Next Article in Journal
Big-Delay Estimation for Speech Separation in Assisted Living Environments
Previous Article in Journal
Analysis of Universal Decoding Techniques for 6G Ultra-Reliable and Low-Latency Communication Scenario
Previous Article in Special Issue
Fraud Detection in Cryptocurrency Networks—An Exploration Using Anomaly Detection and Heterogeneous Graph Transformers
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Future Internet
Volume 17
Issue 4
10.3390/fi17040183
futureinternet-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Systematic Review

Securing Decentralized Ecosystems: A Comprehensive Systematic Review of Blockchain Vulnerabilities, Attacks, and Countermeasures and Mitigation Strategies

by
Md Kamrul Siam
1,
Bilash Saha
2,
Md Mehedi Hasan
2,
Md Jobair Hossain Faruk
1,*,
Nafisa Anjum
2,
Sharaban Tahora
2,
Aiasha Siddika
2 and
Hossain Shahriar
3,*
1
Department of Computer Science, New York Institute of Technology, New York, NY 10023, USA
2
Department of Information Technology, Kennesaw State University, Kennesaw, GA 30144, USA
3
Center for Cybersecurity, University of West Florida, Pensacola, FL 32514, USA
*
Authors to whom correspondence should be addressed.
Future Internet 2025, 17(4), 183; https://doi.org/10.3390/fi17040183
Submission received: 1 February 2025 / Revised: 11 April 2025 / Accepted: 14 April 2025 / Published: 21 April 2025
(This article belongs to the Special Issue Security and Privacy in Blockchains and the IoT III)
Browse Figures
Versions Notes

Abstract

:
Blockchain technology has emerged as a transformative innovation, providing a transparent, immutable, and decentralized platform that underpins critical applications across industries such as cryptocurrencies, supply chain management, healthcare, and finance. Despite their promise of enhanced security and trust, the increasing sophistication of cyberattacks has exposed vulnerabilities within blockchain ecosystems, posing severe threats to their integrity, reliability, and adoption. This study presents a comprehensive and systematic review of blockchain vulnerabilities by categorizing and analyzing potential threats, including network-level attacks, consensus-based exploits, smart contract vulnerabilities, and user-centric risks. Furthermore, the research evaluates existing countermeasures and mitigation strategies by examining their effectiveness, scalability, and adaptability to diverse blockchain architectures and use cases. The study highlights the critical need for context-aware security solutions that address the unique requirements of various blockchain applications and proposes a framework for advancing proactive and resilient security designs. By bridging gaps in the existing literature, this research offers valuable insights for academics, industry practitioners, and policymakers, contributing to the ongoing development of robust and secure decentralized ecosystems.

1. Introduction

Blockchain technology can potentially revolutionize various industries, including finance, healthcare, and supply chain management [1,2]. Its decentralized nature offers several advantages over traditional centralized systems, such as increased transparency, immutability, and security. These features have fueled significant adoption of and investment in blockchain technologies. According to Deloitte’s 2021 Global Blockchain Survey, 76% of respondents reported that their organizations had adopted blockchain as a digital asset, while 83% believed digital assets would replace fiat currency within the next decade [3]. The growth trajectory of blockchain technology is also evident from projections by Grand View Research Inc., which estimated that the global blockchain technology market would reach USD 1431.54 billion by 2030, with a compound annual growth rate (CAGR) of 87.7% between 2023 and 2030 [4]. Similarly, another report predicted that the blockchain distributed ledger market would grow from USD 2.89 billion in 2020 to USD 137.29 billion by 2027, with a CAGR of 62.7% [5].
While the financial services sector currently dominates the blockchain market, the technology’s applications have rapidly expanded into various domains. Beyond cryptocurrencies, blockchain enables cross-border money transfers [6], supports Ethereum Virtual Machine (EVM)-based smart contracts [7], integrates into the Internet of Things (IoT) ecosystem [8,9], enhances data and identity security [10,11], and facilitates electronic healthcare records (EHRs) [12,13,14]. Additionally, blockchain has been applied to automated logistics systems [15] and the burgeoning market of non-fungible tokens (NFTs) [16].
Despite its transformative potential, blockchain technology faces significant challenges, particularly in security. The decentralized nature of blockchain networks does not render them immune to attacks; on the contrary, it introduces novel vulnerabilities. Blockchain system hacks have increased, and NIST reported a notable rise in vulnerabilities in their published report in 2023 [17], while SonicWall highlighted a sharp rise in cybercrimes in its 2024 Cyber Threat Report [18]. Real-world incidents illustrate the severity of these threats. For example, Ethereum Classic suffered multiple 51% and double-spending attacks in 2019 and 2020, resulting in a loss of over USD 6.7 million [19,20]. On 10 August 2021, the Poly Network was exploited via a smart contract vulnerability, leading to the theft of USD 611 million—the largest crypto-related hack to date [21]. Similarly, Binance, the world’s largest cryptocurrency exchange, faced a major breach in October 2022, with hackers stealing 2 million BNB tokens worth USD 570 million [22,23]. These incidents underscore the urgency of addressing security challenges within blockchain ecosystems.
As blockchain adoption accelerates, understanding its vulnerabilities and implementing robust countermeasures is critical. The current study aims to contribute to this effort by conducting a comprehensive analysis of blockchain attacks, vulnerabilities, and mitigation strategies. A thorough examination of existing security challenges and their impacts can help practitioners and researchers design more resilient blockchain systems. To guide this research, we formulated the following research questions:
  • RQ1: What are the most common types of attacks on blockchain technology, and how do they affect the security and integrity of the system?
  • RQ2: What security measures and technologies have been employed to detect and mitigate malicious blockchain attacks?
  • RQ3: How can context-specific mitigation strategies be designed to address the unique requirements and constraints of different blockchain applications?
To address these questions, this study adopts a qualitative and quantitative approach to reviewing the state-of-the-art research on blockchain security and privacy. By presenting a holistic outline of vulnerabilities, attack vectors, and countermeasures, this research serves as a valuable resource for academics, industry professionals, and policymakers seeking to safeguard decentralized ecosystems from current and future threats.

2. Methodology

We employed a systematic literature search strategy, where we used three major online digital libraries: IEEE Xplore, ACM digital library, and Springer Nature Link digital library. An analytical process was undertaken to synthesize the information for the research questions. Out of the initial 1143 studies, 73 studies were from IEEE Xplore, 578 studies were from ACM digital library, and 492 studies were from SpringerLink library.

2.1. Scoping Criteria

To address the research questions concerning the common types of attacks on blockchain technology, their impact on security and integrity, and the security measures employed to detect and mitigate such attacks, we established comprehensive scoping criteria. These criteria focus on identifying, categorizing, and evaluating blockchain vulnerabilities, attack mechanisms, and mitigation strategies. In order to limit our scope, we focused on the top three cryptocurrencies (Bitcoin, Ethereum, and Tether) based on their market capital according to Forbes [24]. In order to guarantee that this systematic evaluation covers the most recent blockchain security risks, new attack vectors, and cutting-edge mitigation techniques, publications from 2020 to 2024 were chosen. With developments in decentralized finance (DeFi), smart contracts, Layer 2 scaling solutions, and cross-chain protocols, the blockchain environment has swiftly changed, bringing with it new vulnerabilities including bridge attacks, reentrancy problems, and flash loan exploits [25]. Furthermore, modern cryptographic countermeasures and security frameworks are required due to recent advancements in quantum computing and AI-driven cyberthreats [26]. Additionally, security compliance and governance models have been impacted by global regulatory changes, such as the EU’s Markets in Crypto-Assets (MiCA) framework and the U.S. SEC’s heightened scrutiny [27].
Our analysis explores key attack vectors, including 51% attacks, bribing attacks, double-spend attacks, smart contract vulnerability attacks, selfish mining attacks, and Sybil attacks [28,29]. For example, a 51% attack allows malicious actors to gain control of the majority of a network’s computational power, enabling them to manipulate transactions and even reverse previously confirmed transactions. A notable instance occurred in the Ethereum Classic blockchain in 2019, resulting in significant financial losses. Similarly, the study examines vulnerabilities within smart contracts, such as the infamous Poly Network attack in 2021, where a critical exploit led to the theft of USD 611 million.

2.2. Structured Literature Search Procedure

2.2.1. Eligibility Criteria

  • Inclusion: Peer-reviewed studies, conference papers, journal papers, and research articles published between 1 January 2020 and 31 December 2024.
  • Exclusion: Studies lacking empirical data, opinion pieces, keynotes, short papers, magazines, books, non-English articles, retracted papers, and studies that do not discuss mitigation, detection, and prevention strategies.

2.2.2. Search Strategy

We conducted our search with specific keywords based on the given queries (last search date: 10 March 2025):
  • IEEE Xplore library: (((“All Metadata”: blockchain) AND (“All Metadata”: security) AND (“All Metadata”: privacy) AND (“All Metadata”: attack) AND (“All Metadata”: vulnerability*)) AND ((“All Metadata”: bitcoin) OR (“All Metadata”: btc) OR (“All Metadata”: tether) OR (“All Metadata”: usdt) OR (“All Metadata”: ethereum) OR (“All Metadata”: eth)) AND ((“All Metadata”: smart contract) OR (“All Metadata”: Cryptograph*) OR (“All Metadata”: Cryptocurrenc*)));
  • ACM digital library: [All: blockchain] AND [All: security] AND [All: privacy] AND [All: attack] AND [All: vulnerabilit*] AND [[All: bitcoin] OR [All: btc] OR [All: tether] OR [All: usdt] OR [All: ethereum] OR [All: eth]] AND [[All: “smart contract”] OR [All: cryptograph*] OR [All: cryptocurrenc*]] AND [E-Publication Date: 1 January 2020 TO 31 December 2024)];
  • Nature SpringerLink library: (blockchain AND security AND privacy AND attack AND vulnerability*) AND (bitcoin OR btc OR tether OR usdt OR ethereum OR eth) AND (smart contract OR cryptograph* OR cryptocurrenc*).

2.2.3. Selection Process

We recruited six independent reviewers for the article screening process, and it was carried out using a manual quantitative analysis process achieved through open coding. All of the reviewers agreed to each of the codes that we used to answer our research questions. We also added a PRISMA flowchart to depict the study selection stages, which is shown in Figure 1.

2.2.4. Data Extraction Process

The data extraction process was structured to ensure the consistency, accuracy, and relevance of the extracted information. Initially, we found 1143 studies from three distinct databases. With the screening process that is shown in Figure 1, we ended up adding 252 studies to our research. Each selected study was reviewed to extract the key details, including attack type, impact assessment, mitigation strategies, study methodology, and blockchain application domain. The data were extracted using standardized forms and reviewed independently by six researchers to minimize bias, with any disagreements resolved through discussion or consultation with a seventh reviewer. The extracted information was cross-verified with original studies to maintain consistency, and any missing data were either supplemented using additional sources or excluded from the study. Finally, the extracted data were structured for comparison and the key findings were summarized to facilitate qualitative and quantitative analysis. This structured approach ensured that all relevant aspects of blockchain security threats and mitigation strategies were systematically captured and analyzed.

2.2.5. Study Quality Assessment

The study quality was assessed using the Critical Appraisal Skills Programme (CASP) checklist [30]. The CASP checklist ensures methodological rigor and helps to identify the potential biases in selected studies. Each study was evaluated based on relevance, validity, methodological soundness, bias and confounding factors, reproducibility, transparency, and applicability to blockchain security. In order to rank the studies based on their quality, a scoring system was applied based on their quality, and low-quality studies were excluded and studies without empirical evaluation were excluded during the final synthesis process.

2.3. Data Analysis Process

We started our investigation with 1143 studies from three databases, but we eliminated 8 of them since they were duplicates. Six pieces of research were also disqualified since they were retracted papers. We eliminated a total of 853 papers from our title–abstract screening procedure because they were either not research publications (n = 1) or did not address mitigation, detection, or prevention-related issues (n = 852). Lastly, we removed a total of 24 papers from our full-text analysis since 2 did not fall within the timeframe (2020–2024) that we were interested in, and 22 articles were not available even with institutional access.
The data analysis process involved categorizing attack types based on their mechanisms and assessing their impact on blockchain security and integrity. We gave specific attention to the evolution of attack techniques and motivations. Early attacks predominantly exploited technical flaws, while contemporary threats have evolved into more sophisticated strategies with financial gain as the primary objective. For instance, Sybil attacks leverage multiple fake identities to compromise network integrity, while advanced exploits target vulnerabilities in consensus algorithms such as Proof of Work (PoW) and Proof of Stake (PoS).
To evaluate countermeasures, we analyzed the effectiveness of network security protocols, including firewalls and intrusion detection systems, and cryptographic techniques such as digital signatures and hash functions. Security audits conducted by external experts and consensus mechanisms are critically assessed to determine their resilience against evolving attack methods. The analysis also examined how these measures have adapted over time in response to the growing sophistication of blockchain threats.
The research further explored the anticipated trajectory of blockchain attacks and corresponding security measures. As blockchain technology evolves, new attack vectors are expected to emerge, necessitating continuous advancements in defense mechanisms. Current challenges such as scalability, interoperability, and the trade-offs between decentralization and security are highlighted as critical areas for future investigation.

3. Attacks in Blockchain

3.1. Classification of Blockchain Attacks

Through our systematic literature search, we identified a diverse range of cyberattacks targeting blockchain-decentralized ecosystems, which we classified into distinct categories based on their mechanisms and impact, illustrated in Figure 2. These include quantum computing threats, which exploit advancements in quantum technology to undermine cryptographic security, and smart contract attacks, such as reentrancy vulnerabilities and gas limit manipulations, that exploit flaws in the execution of automated agreements. Additionally, network-based attacks including routing and eclipse attacks aim to disrupt the flow of information and isolate nodes, while transaction-based attacks, including double-spending and race attacks, compromise the integrity of financial operations.
Other identified categories include data and key management attacks, including private key theft and man-in-the-middle exploits, wallet and exchange attacks, including phishing and hot wallet compromises, and consensus-based attacks, such as the 51% attack, which undermines blockchain consensus protocols. Furthermore, blockchain fork and interoperability attacks exploit chain splits or cross-chain bridges, while governance and economic attacks manipulate decision-making or token economies.

