7 min read

Overview

Blockchain nodes are arguably one of the most important aspects for the security of a blockchain network. Nodes contain critical data and software that govern any blockchain network making them a target for attackers and a source for potential compromise. Although blockchains store data using math, cryptography, and software rules that can be difficult for attackers to manipulate, security can still fail if design considerations are not taken to protect the nodes and underlying infrastructure that the software runs on. This guide will cover node security fundamentals, common attack vectors, and tips on node security.

What are Nodes and Why are They Important for Security?

Blockchains are implemented via software running on infrastructure resources in a decentralized network, which are referred to as nodes. Nodes run on infrastructure/computer resources that can be cloud-native, on premise, or a combination of both. Nodes can also be run locally on a laptop or similar device as long as it has enough storage and computing power to run the software.

Nodes serve as participants in a blockchain network in order to create and broadcast transactions on chains. Miners play a key role in validating transactions and help the chain grow further and decisions to validate and add blocks are made on popular support, commonly known as consensus. Each node stores its own copy of the blockchain that records and tracks all transactions and provides an updated view of the network at any given time.

Expectedly, transactions are considered tamper-proof since there is a unique cryptographic fingerprint associated to each block and a consensus protocol that is used by the nodes to agree on a shared history. The fingerprint (or hash) serves as a trusted mark that the block is valid and altering the block would require a new hash. If a bad actor attempted to alter an existing hash, the chain would break and would be an indication that something is not right. This would also have to be done faster than other nodes can add new blocks to the chain.

Nodes are critical to ensure the correctness of the chain, maintain consensus, and prevent nefarious activity from occurring.

Node Attack Vectors

Blockchains are susceptible to some of the same vulnerabilities and attack vectors as other software, however, the way these attacks are carried out can look slightly different than in traditional software (web apps, etc.). Many of these attack vectors can threaten even the basic nature of blockchain technology.

OWASP Top 10 (Blockchain)

Many of the OWASP (Open Web Application Security Project®) top 10 web application vulnerabilities are also relevant to blockchain technology and node infrastructure. Blockchains are implemented as software running on machines in a peer-to-peer network, so misconfigurations can lead to security issues.

In one case, users of an Ethereum wallet configured their wallet to listen and accept commands via RPC (TCP port 8545) from public networks and because of this around $20m of ETH were stolen (read more here).

DDoS attacks

Distributed Denial of Service (DDoS) attacks are designed to disable blockchain nodes. With blockchain networks, no one single point of failure exists, meaning a node can go down and the network can remain uncompromised. Disabling a blockchain node or multiple through a DDoS attack would make it difficult for the node to communicate with its peers therefore making the network more vulnerable to an attack. The main DDoS threat to blockchain nodes is transaction flooding. Attackers can send many blockchain transactions to the network as spam transactions which would mean legitimate transactions are sitting in mempools not being processed. This can cause the software to crash, the node to fail, network congestion, and ledger accuracy.

A recent example of this occurred on 9/14/2021 where the Solana network was offline for several hours. Bots generated large amounts of transactions that flooded the network. Nodes ran out of memory and crashed, slowing the network. This resulted in a hard fork being performed where 80% of the nodes agreed on the state of the blockchain.

Malicious transactions

Blockchains are open and public (unless closed and permissioned) and are designed to process untrusted data. Due to the distributed nature of the network and that untrusted data is processed, nodes can be vulnerable to malicious transactions. A transaction can be constructed to exploit a vulnerability in the software that can cause the node to crash or grant an attacker access/control to or over the node. If a malicious transaction is included in a block it could spread to every node in the network.

Malware

Similar to any software that runs on a computer, blockchain nodes can be subject to malware. Typically malware will target the following areas in a blockchain network:

Private key theft

Public key cryptography is used to digitally sign transactions and there is known malware that has the ability to search for and even compromise private keys used to sign transactions. Once compromised, these keys can be used to sign fraudulent transactions.

