A Survey of Bitcoin Security Issues

Matthew Zhu

University of Colorado at Denver,

Department of Computer Science and Engineering

Abstract. Various types of advantages can be taken in the Bitcoin system. Ad-
versaries may potentially partition or otherwise disrupt the network in order to
engender vulnerabilities in the blockchain. These vulnerabilities lead to double-
spending attacks or the waste of the computational resources of legitimate min-
ers. There are also security issues pertaining to the mining of Bitcoin. Mining
may be done using unauthorized resources and illegitimate techniques for min-
ing exist. Ultimately, countermeasures for these security issues often involve
tradeoffs between convenience and usability versus security.

1 Introduction

Cryptocurrency is an emerging economic phenomenon that is becoming increasingly

commonplace and accepted as a medium of exchange. In the past, currency had been
represented by physical mediums. More and more, people are transitioning to the use
of more abstract representations of money by using credit or debit cards and perform-
ing electronic transactions. Beyond being an abstraction, cryptocurrency is intended
to offer users privacy as well as independence from third-party mediators such as
banking institutions. Some cryptocurrencies are designed to be stable in value relative
to a particular type of fiat currency. Governmental entities may oppose the idea of
cryptocurrency as it is unregulated, but there are many who are proponents of it.
Bitcoin is the most common and widely known cryptocurrency in use. In terms of
market capitalization for cryptocurrencies, Bitcoin has the greatest share, with a value
of over a hundred billion USD. Ripple and Ethereum are second and third, respective-
ly. With such a large amount of wealth at stake, there are bound to be attackers of the
system and security researchers are eager to address vulnerabilities.
Substantial security considerations for cryptocurrencies such as Bitcoin are critical
for their continuance. Without security measures, attackers of the Bitcoin system are
able to fabricate transaction histories for material gain or disrupt the proper function-
ing of the system. People that accept Bitcoin as payment, invest in it, or spend it may
lose confidence in the Bitcoin system and abandon it if there is not sufficient security.
2 Background

In order to fully appreciate the security concerns in Bitcoin, it is helpful and instruc-
tive to develop an understanding of the underlying technologies of Bitcoin and the
principles on which the Bitcoin system operates. One of the fundamental technologies
of Bitcoin is the blockchain, a public ledger of transactions. Bitcoin transactions are
verified by special network nodes called miners; miners accumulate transactions to be
verified collectively in a block. This block is mined once a miner uses a significant
amount of computing resources such as time and processing power to discover a
nonce, which when hashed as part of the block, yields a result below a predetermined
threshold. Once a block is mined, the miner broadcasts this block into the network so
that all the nodes can add it to their chain of blocks. Mining is incentivized by a re-
ward of a predetermined amount of Bitcoins per block mined as well as transaction
fees. In this manner, consensus in the network is established for which blocks are
legitimate based on the majority of the computing power. This concept of authorizing
network nodes to verify transactions based on physical computational power is known
as proof-of-work.
Users of Bitcoin have both a private key and a public key in the network. The pri-
vate key allows the owner to spend Bitcoin. The public key is hashed to allow the user
to have a certain degree of anonymity, and the hashed value is used as an identifier for
the destination of transactions.
Security issues in Bitcoin can be divided into categories such as network vulnera-
bilities, blockchain-based attacks, and attacks associated with Bitcoin mining. A tax-
onomy of the Bitcoin security issues is given in Fig. 1. Attacks on the blockchain
include exploits pertaining to the way that the blockchain is extended. Bitcoin mining
security issues include unauthorized access to computing resources and advantages
taken by adversaries in mining pools.

Fig. 1. Taxonomy of Bitcoin Security Issues

In certain contexts, Bitcoin is considered to be decentralized, and in other contexts,

Bitcoin is considered to be centralized. For instance, the Bitcoin system, which uses a
peer-to-peer network, is considered to be decentralized in terms of its lack of a cen-
tralized banking authority. An illustration of the decentralized aspect of Bitcoin is
provided by Fig. 2. Transactions within a block and the blockchain itself do not re-
quire the approval of a central authority; they are under the control of the peers of the
network. Also, the creation of Bitcoin and the regulation of its inflation and deflation
are not under the control of a central authority.
In terms of its mining and routing activities, Bitcoin is considered to be centralized.
In the context of mining, the centralization is due to the grouping of miners into min-
ing pools. In the context of network routing, the Bitcoin system is considered to be
centralized due to a large portion of network nodes being a part of a few autonomous
systems and due to the network communication path being funneled through relative-
ly few network links.

