Security analysis of blockchain-based cryptocurrency
ELSP
image:
Security analysis of blockchain-based cryptocurrency
view moreCredit: Zekai Liu, Hainan University
The rapid expansion of the cryptocurrency market has intensified security threats due to inherent technical complexities. While existing literature explores consensus mechanisms and specific defense strategies, a systematic synthesis of evolving attack patterns remains essential. This paper investigates real-world security incidents to extract 15 representative attack patterns, categorizing them into six classes based on standard blockchain architecture layers. We provide a detailed analysis of their execution mechanisms and reproduction methods. Furthermore, the study systematically evaluates current detection and defense strategies, highlighting their respective strengths and limitations. Finally, we discuss future research directions to counter evolving threats, providing a theoretical foundation for enhancing the security and resilience of the blockchain ecosystem.
Research Background and Empirical Foundation As the cryptocurrency market expands, its decentralized nature has attracted sophisticated security threats, necessitating robust defense frameworks. Addressing this, a research team led by Professor Xiaoqi Li from Hainan University (with lead contributor Zekai Liu) conducted an in-depth security analysis based on 165 real-world incidents, ranging from the 2016 "The DAO" exploit ($50 million loss) to the 2021 Poly Network attack ($610 million involved). By synthesizing data from these major breaches, the study identifies 15 representative attack patterns, establishing a comprehensive empirical foundation for future vulnerability mitigation.
A Six-Layer Hierarchical Threat Taxonomy The study proposes a classification scheme that maps security risks across six logical layers of blockchain architecture. At the infrastructure level, the analysis covers Data and Network Layer threats like Transaction Malleability, Collision Attacks, and Eclipse Attacks, alongside Consensus Layer risks such as 51% Attacks and Sybil Attacks. Moving to economic and logic-based vulnerabilities, the research examines Incentive Layer manipulations—including Selfish Mining, Bribery Attacks, and Block Withholding—where economic loopholes incentivize dishonest behavior. Finally, it addresses the Contract and Application Layers, providing detailed execution logic for smart contract flaws like Reentrancy and Integer Overflows, as well as complex DeFi threats such as Flash Loan and Sandwich Attacks that exploit Maximum Extractable Value (MEV).
Defense Evaluation and Future Directions To enhance system resilience, the research evaluates detection technologies ranging from static analysis (e.g., AST matching) to machine learning models (e.g., Graph Attention Networks), alongside defense mechanisms like Segregated Witness (SegWit) and the BribeGuard protocol. Concluding that static, single-node defenses are insufficient against evolving threats, the team advocates for a shift toward Composite Attack Modeling to understand chain reactions, Automated Response Systems for real-time Mempool intervention, and Dynamic Game Theory models to monitor deviations from the Nash equilibrium. This "full-stack" perspective offers a vital theoretical framework for strengthening the blockchain ecosystem against emerging security incidents.
Journal
Blockchain
Method of Research
Literature review
Subject of Research
Not applicable
Article Title
Security analysis of blockchain-based cryptocurrency
No comments:
Post a Comment