A
n. — consensus attack; majority hash power exploit; also: majority attack
A 51% attack occurs when a single entity or coordinated group acquires control of more than 50% of a Proof-of-Work blockchain's total mining hash rate — or, in Proof-of-Stake systems, more than 50% of staked validator weight. With majority control, the attacker can reorganize the canonical chain, reverse their own previously confirmed transactions (enabling double-spends), and selectively censor new transactions from being included in blocks. Critically, a 51% attacker cannot steal funds from arbitrary wallets, forge digital signatures, or unilaterally alter the protocol's consensus rules.
SECURITY NOTE: The economic cost of executing a 51% attack scales directly with network hash rate. Bitcoin's network is considered practically immune due to the astronomical capital required. Smaller Proof-of-Work chains have suffered confirmed 51% attacks: Ethereum Classic (ETC) suffered three attacks in August 2020, Bitcoin Gold (BTG) was attacked in May 2018 and January 2020, and Vertcoin was attacked in December 2018. NiceHash hash-rental markets have materially lowered the barrier to attack for low-hash-rate chains. In Proof-of-Stake systems, slashing penalties are designed to make such attacks economically self-destructive.
n. — transaction history manipulation; social engineering attack
Address poisoning is an attack in which a malicious actor sends a zero-value or dust transaction to a target wallet from an address that closely resembles one the target has previously interacted with — differing only in a few characters at the beginning or end of the address string. The goal is to pollute the target's transaction history so that, when the target next copies an address from their history for a future transaction, they inadvertently copy the attacker's lookalike address instead of the intended recipient's. The attack exploits the common user behavior of copying addresses from transaction history rather than from a verified source.
SECURITY NOTE: Address poisoning attacks are facilitated by the prevalence of address truncation in wallet UIs, which typically display only the first and last four to six characters of a 42-character Ethereum address. Mitigation includes always verifying the full address character-by-character before signing, using ENS or address book entries for frequent recipients, and enabling address verification features in hardware wallets. In May 2024, a trader lost approximately $71M in WBTC to an address poisoning attack — one of the largest single losses from this vector.
C
n. — key storage; offline custody solution; also: cold storage
A cold wallet (or cold storage) is a cryptocurrency key management solution in which the private keys are generated and stored on a device or medium that has never been connected to the internet or any networked system. By maintaining an air gap between the signing environment and any network-accessible system, cold wallets eliminate the primary attack surface exploited in remote theft: network-based key exfiltration. Common implementations include hardware wallets (dedicated signing devices such as Ledger and Trezor), paper wallets, and air-gapped computers running offline signing software.
SECURITY NOTE: Cold storage is the industry standard for institutional custody of large digital asset holdings. The primary residual risks are physical theft, destruction of the storage medium, and supply-chain attacks on hardware wallet firmware. Best practice mandates geographically distributed backups of seed phrases and multi-signature schemes for institutional-grade cold storage. Contrast with hot wallets, which maintain persistent internet connectivity and represent the majority of large-scale theft targets. The Bybit exchange hack (February 2025, ~$1.5B) demonstrated that even multisig cold-storage workflows can be compromised via front-end interface manipulation.
n. — cryptographic primitive; one-way function; also: hash function, digest function
A cryptographic hash function is a deterministic mathematical algorithm that maps an input of arbitrary length to a fixed-length output — called a digest or hash — satisfying four critical security properties: (1) Pre-image resistance: given a hash output, it is computationally infeasible to recover the original input; (2) Second pre-image resistance: given an input, it is infeasible to find a different input producing the same hash; (3) Collision resistance: it is infeasible to find any two distinct inputs that produce the same hash output; (4) Avalanche effect: a single-bit change in the input produces a radically different output. These properties underpin the integrity guarantees of blockchain data structures, digital signatures, and Merkle trees.
TECHNICAL NOTE: Bitcoin employs SHA-256 (Secure Hash Algorithm 256-bit, producing a 32-byte digest) for block hashing and mining. Ethereum uses Keccak-256 (a variant of SHA-3, standardized by NIST in 2015) for address derivation and state hashing. MD5 and SHA-1 are considered cryptographically broken due to demonstrated collision attacks and are not used in production blockchain systems. The NIST SHA-3 competition (2007–2012) selected Keccak as the SHA-3 standard; Ethereum's Keccak-256 predates the final NIST standardization and differs slightly from the official SHA-3 specification.
