This is not really true and how all attacks work:
For-Profit Attacks:
Timejacking
Timejacking exploits a theoretical vulnerability in Bitcoin timestamp handling. During a timejacking attack, a hacker alters the network time counter of the node and forces the node to accept an alternative blockchain. This can be achieved when a malicious user adds multiple fake peers to the network with inaccurate timestamps.
Sybil attack
A Sybil attack is arranged by assigning several identifiers to the same node. Blockchain networks have no trusted nodes, and every request is sent to a number of nodes.
During a Sybil attack, a hacker takes control of multiple nodes in the network. Then the victim is surrounded by fake nodes that close up all their transactions. Finally, the victim becomes open to double-spending attacks. A Sybil attack is quite difficult to detect and prevent.
Delay attack.
The goal of this attack is to slow down the propagation of blocks towards
or from a given set of nodes. Here an attacker can use routing attacks to the delivery of a block to
a victim node by 20 minutes while staying completely undetected. During this period, the victim
is unaware of the most recently mined blocks. So, it the victim is a merchant, it is susceptible to
double-spending attacks
Eclipse attack
An eclipse attack requires that a hacker control a large number of IP addresses or have a distributed botnet. Then the attacker overwrites the addresses on the tried table of the victim node and waits until the victim node is restarted. After restarting, all outgoing connections of the victim node will be redirected to the IP addresses controlled by the attacker. This makes the victim unable to obtain transactions they’re interested in. Researchers from Boston University initiated an eclipse attack on the Ethereum network and managed to do it using just one or two machines.
Immutable defects
Blockchain blocks are immutable by nature, which means that once a smart contract is created it can’t be changed. But if a smart contract contains any bugs in its code, they also are impossible to fix. There’s a risk that cybercriminals can discover and exploit code vulnerabilities to steal Ether or create a new fork, as happened with the DAO attack.
Finney attack
A Finney attack is possible when one transaction is pre-mined into a block and an identical transaction is created before that pre-mined block is released to the network, thereby invalidating the second identical transaction.
Race attack
A race attack is executed when an attacker creates two conflicting transactions. The first transaction is sent to the victim, who accepts the payment and sends the product without waiting for confirmation of the transaction. At the same time, a conflicting transaction returning the same amount of cryptocurrency to the attacker is broadcast to the network, eventually making the first transaction invalid.
Vector76
Vector76 is a combination of two previous attacks. In this case, a malicious miner creates two nodes, one of which is connected only to the exchange node and the other of which is connected to well-connected peers in the blockchain network. After that, the miner creates two transactions, one high value and one low value. Then, the attacker pre-mines and withholds a block with a high-value transaction to an exchange service. After a block announcement, he quickly sends the pre-mined block directly to the exchange service. It along with some miners will consider the pre-mined block as the main chain and confirm this transaction. Thus, this attack exploits the fact that one part of the network sees the transaction the attacker has included into a block while the other part of the network doesn’t see this transaction. After the exchange service confirms the high-value transaction, the attacker sends a low-value transaction to the main network that finally rejects the high-value transaction. As a result, the attacker’s account is deposited on the amount of the high-value transaction. Though there’s a high chance for success with this attack, it’s not a common one because it requires a hosted e-wallet that accepts the payment after one confirmation and a node with an incoming transaction.
Alternative history attack
An alternative history attack may happen even in the case of multiple confirmations but requires a huge amount of computing power from the hacker. In this case, the malicious user sends a transaction to the seller and at the same time mines an alternative fork with another transaction that returns the same coins. Even if the seller sends their product after n confirmations, they may lose money if the attacker releases a longer chain and gets their coins back.
51% or majority attack
A majority attack is possible when a hacker gets control of 51% of the network hash rate and creates an alternative fork that finally takes precedence over existing ones. This attack was initially the only known blockchain vulnerability and seemed unrealistic in the near past. However, at least five cryptocurrencies — Verge, ZenCash, Monacoin, Bitcoin Gold, and Litecoin Cash — have already suffered from 51% attacks. In each of these cases, cybercriminals collected enough hashing power to compromise the network and pocket millions of dollars.
Unfortunately, all small cryptocurrencies are still at risk. Since they attract fewer miners, attackers can just rent computing power to create a majority share of the network. The developers of Crypto51 have tried to draw attention to the potential risks of hacking smaller cryptocurrencies. Their website shows the expected costs of a 51% attack on various blockchains.
