Page 118 - Handbook of Deep Learning in Biomedical Engineering Techniques and Applications
P. 118
106 Chapter 4 A critical review on using blockchain technology in education domain
for transaction1 in the main chain. Once transaction1 in
mainchain is approved, the attacker (miner) releases the
subchain to nullify the previous transaction performed
like selfish mining. Otherwise, he may perform a block
withholding attack. This may result in double spending.
This results in fork-after-withhold attack (FAW).
• Mining malware: This malware illegally utilizes uses the
computing power of victims to aid attackers for mining
tokens.
• Pool hooping attack: Here the miner jumps from one pool
to another based on the prospectus. This will improve his
earning when he joins a pool with less miners and mining
rewards have started to come in.
• Bribery attack: Here the attacker is able to bribe the
miners to get access to huge computational power for a
short period of time. This results in 51% attack (majority)
scenario or DDoS attack.
(e) Wallet threats: Hackers target user wallet credentials using
traditional methods such as phishing and dictionary attacks as
well as exploiting vulnerabilities in cryptographic algorithms.
IOTA had vulnerabilities in its proprietary curl hash function.
IOTA has also faced phishing attack. Hardware wallets can be
attacked. Evil Maid attack on exploiting bugs in the Nano S
Ledger wallet resulted in loss of keys. Hot wallets are Internet
connected. Hence, there is a possibility of hacking and obtain-
ing the keys as in Coincheck. Vulnerable signatures, hashing
techniques, and malwares cause these attacks
• Key management: Private keys sign and encrypt messages
across a distributed ledger. When then attacker has access
to the private key, he can access the data controlled by it
and hence can transfer data to another account. This
action cannot be undone. Strong keys should be generated
that cannot be decrypted easily
• Privacy: The entire BC can be downloaded by any mem-
ber, and hence, all the history of transactions is known
to then attacker in a public BC. Hence, privacy of members
is compromised. In a private BC, compromising authoriza-
tion rights can lead to privacy breach.
• Parity multisig wallet attack: It is a client-side wallet
attack. Multisig wallet is analogous to a joint account in
bank with multiple owners. A centralized library contract
is used for the same. Vulnerabilities in the library were
used by the attacker to freeze the wallet currencies. In
2016, 120,000 bitcoins were lost by BitFinex due to this
attack. To overcome this attack, concept of cold wallet by