3.1.1. The 51% Attack

Also known as majority attacks, 51% attacks remain one of the most critical threats to blockchain networks [31]. They occur when an attacker or a group of miners gains control of more than 50% of a network’s computational power, thereby compromising the consensus mechanism. This control enables malicious actors to manipulate blockchain data and execute attacks such as the following:
(a)
Reversing transactions, enabling double spending (spending the same coins multiple times);
(b)
Altering the order of transactions;
(c)
Disrupting the activities of other miners;
(d)
Preventing confirmation of legitimate transactions.
For instance, Ethereum Classic suffered a series of 51% attacks in 2019, causing financial losses and undermining the network’s integrity. Indicators of a 51% attack often include abrupt changes in network behavior or transaction anomalies.

3.1.2. Smart Contract Vulnerabilities

Smart contracts, which are self-executing programs running on blockchain networks, play a crucial role in automating and enforcing agreements without intermediaries. Despite their advantages, smart contracts are vulnerable to coding errors and design flaws that can result in unauthorized access or loss of funds [32,33,34]. These vulnerabilities are particularly critical due to the immutability of blockchain, which makes it challenging to correct errors once deployed [35]. Notable cases, such as the Poly Network hack in 2021, illustrate how attackers exploit smart contract vulnerabilities to siphon funds, demonstrating the need for rigorous security audits and robust coding practices.

3.1.3. Double-Spending Attack

A double-spending attack occurs when an attacker spends the same digital currency or asset more than once, violating the principle of data consistency. This attack is facilitated by exploiting weaknesses in the consensus algorithm or the delay in transaction confirmation. For example, in January 2021, a double-spending attack on Monero’s blockchain resulted in the theft of USD 3.3 million [36,37]. Factors contributing to this vulnerability include the following:
  • Insufficiently secure or slow consensus algorithms;
  • Delayed block confirmation times;
  • Acceptance of unverified transactions;
  • Direct connections of incoming nodes to the main chain [38,39].
These factors provide adversaries with an opportunity to manipulate transaction records and execute double-spending schemes.

3.1.4. Man-in-the-Middle (MITM) Attack

In a blockchain network, a man-in-the-middle (MITM) attack occurs when an attacker intercepts and manipulates communication between two nodes. This allows the attacker to alter transmitted data, steal private keys, or tamper with transaction records, resulting in significant security breaches, data loss, and financial damage [40,41,42]. MITM attacks undermine the trust and integrity of blockchain systems, emphasizing the need for secure communication protocols and encryption mechanisms.

3.1.5. Routing Attack

Blockchain networks rely on routing protocols for node communication, transaction propagation, and consensus building. In a routing attack, adversaries manipulate the routing protocol to redirect traffic or compromise nodes [43]. By injecting false routing information, attackers can force nodes to choose malicious paths for transactions and block propagation. This facilitates further attacks, such as the following:
(a)
Double-spending attacks;
(b)
Denial-of-Service (DoS) attacks;
(c)
51% attacks.
Routing attacks disrupt network functionality and compromise data security, highlighting the necessity of robust routing protocols and real-time network monitoring.

3.1.6. Sybil Attack

A Sybil attack targets peer-to-peer (P2P) networks by allowing a malicious node to create multiple fake identities, disrupting network functionality. This attack is particularly effective in consensus mechanisms like Proof of Work (PoW), where a node’s computational power determines its ability to validate transactions and earn rewards. For example, in May 2022, the Ethereum-based DeFi protocol, Saddle Finance, suffered a Sybil attack that exploited vulnerabilities in its on-chain governance system, leading to a loss of over USD 10 million [44]. Similarly, in August 2021, a Sybil attack compromised the Liquid Global cryptocurrency exchange, resulting in losses exceeding USD 90 million [45]. Another study highlights that the node authentication process during the blockchain network’s joining phase is particularly vulnerable to Sybil attacks, as attackers can insert malicious nodes that disrupt the network and cause delays in block propagation. This vulnerability underscores the need for robust node authentication mechanisms to prevent the insertion of fake identities.

3.1.7. Race Attack

A race attack, a prevalent form of double-spending attack, occurs when a malicious actor broadcasts two conflicting transactions simultaneously to the network [46,47]. In this scenario, the attacker sends one transaction to the victim, who accepts the payment and delivers the product without waiting for confirmation. Simultaneously, the attacker broadcasts a contradictory transaction to the network, retracting the same amount of cryptocurrency, thereby invalidating the initial transaction [48]. If recipients fail to authenticate the initial transaction properly, the attacker can effectively acquire products or services without making a legitimate payment. This exploit highlights the importance of requiring sufficient confirmations before finalizing transactions to prevent race attacks [49].

3.1.8. Eclipse Attack

An eclipse attack occurs when a malicious actor gains control over all peers connected to a targeted node, isolating it from the rest of the blockchain network. This isolation allows the attacker to manipulate the targeted node, compromise its data, and block legitimate network communication, restricting the node’s interactions solely to malicious peers [43,50]. For example, attackers may send a falsified transaction to the isolated node, presenting it as proof of payment, while broadcasting a conflicting transaction to the broader network to double spend the same tokens [50]. By monopolizing the connections of a node, eclipse attacks disrupt network consensus and can have severe implications for blockchain integrity and reliability. Addressing this vulnerability requires implementing diverse connection strategies, random peer selection, and robust routing protocols.

3.1.9. Replay Attack

A replay attack exploits the reuse of valid transaction data to disrupt blockchain networks or steal funds. This attack typically occurs when blockchain ledgers experience hard forks or chain splits, creating separate chains that share a transaction history. In such cases, transactions broadcast on one chain may be replayed on another due to shared transaction data and the absence of replay protection mechanisms [51]. Vulnerabilities arise from incompatible transaction formats, shared historical data, and weak replay protection, particularly in cryptocurrency exchanges, decentralized finance (DeFi) platforms, and blockchain-based supply chain systems [52]. Replay attacks can have significant financial and operational consequences, emphasizing the need for robust replay protection mechanisms, such as unique chain identifiers and transaction tagging, to prevent unauthorized transaction duplication.

3.2. Key Insights and Implications

These attacks highlight the evolving threat landscape within blockchain ecosystems. While blockchain technology offers significant advantages, its adoption across diverse applications necessitates a continuous focus on identifying and mitigating security vulnerabilities. Understanding the root causes and mechanisms of these attacks provides critical insights for developing resilient security measures. As blockchain systems continue to evolve, addressing these challenges remains a vital area for research and innovation. The causes and affected sectors of certain typical blockchain security attack types are summarized in Table 1.

3.3. Detecting and Mitigating Malicious Blockchain Attacks

As blockchain technology adoption accelerates, the potential for malicious attacks grows, necessitating robust detection and mitigation strategies. A variety of methods and technologies has been developed to enhance the security and resilience of blockchain networks. These include machine-learning-based activity detection, consensus algorithms to prevent attacks such as double-spending attacks, and cryptographic tools for data integrity. Each subsection focuses on specific types of malicious blockchain attacks, providing a comprehensive understanding of their detection and mitigation techniques.

3.3.1. The 51% Attack

A 51% attack occurs when a single entity or group gains control of more than 50% of a network’s mining hash rate or staking power, enabling them to manipulate the blockchain. This attack is particularly relevant to Proof-of-Work (PoW) blockchains like Bitcoin and Litecoin, as well as smaller chains with lower hash rates. The attacker can double spend coins, prevent transactions from being confirmed, and disrupt the network’s integrity.

Detection Techniques

Detection techniques for 51% attacks focus on monitoring network hash rate distribution and identifying unusual patterns in block creation. Key methods include the following:
  • Hash rate monitoring: Continuous tracking of hash rate distribution among mining pools to detect centralization risks [68].
  • Block propagation analysis: Observing block propagation times and orphan rates to identify potential manipulation [69].
  • Network consensus monitoring: Analyzing deviations from normal consensus behavior, such as sudden changes in block confirmation times [70].

Mitigation Strategies

To mitigate the risk of a 51% attack, the following strategies are essential:
  • Decentralization of mining power: Encouraging a diverse and distributed mining pool ecosystem to reduce the risk of hash rate concentration [69].
  • Network size and security: Increasing the overall hash rate and network size to make it economically infeasible for an attacker to gain majority control [68].
  • Consensus algorithm enhancements: Transitioning to more secure consensus mechanisms, such as Proof of Stake (PoS), which are less susceptible to hash-rate-based attacks [70].
  • Real-time alerts and response systems: Implementing systems to detect and respond to unusual network activity, such as sudden hash rate spikes or block reorganizations [69].
By adopting these measures, blockchain networks can reduce the likelihood of a 51% attack and maintain the integrity and trustworthiness of their systems.

3.3.2. Smart Contract Vulnerabilities

Smart contracts, being self-executing and immutable, are susceptible to vulnerabilities that can lead to significant security breaches. Detection techniques for these vulnerabilities are broadly categorized into static and dynamic analysis methods.

Detection Techniques

Static analysis methods include the following:
  • Symbolic execution: Code is analyzed with symbolic values, enabling the generation of algebraic terms and propositional formulas to uncover logical errors [71,72].
  • Control flow graph (CFG) construction: Represents execution flow as a directed graph, aiding understanding of the program’s structure [71,72].
  • Pattern recognition and rule-based analysis: Matches code against predefined secure patterns or known vulnerabilities [57,72].
  • Decompilation analysis: Translates lower-level bytecode into higher-level representations for easier parsing and vulnerability identification [71].
  • Formal verification: Uses mathematical proofs to ensure the program adheres to its specified properties [73].
Dynamic analysis methods include the following:
  • Runtime Execution Trace: Captures the sequence of instructions executed during runtime for anomaly detection [71].
  • Fuzz Testing: Provides structured data as inputs to trigger unexpected behavior, such as crashes or abnormal execution paths [72].

Mitigation Strategies

To enhance smart contract security, the following measures are crucial:
  • Adopting established design patterns and best practices to minimize coding errors.
  • Implementing robust access control mechanisms to prevent unauthorized interactions.
  • Conducting thorough security audits and regular code reviews to identify potential vulnerabilities.
  • Utilizing comprehensive testing methods, including fuzz testing and formal verification [73].
  • Deploying upgradeable contracts to allow future improvements without disrupting the system.
  • Monitoring deployed contracts and addressing detected vulnerabilities proactively [71,72].

3.3.3. Man-in-the-Middle (MITM) Attack

Man-in-the-middle (MITM) attacks involve intercepting and manipulating communication between nodes in a blockchain network. These attacks can compromise data integrity, steal sensitive information, and undermine trust within the network.

Detection Techniques

  • Network Monitoring: Detects unusual activity, such as rogue nodes or unexpected data transmissions [74].
  • Consensus Checks: Identifies discrepancies in transaction data and halts suspicious processes [75].
  • Digital Signatures: Ensures data integrity and authenticates transaction senders, preventing tampering [76].
  • Reputation Systems: Tracks node behavior to identify and flag potentially malicious nodes [77].

Mitigation Strategies

  • Encryption: Ensures that data transmitted between nodes remain secure and incomprehensible to attackers [78].
  • Multi-Factor Authentication (MFA): Protects private keys using techniques such as biometric authentication and one-time passwords [79].
  • Consensus Mechanisms: Requires multiple nodes to verify and approve transactions, making it difficult for attackers to manipulate data [80].
  • Identity Management: Authenticates and authorizes nodes before allowing them to join the network using tools like a public key infrastructure and digital certificates [81].
  • Real-Time Monitoring: Combines network and transaction monitoring to detect and mitigate potential MITM attacks [82].
Effective detection and mitigation of MITM attacks safeguard blockchain networks by ensuring data confidentiality, integrity, and authenticity. Table 2 summarizes the findings.

3.3.4. Routing Attack

Detecting routing attacks in blockchain networks is challenging due to the difficulty of distinguishing between benign and malicious network behavior. However, several techniques have been proposed to identify such attacks effectively. Network monitoring is a key technique, allowing the tracking of transaction routing paths and the detection of anomalies in network traffic [88]. For instance, a transaction propagating through an unusual path may indicate a routing attack [89]. Data analysis can uncover patterns and trends in network traffic that suggest malicious activities. For example, a sudden increase in the number of transactions routed through a specific node may signal a routing attack [90,91]. Reputation systems are also critical, assigning scores to nodes based on their behavior. Nodes with low reputation scores can be flagged as potential sources of routing attacks [92].
To mitigate routing attacks, several strategies have been proposed. Secure routing protocols, such as BGPsec and RPKI, use digital certificates to authenticate routing information and prevent spoofing attacks [93]. Distributed consensus mechanisms, including Proof of Work (PoW) and Proof of Stake (PoS), increase the difficulty for attackers to control the majority of the network’s computational power or stake, thereby preventing routing attacks [94]. Peer-to-peer networking enhances network resilience by allowing nodes to communicate directly, reducing reliance on centralized routing authorities [95]. Furthermore, node reputation systems can identify malicious or compromised nodes, preventing them from propagating transactions and blocks in the network [96]. Nodes with low reputation scores can be excluded or subjected to additional scrutiny, thereby limiting the risk of routing attacks.

3.3.5. Race Attack

Race attacks have been extensively studied, with several detection techniques proposed. A key detection method is the Listening Period, during which vendors associate each transaction with a listening time frame. During this period, transactional records are scrutinized for any signs of a race attack. If no malicious activity is detected within this time frame, the vendor proceeds with the transaction [97]. Another effective technique is the Insertion of Observers, where vendors deploy monitoring nodes within the network. These observers transmit all transactions to the vendor, enabling swift detection of race or double-spending attacks [97].
To prevent race attacks, several mitigation strategies can be employed. Timestamping all transactions ensures that the processing time is recorded, allowing the first recorded transaction to be considered valid. Cryptographic signatures authenticate transactions, verifying that they were submitted by the intended user. Multi-party signatures enhance security by requiring multiple parties to approve a transaction, reducing the risk of unauthorized activities. Increasing the block processing time also mitigates race attacks, as attackers face greater difficulty in executing multiple fraudulent transactions within a restricted timeframe [64].