Selfish mining
Selfish mining refers to the attempts of a malicious miner to increase their share of the reward by not broadcasting mined blocks to the network for some time and then releasing several blocks at once, making other miners lose their blocks. Possible measures for preventing this type of attack may be random assignment of miners to various branches of pools, preferring the block with a more recent timestamp, or generating blocks within a maximum acceptable time. This type of attack is also known as block withholding.
As a result of a selfish mining attack on the Eligius pool in 2014, miners lost 300 BTC. This type of selfish mining has high chances of success and may happen with all cryptocurrencies. Possible preventive measures against selfish mining may be registering only trusted miners or making changes to the existing Bitcoin protocol to hide the difference between a partial Proof-of-Work and full Proof-of-Work.
Fork-after-withhold
Fork-after-withhold (FAW) is a variation of selfish mining that turns out to be more rewarding for the attackers. During an FAW attack, the malicious miner hides a winning block and either discards it or releases it later to create a fork, depending on the situation. The concept of this attack was explicitly described by a group of researchers led by Ujin Kwon.
Bribery attack
In a bribery attack, the attacker offers payments to existing miners to deviate
from the default protocol and mine on the attacker’s branch. Note that we do not
use the term “bribery” to indicate illegal or unethical behavior, simply that a
side payment is being made. Several mechanisms for bribery have been proposed
with various trust and risk properties [1,12]. For an example, an attacker might
pay miners outside the protocol directly or through a negative-fee mining pool,
or within the system by broadcasting anybody-can-spend transactions or transactions with abnormally high fees which are redeemable only on the attacker’s
branch. We suggest that it is also feasible for an attacker to create a smart contract to autonomously bribe miners working on another blockchain by checking
that they have found blocks building on a designated starting point
Partition attack.
Any ISP can partition the Bitcoin network by hijacking few IP prefixes.
The goal of a partition attack is to disconnect as set of nodes from the network entirely. This
requires the attacker to divert and cut all the connection between the set of the nodes and the rest
of the network, and partition the network into disjoint components. By preventing nodes within a
partition to communicate with outside nodes, the attacker forces the creation the parallel
blockchains. To perform partition attack, the attacker first diverts the traffic and intercepts the
Bitcoin traffic (e.g., based on the TCP ports) and identifies whether the corresponding
connections cross the partition he tries to create. If So, the attacker drops the packets, if not
meaning that the connection is inside the partition P. The attacker keeps monitors the Bitcoin
traffic to detect the “leakage points.”
Pool hopping attack
is the result of miners leaving the pool when it offers fewer financial rewards and joining back when the rewards of mining yield higher rewards in blockchain networks. … This results in its competitors mining the block before they can finish mining.
Non-Profit Attacks:
Distributed denial of service
Distributed denial of service (DDoS) attacks are hard to execute on a blockchain network. Still, blockchain technology is susceptible to DDoS attacks and these attacks are actually the most common type on blockchain networks. When attacking a blockchain network, hackers intend to bring down a server by consuming all its processing resources with numerous requests. DDoS attackers aim to disconnect mining pools, e-wallets, crypto exchanges, and other financial services of the network. A blockchain can also be hacked with DDoS at its application layer when hackers use DDoS botnets. Bitcoin, along with other blockchain networks, takes measures to protect against DDoS attacks.
Transaction malleability attack
A transaction malleability attack is intended to trick the victim into paying twice. In the Bitcoin network, every transaction has a hash that is a transaction ID. If attackers manage to alter the transaction ID, they can try to broadcast a transaction with a changed hash to the network and have it confirmed before the original transaction. The sender will believe their initial transaction has failed, while the funds will still be withdrawn from their account. And if the sender repeats the transaction, they’ll spend the same amount twice. This hack is successful once the two transactions are confirmed by miners. MtGox, a Bitcoin exchange, went bankrupt as the result of a malleability attack in 2014.
Routing attack
A routing attack can impact both individual nodes and the whole network. The idea of this hack is to tamper with transactions before pushing them to peers. It’s nearly impossible for other nodes to detect this tampering as the hacker divides the network into partitions that are unable to communicate with each other. Routing attacks actually consist of two separate attacks:
- A partition attack, which divides the network nodes into separate groups
- A delay attack, which tampers with propagating messages and sends them to the network
Stoping here as this gets too long allready as there are many more for-profit and non-profit attacks like censorship attack, Punitive and Feather forking Attack, Balance Attack, Refund Attack, Spamming attack and whatever not …