Fig. 2. Centralized and Decentralized Monetary Systems

For Bitcoin, there is a specific network protocol in place by which nodes com-
municate. By using an INV, or inventory, message type a Bitcoin node can signal to
another node its knowledge of a transaction or a block that another node may be inter-
ested in. The other node typically responds to this message with a GETDATA message,
which is then replied to with a transaction TX message or a BLOCK message that
provides information pertaining to a new block. The Bitcoin network is considered to
be an overlay network, a network that is established over another network. Bitcoin
transmissions are communicated without encryption or integrity checks, allowing for
the possibility of external access and tampering without discretion.
When miners publish discovered blocks to the network, there is a probability that
either another miner has nearly simultaneously found a block or that there is delay in
network propagation, allowing time for other miners to also find a block. In either
case, a blockchain fork occurs and eventually either the longer branch or the branch
that reaches the majority of the network nodes first becomes the adopted branch and
the other branch is orphaned. This behavior is shown in Fig. 3, in which the bottom
branch is adopted. The development of a blockchain fork is also known as block rac-
ing.
Fig. 3. Consensus for Blockchain Forks

Bitcoin is an ever-evolving form of currency; in 2015, the Bitcoin version in use

and of concern in [1] was version 0.9.3. In a succeeding bitcoin version, counter-
measures were incorporated for vulnerabilities as suggested by the paper. The client
Bitcoin version used for the eclipse attack in [2] was 0.16.0.
In [2], the authors present an Eclipse attack that uses multiple ports for a single IP
address to act as multiple peers in the Bitcoin network. The punishment system in
Bitcoin for misbehaving nodes is characterized and its various thresholds for impos-
ing punishment are quantified. The survey provided by [3] identifies weaknesses in
the Bitcoin system that establish a basis for various types of attacks. BotcoinTrap is
presented in [4] to detect botnets for mining Bitcoin that are established on computers
without authorization. An earlier analysis of eclipse attacks is performed in [1]; cer-
tain pertinent functional aspects of the Bitcoin system such as the protocol for estab-
lishing connections between nodes are explained. From [5], an understanding can be
gained of how routing attacks can be used to profit an attacker and harm the network
or participants in the Bitcoin system. A method for characterizing unauthorized
Bitcoin mining activity based on memory access patterns, referred to as fingerprinting,
is provided by [6]. Block withholding attacks, in which a miner participates in a min-
ing pool and keeps discovered blocks secret to decrease the revenue of the pool, are
detailed in [7]. Various security vulnerabilities of Bitcoin wallets are specified by [8],
along with mathematical details of the Bitcoin system, such as the computational
difficulty of mining Bitcoin. A well-known attack, the 51% attack, is addressed by [9]
with a proposal for dividing miners into groups and randomly selecting a group to be
authorized to mine the next Bitcoin block. A brief survey of attacks on the Bitcoin
system is given in [10].

3 Methods

For each type of category of attack or vulnerability, the security issues are detailed.
Some of the discourse over security issues is accompanied by an overview of coun-
termeasures for the security issue.

3.1 Network-Associated Security Vulnerabilities

In the Bitcoin network, there are routing attacks and Eclipse attacks. Routing attacks
allow an adversary to delay network transmissions or sever communication routes,
thereby creating the potential for forks of the Blockchain. If these forks are introduced
deliberately, an attacker can cause the computing resources of miners of an orphaned
blockchain branch to be wasted or introduce the potential for double spending.
Eclipse attacks aim to control the blockchain view of a particular node, opening up
the possibility for double-spending.
Routing between autonomous systems in the Internet is done by Border Gateway
Protcol (BGP). This functionality is referred to as inter-AS routing, and BGP is cate-
gorized as an exterior gateway protocol. Inter-AS routing attacks can be facilitated by
a technique known as BGP-hijacking, in which a particular autonomous system dis-
tributes false routing information to other parts of the network, thereby manipulating
network communication routes. Upon intercepting communications, an attacker can
then drop communications, thereby creating a partition in the network. The attacker
can also manipulate the communications, causing a delay in the transfer of infor-
mation.
In contrast to general routing attacks, the Eclipse attack is aimed at directly manip-
ulating the blockchain view of a target node by controlling all of the connections the
target has to the Bitcoin network. The attack involves causing a target node to restart,
after which the target node tries to reconnect to the network. At this time, the connec-
tions to and from the target node are controlled in the Eclipse attack.