3.3.6. Eclipse Attack

Eclipse attacks have been addressed in various studies, with several detection approaches proposed. One method involves analyzing the timestamps of questionable blocks. If the time interval between newly created blocks is abnormally high, it may indicate an eclipse attack, with detection typically requiring 2–3 h [66]. Another technique is the ubiquitous gossip protocol, which allows users to connect with protocol-dominated servers through gossip messages without requiring changes to the Bitcoin protocol or the peer-to-peer network. This approach minimizes dependency on web servers for connecting with Bitcoin block headers [98]. Additionally, redundancy can be introduced by replicating keys across multiple nodes and conducting routing failure tests to identify compromised nodes.
To mitigate eclipse attacks, several countermeasures are available. Elimination of Far Successors is a technique where nodes autonomously calculate the distances between their successors, removing any malicious entries immediately [99]. Bitcoin clients also use a classification system to segregate new peers and previously established connections, preventing attackers from exploiting these distinctions [43]. Expanding the network size further complicates an attacker’s ability to control a significant portion of the network. Peer-discovery mechanisms allow nodes to connect with a diverse set of peers, thereby reducing the likelihood of isolation and increasing resilience against eclipse attacks.

3.3.7. Double-Spending Attack

Double-spending attacks pose a significant threat to blockchain systems by allowing malicious actors to spend the same digital asset multiple times, undermining transaction integrity. Several detection and prevention mechanisms have been developed to mitigate this risk effectively.
Key detection techniques include transaction and block verification processes, where the transaction time and block confirmation are monitored to identify inconsistencies or unusual behavior [36]. Updating the existing block rather than removing it and implementing timestamping during chain-building processes further enhance detection accuracy [86]. Approaches such as the Longest Chain Rule in Proof-of-Stake (PoS) protocols, key-evolving cryptography, and increasing the number of confirmed blocks have also been shown to effectively identify double-spending attempts [100]. Continuous monitoring of node connections, disabling unconfirmed connections, and employing transaction forwarding mechanisms ensure additional layers of security [37,59].
Mitigation measures for double-spending attacks include adopting recipient-oriented transactions and increasing block confirmation thresholds, which make fraudulent transactions more challenging to execute. Cryptographic methods such as key-evolving cryptography provide secure mechanisms to verify transaction authenticity. Additionally, ensuring a consistent ledger and disabling unconfirmed connections prevent the propagation of invalid transactions [39]. These strategies collectively enhance blockchain reliability and maintain transactional trustworthiness.

3.3.8. Sybil Attack

Sybil attacks exploit vulnerabilities in peer-to-peer (P2P) networks by introducing multiple malicious nodes that mimic legitimate nodes, thereby disrupting network operations. Addressing these attacks requires a combination of detection and mitigation strategies.
TrustChain, a blockchain solution incorporating the NetFlow algorithm, calculates node reputation to detect and mitigate Sybil attacks by identifying malicious nodes [61]. Decentralized registration mechanisms prevent Sybil node injection into routing tables, addressing vulnerabilities such as Routing Table Insertion (RTI) attacks [62]. Identity verification during the initial node authentication phase, as proposed by Tayebeh et al., can constrain nodes exhibiting abnormally high computational power, mitigating risks to the network [63]. Furthermore, imposing non-refundable deposits, applying time locks to fund usage, and leveraging coin-age mechanisms can reduce the likelihood of Sybil nodes affecting block propagation and consensus [101].
Effective countermeasures also include implementing rigorous node authentication processes, which may involve network joining fees, source validation of node connections, and monitoring nodes’ forwarding behavior over time [102]. By integrating these techniques, blockchain networks can significantly reduce the impact of Sybil attacks and ensure network stability.

3.3.9. Replay Attack

Replay attacks exploit vulnerabilities in blockchain systems, particularly during hard forks or chain splits, by replaying valid transactions from one chain onto another. Detection techniques include monitoring for duplicate transactions across chains and analyzing transaction histories to identify repeated or suspicious activities [52]. Incorporating cryptographic measures, such as one-time private–public key pairs and elliptic-curve-based encryption, further strengthens detection capabilities [87].
Mitigation strategies for replay attacks include implementing strong replay protection, which ensures transactions made on a new blockchain post-fork cannot be replayed on the original chain. Splitting coins into distinct transactions on each chain prevents cross-chain replay vulnerabilities [51]. Opt-in replay protection allows users to mark transactions manually, granting additional control over transaction security [52]. These measures collectively enhance the resilience of blockchain systems against replay attacks.

4. Our Findings

In our study, we identified several critical findings that highlight the significance of addressing blockchain security vulnerabilities. Common attacks, including double-spending attacks, 51% attacks, and smart contract vulnerabilities, pose substantial threats to blockchain networks by undermining their security and integrity, leading to financial losses and eroding public trust.

4.1. Probability of Blockchain Attacks

We attempted to identify the probability of various blockchain attack types, which varies significantly based on the underlying vulnerabilities and the operational design of blockchain systems. Smart contract vulnerabilities exhibit the highest probability compared to other types of vulnerabilities in almost every case, and there are different key factors, including code vulnerabilities, questionable audit quality, and lack of formal verifications. These vulnerabilities often lead to attacks like reentrancy exploits, which are particularly devastating in decentralized finance (DeFi) platforms.
Table 3 illustrates the analysis of the likelihood of various blockchain attacks, and reveals significant variations in attack probabilities. Man-in-the-middle (MITM) attacks and double-spending attacks also demonstrate relatively high probabilities, at around 35–45%. The prevalence of MITM attacks arises from weaknesses in communication protocols and insufficient encryption mechanisms in blockchain networks. Double-spending attacks, meanwhile, are facilitated by delayed transaction confirmations or inadequate consensus mechanisms in Proof-of-Work (PoW) or hybrid systems.
Other attack types, such as Sybil attacks, leverage weaknesses in node authentication processes, allowing attackers to disproportionately influence network consensus or disrupt data propagation. Similarly, routing attacks and eclipse attacks exhibit moderate likelihoods, targeting network-layer vulnerabilities to isolate or delay nodes. Lower-probability attacks, like replay attacks, occur in specific contexts such as double spending or hard forks but remain critical threats in those scenarios.
These probabilities highlight the higher risks associated with certain attack types, such as double-spending attacks and smart contract vulnerabilities. Prioritizing security measures for these high-risk areas can significantly enhance blockchain resilience. These findings provide critical insights for researchers and practitioners, offering a roadmap for addressing blockchain security challenges effectively.

4.2. Detection and Mitigation Strategies for Blockchain Attacks

Our study comprehensively analyzed the diverse range of technologies and security measures available for detecting and mitigating blockchain attacks. These strategies encompass advanced consensus algorithms, such as Byzantine Fault Tolerance (BFT), Proof of Stake (PoS), and Delegated Proof of Stake (DPoS), which enhance the network’s resilience against consensus-based attacks like 51% attacks and Sybil attacks. Cryptographic techniques, including zero-knowledge proofs (ZKPs), multi-signature schemes, and lattice-based post-quantum cryptography, serve as robust safeguards against key management vulnerabilities, ensuring the integrity of transactions and the confidentiality of user identities.
Additionally, smart contract auditing tools and methodologies, such as static and dynamic analysis, formal verification, and fuzz testing, play a pivotal role in identifying vulnerabilities like reentrancy attacks or logic flaws within smart contracts. Secure development practices, such as adhering to well-defined design patterns, conducting regular code reviews, and implementing access control mechanisms, further mitigate the risks associated with poorly designed systems. Industry-specific measures, such as secure oracles for blockchain-based supply chains or privacy-preserving encryption techniques for healthcare applications, highlight the necessity of tailoring security solutions to specific use cases.
Given the dynamic nature of blockchain security, continuous research and cross-disciplinary collaboration are imperative. Emerging threats, such as quantum computing risks and cross-chain interoperability vulnerabilities, demand proactive development of quantum-resistant cryptography and secure protocols for decentralized applications. By staying informed about evolving attack vectors and integrating state-of-the-art technologies, the blockchain community can build robust security frameworks that ensure the resilience and trustworthiness of blockchain systems across diverse applications. This approach not only safeguards existing implementations but also fosters trust in and broad adoption of blockchain technology.

4.3. Significant Keyword Frequencies

In our analysis, we found that the keyword frequencies provide significant insights into the research trends and priorities within the field. The term “Blockchain” emerged as the most frequently mentioned keyword, appearing 16,400 times, which underscores its central role in the studies. This was closely followed by “Security” (11,518) and “Smart” (13,760), indicating a strong emphasis on security aspects and smart technologies, particularly in the context of blockchain systems. We also observed that keywords such as “Vulnerability/Vulnerabilities” (8422), “Attack” (5450), and “Detection” (7043) were highly prevalent, reflecting a substantial focus on identifying and addressing security threats and weaknesses within blockchain and related technologies. Additionally, terms like “Privacy” (4454) and “Encryption” (1633) highlight the importance of data protection and cryptographic methods in ensuring secure transactions and network integrity. The prominence of “Ethereum” (4672) and “Bitcoin” (1971) further emphasize the dominance of these platforms in blockchain research. Overall, our findings illustrate a research landscape deeply engaged with blockchain technology, its security challenges, and the development of strategies to mitigate vulnerabilities and enhance system robustness. Table 4 illustrates the significant keywords from our included studies.

4.4. Publication Frequencies by Year

As shown in Figure 3, our results revealed a significant trend in the included studies’ yearly publication frequency. According to the data, just 22 pieces of research were published in 2020, the year with the fewest publications, but, in the years that followed, there was a noticeable rise, with 39 publications in 2021 and 37 in 2022. After reaching 58 publications in 2023, the rising trend continued, culminating in a noteworthy peak of 118 publications in 2024. This dramatic increase in publications, especially in 2024, suggests that interest in the topic is expanding and that research is moving more quickly. The rise might be explained by the growing importance of blockchain technology, its uses, and the security issues that surround it, which have drawn more attention from both researchers and industry professionals. This pattern emphasizes how dynamic and quickly changing the area is, which reflects how crucial it is to solve new problems and advance our understanding of blockchain and related fields.

4.5. Distribution of Attack Categories

In our study, we determined the distribution of attack types and their frequencies across the included studies. Also, we categorized the attacks into 42 distinct categories based on their characteristics and impact areas. The category “Smart Contract Vulnerability” received the greatest attention, with 48 mentions, emphasizing its importance as a significant area of concern in blockchain and related technologies. This was followed by “Financial Fraud” (18) and “Privacy Violation” (19), both of which received significant attention, emphasizing the need for tackling financial and privacy threats in digital ecosystems. Other important categories are “Network Attack” (10), “Cryptographic Attack” (9), and “Denial of Service” (8), emphasizing the importance of network security, cryptographic vulnerabilities, and service disruption threats. Additionally, the term “IoT Vulnerability” occurred 22 times, showing a rising level of worry about the security of Internet of Things (IoT) systems. Categories such as “Authentication/Authorization” (17) and “Data Security” (4) highlight the significance of safe access control and data protection techniques. The inclusion of less common but significant categories, such as “Supply Chain Attack” (2), “Threat Intelligence” (1), and “Trusted Execution Environment” (1), implies that a wide variety of security concerns is being investigated. Overall, these findings point to a research environment that emphasizes smart contract vulnerabilities, financial fraud, and privacy concerns while also addressing a wide range of additional security threats and weaknesses in blockchain and associated technologies. Figure 4 demonstrates the distribution of attack categories.

4.6. Analysis of Core Reasons for Vulnerabilities

In our research, we discovered the primary causes of vulnerabilities throughout the included studies, as shown in Figure 5. The most common explanation was “Software Vulnerability”, which had 35 instances, showing the ubiquity of faults in software systems as a key source of security hazards. This was followed by “Access Control Weakness” (23) and “AI Model Bias” (21), which emphasizes the difficulties in protecting access mechanisms and resolving biases in artificial intelligence models. Furthermore, “IoT Security Weakness” occurred 15 times, indicating rising worries about the security of Internet of Things (IoT) devices. With 10 instances apiece, “Blockchain Security Issue” and “Cryptographic Flaw” are two more noteworthy explanations that highlight how critical it is to fix flaws in blockchain systems and cryptographic implementations. Although they are less common, problems like “Human Manipulation” (3), “Third-Party Risk” (3), and “Data Privacy Issues” (8) also add to the overall vulnerability illustration.
The category “Other” had the highest count (117), which represents a broad range of less frequently cited but equally critical reasons for vulnerabilities. These include emerging threats, such as novel attack techniques not yet widely studied; regulatory and compliance gaps, where security weaknesses arise from a lack of standardized regulations, particularly in emerging technologies like blockchain and AI; economic and incentive misalignment, where cost-cutting or misaligned incentives in decentralized finance (DeFi) lead to security flaws; legacy system weaknesses, where outdated or deprecated technologies remain susceptible to known exploits; interoperability and integration flaws, caused by poor integration between platforms or systems; lack of security culture and awareness, where organizational or user behavior leads to vulnerabilities, such as developers neglecting best practices or users falling for scams; and Protocol Design Flaws, where inherent weaknesses in system architectures, such as blockchain consensus mechanisms or smart contract frameworks, create exploitable vulnerabilities. These findings emphasize the diverse and multifaceted nature of security weaknesses, ranging from technical flaws to human, organizational, and systemic factors, and highlight the need for comprehensive strategies to mitigate these risks.