D
n. — consensus exploit; transaction fraud
A double-spend attack is an attempt to spend the same cryptocurrency funds more than once by exploiting the latency between transaction broadcast and final confirmation. An attacker broadcasts a transaction to a merchant, receives goods or services, then simultaneously or subsequently broadcasts a conflicting transaction returning the same funds to themselves — and uses superior hash power or network manipulation to ensure the fraudulent transaction is confirmed in the canonical chain while the merchant's transaction is orphaned. The prevention of double-spending without a central authority was the foundational problem solved by Satoshi Nakamoto's Bitcoin whitepaper (2008).
SECURITY NOTE: The risk of double-spending decreases exponentially with each additional block confirmation. For Bitcoin, six confirmations (~60 minutes) is the conventional threshold for high-value transactions. Zero-confirmation (0-conf) transactions carry meaningful double-spend risk and should not be accepted for irreversible goods or services. Specific attack variants include: Race attacks (broadcasting conflicting transactions simultaneously to different network partitions), Finney attacks (a miner pre-mines a block containing a fraudulent transaction before making a purchase), and Vector76 attacks (a combination of the two).
E
n. — network-layer attack; node isolation; peer-to-peer exploit
An eclipse attack is a network-layer attack in which an adversary monopolizes all of a target node's peer connections by flooding the node's peer table with attacker-controlled IP addresses, effectively isolating it from the honest network. The eclipsed node receives a manipulated view of the blockchain — controlled entirely by the attacker — and can be deceived into accepting a fraudulent chain, double-spend transactions, or be exploited as a stepping stone for further attacks such as selfish mining facilitation, transaction censorship, or routing attacks against payment channel networks.
TECHNICAL NOTE: Eclipse attacks against Bitcoin were formally analyzed by Heilman et al. in the 2015 paper "Eclipse Attacks on Bitcoin's Peer-to-Peer Network." Bitcoin Core has since implemented countermeasures including: limiting inbound connections from the same /16 IP subnet, randomized peer eviction, and anchor connections that persist across restarts. Ethereum's devp2p protocol has similarly been hardened. Eclipse attacks are particularly dangerous in the context of Lightning Network nodes, where an eclipsed node can be tricked into broadcasting outdated channel states, resulting in fund loss.
F
n. — DeFi exploit; atomic transaction manipulation; uncollateralized loan abuse
A flash loan attack is an exploit unique to decentralized finance (DeFi) in which an attacker borrows a large, uncollateralized sum of cryptocurrency via a flash loan — a loan that must be borrowed and repaid within a single atomic transaction — and uses the temporarily acquired capital to manipulate on-chain price oracles, drain liquidity pools, or exploit arithmetic vulnerabilities in smart contracts, before repaying the loan in the same transaction. Because the entire sequence executes atomically, the attacker requires no upfront capital beyond gas fees. If any step in the sequence fails, the entire transaction reverts, including the loan repayment obligation.
FORENSIC NOTE: Notable flash loan attacks include: the bZx protocol attacks (February 2020, ~$1M combined), the Harvest Finance exploit (October 2020, ~$34M via USDC/USDT price manipulation), the PancakeBunny exploit (May 2021, ~$45M), and the Euler Finance hack (March 2023, ~$197M). The Euler attack was notable for the subsequent on-chain negotiation between the attacker and the protocol, resulting in the return of approximately 90% of stolen funds. Flash loan attacks are frequently combined with price oracle manipulation targeting protocols that use spot DEX prices as their oracle source.
H
n. — key storage; online custody solution; internet-connected wallet
A hot wallet is a cryptocurrency wallet whose private keys are stored on a device or system that maintains an active internet connection. Hot wallets offer superior operational convenience — enabling rapid transaction signing and real-time access to funds — at the cost of a significantly expanded attack surface relative to cold storage. They are the standard operational tool for exchanges, DeFi protocols, and active traders who require frequent transaction capability. The term encompasses software wallets (desktop, mobile, browser extension), exchange custodial wallets, and web-based wallets.
SECURITY NOTE: The majority of large-scale cryptocurrency thefts have targeted hot wallets. Exchange hot wallets are particularly high-value targets due to the concentration of user funds. Industry best practice limits hot wallet holdings to the minimum required for operational liquidity, with the remainder held in cold storage — a ratio often cited as 2–5% hot / 95–98% cold for exchanges. Compromise vectors include malware, phishing, API key theft, server-side breaches, and compromised signing interfaces. The Bybit exchange hack (February 2025, ~$1.5B) targeted hot wallet infrastructure via a compromised Safe multisig UI injected with malicious JavaScript.
