How Blockchain DDoS Attacks Work

A Distributed Denial of Service (DDoS) attack is an attack designed to flood a website with an overwhelmingly large amount of internet traffic. As a result, the website's infrastructure fails to cope with it, causing it to crash. These attacks are often carried out against websites hosted on a single or a few server machines.

Blockchain networks are resistant to traditional DDoS attacks because their decentralized design removes any single point of failure: the network data is duplicated across each of its nodes. However, blockchain networks are susceptible to a modified DDoS attack. Rather than flooding the network with pings or requests, malicious actors can instead flood it with spam transactions. This significantly clogs and slows the network's throughput of legitimate transactions.

In this article, we'll cover the two main ways that DDoS attacks are typically executed on blockchain networks and the impact they can have. We'll also look at some examples of major DDoS attacks (both by malicious actors and simply by poorly designed dapps). Finally, we'll offer some concluding thoughts on blockchain DDoS attacks and how to help protect against them.

DDoS Attacks on Blockchain Networks

Before getting into the finer details of DDoS attacks on blockchain networks, it's worth briefly discussing how these networks operate and what this means for DDoS attacks on them.

Blockchain networks are decentralized by design — they have anywhere from a few to several thousand nodes validating transactions. Users submit transactions on the network,

This design means that a single node falling victim to a traditional DDoS attack and going down is no issue for the network. The other nodes continue competing to be selected to validate subsequent blocks of transactions, so it's business as usual for the blockchain. However, while this design does make blockchain networks more resistant to traditional DDoS attacks, it doesn't make them entirely immune to them. A blockchain network's level of resistance to DDoS attacks can vary significantly.

Resistance depends on a few factors, such as the number of nodes validating transactions on the network, whether the validator schedule is known, the node client diversity, and the total network hash rate. For example, a blockchain network with just a handful of nodes running the same client is far more vulnerable to a DDoS attack than one with a thousand nodes running several different clients.

Types of Blockchain DDoS Attacks

DDoS attacks on a blockchain network focus on attacking its protocol layer rather than its individual nodes. The two most commonly used DDoS attacks on blockchain networks are transaction flooding and smart contract attacks.

1. Transaction Flooding

Transaction flooding is the most commonly seen DDoS attack in the blockchain space. The majority of blockchains have a fixed block size. Each block has a defined upper limit for the number of transactions it can handle. Blocks are produced at fixed intervals, and any transactions not included in the current block are stored as pending transactions in the blockchain's "mempool." These pending transactions sit in the mempool until a validator includes them in a subsequent block.

A malicious actor can fill confirmed blocks with them by flooding the blockchain with spam transactions. This can prevent legitimate transactions from being confirmed, forcing them into the mempool. As long as the attacker continues to flood the network, these legitimate transactions will stay in the mempool and remain pending. At this point, the attacker has achieved its goal of slowing the blockchain's operations, and legitimate users are forced to either pay absurdly high fees to get their transactions through or wait until the attack subsides.

2. Malicious or Poorly Designed Smart Contracts

Another way an attacker could carry out a DDoS attack on a blockchain is through a smart contract. This only affects blockchain networks that support smart contracts Among these, different networks have different levels of resistance to this type of attack.

An attacker could carry out a DoS by sending a computationally intensive transaction to a smart contract. This could actively prevent other transactions from being included in the current block, thus having a similar result as transaction flooding. For example, each block on Ethereum has a gas block limit of 30mm gas, which is the total amount of gas that all transactions in that block can consume. More computationally expensive operations use more of this gas.

Instances of Blockchain DDoS Attacks

Blockchain DDoS attacks frequently happen, particularly on smaller blockchains, but not exclusively. Two large-scale incidents brought major blockchain networks to a grinding halt.

  1. On May 1, 2022, a DDoS attack brought down the Solana network for seven hours due to a non-fungible token (NFT) minting tool, "Candy Machine." The downtime was reportedly caused by bots taking over the tool and flooding the network with over 4,000,000 transactions per second at its peak before it went down.

  2. On September 14, 2021, Arbitrum One experienced a DDoS attack, one of Ethereum's largest layer 2 protocols. Sequencer — the entity which receives and reorders transactions on its network — was overwhelmed by a flood of transactions that brought down the network for nearly an hour.

The Impact of Blockchain DDoS Attacks

A system breach can significantly impair a company's ability to operate. A few of the impacts caused by blockchain DDoS attacks include:

  • Network congestion: Every node that receives transactions on a blockchain network duplicates this across the network. In a transaction flooding DDoS attack, large volumes of spam transactions need to be duplicated, causing an extremely high consumption of network bandwidth.

  • Permanently bloated ledger: Transaction flooding has a permanent impact on the blockchain network — its ledger is forced to include all the spam transactions that were caused by the attack. Every node is inconvenienced by this as they all need to maintain a copy of this ledger.

  • Node failure: Each blockchain node runs a client to process transactions, and it must have the necessary resources to support running this software. If the number of transactions causes the resource demand to be higher than the node can support (i.e., the node runs out of memory or CPU capacity), it may crash or fail. This problem could affect all nodes that run the same hardware specifications and may require the network to be rebooted for it to work again.

DDoS attacks on blockchain networks can cause the network to be severely congested, or worse, cause them to go offline for several hours. This can cause lasting damage to a blockchain's credibility and reputation, and its users could look to alternative blockchain networks to use instead.

Conclusion: How to Defend Against Blockchain DDoS Attacks

Generally, the more decentralized a blockchain network is, the better it is protected against DDoS attacks. However, achieving a high level of decentralization takes time.

Until then, implementing some of these measures will help mitigate your blockchain's risk of being overwhelmed by DDoS attacks:

  • Ensuring every node on the network has sufficient storage, processing power, and network bandwidth.

  • Identifying and excluding potential spam transactions from blocks, which can be computationally expensive.

Achieving an absolute 100% immunity from blockchain DDoS attacks isn't a realistic goal — however, by following these measures and striving to improve the network's decentralization in the long term, we can get very close to it. At FYEO, we're home to some of the leading experts in the space, and can help you integrate these measures into your blockchain — simply reach out to us.