Double-Spending Risk Quantification in Private, Consortium and Public Ethereum Blockchains

TL;DR

This paper assesses the vulnerability of different types of Ethereum blockchains to double-spending and man-in-the-middle attacks, revealing that private and consortium blockchains are significantly more susceptible than public ones.

Contribution

It provides a comprehensive analysis of attack feasibility on private, consortium, and public Ethereum blockchains, including deploying realistic attack scenarios and quantifying potential asset theft.

Findings

Attacking private and consortium Ethereum blockchains can multiply assets by 200,000x in 10 hours.

Public Ethereum blockchain shows much lower susceptibility to these attacks.

Network topology and attack vectors significantly influence blockchain security.

Abstract

Recently, several works conjectured the vulnerabilities of mainstream blockchains under several network attacks. All these attacks translate into showing that the assumptions of these blockchains can be violated in theory or under simulation at best. Unfortunately, previous results typically omit both the nature of the network under which the blockchain code runs and whether blockchains are private, consortium or public. In this paper, we study the public Ethereum blockchain as well as a consortium and private blockchains and quantify the feasibility of man-in-the-middle and double spending attacks against them. To this end, we list important properties of the Ethereum public blockchain topology, we deploy VMs with constrained CPU quantum to mimic the top-10 mining pools of Ethereum and we develop full-fledged attacks, that first partition the network through BGP hijacking or ARP spoofing before issuing a Balance Attack to steal coins. Our results demonstrate that attacking Ethereum is remarkably devastating in a consortium or private context as the adversary can multiply her digital assets by 200, 000x in 10 hours through BGP hijacking whereas it would be almost impossible in a public context.