4.7. Attack Categories and Their Impact Results Across the Included Studies

In order to systematically analyze the effect outcomes of assaults throughout the available research, we divided them into 42 different categories. This classification made it possible for us to recognize the wide variety of vulnerabilities and the effects they have on different fields. For example, studies have emphasized the security concerns of AI/ML, including financial exploitation threats and poor vulnerability identification [103,104,105,106]. Likewise, Web3 apps’ application vulnerability resulted in execution errors that went unnoticed and possible security compromises [107]. Studies [69,70,108,109,110,111,112,113,114,115,116] that examined the authentication/authorization category found a variety of effects, such as private key breaches, illegal access, and legal liabilities. Performance deterioration and election result manipulation were two major blockchain security issues [117,118,119,120]. This thorough taxonomy highlights the complexity of security issues and their wide-ranging effects while offering an organized summary of the threat landscape. We want to enable focused mitigation efforts and more investigation into certain areas of susceptibility by classifying these findings into discrete categories. Table 5 summarizes our findings in different attack categories and their impact results across the included studies.

5. Discussion

Blockchain technology has revolutionized various industries by offering a decentralized and secure platform for transactions and data management. However, its potential is often undermined by persistent security challenges that threaten the integrity, confidentiality, and availability of blockchain networks. This research explored the security vulnerabilities in blockchain systems, emphasizing the detection and mitigation strategies for various attacks. The findings address three core research questions (RQs) and highlight their practical and theoretical implications, paving the way for more secure and resilient blockchain networks.

5.1. RQ1: Common Types of Attacks on Blockchain Technology and Their Impact

Blockchain technology faces several common attack types that compromise security and integrity:
  • Smart contract vulnerabilities: Reentrancy attacks, integer overflow, and weak access control mechanisms lead to financial fraud and unauthorized transactions.
  • Denial-of-service (DoS) attacks: DDoS blockchain state storage attacks cause network congestion and transaction delays, impacting system reliability.
  • Consensus attacks: 51% attacks, selfish mining, and long-range attacks exploit mining power to reverse transactions and double spend assets.
  • Oracle manipulation: Flash loan exploits and price manipulation enable attackers to control asset prices and execute fraudulent trades in DeFi applications.
  • Cryptographic attacks: Quantum cryptographic threats, identity theft, and weak key management lead to unauthorized access and data breaches.
  • Privacy violations: Data leaks in EHRs and IoT privacy breaches due to weak encryption mechanisms expose user-sensitive data.
  • IoT security weaknesses: IoT device hijacking, unauthorized access, and industrial IoT intrusions result in compromised network security.
These attacks cause financial losses, data breaches, network disruption, and erosion of trust in blockchain systems.

5.2. RQ2: Security Measures and Technologies for Detecting and Mitigating Blockchain Attacks

To counter malicious blockchain attacks, various security measures are employed:
  • Detection Techniques:
    AI and ML-based anomaly detection for fraud and transaction manipulation.
    Static and dynamic smart contract analysis for vulnerability detection.
    Cryptographic verification ensuring transaction integrity.
    Consensus monitoring for anomaly detection in mining behavior.
  • Mitigation Measures:
    Secure smart contract coding practices and formal verification.
    Blockchain-based authentication for secure access control.
    Privacy-preserving mechanisms such as zero-knowledge proofs (ZKP) and homomorphic encryption.
    Hybrid blockchain models integrating public and private blockchains for enhanced security.
  • Prevention Techniques:
    Decentralized identity management with multi-factor authentication.
    Intrusion prevention systems (IPS) for blocking unauthorized transactions.
    Tokenization and encrypted storage for securing sensitive data.
These security mechanisms help ensure blockchain resilience against various threats.

5.3. RQ3: Context-Specific Mitigation Strategies for Different Blockchain Applications

Different blockchain applications require tailored security approaches:
  • Smart Contracts (DeFi and Financial Transactions):
    Pre-deployment formal verification to identify coding errors.
    Multi-signature authentication to prevent unauthorized withdrawals.
    Real-time transaction monitoring for Ponzi scheme detection.
  • Enterprise and Government Blockchains:
    Hybrid blockchain integration balancing transparency and confidentiality.
    Regulatory compliance mechanisms such as AML and KYC frameworks.
    Decentralized governance models using DAOs for decision-making.
  • IoT and Industrial Blockchain Applications:
    Lightweight blockchain security protocols for resource-constrained devices.
    Edge and fog computing integration to secure IoT data.
    Zero-knowledge proofs for securing IoT-generated data.
  • Privacy-Critical Applications (Healthcare, Identity Management):
    Decentralized identity management to prevent unauthorized access.
    Confidential transactions with advanced encryption mechanisms.
  • Blockchain-Based Voting and Governance:
    Cryptographic vote verification for secure elections.
    Resilient consensus mechanisms to prevent rollback attacks.
By implementing application-specific security strategies, blockchain networks can achieve better security, compliance, and efficiency.

5.4. Broader Implications

This research highlights the evolving nature of blockchain security, where the increasing sophistication of attack vectors necessitates continual advancements in detection and mitigation strategies. The integration of machine learning and artificial intelligence into anomaly detection, as well as the exploration of post-quantum cryptographic techniques, represent promising directions for future research.
Additionally, the environmental impact of resource-intensive consensus mechanisms, such as Proof of Work (PoW), underscores the importance of exploring energy-efficient alternatives like Proof-of-Stake (PoS) and hybrid models. The scalability and adoption of these solutions will play a critical role in ensuring blockchain technology’s long-term sustainability.

5.5. Practical and Theoretical Contributions

From a theoretical perspective, this study provides a structured taxonomy of blockchain attacks, detailing their mechanisms, causes, and countermeasures. Practically, it offers actionable recommendations for blockchain practitioners and industry stakeholders, emphasizing the importance of tailoring security measures to meet application-specific needs. These contributions bridge the gap between academic research and practical implementation, facilitating the development of secure blockchain ecosystems.

6. Conclusions

This research provides a comprehensive analysis of mitigating blockchain attacks and enhancing security measures, aligning with the transformative potential of blockchain technology across industries. Blockchain’s decentralized nature, combined with its benefits in transparency, immutability, and security, makes it a revolutionary tool for applications ranging from finance to supply chains and healthcare. However, our analysis has also highlighted significant challenges, particularly concerning security vulnerabilities and attacks that threaten the integrity and trustworthiness of blockchain networks.
The severity and recurrence of these security threats are evident in real-world examples, such as 51% attacks, double-spending attacks, and smart contract vulnerabilities. These attacks have led to substantial financial losses and have eroded public confidence in blockchain systems. The increasing prevalence of reported vulnerabilities and the rise in cybercrime further emphasize the urgency of addressing these challenges through robust and adaptive security measures.
Through our research questions, we identified and categorized common blockchain attacks, evaluated their impact on security and system integrity, and assessed the efficacy of existing detection and mitigation strategies. Our findings revealed that smart contract vulnerabilities and double-spending attacks represent the most significant threats due to their prevalence and the potential for large-scale financial damage. Moreover, the need for tailored solutions is evident as blockchain applications across industries exhibit varying security requirements and threat landscapes.
This research underscores the importance of employing customized security measures tailored to the unique operational needs of blockchain applications. For instance, financial systems require enhanced consensus mechanisms and cryptographic techniques to prevent double spending, while supply chain networks benefit from robust node reputation systems and secure routing protocols to maintain data integrity. By carefully analyzing the unique characteristics and threats faced by blockchain systems, developers and practitioners can implement effective, context-specific security measures.
Our study contributes to the body of knowledge on blockchain security by offering a detailed examination of attack mitigation techniques and their practical applications. It equips researchers and practitioners with actionable insights to help them make informed decisions and adopt robust security strategies. Furthermore, it highlights the limitations of current security mechanisms, encouraging the exploration of cutting-edge technologies to address emerging threats. A notable limitation of this study is the lack of an in-depth discussion about the mitigation or prevention techniques for the attacks, although some studies have in-depth discussions on mitigating or preventing those attacks, which we want to address in future research.
Looking ahead, we recognize that the dynamic nature of blockchain technology necessitates ongoing research and collaboration to address new vulnerabilities and attack vectors. Emerging technologies, such as quantum-resistant cryptography and artificial-intelligence-based anomaly detection, hold promise for further enhancing the security and resilience of blockchain systems. By prioritizing security and adopting proactive measures, we can ensure the trust in and integrity of blockchain technology, paving the way for its widespread adoption and transformative impact.

