Crypto's Greatest Cyber Threat

January 18, 2021

While most of the security discussion around blockchains focuses on either the soundness of smart contracts or the integrity of their consensus algorithms, the new computing paradigm enables a potentially devastating new cyber attack.

Every computer participating in the Ethereum network runs an instance of the Ethereum Virtual Machine or EVM. At the heart of the Ethereum protocol, the EVM is a code execution environment where users submit code via smart contracts and tell the network to execute their code by issuing transactions.

This means that an adversary can command every computer in the Ethereum network to run arbitrary code of their choosing. That is a lot of power to give an attacker.

Thankfully, the EVM limits the code they can execute. It runs in an unprivileged mode and doesn't have access to the user's files or the internet.

However, limiting the adversary's capability is not sufficient to prevent what is known as a virtual machine (VM) breakout attack. The attacker escapes the confines of the VM and then takes over the host system.

Because thousands of nodes participate in the Ethereum protocol at any given time, this attack could be executed against all of them simultaneously. As of today, that's about 11,000 nodes. It may not work for all clients and configurations, but without any increase in popularity, the scale is already enormous.

Without a known vector to craft a VM breakout attack against the EVM, this threat remains highly theoretical. VM breakouts are notoriously difficult to pull off, but the most advanced nation-backed hacker groups may be working on it.


© 2020 Connor Daly