What is an Erebus attack?

Qué-es-Ataque-Erebus
7 min read

If you are involved in the world of cryptocurrencies, you should have some necessary knowledge to be able to manage it better. An important concept is the attacks that can occur on blockchains. Among all the attacks that exist (which are not few) today we will see what an Erebus attack is. If you don’t know what, stay reading this article where we will tell you everything about how an Erebus attack works.

This type of attack is relatively recent and affects cryptocurrencies such as Bitcoin, Litecoin and all those derived from its code. This attack is capable of doing something unthinkable in the world of cryptocurrencies and that is censorship. It can censor the entire network of a cryptocurrency. Below we will see how this is possible.

This attack was created by Muoi Tran, Inho Choi, Gi Jun Moon, Anh V.Vu and Min Suk Kang. These developers were the ones who developed the theory and functional proof of concept in July 2019.

What is an Erebus attack?

This attack was developed with the objective of splitting a Peer-to-Peer network. Examples of this type of network is the one that supports the operation of some cryptocurrencies such as Bitcoin. But we must bear in mind that it does not only affect Bitcoin, but also other cryptocurrencies that use the same code base and Peer-to-Peer protocol in their operation.

This attack is categorized in the “network partitioning” branch of attacks. This means that the attacker is looking to partition the targeted network. You are probably thinking: what would the hacker gain from this? Well, while partitioning the network, he gains control of most of the network to make it stop working

In other words, the Erebus attack can cause the Bitcoin Peer-to-Peer node network to split and disrupt its operation, but the worst thing is that it will do all of this by stealth. It will achieve this by stealth, as we would not be able to notice the attack until the network is already suffering from the damage of the attack. 

Knowing all the above we can understand that the Erebus attack is a potentially dangerous weapon. If we open our minds a little, we could think that this weapon can fall into the hands of governments or large internet service providers or ISPs (Internet Service Providers) to attack the Bitcoin network or any other cryptocurrency that does not have measures to defend against this type of attack. The objective of this attack can be, as we have mentioned above to censor the network to disrupt its operation or worse, to monitor everything users do on it.

 

Qué-es-Ataque-Erebus

How does the Erebus attack work?

The operation of the Erebus attack is somewhat complex. It mainly takes advantage of the Bitcoin protocol’s ability to connect the various nodes of the network. It achieves this through connection manipulation.

To affect the proper functioning of Bitcoin, the attacker conducts a MITM (Man-in-the-middle) attack. This attack allows the attacker to steal a legal connection from Bitcoin nodes and exchange it for a fake connection that is under his absolute control.

Following this hijacking system, the attacker gradually takes the connections of the entire network and when he has taken enough connections he can start sending false information that affects the correct functioning of the system.

Due to this attack, the victim network enters a state of non-consensus, which ends up splitting the network. At this point the attacker can do whatever he wants, from a simple double-spending attack to a 51% attack on the blockchain. 

Everything described above is possible, since Bitcoin and other cryptocurrencies derived from it work through a network of decentralized nodes which communicate thanks to the Internet. This connection is carried out through a network protocol that allows its operation. Through this protocol, the network nodes participate in the decisions taken within the network to validate transactions, blocks and more. It should be noted that all this happens under a consensus scheme in which the majority decides the evolution of the network. 

However, if an attacker managed to take control of the nodes and the network they make up, it could affect the functioning of the blockchain. 

The downside of this attack is that to achieve it in principle, neither a large amount of computing power nor an extensive network of computers is necessary. With a single machine it would be possible to affect the Bitcoin network within 5 to 6 weeks. It should be noted that this would require a connection at a Tier 1 or Tier 2 network level.

Tier 1 or Tier 2 are networks that have the ability to control high data flows or ISPs. The use of these networks gives them the opportunity to reach sets of networks and intervene in their data traffic. It is precisely the property of Tier 1 and Tier 2 networks that the Erebus attack uses to manipulate node connections in a completely undetectable way. 

How is the problem solved?

When this type of attack became known in June 2019, it was suggested to integrate into the Bitcoin code the option to subdivide and control the communication of some nodes with others through different networks and the Internet.  The idea of implementing this system was carried out with the intention of:

  • Prevent an AS or Autonomous System from manipulating the routing of node connections and affecting the operation of the network.
  • Prevent the use of the Border Gateway Protocol (BGP) by attackers to control the routing of packets between various autonomous systems in order to connect them. This would prevent attackers from hijacking node connections to use them for their own benefit.

Following this proposal, months later Bitcoin Core released the 0.20 update. This update was characterized by Asmap, the first security feature that protected the Bitcoin network from this attack.

The proposed solution was relatively simple. The number of connections made by the nodes simply had to be increased. Subsequently, these connections would have to be made to have access to certain capabilities of the nodes and finally, and most importantly, a connection diversification system would have to be generated to prevent the nodes from only joining the same group of IPs from the same ISP or network. This operation prevents an ISP from being able to carry out a successful Erebus attack.