- DDoS attacks targeting crypto firms and blockchains are on the rise.
- Attackers flooded the Manta Pacific blockchain with over 500 million requests in four hours.
- The motivations for DDoS attackers aren’t always financial.
Manta Pacific, a fast-emerging layer 2 blockchain, recently conducted one of its most important milestones to date: the launch of its native MANTA governance token through an airdrop to its community.
It would be the first time for many of its airdrop claimants using the blockchain, and so Manta wanted a smooth experience.
Then disaster struck.
Just as token claims went live, the network was hit by an influx of traffic that clogged it and sent transaction fees to extreme levels. Manta had been targeted by what’s called a distributed denial-of-service — or DDoS — attack.
“Airdrop claimants could not use the network for the day or faced long waiting times for their transactions to be processed,” Kenny Li, co-founder of p0x Labs and core contributor for Manta Network, the company behind Manta Pacific, told DL News in the aftermath.
While Manta is one of the latest blockchain-based victims of a DDoS attack, it is not the first.
DDoS attacks have plagued traditional web infrastructure since its inception. According to a recent report from cyber security firm StationX, there were more than 15 million DDoS attacks in 2023, a 74% increase over 2022.
Of these, over 60% of DDoS attacks targeted the finance and telecommunications industries — sectors with which blockchain technology shares significant overlap.
And according to a 2023 report from web hosting firm Cloudflare, crypto was the most DDoS attacked sector by volume of attack traffic, accounting for over 4% of all DDoS traffic in the fourth quarter of the year.
With the crypto market bouncing back over the past year, there is a growing concern among builders and users alike that more DDoS attackers will target blockchains specifically and attempt to profit from the disruption.
What are DDoS attacks?
DDoS attacks are malicious attempts to disrupt the normal traffic of a targeted server or website by overwhelming it with a flood of Internet traffic.
Similarly, in blockchain-based DDoS attacks, attackers spam transactions or transaction requests to clog the target blockchain, preventing legitimate transactions from getting through.
When Manta was targeted, the servers that process transaction requests on the network were flooded with 500 million requests over a period of about four hours, Li said. Normally, Manta processes around 150,000 transactions daily.
DDoS attacks are different from normal network congestion in that they are deliberate, malicious, and coordinated. But sometimes it can be hard to tell the difference between a DDoS attack and regular congestion.
In recent months, an influx of users minting ordinals — NFT-like crypto assets — knocked several blockchains offline for extended periods. While such cases resemble DDoS attacks in that they overload a blockchain with transactions, they may not be malicious. Instead, they often result from profit-driven users striving to mint valuable tokens ahead of their peers.
Other cases are more obviously malicious. In 2022, player-to-earn game STEPN suffered a DDoS attack as backlash after implementing anti-cheating measures.
The logic behind DDoSing
Flooding a blockchain with transactions can be expensive. But even so, exploiters might still find them worthwhile.
“The direct presence of tokens — money — on the blockchain provides avenues for attackers to exploit and potentially make profits,” Andy Zhou, CEO of crypto security firm BlockSec, told DL News.
Zhou explained that DDoS attackers may short the native tokens of the target blockchain, expecting the attack to cause a drop in token prices. Shorting is a financial strategy where a trader borrows an asset and sells it in the market with the expectation that its price will decrease in the future.
Attackers may also cause financial losses by preventing users from executing profitable onchain trades, or preventing liquidations on DeFi lending protocols.
Still, the motivations for DDoS attackers aren’t always financial, according to blockchain security firm CertiK.
“Attacks could also serve as a demonstration of power or technical prowess, or to expose vulnerabilities in the network,” a spokesperson for CertiK told DL News.
Such behaviour is not unheard of within hacker circles. Kevin Mitnick, dubbed the world’s most famous hacker, said in a US Senate hearing that he was motivated by the intellectual challenge of hacking rather than any financial gain.
DDoS attacks may also involve competitors looking to harm the reputation and credibility of a particular blockchain, or be conducted for ideological reasons, CertiK noted.
Stopping the DDoSers
Despite the rapid increase in DDoS attacks, there are ways blockchains can protect themselves.
At the top of the list of preventative measures is setting appropriate transaction fees, Niccolò Pozzolini and Carlo Parisi, smart contract auditors at crypto security firm Hacken, told DL News.
“By setting appropriate fees, the network can discourage malicious actors from flooding it with low-value transactions,” Parisi said.
Ethereum’s high fees, which increase during times of network congestion, have historically helped the network prevent certain kinds of DDoS attacks over the past seven years.
For newer blockchains such as Manta, which charge pennies for transactions, these low fees can be a double-edged sword. “When it’s cheap to spam the network, the cost barrier to carry out such an attack is lower,” Manta’s Li said.
Blockchains like Manta must look for other solutions.
The next best thing they can do is avoid single points of failure, Pozzolini said. In the case of layer 2 networks like Manta, this means decentralising their sequencers — pieces of software responsible for bundling up transactions and sending them to the Ethereum mainnet for validation.
Another way to stop DDoSing is by setting up software that actively restricts incoming transaction requests, a process called rate limiting or throttling.
Zhou said there are commercial solutions available that can detect abnormal traffic patterns and immediately drop the malicious traffic. However, These solutions rely on accurately recognising malicious traffic in order to mitigate DDoS attacks effectively.
In the case of Manta, which has already suffered a DDoS attack, ensuring those who are responsible are identified is also key to keeping the industry safer.
“We have a list of IP addresses, data centres, and cloud providers,” Li said.
“We are currently working with the proper authorities and legal counsel, and at the moment cannot comment further.”
Tim Craig is DL News’ Edinburgh-based DeFi Correspondent. Reach out with tips at firstname.lastname@example.org.