Author Contributions

M.K.S. designed the systematic search strategy, performed keyword analysis, conducted the literature review, contributed to the results and discussion, created the visualizations, and participated in manuscript refinement; B.S. conceived the initial idea for the paper and contributed to the development of the introduction and methodology; M.M.H. assisted in the preparation of the results and contributed to the discussion; M.J.H.F. coordinated the overall research effort and contributed to the abstract, title, introduction, and conclusion; N.A., S.T. and A.S. participated in the analysis of the included literature; H.S. provided academic supervision, critical feedback, and guidance, led scholarly discussions, and finalized the manuscript. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Chidambaranathan, S.; Geetha, R. Deep learning enabled blockchain based electronic heathcare data attack detection for smart health systems. Meas. Sens. 2024, 31, 100959. [Google Scholar] [CrossRef]
  2. Srivastava, A.; Gupta, J. Attack resistant blockchain-based healthcare record system using modified RSA Algorithm. Int. J. Inf. Technol. 2024, 16, 417–424. [Google Scholar] [CrossRef]
  3. Deloitte’s 2021 Global Blockchain Survey: Financial Leaders See Digital Assets as the Future. 2021. Available online: https://www2.deloitte.com/us/en/insights/topics/understanding-blockchain-potential/global-blockchain-survey.html (accessed on 25 March 2025).
  4. FinancialNewsMedia.com. Global Blockchain Technology Market Expected to Reach $1.4 Trillion by 2030. Available online: https://www.prnewswire.com/news-releases/global-blockchain-technology-market-expected-to-reach-1-4-trillion-by-2030-301535849.html (accessed on 20 April 2024).
  5. Pramod, B.; Vaibhav, M. Blockchain Distributed Ledger Market Expected to Reach $ 137.29 Billion by 2027; Allied Market Research: Wilmington, DE, USA, 2021. [Google Scholar]
  6. Sood, A.; Simon, R. Implementation of Blockchain in Cross Border Money Transfer. In Proceedings of the 2019 4th International Conference on Information Systems and Computer Networks (ISCON), Mathura, India, 21–22 November 2019; pp. 104–107. [Google Scholar] [CrossRef]
  7. Wang, S.; Ouyang, L.; Yuan, Y.; Ni, X.; Han, X.; Wang, F.Y. Blockchain-Enabled Smart Contracts: Architecture, Applications, and Future Trends. IEEE Trans. Syst. Man. Cybern. Syst. 2019, 49, 2266–2277. [Google Scholar] [CrossRef]
  8. Panarello, A.; Tapas, N.; Merlino, G.; Longo, F.; Puliafito, A. Blockchain and IoT Integration: A Systematic Survey. Sensors 2018, 18, 2575. [Google Scholar] [CrossRef] [PubMed]
  9. Saha, B.; Islam, M.S.; Riad, A.K.; Tahora, S.; Shahriar, H.; Sneha, S. BlockTheFall: Wearable Device-based Fall Detection Framework Powered by Machine Learning and Blockchain for Elderly Care. arXiv 2023, arXiv:2306.06452. [Google Scholar]
  10. Tahora, S.; Saha, B.; Sakib, N.; Shahriar, H.; Haddad, H. Blockchain Technology in Higher Education Ecosystem: Unraveling the Good, Bad, and Ugly. arXiv 2023, arXiv:2306.04071. [Google Scholar]
  11. Shrier, D.; Wu, W.; Pentland, A. Blockchain & infrastructure (identity, data security). Mass. Inst. Technol.-Connect. Sci. 2016, 1, 1–19. [Google Scholar]
  12. Hölbl, M.; Kompara, M.; Kamišalić, A.; Nemec Zlatolas, L. A systematic review of the use of blockchain in healthcare. Symmetry 2018, 10, 470. [Google Scholar] [CrossRef]
  13. Randolph, J.; Faruk, M.J.H.; Saha, B.; Shahriar, H.; Valero, M.; Zhao, L.; Sakib, N. Blockchain-based Medical Image Sharing and Automated Critical-results Notification: A Novel Framework. In Proceedings of the 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC), Los Alamitos, CA, USA, June 27–1 July 2022; pp. 1756–1761. [Google Scholar]
  14. Faruk, M.J.H.; Shahriar, H.; Saha, B.; Barek, A. Security in Electronic Health Records System: Blockchain-Based Framework to Protect Data Integrity. In Blockchain for Cybersecurity in Cyber-Physical Systems; Springer: Berlin/Heidelberg, Germany, 2022; pp. 125–137. [Google Scholar]
  15. Perboli, G.; Musso, S.; Rosano, M. Blockchain in Logistics and Supply Chain: A Lean Approach for Designing Real-World Use Cases. IEEE Access 2018, 6, 62018–62028. [Google Scholar] [CrossRef]
  16. Madine, M.; Salah, K.; Jayaraman, R.; Battah, A.; Hasan, H.; Yaqoob, I. Blockchain and NFTs for Time-Bound Access and Monetization of Private Data. IEEE Access 2022, 10, 94186–94202. [Google Scholar] [CrossRef]
  17. O’Reilly, P.; Rigopoulos, K. Fiscal Year 2023 Cybersecurity and Privacy Annual Report; Number NIST SP 800-229; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2024; p. NIST SP 800-229. [CrossRef]
  18. Kramer, S. Unpacking SonicWall 2024 Mid-Year Cyber Threat Report. 2024. Available online: https://thecuberesearch.com/unpacking-sonicwall-2024-midyear-cyber-threat-report/ (accessed on 20 April 2024).
  19. Badertscher, C.; Lu, Y.; Zikas, V. A rational protocol treatment of 51% attacks. In Proceedings of the Advances in Cryptology–CRYPTO 2021: 41st Annual International Cryptology Conference, CRYPTO 2021, Virtual Event, 16–20 August 2021; Proceedings, Part III 41. Springer: Berlin/Heidelberg, Germany, 2021; pp. 3–32. [Google Scholar]
  20. Sinclair, S. Ethereum Classic’s MESS Solution Won’t Provide ’Robust’ Security Against 51% Attacks. Available online: https://www.coindesk.com/markets/2020/08/20/ethereum-classics-mess-solution-wont-provide-robust-security-against-51-attacks/ (accessed on 20 April 2024).
  21. Kustov, V.; Aleksey, G.; Nikolay, B.; Ekaterina, S.; Ravi, R.V. Three Sources of Blockchain Technology Vulnerabilities—How to Deal with them? In Proceedings of the 2022 Second International Conference on Computer Science, Engineering and Applications (ICCSEA), Gunupur, India, 8 September 2022; pp. 1–8. [Google Scholar] [CrossRef]
  22. Livni, E. Binance Blockchain Hit by $570 Million Hack, Exposing Crypto Vulnerabilities. The New York Times, 7 October 2022. [Google Scholar]
  23. Oxford Analytica. Binance breach underlines risks for crypto ecosystem. Emerald Expert Briefings 2022. [Google Scholar] [CrossRef]
  24. Beck, R.H. Top 10 Cryptocurrencies of March 4, 2025. Available online: https://www.investopedia.com/top-10-cryptocurrencies-5189931 (accessed on 20 April 2024).
  25. Li, X.; Cheng, J.; Shi, Z.; Liu, J.; Zhang, B.; Xu, X.; Tang, X.; Sheng, V. Blockchain Security Threats and Collaborative Defense: A Literature Review. Comput. Mater. Contin. 2023, 76, 2597–2629. [Google Scholar] [CrossRef]
  26. Hussain, A.H.; Hasan, M.N.; Prince, N.U.; Islam, M.M.; Islam, S.; Hasan, S.K. Enhancing cyber security using quantum computing and Artificial Intelligence: A review. World J. Adv. Res. Rev. 2021, 10, 448–456. [Google Scholar] [CrossRef]
  27. Mollajafari, S.; Bechkoum, K. Blockchain Technology and Related Security Risks: Towards a Seven-Layer Perspective and Taxonomy. Sustainability 2023, 15, 13401. [Google Scholar] [CrossRef]
  28. Karakostas, D.; Kiayias, A.; Zacharias, T. Blockchain bribing attacks and the efficacy of counterincentives. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, Salt Lake City, UT, USA, 14–18 October 2024; pp. 1031–1045. [Google Scholar]
  29. Madhushanie, N.; Vidanagamachchi, S.; Arachchilage, N. Selfish mining attack in blockchain: A systematic literature review. Int. J. Inf. Secur. 2024, 23, 2333–2351. [Google Scholar] [CrossRef]
  30. CASP Checklist for Systematic Reviews and Meta-Analysis. Available online: https://casp-uk.net/casp-tools-checklists/systematic-reviews-meta-analysis-observational-studies/ (accessed on 25 March 2025).
  31. Careem, M.A.A.; Dutta, A. Reputation based Routing in MANET using Blockchain. In Proceedings of the 2020 International Conference on Communication Systems & Networks (COMSNETS), Bengaluru, India, 7–11 January 2020; pp. 1–6. [Google Scholar]
  32. Luu, L.; Chu, D.H.; Olickel, H.; Saxena, P.; Hobor, A. Making Smart Contracts Smarter. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS), Vienna, Austria, 24–28 October 2016; pp. 254–269. [Google Scholar]
  33. Peng, K.; Li, M.; Huang, H.; Wang, C.; Wan, S.; Choo, K.K.R. Security challenges and opportunities for smart contracts in Internet of Things: A survey. IEEE Internet Things J. 2021, 8, 12004–12020. [Google Scholar] [CrossRef]
  34. Sayeed, S.; Marco-Gisbert, H.; Caira, T. Smart contract: Attacks and protections. IEEE Access 2020, 8, 24416–24427. [Google Scholar] [CrossRef]
  35. Mense, A.; Flatscher, M. Security Vulnerabilities in Ethereum Smart Contracts. In Proceedings of the 20th International Conference on Information Integration and Web-Based Applications & Services (iiWAS), Yogyakarta, Indonesia, 19–21 November 2018; pp. 375–380. [Google Scholar]
  36. Begum, A.; Tareq, A.H.; Sultana, M.; Sohel, M.K.; Rahman, T.; Sarwar, A.H. Blockchain Attacks, Analysis and a Model to Solve Double Spending Attack. Int. J. Mach. Learn. Comput. 2020, 10, 352–357. [Google Scholar]
  37. Marcus, Y.; Heilman, E.; Goldberg, S. Low-Resource Eclipse Attacks on Ethereum’s Peer-to-Peer Network. Cryptology ePrint Archive 2018, 2018, 857. Available online: https://eprint.iacr.org/2018/857 (accessed on 20 April 2024).
  38. Deirmentzoglou, E.; Papakyriakopoulos, G.; Patsakis, C. A survey on long-range attacks for proof of stake protocols. IEEE Access 2019, 7, 28712–28725. [Google Scholar] [CrossRef]
  39. Grundmann, M.; Neudecker, T.; Hartenstein, H. Exploiting transaction accumulation and double spends for topology inference in bitcoin. In Proceedings of the Financial Cryptography and Data Security: FC 2018 International Workshops, BITCOIN, VOTING, and WTSC, Nieuwpoort, Curaçao, 2 March 2018; Revised Selected Papers 22. Springer: Berlin/Heidelberg, Germany, 2019; pp. 113–126. [Google Scholar]
  40. Riadi, I.; Umar, R.; Busthomi, I.; Muhammad, A.W. Block-hash of blockchain framework against man-in-the-middle attacks. Regist. J. Ilm. Teknol. Sist. Inf. 2022, 8, 1–9. [Google Scholar] [CrossRef]
  41. Razmjouei, P.; Kavousi-Fard, A.; Dabbaghjamanesh, M.; Jin, T.; Su, W. Ultra-lightweight mutual authentication in the vehicle based on smart contract blockchain: Case of MITM attack. IEEE Sens. J. 2020, 21, 15839–15848. [Google Scholar] [CrossRef]
  42. Akter, S.; Chellappan, S.; Chakraborty, T.; Khan, T.A.; Rahman, A.; Al Islam, A.A. Man-in-the-middle attack on contactless payment over NFC communications: Design, implementation, experiments and detection. IEEE Trans. Dependable Secur. Comput. 2020, 18, 3012–3023. [Google Scholar] [CrossRef]
  43. Aggarwal, S.; Kumar, N. Attacks on blockchain. In Advances in Computers; Elsevier: Amsterdam, The Netherlands, 2021; Volume 121, pp. 399–410. [Google Scholar]
  44. The Defiant Weekly. Saddle Finance Loses More than $10 Million in a Recent DeFi Exploit. Available online: https://thedefiant.io/saddle-finance-loses-10-million (accessed on 20 April 2024).
  45. CoinDesk. Japan’s Liquid Global Exchange Hacked; $90M in Crypto Siphoned Off. 2021. Available online: https://www.coindesk.com/markets/2021/08/19/japans-liquid-global-exchange-hacked-90m-in-crypto-siphoned-off/ (accessed on 6 April 2023).
  46. Shemov, G.; Garcia de Soto, B.; Alkhzaimi, H. Blockchain applied to the construction supply chain: A case study with threat model. Front. Eng. Manag. 2020, 7, 564–577. [Google Scholar] [CrossRef]
  47. Averin, A.; Averina, O. Review of blockchain technology vulnerabilities and blockchain-system attacks. In Proceedings of the 2019 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon), Vladivostok, Russia, 1–4 October 2019; pp. 1–6. [Google Scholar]
  48. König, L.; Unger, S.; Kieseberg, P.; Tjoa, S.; Blockchains, J.R.C. The Risks of the Blockchain A Review on Current Vulnerabilities and Attacks. J. Internet Serv. Inf. Secur. 2020, 10, 110–127. [Google Scholar]
  49. Rathod, N.; Motwani, D. Security threats on blockchain and its countermeasures. Int. Res. J. Eng. Technol. 2018, 5, 1636–1642. [Google Scholar]
  50. Castro, M.; Druschel, P.; Ganesh, A.; Rowstron, A.; Wallach, D.S. Secure routing for structured peer-to-peer overlay networks. ACM SIGOPS Oper. Syst. Rev. 2002, 36, 299–314. [Google Scholar] [CrossRef]
  51. Duan, L.; Sun, Y.; Zhang, K.; Ding, Y. Multiple-Layer Security Threats on the Ethereum Blockchain and Their Countermeasures. Secur. Commun. Networks 2022, 2022, 5307697. [Google Scholar] [CrossRef]
  52. NFTing. What is a Replay Attack? Available online: https://nfting.store/blogs/news/what-is-a-replay-attack (accessed on 20 April 2024).
  53. Aponte-Novoa, F.A.; Orozco, A.L.S.; Villanueva-Polanco, R.; Wightman, P. The 51% attack on blockchains: A mining behavior study. IEEE Access 2021, 9, 140549–140564. [Google Scholar] [CrossRef]