M
n. — cryptographic access control; threshold signature scheme; m-of-n authorization
A multi-signature (multisig) scheme is a cryptographic access control mechanism requiring that a transaction be authorized by a minimum threshold of m private keys out of a total set of n designated keys (expressed as an m-of-n scheme) before it can be broadcast and confirmed on the blockchain. For example, a 2-of-3 multisig wallet requires any two of three designated key holders to sign a transaction. This architecture eliminates single points of failure in key management, distributes trust across multiple parties or devices, and provides a foundation for institutional custody, DAO treasuries, escrow arrangements, and corporate treasury management.
TECHNICAL NOTE: Bitcoin implements multisig natively via P2SH (Pay-to-Script-Hash) and P2WSH (Pay-to-Witness-Script-Hash) output types. Ethereum multisig is typically implemented at the smart contract layer (e.g., Gnosis Safe / Safe{Wallet}). Threshold Signature Schemes (TSS) are a cryptographically distinct alternative that produce a single aggregated signature on-chain, obscuring the multi-party nature of the signing process and improving privacy and gas efficiency. The Bybit hack (February 2025) exploited a compromised Safe front-end interface to manipulate what signers believed they were authorizing — demonstrating that multisig security is only as strong as the integrity of the signing interface.
P
n. — social engineering attack; credential theft; deceptive impersonation
Phishing in the cryptocurrency context is a category of social engineering attack in which a malicious actor impersonates a legitimate entity — such as a wallet provider, exchange, DeFi protocol, or support representative — to deceive a target into voluntarily disclosing private keys, seed phrases, login credentials, or signing malicious transactions. Crypto-specific phishing variants include: seed phrase phishing (fake wallet recovery pages), approval phishing (tricking users into signing unlimited ERC-20 token approval transactions), address poisoning (inserting lookalike addresses into transaction history), ice phishing (manipulating smart contract call data to redirect asset transfers), and wallet drainer-as-a-service kits deployed via compromised NFT project websites.
FORENSIC NOTE: Approval phishing has emerged as one of the most financially damaging phishing vectors in DeFi. By obtaining an ERC-20 approve() or setApprovalForAll() signature, attackers gain the ability to drain a victim's token holdings at any future time without further interaction. Chainalysis estimated approval phishing losses at over $374M in 2023. Mitigation includes regular token approval auditing via tools such as Revoke.cash or Etherscan's token approval checker, hardware wallet confirmation of all approval transactions, and skepticism toward any unsolicited request to "verify" or "sync" a wallet.
n. — cryptographic secret; asymmetric key pair component; signing key
A private key is a large, randomly generated integer — typically 256 bits in length — that serves as the secret component of an asymmetric cryptographic key pair. In elliptic curve cryptography (ECC) as used by Bitcoin and Ethereum (secp256k1 curve), the private key is used to generate a corresponding public key via scalar multiplication on the elliptic curve — a one-way operation that makes deriving the private key from the public key computationally infeasible with any foreseeable technology. The private key is used to produce digital signatures that authorize transactions, proving ownership of associated funds without revealing the key itself. Possession of a private key constitutes absolute, irrevocable, and unappealable control over all associated on-chain assets.
SECURITY NOTE: There is no recovery mechanism for a lost private key — funds associated with an inaccessible key are permanently unspendable. Conversely, any party who obtains a private key gains complete, irreversible control of all associated assets with no recourse available to the original owner. Private keys must never be entered into any internet-connected device, transmitted digitally in any form, stored in plaintext, or shared with any party under any circumstances. The secp256k1 private key space is 2²⁵⁶ ≈ 10⁷⁷, rendering brute-force attacks computationally impossible. Weak random number generators (RNGs) used during key generation are a documented source of key compromise.
R
n. — smart contract exploit; recursive call vulnerability; CWE-841
A reentrancy attack is a smart contract vulnerability in which a malicious contract repeatedly calls back into the victim contract before the initial execution has completed and state variables (such as balance mappings) have been updated — enabling the attacker to drain funds by exploiting the window between the fund transfer and the balance update. The attack pattern exploits the Ethereum execution model, in which an external call transfers control to the called contract before returning. The canonical mitigation is the Checks-Effects-Interactions (CEI) pattern: update all state variables before making any external calls.