3.2 Blockchain-Based Attacks

Vulnerabilities in the blockchain arise partially because of the potential for the block-
chain to have forks due to network delay or due to simultaneous discovery of blocks.
These types of forks are naturally occurring, but forks can also be maliciously manu-
factured. Regardless of how the forks occur, they may potentially allow an adversary
to double-spend coins. An existing way of dealing with double-spending is to wait for
multiple block confirmations before considering a transaction as valid.
Bitcoins are susceptible to double spending with 0 or N-confirmations. For 0-
confirmation double spending, the merchant does not confirm the transaction in the
blockchain, and for N-confirmation double spending, the merchant confirms the
transaction with N additional blocks on the chain since the time of the transaction. If
there is ever a possibility for a fork of the blockchain with a length greater than the
number of confirmations, then double-spending may occur if the confirmation block-
chain is orphaned.
Certain attacks such as the brute force attack or selfish mining take advantage of
forks in the blockchain in order to put to waste the effort of honest miners or poten-
tially allow for the introduction of double spending. The brute force attack involves
deliberately mining on forks in order to make them longer.
Selfish mining is an attack in which a rogue miner does not immediately publish
discovered blocks, but rather secretly builds a relatively long blockchain in order to
publish it once a competing-length blockchain is propagated throughout the network.
The immediate benefit of this to the rogue miner is that other miners use their compu-
tational resources to mine orphaned blocks, thereby allowing the rogue miner to earn
Bitcoin beyond his or her fair share as determined by the proportion of computing
power in the network that he or she controls.
If the majority of the hashing power in the network belongs to mining nodes under
monopolized control, the blockchain is susceptible to what is called the 51% attack, or
the majority attack. In this attack, whoever controls the majority of the hashing power
is free to extend the blockchain with any block consisting of any transactions. A pro-
posal in [9] is made to divide all the miners into a predetermined number of groups
and to only authorize one of the groups to mine the next block. A group is selected to
mine each block based on a hash of the previous block hash and the hash of the wallet
address of a bitcoin miner.

3.3 Attacks Pertaining to Bitcoin Mining

One of the major security concerns pertaining to Bitcoin is the unauthorized mining of
it. Bitcoin can be mined using the resources of unsuspecting targets in a variety of
ways ranging from the deployment of malicious Javascript programs to seizing full
access to the computer of an oblivious victim. For this purpose, entire botnets can be
established on compromised computers; these botnets have been referred to as
Botcoins. Research has been done in the area of detecting Botcoins by analyzing the
memory usage of processes. In order to mine Bitcoin, hash computations must be
carried out using block header information that is too big to fit in computer registers.
As such, the mining of Bitcoin requires a pattern of accesses to lower level memory.
These memory accesses establish a pattern that has been shown to be detectable in the
case of simulated Botcoins.
Many of the attacks pertaining to Bitcoin mining revolve around wasting the min-
ing effort of legitimate miners, thereby discouraging them from mining and increasing
the share of Bitcoin earned by the rogue miner. The block withholding attack is an
example of such an attack. In the attack, a rogue miner enters a mining pool and only
submits partial proof-of-work to the pool and withholds the full proof-of-work associ-
ated with the discovery of a block.

4 Evaluation

Security issues in the Bitcoin system are evaluated based on the feasibility and impact
associated with them and countermeasures for security vulnerabilities are evaluated
based on effectiveness in preventing or addressing the security concerns.

