What is a DDoS attack?

Traditional Distributed Denial of Service (DDoS) attacks are designed to exploit bottlenecks within a software-driven system. This is accomplished by sending it more traffic than its network card can handle, overwhelming an application with more requests than it can manage, etc. One of the selling points of blockchain technology is its resistance to load attacks. A traditional DDoS attack targets a single point of failure, such as a web server. If the web server goes down, then a website may not be available to visitors.

Within a blockchain network, there usually is no single point of failure. No node in a blockchain network is indispensable, which means that any node can go down due to a DDoS attack without taking down the whole network. However, this does not mean that a blockchain network is immune to DDoS attacks. By flooding the blockchain with spam transactions, an attacker can reduce its availability for legitimate users and potentially have other impacts on the network.

The decentralization of blockchain networks has made some people say that DDoS attacks against a blockchain are impossible. However, this is not strictly true. Traditional DDoS attacks can be executed against a blockchain to slow its operations, and attackers can work within the blockchain ecosystem to perform a DDoS attack.

If an attacker is sending many blockchain transactions to the network, they can fill up blocks with spam transactions causing legitimate transactions to sit in mempools. If such legitimate transactions aren’t included in blocks, they’re not being added to the ledger, and the blockchain isn’t able to do its job. This can have negative consequences such as:

• software crashes
• node failures
• network congestion
• bloated ledger

A transaction flooding incident can degrade the blockchain’s effectiveness by making it incapable of adding legitimate transactions to blocks and the distributed ledger.

Every now and then DDoS attacks happen, especially concerning blockchain networks which are not fully decentralized. At such incidents, the traffic spike reached 400,000 transactions per second. In the end, the network eventually needed to perform a hardfork, rolling back the network to the last place where 80% of validators agreed on the state of the blockchain. After the upgrade was coded and rolled out, the affected blockchain turned back online. However, it was offline for many hours.

The Electra Protocol platform has a specific mitigation in place against DDoS attacks. Since its network is fully decentralized, it is also less prone to DDoS consequences in comparison to more centralized blockchain networks.