  54. Shanaev, S.; Shuraeva, A.; Vasenin, M.; Kuznetsov, M. Cryptocurrency value and 51% attacks: Evidence from event studies. J. Altern. Investments 2019, 22, 65–77. [Google Scholar] [CrossRef]
  55. Saad, M.; Spaulding, J.; Njilla, L.; Kamhoua, C.A.; Nyang, D.; Mohaisen, A. Overview of attack surfaces in blockchain. In Blockchain for Distributed Systems Security; John Wiley & Sons: Hoboken, NJ, USA, 2019; pp. 51–66. [Google Scholar]
  56. Praitheeshan, P.; Pan, L.; Yu, J.; Liu, J.; Doss, R. Security analysis methods on ethereum smart contract vulnerabilities: A survey. arXiv 2019, arXiv:1908.08605. [Google Scholar]
  57. Vivar, A.L.; Castedo, A.T.; Orozco, A.L.S.; Villalba, L.J.G. An Analysis of Smart Contracts Security Threats Alongside Existing Solutions. Entropy 2020, 22, 203. [Google Scholar] [CrossRef] [PubMed]
  58. Sonnino, A.; Bano, S.; Al-Bassam, M.; Danezis, G. Replay Attacks and Defenses Against Cross-Shard Consensus in Sharded Distributed Ledgers. In Proceedings of the 2020 IEEE European Symposium on Security and Privacy (EuroS&P), Genoa, Italy, 7–11 September 2020; pp. 294–308. [Google Scholar]
  59. Zhang, S.; Lee, J.H. Double-Spending with a Sybil Attack in the Bitcoin Decentralized Network. IEEE Trans. Ind. Inform. 2019, 15, 5715–5722. [Google Scholar] [CrossRef]
  60. Apostolaki, M.; Zohar, A.; Vanbever, L. Hijacking Bitcoin: Routing Attacks on Cryptocurrencies. In Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, 22–24 May 2017; pp. 375–392. [Google Scholar] [CrossRef]
  61. Otte, P.; de Vos, M.; Pouwelse, J. TrustChain: A Sybil-Resistant Scalable Blockchain. Future Gener. Comput. Syst. 2020, 107, 770–780. [Google Scholar] [CrossRef]
  62. Pradhan, S.; Tripathy, S.; Nandi, S. Blockchain-Based Security Framework for P2P File Sharing System. In Proceedings of the 2018 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), Indore, India, 16–19 December 2018; pp. 1–6. [Google Scholar] [CrossRef]
  63. Rajab, T.; Manshaei, M.H.; Dakhilalian, M.; Jadliwala, M.; Rahman, M.A. On the Feasibility of Sybil Attacks in Shard-Based Permissionless Blockchains. arXiv 2020, arXiv:2002.06531. Available online: https://arxiv.org/abs/2002.06531 (accessed on 20 April 2024). [CrossRef]
  64. Morganti, G.; Schiavone, E.; Bondavalli, A. Risk Assessment of Blockchain Technology. In Proceedings of the 2018 Eighth Latin-American Symposium on Dependable Computing (LADC), Foz do Iguaçu, Brazil, 24–26 October 2018; pp. 87–96. [Google Scholar]
  65. Conti, M.; Kumar, E.S.; Lal, C.; Ruj, S. A survey on security and privacy issues of bitcoin. IEEE Commun. Surv. Tutor. 2018, 20, 3416–3452. [Google Scholar] [CrossRef]
  66. Alangot, B.; Reijsbergen, D.; Venugopalan, S.; Szalachowski, P.; Yeo, K.S. Decentralized and lightweight approach to detect eclipse attacks on proof of work blockchains. IEEE Trans. Netw. Serv. Manag. 2021, 18, 1659–1672. [Google Scholar] [CrossRef]
  67. Xu, G.; Guo, B.; Su, C.; Zheng, X.; Liang, K.; Wong, D.S.; Wang, H. Am I eclipsed? A smart detector of eclipse attacks for Ethereum. Comput. Secur. 2020, 88, 101604. [Google Scholar] [CrossRef]
  68. Ghaffari, A.; Jelodari, N.; Pouralish, S.; Derakhshanfard, N.; Arasteh, B. Securing internet of things using machine and deep learning methods: A survey. Clust. Comput. 2024, 27, 9065–9089. [Google Scholar] [CrossRef]
  69. Yan, K.; Zhang, X.; Diao, W. Stealing Trust: Unraveling Blind Message Attacks in Web3 Authentication. In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS), Salt Lake City, UT, USA, 9–13 December 2024; pp. 555–569. [Google Scholar] [CrossRef]
  70. Papaspirou, V.; Kantzavelou, I.; Yigit, Y.; Maglaras, L.; Katsikas, S. A Blockchain-Based Multi-Factor Honeytoken Dynamic Authentication Mechanism. In Proceedings of the 19th International Conference on Availability, Reliability and Security (ARES), Vienna, Austria, 29–31 July 2024; pp. 1–9. [Google Scholar] [CrossRef]
  71. Samreen, N.F.; Alalfi, M.H. A survey of security vulnerabilities in ethereum smart contracts. arXiv 2021, arXiv:2105.06974. [Google Scholar]
  72. Xu, J.; Dang, F.; Ding, X.; Zhou, M. A Survey on Vulnerability Detection Tools of Smart Contract Bytecode. In Proceedings of the 2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE), Dalian, China, 27–29 September 2020; pp. 94–98. [Google Scholar] [CrossRef]
  73. He, D.; Wu, R.; Li, X.; Chan, S.; Guizani, M. Detection of Vulnerabilities of Blockchain Smart Contracts. IEEE Internet Things J. 2023, 10, 12178–12185. [Google Scholar] [CrossRef]
  74. Choi, J.; Ahn, B.; Bere, G.; Ahmad, S.; Mantooth, H.A.; Kim, T. Blockchain-Based Man-in-the-Middle (MITM) Attack Detection for Photovoltaic Systems. In Proceedings of the 2021 IEEE Design Methodologies Conference (DMC), Virtual Event, 16–17 August 2021; pp. 1–6. [Google Scholar]
  75. Wazid, M.; Bera, B.; Mitra, A.; Das, A.K.; Ali, R. Private Blockchain-Envisioned Security Framework for AI-Enabled IoT-Based Drone-Aided Healthcare Services. In Proceedings of the 2nd ACM MobiCom Workshop on Drone Assisted Wireless Communications for 5G and Beyond (DroneCom), London, UK, 25 September 2020; pp. 37–42. [Google Scholar]
  76. Kulkarni, O. Preventing the Man-in-the-Middle Attack on Internet Communication Using Blockchain Technology. Ph.D. Thesis, National College of Ireland, Dublin, Ireland, 2019. [Google Scholar]
  77. Momeni, H.; Sadoogi, N.; Farrokhifar, M.; Gharibeh, H.F. Fault diagnosis in photovoltaic arrays using GBSSL method and proposing a fault correction system. IEEE Trans. Ind. Inform. 2019, 16, 5300–5308. [Google Scholar] [CrossRef]
  78. Homoliak, I.; Venugopalan, S.; Hum, Q.; Szalachowski, P. A Security Reference Architecture for Blockchains. In Proceedings of the 2019 IEEE International Conference on Blockchain (Blockchain), Atlanta, GA, USA, 14–17 July 2019; pp. 390–397. [Google Scholar]
  79. Kebande, V.R.; Awaysheh, F.M.; Ikuesan, R.A.; Alawadi, S.A.; Alshehri, M.D. A blockchain-based multi-factor authentication model for a cloud-enabled internet of vehicles. Sensors 2021, 21, 6018. [Google Scholar] [CrossRef] [PubMed]
  80. Alkaeed, M.; Soliman, M.M.; Khan, K.M.; Elfouly, T.M. Distributed Framework via Blockchain Smart Contracts for Smart Grid Systems Against Cyber-Attacks. In Proceedings of the 2020 11th IEEE Control and System Graduate Research Colloquium (ICSGRC), Johor Bahru, Malaysia, 8 August 2020; pp. 100–105. [Google Scholar]
  81. Jurcut, A.; Niculcea, T.; Ranaweera, P.; Le-Khac, N.A. Security considerations for Internet of Things: A survey. SN Comput. Sci. 2020, 1, 193. [Google Scholar] [CrossRef]
  82. Abdallah, R.; Besancenot, J.; Bertelle, C.; Duvallet, C.; Gilletta, F. An Extensive Preliminary Blockchain Survey from a Maritime Perspective. Smart Cities 2023, 6, 846–877. [Google Scholar] [CrossRef]
  83. Frankenfield, J. 51% Attack; Investopedia: New York, NY, USA, 2019; Volume 7. [Google Scholar]
  84. Ye, C.; Li, G.; Cai, H.; Gu, Y.; Fukuda, A. Analysis of Security in Blockchain: Case Study in 51% Attack Detecting. In Proceedings of the 2018 5th International Conference on Dependable Systems and Their Applications (DSA), Guangzhou, China, 18–21 December 2018; pp. 15–24. [Google Scholar]
  85. Bastiaan, M. Preventing the 51% Attack: A Stochastic Analysis of Two Phase Proof of Work in Bitcoin. Bachelor’s Thesis, University of Twente, Enschede, The Netherlands, 2015. Available online: https://essay.utwente.nl/74730/ (accessed on 20 April 2024).
  86. Lee, H.; Shin, M.; Kim, K.S.; Kang, Y.; Kim, J. Recipient-Oriented Transaction for Preventing Double Spending Attacks in Private Blockchain; IEEE: Hong Kong, China, 2018. [Google Scholar]
  87. Dasgupta, D.; Shrein, J.M.; Gupta, K.D. A survey of blockchain from security perspective. J. Bank. Financ. Technol. 2019, 3, 1–17. [Google Scholar] [CrossRef]
  88. Sahay, R.; Geethakumari, G.; Mitra, B. A novel blockchain based framework to secure IoT-LLNs against routing attacks. Computing 2020, 102, 2445–2470. [Google Scholar] [CrossRef]
  89. Tran, M.; Choi, I.; Moon, G.J.; Vu, A.V.; Kang, M.S. A Stealthier Partitioning Attack Against Bitcoin Peer-to-Peer Network. In Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 18–21 May 2020; pp. 894–909. [Google Scholar]
  90. Tekiner, E.; Acar, A.; Uluagac, A.S.; Kirda, E.; Selcuk, A.A. SoK: Cryptojacking Malware. In Proceedings of the 2021 IEEE European Symposium on Security and Privacy (EuroS&P), Vienna, Austria, 6–10 September 2021; pp. 120–139. [Google Scholar]
  91. Arisdakessian, S.; Wahab, O.A.; Mourad, A.; Otrok, H.; Guizani, M. A survey on iot intrusion detection: Federated learning, game theory, social psychology and explainable ai as future directions. IEEE Internet Things J. 2022, 10, 4059–4092. [Google Scholar] [CrossRef]
  92. ABBASSI, Y.; Benlahmer, H. BCSDN-IoT: Towards an IoT security architecture based on SDN and Blockchain. Int. J. Electr. Comput. Eng. Syst. 2022, 13, 155–163. [Google Scholar] [CrossRef]
  93. Mastilak, L.; Helebrandt, P.; Galinski, M.; Kotuliak, I. Secure Inter-Domain Routing Based on Blockchain: A Comprehensive Survey. Sensors 2022, 22, 1437. [Google Scholar] [CrossRef]
  94. Sayeed, S.; Marco-Gisbert, H. Assessing Blockchain Consensus and Security Mechanisms against the 51% Attack. Appl. Sci. 2019, 9, 1788. [Google Scholar] [CrossRef]
  95. Ihle, C.; Trautwein, D.; Schubotz, M.; Meuschke, N.; Gipp, B. Incentive Mechanisms in Peer-to-Peer Networks—A Systematic Literature Review. ACM Comput. Surv. 2023, 55, 308. [Google Scholar] [CrossRef]
  96. de Oliveira, M.T.; Reis, L.H.; Medeiros, D.S.; Carrano, R.C.; Olabarriaga, S.D.; Mattos, D.M. Blockchain reputation-based consensus: A scalable and resilient mechanism for distributed mistrusting applications. Comput. Netw. 2020, 179, 107367. [Google Scholar] [CrossRef]
  97. Alsunbul, A.; Elmedany, W.; Al-Ammal, H. Blockchain Application in Healthcare Industry: Attacks and Countermeasures. In Proceedings of the 2021 International Conference on Data Analytics for Business and Industry (ICDABI), Sakheer, Bahrain, 6–7 December 2021; pp. 621–629. [Google Scholar]
  98. Anita, N.; Vijayalakshmi, M. Blockchain Security Attack: A Brief Survey. In Proceedings of the 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Kanpur, India, 6–8 July 2019; pp. 1–6. [Google Scholar]
  99. Rottondi, C.; Panzeri, A.; Yagne, C.T.; Verticale, G. Detection and mitigation of the eclipse attack in chord overlays. Int. J. Comput. Sci. Eng. 2016, 13, 111–121. [Google Scholar] [CrossRef]
  100. Ekparinya, P.; Gramoli, V.; Jourjon, G. Double-Spending Risk Quantification in Private, Consortium and Public Ethereum Blockchains. arXiv 2018, arXiv:1805.05004. [Google Scholar]
  101. Quintyne-Collins, M. Short Paper: Towards Characterizing Sybil Attacks in Cryptocurrency Mixers. Cryptology ePrint Archive, Paper 2019/1111. 2019. Available online: https://eprint.iacr.org/2019/1111 (accessed on 25 March 2025).
  102. Swathi, P.; Modi, C.; Patel, D. Preventing Sybil Attack in Blockchain Using Distributed Behavior Monitoring of Miners. In Proceedings of the 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Kanpur, India, 6–8 July 2019; pp. 1–6. [Google Scholar] [CrossRef]
  103. Boi, B.; Esposito, C.; Lee, S. Smart Contract Vulnerability Detection: The Role of Large Language Model (LLM). ACM SIGAPP Appl. Comput. Rev. 2024, 24, 19–29. [Google Scholar] [CrossRef]
  104. Chen, C.; Su, J.; Chen, J.; Wang, Y.; Bi, T.; Yu, J.; Wang, Y.; Lin, X.; Chen, T.; Zheng, Z. When ChatGPT Meets Smart Contract Vulnerability Detection: How Far Are We? ACM Trans. Softw. Eng. Methodol. 2024, 33, 17. [Google Scholar] [CrossRef]
  105. Guo, H.; Chen, Y.; Chen, X.; Huang, Y.; Zheng, Z. Smart Contract Code Repair Recommendation based on Reinforcement Learning and Multi-metric Optimization. ACM Trans. Softw. Eng. Methodol. 2024, 33, 106. [Google Scholar] [CrossRef]
  106. Rabieinejad, E.; Yazdinejad, A.; Parizi, R.M. A Deep Learning Model for Threat Hunting in Ethereum Blockchain. In Proceedings of the 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Shenyang, China, 22–25 October 2021; pp. 1185–1190. [Google Scholar] [CrossRef]
  107. Wu, Z.; Wu, J.; Zhang, H.; Li, Z.; Chen, J.; Zheng, Z.; Xia, Q.; Fan, G.; Zhen, Y. DAppFL: Just-in-Time Fault Localization for Decentralized Applications in Web3. In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Vienna, Austria, 15–19 July 2024; pp. 137–148. [Google Scholar] [CrossRef]
  108. Atiewi, S.; Al-Rahayfeh, A.; Almiani, M.; Abuhussein, A.; Yussof, S. Ethereum blockchain-based three factor authentication and multi-contract access control for secure smart home environment in 5G networks. Clust. Comput. 2024, 27, 4551–4568. [Google Scholar] [CrossRef]