FORENSIC NOTE: The most historically significant reentrancy attack was the June 2016 exploit of The DAO on Ethereum, in which an attacker drained approximately 3.6 million ETH (valued at ~$60M at the time) by recursively calling the DAO's splitDAO() function before the balance was decremented. The exploit precipitated a contentious hard fork of the Ethereum network, producing Ethereum (ETH) and Ethereum Classic (ETC) as separate chains. Subsequent notable reentrancy exploits include the Lendf.me hack (April 2020, ~$25M) and the Cream Finance attack (October 2021, ~$130M).
n. — exit scam; DeFi fraud; liquidity withdrawal; developer abandonment
A rug pull is a category of cryptocurrency exit fraud in which the developers or insiders of a project — typically a DeFi protocol, NFT collection, or token — abruptly abandon the project and withdraw all liquidity or treasury funds, rendering investors' holdings worthless. The term derives from the idiom "pulling the rug out from under" investors. Rug pulls are classified into three primary subtypes: (1) Hard rug pulls: malicious code embedded in the smart contract (e.g., hidden mint functions, transfer restrictions, backdoor admin keys) enables developers to drain funds programmatically; (2) Soft rug pulls: developers gradually dump their token allocations on the open market; (3) Liquidity rug pulls: developers remove all liquidity from a DEX pool, making the token untradeable and effectively worthless.
FORENSIC NOTE: Chainalysis reported that rug pulls accounted for 37% of all cryptocurrency scam revenue in 2021, totaling approximately $2.8B. Red flags include: anonymous development teams, unaudited smart contracts, concentrated token ownership (whale wallets), locked liquidity with short timeframes, and aggressive social media promotion with unrealistic yield promises. On-chain analysis tools (e.g., Token Sniffer, Honeypot.is, De.Fi Scanner) can detect common rug pull contract patterns prior to investment. Legally, rug pulls may constitute wire fraud, securities fraud, or theft depending on jurisdiction and the specific mechanics of the scheme.
S
n. — mnemonic backup; HD wallet recovery mechanism; also: recovery phrase, mnemonic phrase, BIP-39 phrase
A seed phrase (also called a mnemonic phrase or recovery phrase) is a human-readable sequence of 12, 18, or 24 words — drawn from a standardized 2,048-word BIP-39 wordlist — that encodes the master entropy from which an entire hierarchical deterministic (HD) wallet's key tree can be deterministically regenerated. The seed phrase is the ultimate backup for all private keys derived from a given wallet. Any party who obtains the seed phrase gains complete, permanent control of all assets across all accounts and chains derived from that wallet, regardless of any passwords or PINs protecting the wallet software itself. The 24-word form provides 256 bits of entropy; the 12-word form provides 128 bits.
SECURITY NOTE: The seed phrase must be recorded on a physical, offline medium (paper, stamped metal) and stored in a secure, geographically distributed manner. It must never be: photographed, typed into any digital device, stored in cloud services (including password managers), shared with any party, or entered into any website or application other than the original wallet device during a verified recovery process. An optional BIP-39 passphrase (the "25th word") adds an additional layer of protection against physical theft of the seed backup, but its loss is equally catastrophic and irrecoverable. Seed phrase theft is the leading cause of total wallet compromise.
n. — network attack; identity fabrication; peer-to-peer exploit
A Sybil attack is a network-layer attack in which a single malicious actor creates and controls a large number of pseudonymous identities (nodes, accounts, or validators) to gain a disproportionate and illegitimate influence over a peer-to-peer network. In blockchain systems, Sybil attacks can be used to: eclipse legitimate nodes (routing all of a victim's network traffic through attacker-controlled nodes), manipulate peer discovery, distort governance voting in token-weighted systems, or undermine reputation-based mechanisms. The attack is named after the 1973 case study of a patient with dissociative identity disorder, popularized by the book and film of the same name.
TECHNICAL NOTE: Proof-of-Work and Proof-of-Stake consensus mechanisms are specifically designed as Sybil resistance mechanisms — they make identity creation costly (via computational work or staked capital), preventing an attacker from cheaply creating millions of identities. Permissionless DeFi governance systems and airdrop distributions remain vulnerable to Sybil attacks, as token-weighted voting can be gamed by distributing holdings across many wallets. Gitcoin Passport, Proof of Humanity, and similar identity verification systems attempt to provide Sybil resistance for quadratic funding and governance applications by anchoring on-chain identity to verifiable off-chain credentials.