Address substitution

Every transaction needs to have a destination to send funds to. Certain types of malware have the ability to monitor and search for addresses and substitute an attacker’s address in the destination. Due to the immutability and irreversibility of the blockchain, this cannot be undone and likely would result in lost funds.

Traffic filtering and altering

Blockchain nodes require communication with other nodes to stay up to date and stay in sync. Malware can filter the transactions and blocks seen by a particular node which would enable an attacker to influence the operations of the node to work in a nefarious way.

Mining malware

This type of malware uses the computing power of an unsuspecting node to mine cryptocurrency for bad actors.

Blockchain Node Vulnerabilities & Attacks

There are also vulnerabilities that are specific to blockchain nodes and typically span across peer to peer network based attacks as well as consensus mechanism and mining attacks.

• 51% attacks - While these are more likely to happen in the early stages of a chain and when few miners are present on the network it is still possible for a group of bad actors to gain control of 51% or more of the mining power. This level of control would give the bad actors the ability to cancel valid transactions, perform fraudulent transactions, and potentially even re-write portions of the chain (entire chain is possible but unlikely).
• Sybil attacks - This can happen when an attacker creates multiple fake nodes on a network in order to gain controls of the network (51% attack) to tamper with the chain.
• Routing attacks - Network infrastructure is critical for blockchains to function. Blockchain nodes share information via routing protocols. Bad actors can intercept data over the group of network nodes, preventing the chain from reaching consensus. These protocols can have vulnerabilities and be exploited to aid in altering the chain state.

How to Protect your Node

Nodes are just like any other software and are subject to many traditional cyber security threats and therefore many traditional security best practices apply.

• Software should be kept up to date as often as possible
• Configurations should be reviewed and assessed against common vulnerabilities such as known CVEs
• Antivirus should be run to help detect and prevent malware on blockchain nodes
• Utilize a WAF (Web Application Firewall) or similar to protect blockchain infrastructure
• Utilize a consensus algorithm that aids in preventing against Sybil attacks and 51% attacks (PoW/PoS)
• Monitor your mining pools and create an alert for anything that surpasses a limit of ~40% to be able to divert some of those miners to other pools
• Utilize secure routing protocols (certificates) in order to prevent routing attacks
• All smart contracts should be vetted for bugs and vulnerabilities before production use
• Identifying and discarding potential spam transactions can prevent these from being included in the ledger and having adverse network effects
• Conduct regular penetration tests and security audits of blockchain networks and infrastructure
• Implement Identity Access Management (IAM) and Permissioned Access Management (PAM) access controls along with multi-factor authentication where applicable
• Practice API security best practices
• Use standard TLS for internal and external communications
• Perform user authentication, verification, and authorization via secure tokens
• Deploy end to end encryption and privacy techniques
• Monitor the state of your nodes and infrastructure as much as possible
• Utilize a ephemeral servers for node infrastructure
• Utilize network load balancers for traffic distribution
• Practice Secure SDLC best practices for infrastructure and code development
• Practice secure storage for private keys and other sensitive keys
• Keep sensitive information related to your code off of public repositories and open source tools. Be mindful of any how to docs and other code repository information that can reveal sensitive data and expose endpoints to the public

Conclusion

Blockchains are only as secure as their underlying code and infrastructure. While blockchain technology does have underlying security mechanisms, those mechanisms should not be solely relied upon for optimal security. Cybersecurity and node security best practices should be applied, and systems should be reviewed and tested on a regular basis.

If you need secure and reliable blockchain node access, check us out at QuickNode.com. We use best in class frameworks and software to ensure our web application is safe and secure for you. QuickNode has received the SOC 2 certification for achieving and exceeding security standards, guaranteeing best-in-class blockchain infrastructure.

Subscribe to our newsletter for more articles and guides. If you have any feedback, feel free to reach out to us via Twitter. You can always chat with us on our Discord community server, featuring some of the coolest developers you'll ever meet :)