  109. Brahmam, M.G.; R, V.A. ICSMPC: Design of an Iterative-Learning Contextual Side Chaining Model for Improving Security of Priority-Aware Cloud Resources. J. Grid Comput. 2023, 21, 55. [Google Scholar] [CrossRef]
  110. Das, D.; Banerjee, S.; Biswas, U. A secure vehicle theft detection framework using Blockchain and smart contract. Peer- Netw. Appl. 2021, 14, 672–686. [Google Scholar] [CrossRef]
  111. Heikamp, F.; Pan, L.; Doss, R.; Trujillo-Rasua, R.; Ruj, S. ForTrac: A Secure NFT-Based Forward Traceability System for Providing Data Accuracy and Completeness. In Proceedings of the 5th ACM International Symposium on Blockchain and Secure Critical Infrastructure (BSCI), Melbourne, VIC, Australia, 10–14 July 2023; pp. 1–10. [Google Scholar] [CrossRef]
  112. Huang, Q.; Liao, D.; Xing, Z.; Zuo, Z.; Wang, C.; Xia, X. Semantic-Enriched Code Knowledge Graph to Reveal Unknowns in Smart Contract Code Reuse. ACM Trans. Softw. Eng. Methodol. 2023, 32, 147. [Google Scholar] [CrossRef]
  113. Ilyas, B.; Kumar, A.; Ali, S.M.; Lei, H. Blockchain-enabled IoT access control model for sharing electronic healthcare data. Multimed. Tools Appl. 2024, 84, 8127–8148. [Google Scholar] [CrossRef]
  114. Liu, B.; Sun, S.; Szalachowski, P. SMACS: Smart Contract Access Control Service. In Proceedings of the 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Valencia, Spain, 29 June–2 July 2020; pp. 221–232. [Google Scholar] [CrossRef]
  115. Si, J.J.; Sharma, T.; Wang, K.Y. Understanding User-Perceived Security Risks and Mitigation Strategies in the Web3 Ecosystem. In Proceedings of the CHI Conference on Human Factors in Computing Systems (CHI ’24), Honolulu, HI, USA, 11–16 May 2024; pp. 1–22. [Google Scholar] [CrossRef]
  116. Wang, K.; Ling, Y.; Zhang, Y.; Yu, Z.; Wang, H.; Bai, G.; Ooi, B.C.; Dong, J.S. Characterizing Cryptocurrency-themed Malicious Browser Extensions. Proc. ACM Meas. Anal. Comput. Syst. 2022, 6, 43. [Google Scholar] [CrossRef]
  117. Al-Kafi, G.M.A.; Ali, G.; Faiza, J.T.; Pal, K.R.; Reno, S. Correction to: SHBF: A Secure and Scalable Hybrid Blockchain Framework for Resolving Trilemma Challenges. Int. J. Inf. Technol. 2024, 16, 269–270. [Google Scholar] [CrossRef]
  118. Vivekanandan, G.; Divya, B.; Madhav, V.T.; Naveen, K.; Karthick, T.K.; Yuvanesh, P. VoteChain: Promising a Secure and Transparent Election Using Blockchain and Biometrics. In Proceedings of the 2024 International Conference on Power, Energy, Control and Transmission Systems (ICPECTS), Chennai, India, 17–18 October 2024; pp. 1–6. [Google Scholar] [CrossRef]
  119. Govindaram, A.; A, J. FLBC-IDS: A Federated Learning and Blockchain-Based Intrusion Detection System for Secure IoT Environments. Multimed. Tools Appl. 2024, 83, Article 19777. [Google Scholar] [CrossRef]
  120. Vishwakarma, L.; Das, D. BlockTree: A nonlinear structured, scalable and distributed ledger scheme for processing digital transactions. Clust. Comput. 2021, 24, 3751–3765. [Google Scholar] [CrossRef]
  121. Yan, K.; Zhang, J.; Liu, X.; Diao, W.; Guo, S. Bad Apples: Understanding the Centralized Security Risks in Decentralized Ecosystems. In Proceedings of the ACM Web Conference 2023 (WWW ’23), Austin, TX, USA, 30 April–4 May 2023; pp. 2274–2283. [Google Scholar] [CrossRef]
  122. Niu, J.; Peng, W.; Zhang, X.; Zhang, Y. NARRATOR: Secure and Practical State Continuity for Trusted Execution in the Cloud. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS), Los Angeles, CA, USA, 7–11 November 2022; pp. 2385–2399. [Google Scholar] [CrossRef]
  123. Vidal, F.R.; Ivaki, N.; Laranjeiro, N. OpenSCV: An open hierarchical taxonomy for smart contract vulnerabilities. Empir. Softw. Eng. 2024, 29, 101. [Google Scholar] [CrossRef]
  124. Chen, J.; Chen, C.; Hu, J.; Grundy, J.; Wang, Y.; Chen, T.; Zheng, Z. Identifying Smart Contract Security Issues in Code Snippets from Stack Overflow. In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Vienna, Austria, 15–19 July 2024; pp. 1198–1210. [Google Scholar] [CrossRef]
  125. Weiss, K.; Ferreira Torres, C.; Wendland, F. Analyzing the Impact of Copying-and-Pasting Vulnerable Solidity Code Snippets from Question-and-Answer Websites. In Proceedings of the 2024 ACM on Internet Measurement Conference (IMC), Madrid, Spain, 21–23 October 2024; pp. 713–730. [Google Scholar] [CrossRef]
  126. Akhras, R.; Hajj, W.E.; Hajj, H.; Shaban, K.; Jaber, R. ECC: Enhancing Smart Grid Communication with Ethereum Blockchain, Asymmetric Cryptography, and Cloud Services. In Proceedings of the 2023 IEEE 10th International Conference on Data Science and Advanced Analytics (DSAA), Thessaloniki, Greece, 9–11 October 2023; pp. 1–10. [Google Scholar] [CrossRef]
  127. Eshghie, M.; Artho, C.; Stammler, H.; Ahrendt, W.; Hildebrandt, T.; Schneider, G. HighGuard: Cross-Chain Business Logic Monitoring of Smart Contracts. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering (ASE), Sacramento, CA, USA, 16–20 September 2024; pp. 2378–2381. [Google Scholar] [CrossRef]
  128. Haugum, T.; Hoff, B.; Alsadi, M.; Li, J. Security and Privacy Challenges in Blockchain Interoperability—A Multivocal Literature Review. In Proceedings of the International Conference on Evaluation and Assessment in Software Engineering (EASE), Gothenburg, Sweden, 13–15 June 2022; pp. 347–356. [Google Scholar] [CrossRef]
  129. Tran, T.D.; Vo, K.A.; Phan, D.T.; Tan, C.N.; Pham, V.H. ChainSniper: A Machine Learning Approach for Auditing Cross-Chain Smart Contracts. In Proceedings of the 2024 9th International Conference on Intelligent Information Technology (ICIIT), Ho Chi Minh City, Vietnam, 26–28 January 2024; pp. 223–230. [Google Scholar] [CrossRef]
  130. Zheng, P.; Luo, X.; Zheng, Z. BSHUNTER: Detecting and Tracing Defects of Bitcoin Scripts. In Proceedings of the 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE), Melbourne, Australia, 14–20 May 2023; pp. 307–318. [Google Scholar] [CrossRef]
  131. Awasthi, C.; Mishra, P.K.; Pal, P.K.; Khan, S.B.; Agarwal, A.K.; Gadekallu, T.R.; Malibari, A.A. Preservation of Sensitive Data Using Multi-Level Blockchain-Based Secured Framework for Edge Network Devices. J. Grid Comput. 2023, 21, 69. [Google Scholar] [CrossRef]
  132. Fischlin, M.; Günther, F. Verifiable Verification in Cryptographic Protocols. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS), Copenhagen, Denmark, 26–30 November 2023; pp. 3239–3253. [Google Scholar] [CrossRef]
  133. Liu, A.; Chen, X.b.; Xu, G.; Wang, Z.; Sun, Y.; Wang, Y.; Feng, H. QBIoV: A secure data sharing scheme for the Internet of vehicles based on quantum-enabled blockchain. Quantum Inf. Process. 2024, 23, 225. [Google Scholar] [CrossRef]
  134. Pedrosa, M.; Zúquete, A.; Costa, C. RAIAP: Renewable authentication on isolated anonymous profiles: A GDPR compliant self-sovereign architecture for distributed systems. Peer-to-Peer Netw. Appl. 2020, 13, 1577–1599. [Google Scholar] [CrossRef]
  135. Ramya, R.R.; Banumathi, J. An optimized approach with 128-bit key management for IoT-enabled smart grid: Enhancing efficiency, security, and sustainability. Electr. Eng. 2025, 107, 2207–2225. [Google Scholar] [CrossRef]
  136. Reddy, N.M.; Budati, A.K.; Islam, S.; Ramesh, G. Enhanced Elliptic Curve-Diffie Hellman Technique with Bigdata Analytics for Satellite Image Security Enhancement in Internet of Things Systems. Earth Sci. Inform. 2024, 17, 711–723. [Google Scholar] [CrossRef]
  137. Wu, G.; Wang, H.; Yang, Z.; He, D.; Chan, S. Electronic Health Records Sharing Based on Consortium Blockchain. J. Med. Syst. 2024, 48, 106. [Google Scholar] [CrossRef]
  138. Antonopoulos, P.; Kaushik, R.; Kodavalla, H.; Rosales Aceves, S.; Wong, R.; Anderson, J.; Szymaszek, J. SQL Ledger: Cryptographically Verifiable Data in Azure SQL Database. In Proceedings of the 2021 International Conference on Management of Data (SIGMOD), Xi’an, China, 20–25 June 2021; pp. 2437–2449. [Google Scholar] [CrossRef]
  139. Shahaab, A.; Hewage, C.; Khan, I. Preventing Spoliation of Evidence with Blockchain: A Perspective from South Asia. In Proceedings of the 2021 3rd International Conference on Blockchain Technology (ICBCT), Shanghai, China, 26–28 March 2021; pp. 45–52. [Google Scholar] [CrossRef]
  140. Sharma, A.; Kaur, P. Tamper-proof multitenant data storage using blockchain. Peer-to-Peer Netw. Appl. 2023, 16, 431–449. [Google Scholar] [CrossRef]
  141. Aldaej, A.; Ahanger, T.A.; Ullah, I. Deep neural network-based secure healthcare framework. Neural Comput. Appl. 2024, 36, 17467–17482. [Google Scholar] [CrossRef]
  142. Li, X.; Wang, Z.; Leung, V.C.M.; Ji, H.; Liu, Y.; Zhang, H. Blockchain-empowered Data-driven Networks: A Survey and Outlook. ACM Comput. Surv. 2022, 54, 58. [Google Scholar] [CrossRef]
  143. Liu, T.; Liu, J.; Wang, J.; Zhai, D.; Liu, Y.; He, X. Anonymous Storage and Verification Model of IIoT Based on Blockchain: Anonymous storage and verification model of IIoT production status based on blockchain. In Proceedings of the 2021 4th International Conference on Blockchain Technology and Applications (ICBTA), Xi’an, China, 17–19 December 2021; pp. 144–150. [Google Scholar] [CrossRef]
  144. Pathak, M.; Mishra, K.N.; Singh, S.P. Securing data and preserving privacy in cloud IoT-based technologies: An analysis of assessing threats and developing effective safeguards. Artif. Intell. Rev. 2024, 57, 269. [Google Scholar] [CrossRef]
  145. Aguru, A.; Erukala, S. OTI-IoT: A Blockchain-based Operational Threat Intelligence Framework for Multi-vector DDoS Attacks. ACM Trans. Internet Technol. 2024, 24, 15. [Google Scholar] [CrossRef]
  146. Hadian, M.; Erfani, S.H.; Deypir, M.; Mirabi, M. CD-TMS: A combinatorial design-based token management system to enhance security and performance in blockchain. Clust. Comput. 2024, 27, 4515–4536. [Google Scholar] [CrossRef]
  147. He, Z.; Li, Z.; Qiao, A.; Luo, X.; Zhang, X.; Chen, T.; Song, S.; Liu, D.; Niu, W. Nurgle: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation. In Proceedings of the 2024 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 20–23 May 2024; pp. 2180–2197. [Google Scholar] [CrossRef]
  148. Janjua, H.A.; Yue, L.; Hayat, S. Smart Scan: An Approach to Detect Denial of Service Vulnerability in Ethereum Smart Contracts. In Proceedings of the 2023 7th International Conference on Electronic Information Technology and Computer Engineering (EITCE), Xiamen, China, 13–15 October 2023; pp. 1572–1578. [Google Scholar] [CrossRef]
  149. Li, K.; Wang, Y.; Tang, Y. DETER: Denial of Ethereum Txpool sERvices. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS), Coex, Republic of Korea, 15–19 November 2021; pp. 1645–1667. [Google Scholar] [CrossRef]
  150. Mo, Y.; Chen, J.; Wang, Y.; Zheng, Z. Toward Automated Detecting Unanticipated Price Feed in Smart Contract. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Seattle, WA, USA, 17–21 July 2023; pp. 1257–1268. [Google Scholar] [CrossRef]
  151. Verma, A.; Saha, R.; Kumar, N.; Kumar, G.; Tai-Hoon-Kim. A detailed survey of denial of service for IoT and multimedia systems: Past, present and futuristic development. Multimed. Tools Appl. 2022, 81, 19879–19944. [Google Scholar] [CrossRef]
  152. Zkik, K.; Sebbar, A.; Fadi, O.; Kamble, S.; Belhadi, A. Securing blockchain-based crowdfunding platforms: An integrated graph neural networks and machine learning approach. Electron. Commer. Res. 2024, 24, 497–533. [Google Scholar] [CrossRef]
  153. Rishiwal, V.; Agarwal, U.; Yadav, M.; Alotaibi, A.; Yadav, P.; Tanwar, S. Blockchain-Secure Gaming Environments: A Comprehensive Survey. IEEE Access 2024, 12, 183466–183488. [Google Scholar] [CrossRef]
  154. Xia, P.; Wang, H.; Yu, Z.; Liu, X.; Luo, X.; Xu, G.; Tyson, G. Challenges in Decentralized Name Management: The Case of ENS. In Proceedings of the 22nd ACM Internet Measurement Conference (IMC), Nice, France, 25–27 October 2022; pp. 65–82. [Google Scholar] [CrossRef]
  155. Wang, Y.; Hsin, W.J.; Lamsal, M. EdGENI: Making GENI User-Friendly for General Computer Education. In Proceedings of the 53rd ACM Technical Symposium on Computer Science Education (SIGCSE), Providence, RI, USA, 3–5 March 2022; pp. 801–807. [Google Scholar] [CrossRef]
  156. Huang, J.; He, D.; Obaidat, M.S.; Vijayakumar, P.; Luo, M.; Choo, K.K.R. The Application of the Blockchain Technology in Voting Systems: A Review. ACM Comput. Surv. 2022, 54, 60. [Google Scholar] [CrossRef]
  157. Ahmed-Rengers, M. FrameProv: Towards End-to-End Video Provenance. In Proceedings of the New Security Paradigms Workshop (NSPW), San Carlos, Costa Rica, 23–26 September 2019; pp. 68–77. [Google Scholar] [CrossRef]
  158. Chen, W.; Li, X.; Sui, Y.; He, N.; Wang, H.; Wu, L.; Luo, X. SADPonzi: Detecting and Characterizing Ponzi Schemes in Ethereum Smart Contracts. Proc. ACM Meas. Anal. Comput. Syst. 2021, 5, 26. [Google Scholar] [CrossRef]