4.1 Limitations

As time goes on, later Bitcoin versions may solve problems mentioned in many of the
references, potentially by adapting proposed countermeasures. However, as later
versions of Bitcoin become adopted, there is also the potential for more vulnerabilities
to be introduced that are not addressed by existing works.
Research in [5] is done pertaining to using BGP hijacks to partition networks or in-
troduce delays in communication between network nodes. However, this work is
limited in that it only addresses inter-AS routing attacks; it does not address whether
it is possible to perform routing attacks that are intra-AS by exploiting vulnerabilities
in OSPF or other protocols for routing within an autonomous system.
In [4], a host-based approach for detecting Botcoins is developed, but a possible
limitation is that evaluation is only done on simulated Botcoins. No comparison is
provided between the simulated Botcoins and actual Botcoins.
Random mining group selection is proposed in [9] to counter 51% attacks, also
known as majority attacks. The problem with the proposal of random mining group
selection is that although each node has reduced probability of finding the next block
in the chain based on the number of mining groups, the total share of the mining pow-
er of the attacker in the network remains the same. If the attacker controls the majori-
ty of the mining power, albeit in different mining groups, the attacker is still able to
exploit the system as well as he or she is able to without mining groups.

4.2 Double Spending

Many of the attacks allow for the potential of double-spending, which leads to a loss
of goods and services for merchants using the Bitcoin system. These double spending
attacks may occur when the receiver of the Bitcoin has either waited for no confirma-
tions or multiple confirmations. Oftentimes, if the receiver of Bitcoin waits for multi-
ple confirmations, a greater level of security is achieved. However, if this is always
required, the amount of time to successfully complete a transaction is very inconven-
ient to those involved.

4.3 Wasted Computational Effort

Through many of the attacks, such as block withholding or the deliberate introduction
of blockchain forks, there is the possibility for an attacker to prevent legitimate min-
ers from earning Bitcoin through the discovery of blocks. This may discourage the
mining of Bitcoin and not only harms the miners whose computing resources are
wasted, but the confidence in the currency as a whole.

5 Conclusion

Bitcoin security has many facets; attackers can take advantages of the network such as
its centralized routing structure, the blockchain, and various aspects of mining. Many
of the issues can be dealt with by making compromises and tradeoffs between con-
venience and usability versus security.
References

[1] Ethan Heilman et al., “Eclipse attacks on Bitcoin's peer-to-peer network,” in Proc. 24th
USENIX Conference on Security Symposium, Washington, D.C., 2015, p.129-144.
[2] A. E. Yves-Christian et al., "Total Eclipse: How to Completely Isolate a Bitcoin Peer," in
3rd Int. Conf. Security of Smart Cities, Industrial Control System and Communications
(SSIC), Shanghai, China, 2018, pp. 1-7.
[3] M. Conti et al., "A Survey on Security and Privacy Issues of Bitcoin," in IEEE Communi-
cations Surveys & Tutorials, vol. 20, no. 4, pp. 3416-3452.
[4] A. Zareh and H. R. Shahriari, "BotcoinTrap: Detection of Bitcoin Miner Botnet Using
Host Based Approach," 15th International ISC (Iranian Society of Cryptology) Confer-
ence on Information Security and Cryptology (ISCISC), Tehran, 2018, pp. 1-6.
[5] M. Apostolaki et al. "Hijacking Bitcoin: Routing Attacks on Cryptocurrencies," in IEEE
Symposium on Security and Privacy (SP), San Jose, CA, 2017, pp. 375-392.
[6] D. Draghicescu et al., "Crypto-Mining Application Fingerprinting Method," in Int. Conf.
Communications (COMM), Bucharest, 2018, pp. 543-546.
[7] S. Bag et al., "Bitcoin Block Withholding Attack: Analysis and Mitigation," in IEEE
Transactions on Information Forensics and Security, vol. 12, no. 8, pp. 1967-1978, Aug.
2017.
[8] P. K. Kaushal et al., "Evolution of bitcoin and security risk in bitcoin wallets," in Int.
Conf. Computer, Communications and Electronics (Comptelix), Jaipur, 2017, pp. 172-177.
[9] J. Bae and H. Lim, "Random Mining Group Selection to Prevent 51% Attacks on Bitcoin,"
in 48th Annual IEEE/IFIP Int. Conf. on Dependable Systems and Networks Workshops
(DSN-W), Luxembourg City, 2018, pp. 81-82.
[10] A. Soni and S. Maheshwari, "A Survey of Attacks on the Bitcoin System," in IEEE Int.
Students' Conf. Electrical, Electronics and Computer Science (SCEECS), Bhopal, 2018,
pp. 1-5.