a flawed interpretation of block propagation across the network and discounted the fact that miners are a Small World Network which is extremely densely connected, making it exceptionally easy for other miners on the network to discover the selfish miner and work around their dishonest blocks.