A distributed denial-of-service (DDoS) attack is a deliberate effort to disturb the regular flow of traffic to a specific server, service, network, or blockchain. This disruption is achieved by overwhelming the target or its associated infrastructure with an excessive volume of Internet traffic. Once a DDoS attack is initiated on a particular computer, it can quickly propagate to other systems within the same network, potentially resulting in severe system failures. ^[1][2]

Overview

A denial-of-service attack is a type of cyber attack that aims to limit or block access to a computer or network, thereby preventing authorised users from using it. Denial-of-Service (DoS) attacks are widely used by hackers to disrupt the regular functioning of computer-based services. A distributed approach is considered highly effective for executing such an attack. ^[3]

Distributed denial-of-service (DDoS) attacks are prevalent types of malware attacks. To execute a DDoS attack, hackers inject malware into networks, decentralized applications, or services and overload it with transactions. ^[3][4]

Cryptocurrency exchanges have faced a rising number of DDoS attacks due to their surging popularity. Starting in 2020, several significant crypto exchanges have encountered multiple attempts of DDoS attacks, resulting in prolonged service unavailability. ^[3]

Botnets

Botnets serve as a primary method for executing distributed denial-of-service (DDoS) attacks. In this scenario, the attacker gains unauthorized access to computers or devices and installs a malicious code, commonly referred to as a bot. These compromised devices collectively form a network known as a botnet. The attacker then commands the botnet to flood the target's servers and devices with an excessive volume of connection requests, surpassing their capacity to handle them effectively.^[2][4][5]

Types of DDoS Attacks

Application Layer Attacks

These attacks are designed to overwhelm a specific aspect of an application or service. They can be successful even with a small number of attacking machines generating a low traffic rate, which makes them challenging to detect and counteract.^[1]

Protocol/TCP Connection Attacks

These attacks aim to exhaust all accessible connections to infrastructure devices like load balancers, firewalls, and application servers. Even devices equipped to manage state on a large number of connections can be incapacitated by these assaults.^[1][5]

Volumetric Attacks

These attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.^[1][2]

Examples of DDoS Attacks

The Dyn attack

Some of the largest DDoS attacks have come against companies that provide online services. Dyn is a DNS provider and registrar, meaning they hold and register domain names for individuals and companies with websites. In October 2016, Dyn was attacked by the Mirai botnet. Dyn’s impacted clients include Netflix, PayPal, Amazon, Visa, and The New York Times. The Marai botnet used an Internet of Things (IoT) army, comprised of pretty much every IoT device you can think of, like smart TVs, printers, cameras, and much more, to overload the Dyn servers. Dyn resolved the attack within a day.^[6]

The GitHub attack

In February 2018, hackers saw an opportunity to use a caching system known as Memcached to manually send 1.3 terabits per second (Tbps) of information to the GitHub servers, which means the hackers didn’t use the traditional zombie bot army. The Memcached servers made it so the hackers could amplify their attack by 50,000 times. An alert was triggered within 10 minutes of the start of the attack, and the protection service stopped the DDoS attack before it got out of control.^[6]

The AWS attack

In February 2020,  Amazon Web Services (AWS) was attacked and saw as many as 2.3 Tbps coming into its servers. The hackers hijacked user directories on Connection-less Lightweight Directory Access Protocol (CLDAP) servers to flood the AWS servers with massive amounts of information. Amazon was able to mitigate the attack before it became a security risk for its users. At the time, the attack on AWS was the largest DDoS attack to date.^[6]

The EXMO Exchange

In February 2021, the EXMO Cryptocurrency exchange experienced a DDoS attack that incapacitated its operations for nearly five hours.^[1]

The Solana

In February 2022, the Solana network faced a DDoS attack, causing approximately four hours of downtime. Solana.Status indicated that the network regained full functionality with 100% uptime during that timeframe.^[1]

The Arbitrum One

Arbitrum One encountered a transaction flood that overwhelmed the Sequencer, leading to its temporary unavailability for about 45 minutes. During this period, incoming transactions were queued, but no new transactions could be accepted or added to the blockchain due to the Sequencer's offline status.^[1]

How to Prevent DDoS Attacks

The key defences against DDoS Attacks are to ensuring that nodes have sufficient storage, computing power, and network bandwidth, as well as to include failsafes into the code. In general, the more decentralized a blockchain network is, the more resistant it is to DDOS attacks.