  159. Faccia, A.; Moşteanu, N.R.; Cavaliere, L.P.L.; Mataruna-Dos-Santos, L.J. Electronic Money Laundering, The Dark Side of Fintech: An Overview of the Most Recent Cases. In Proceedings of the 2020 12th International Conference on Information Management and Engineering (ICIME), Amsterdam, The Netherlands, 18–20 September 2020; pp. 29–34. [Google Scholar] [CrossRef]
  160. Fan, S.; Min, T.; Wu, X.; Cai, W. Altruistic and Profit-Oriented: Making Sense of Roles in Web3 Community from Airdrop Perspective. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (CHI), Hamburg, Germany, 23–28 April 2023; pp. 1–16. [Google Scholar] [CrossRef]
  161. Gürfidan, R. Suspicious transaction alert and blocking system for cryptocurrency exchanges in metaverse’s social media universes: RG-guard. Neural Comput. Appl. 2024, 36, 18825–18840. [Google Scholar] [CrossRef]
  162. He, B.; Feng, T.; Fang, J.; Liu, C.; Su, C. A Secure and Efficient Charitable Donation System Based on Ethereum Blockchain and Searchable Encryption. IEEE Trans. Consum. Electron. 2024, 70, 263–276. [Google Scholar] [CrossRef]
  163. Huang, Y.; Wang, H.; Wu, L.; Tyson, G.; Luo, X.; Zhang, R.; Liu, X.; Huang, G.; Jiang, X. Understanding (Mis)Behavior on the EOSIO Blockchain. Proc. ACM Meas. Anal. Comput. Syst. 2020, 4, 37. [Google Scholar] [CrossRef]
  164. Iyer, V.; Shah, K.; Rane, S.; Shankarmani, R. Decentralised Peer-to-Peer Crop Insurance. In Proceedings of the 3rd ACM International Symposium on Blockchain and Secure Critical Infrastructure (BSCI), Hong Kong, China, 7–11 June 2021; pp. 3–12. [Google Scholar] [CrossRef]
  165. Kuchumov, A.; Pecheritsa, E.; Chaikovskaya, A.; Maslova, E. Digitalization of Economics: Modern Financial Technologies and Their Influence on Economic Security. In Proceedings of the IV International Scientific and Practical Conference, St. Petersburg, Russia, 15–17 September 2021; pp. 1–7. [Google Scholar] [CrossRef]
  166. Pan, B.; Stakhanova, N.; Zhu, Z. EtherShield: Time-interval Analysis for Detection of Malicious Behavior on Ethereum. ACM Trans. Internet Technol. 2024, 24, 2. [Google Scholar] [CrossRef]
  167. Ralli, R.; Jugran, G.; Gaurav, M.; Goyal, M. An Ensemble Based Fraudulent Blockchain Account Detection System. In Proceedings of the 2024 Sixteenth International Conference on Contemporary Computing (IC3), Noida, India, 8–10 August 2024; pp. 337–342. [Google Scholar] [CrossRef]
  168. Saranya, A.; Naresh, R. Block chain-based trusted smart contract for secure mobile user payment gateway in e-health systems. Soft Comput. 2024, 28, 10139–10151. [Google Scholar] [CrossRef]
  169. Su, J.; Lin, X.; Fang, Z.; Zhu, Z.; Chen, J.; Zheng, Z.; Lv, W.; Wang, J. DeFiWarder: Protecting DeFi Apps from Token Leaking Vulnerabilities. In Proceedings of the 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE), Luxembourg, 11–15 September 2023; pp. 1664–1675. [Google Scholar] [CrossRef]
  170. Wu, C.; Chen, J.; Wang, Z.; Liang, R.; Du, R. Semantic Sleuth: Identifying Ponzi Contracts via Large Language Models. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering (ASE), Sacramento, CA, USA, 16–20 September 2024; pp. 582–593. [Google Scholar] [CrossRef]
  171. Wu, C.; Chen, J.; Zhao, Z.; He, K.; Xu, G.; Wu, Y.; Wang, H.; Li, H.; Liu, Y.; Xiang, Y. TokenScout: Early Detection of Ethereum Scam Tokens via Temporal Graph Learning. In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS), Salt Lake City, UT, USA, 14–18 October 2024; pp. 956–970. [Google Scholar] [CrossRef]
  172. Wu, S.; Wu, L.; Zhou, Y.; Li, R.; Wang, Z.; Luo, X.; Wang, C.; Ren, K. Time-travel Investigation: Toward Building a Scalable Attack Detection Framework on Ethereum. ACM Trans. Softw. Eng. Methodol. 2022, 31, 54. [Google Scholar] [CrossRef]
  173. Zhou, Y.; Sun, J.; Ma, F.; Chen, Y.; Yan, Z.; Jiang, Y. Stop Pulling My Rug: Exposing Rug Pull Risks in Crypto Token to Investors. In Proceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), Lisbon, Portugal, 14–20 April 2024; pp. 228–239. [Google Scholar] [CrossRef]
  174. Amin Rezaei, A.; Precht, H.; Marx Gómez, J. Supporting Prostitutes Protection Act through DLT. In Proceedings of the 2021 The 3rd International Conference on Blockchain Technology (ICBCT), Shanghai, China, 26–28 March 2021; pp. 102–108. [Google Scholar] [CrossRef]
  175. Le, M.Q.; Le, H.D.; Dinh-Duc, A.V.; Tran, T.T. IU-TransCert: A Blockchain-Based System for Academic Credentials with Auditability. In Proceedings of the 12th International Symposium on Information and Communication Technology (SoICT), Ho Chi Minh City, Vietnam, 7–8 December 2023; pp. 746–753. [Google Scholar] [CrossRef]
  176. Grüner, A.; Mühle, A.; Lockenvitz, N.; Meinel, C. Analyzing and comparing the security of self-sovereign identity management systems through threat modeling. Int. J. Inf. Secur. 2023, 22, 1231–1248. [Google Scholar] [CrossRef]
  177. Putz, B.; Vielberth, M.; Pernul, G. BISCUIT—Blockchain Security Incident Reporting Based on Human Observations. In Proceedings of the 17th International Conference on Availability, Reliability and Security (ARES), Vienna, Austria, 23–26 August 2022; pp. 1–6. [Google Scholar] [CrossRef]
  178. Singh, J.; Sinha, A.; Goli, P.; Subramanian, V.; Shukla, S.K.; Vyas, O.P. Insider attack mitigation in a smart metering infrastructure using reputation score and blockchain technology. Int. J. Inf. Secur. 2022, 21, 527–546. [Google Scholar] [CrossRef]
  179. Fang, Q. Designing of music copyright protection system based on deep belief network and blockchain. Soft Comput. 2024, 28, 1669–1684. [Google Scholar] [CrossRef]
  180. Hamza, R.; Dao, M.S.; Ito, S.; Koji, Z. Towards Intellectual Property Rights Protection in Big Data. In Proceedings of the 3rd ACM Workshop on Intelligent Cross-Data Analysis and Retrieval (ICDAR), Newark, NJ, USA, 1 July 2022; pp. 50–57. [Google Scholar] [CrossRef]
  181. Wang, F.; Fu, Z.; Zhang, X. A Self-Defense Copyright Protection Scheme for NFT Image Art Based on Information Embedding. ACM Trans. Multimed. Comput. Commun. Appl. 2025, 21, 42. [Google Scholar] [CrossRef]
  182. Xu, L.; Chen, L.; Gao, Z.; Fan, X.; Shi, W. DL-DP: Improving the Security of Industrial IoT with Decentralized Ledger Defined Perimeter. In Proceedings of the 2nd ACM International Symposium on Blockchain and Secure Critical Infrastructure, Taipei, Taiwan, 27–29 October 2020; pp. 53–62. [Google Scholar] [CrossRef]
  183. Thomasset, C.; Barrera, D. SERENIoT: Distributed Network Security Policy Management and Enforcement for Smart Homes. In Proceedings of the 2020 Annual Computer Security Applications Conference (ACSAC), Austin, TX, USA, 7–11 December 2020; pp. 542–555. [Google Scholar] [CrossRef]
  184. Sharma, T.; Prasad, S.K. Enhancing cybersecurity in IoT networks: SLSTM-WCO algorithm for anomaly detection. Peer-to-Peer Netw. Appl. 2024, 17, 2237–2258. [Google Scholar] [CrossRef]
  185. Saxena, A.; Mittal, S. Internet of Medical Things (IoMT) Security and Privacy: A Survey of Recent Advances and Enabling Technologies. In Proceedings of the 2022 Fourteenth International Conference on Contemporary Computing (IC3), Noida, India, 4–6 August 2022; pp. 550–559. [Google Scholar] [CrossRef]
  186. Rui, H.; Huan, L.; Yang, H.; YunHao, Z. Research on secure transmission and storage of energy IoT information based on Blockchain. Peer-to-Peer Netw. Appl. 2020, 13, 1225–1235. [Google Scholar] [CrossRef]
  187. Prajisha, C.; Vasudevan, A.R. An efficient intrusion detection system for MQTT-IoT using enhanced chaotic salp swarm algorithm and LightGBM. Int. J. Inf. Secur. 2022, 21, 1263–1282. [Google Scholar] [CrossRef]
  188. Paul, A.K.; Qu, X.; Wen, Z. Blockchain–a promising solution to internet of things: A comprehensive analysis, opportunities, challenges and future research issues. Peer-to-Peer Netw. Appl. 2021, 14, 2926–2951. [Google Scholar] [CrossRef]
  189. Olawale, O.P.; Ebadinezhad, S. Cybersecurity Anomaly Detection: AI and Ethereum Blockchain for a Secure and Tamperproof IoHT Data Management. IEEE Access 2024, 12, 131605–131620. [Google Scholar] [CrossRef]
  190. Niavis, H.; Loupos, K. ConSenseIoT: A Consensus Algorithm for Secure and Scalable Blockchain in the IoT context. In Proceedings of the 17th International Conference on Availability, Reliability and Security (ARES 2022), Vienna, Austria, 23–26 August 2022; pp. 1–6. [Google Scholar] [CrossRef]
  191. Mathew, S.S.; Hayawi, K.; Dawit, N.A.; Taleb, I.; Trabelsi, Z. Integration of blockchain and collaborative intrusion detection for secure data transactions in industrial IoT: A survey. Clust. Comput. 2022, 25, 4129–4149. [Google Scholar] [CrossRef]
  192. Liu, Y.; Zhang, J.; Zhan, J. Privacy protection for fog computing and the internet of things data based on blockchain. Clust. Comput. 2021, 24, 1331–1345. [Google Scholar] [CrossRef]
  193. Lai, E.; Luo, W. Static Analysis of Integer Overflow of Smart Contracts in Ethereum. In Proceedings of the 2020 4th International Conference on Cryptography, Security and Privacy (CSP 2020), Nanjing, China, 10–12 January 2020; pp. 110–115. [Google Scholar] [CrossRef]
  194. Kokila, M.; Srinivasa Reddy, K. BlockDLO: Blockchain Computing With Deep Learning Orchestration for Secure Data Communication in IoT Environment. IEEE Access 2024, 12, 134521–134540. [Google Scholar] [CrossRef]
  195. Kamal, R.; Hemdan, E.E.D.; El-Fishway, N. A review study on blockchain-based IoT security and forensics. Multimed. Tools Appl. 2021, 80, 36183–36214. [Google Scholar] [CrossRef]
  196. Janani, K.; Ramamoorthy, S. A security framework to enhance IoT device identity and data access through blockchain consensus model. Clust. Comput. 2024, 27, 2877–2900. [Google Scholar] [CrossRef]
  197. Ilakkiya, N.; Rajaram, A. A secured trusted routing using the structure of a novel directed acyclic graph-blockchain in mobile ad hoc network internet of things environment. Multimed. Tools Appl. 2024, 83, 87903–87928. [Google Scholar] [CrossRef]
  198. Ghadi, Y.Y.; Mazhar, T.; Shahzad, T.; Amir Khan, M.; Abd-Alrazaq, A.; Ahmed, A.; Hamam, H. The role of blockchain to secure internet of medical things. Sci. Rep. 2024, 14, 18422. [Google Scholar] [CrossRef]
  199. Bansal, K.; Singhrova, A. Review on intrusion detection system for IoT/IIo -brief study. Multimed. Tools Appl. 2023, 83, 23083–23108. [Google Scholar] [CrossRef]
  200. Alfandi, O.; Khanji, S.; Ahmad, L.; Khattak, A. A survey on boosting IoT security and privacy through blockchain: Exploration, requirements, and open issues. Clust. Comput. 2021, 24, 37–55. [Google Scholar] [CrossRef]
  201. Jawahar, A.; Kaythry, P.; Vinoth Kumar, C.; Vinu, R.; Amrish, R.; Bavapriyan, K.; Gopinaath, V. DDoS mitigation using blockchain and machine learning techniques. Multimed. Tools Appl. 2024, 83, 60265–60278. [Google Scholar] [CrossRef]
  202. Moussaileb, R.; Cuppens, N.; Lanet, J.L.; Bouder, H.L. A Survey on Windows-based Ransomware Taxonomy and Detection Mechanisms. ACM Comput. Surv. 2022, 54, 117. [Google Scholar] [CrossRef]
  203. England, P.; Malvar, H.S.; Horvitz, E.; Stokes, J.W.; Fournet, C.; Burke-Aguero, R.; Chamayou, A.; Clebsch, S.; Costa, M.; Deutscher, J.; et al. AMP: Authentication of Media via Provenance. In Proceedings of the 12th ACM Multimedia Systems Conference (MMSys ’21), Istanbul, Turkey, 28–30 September 2021; pp. 108–121. [Google Scholar] [CrossRef]
  204. Gambín, Á.F.; Yazidi, A.; Vasilakos, A.; Haugerud, H.; Djenouri, Y. Deepfakes: Current and future trends. Artif. Intell. Rev. 2024, 57, 64. [Google Scholar] [CrossRef]
  205. Masood, M.; Nawaz, M.; Malik, K.M.; Javed, A.; Irtaza, A.; Malik, H. Deepfakes generation and detection: State-of-the-art, open challenges, countermeasures, and way forward. Appl. Intell. 2023, 53, 3974–4026. [Google Scholar] [CrossRef]
  206. Singleton, L.; Zhao, R.; Song, M.; Siy, H. CryptoTutor: Teaching Secure Coding Practices through Misuse Pattern Detection. In Proceedings of the 21st Annual Conference on Information Technology Education (SIGITE ’20), Omaha, NE, USA, 7–9 October 2020; pp. 403–408. [Google Scholar] [CrossRef]
  207. Hua, B.; Ouyang, W.; Jiang, C.; Fan, Q.; Pan, Z. Rupair: Towards Automatic Buffer Overflow Detection and Rectification for Rust. In Proceedings of the Annual Computer Security Applications Conference (ACSAC ’21), Austin, TX, USA, 6–10 December 2021; pp. 812–823. [Google Scholar] [CrossRef]
  208. Alfriehat, N.; Anbar, M.; Aladaileh, M.; Hasbullah, I.; Shurbaji, T.A.; Karuppayah, S.; Almomani, A. RPL-based attack detection approaches in IoT networks: Review and taxonomy. Artif. Intell. Rev. 2024, 57, 248. [Google Scholar] [CrossRef]
  209. Coretti, S.; Kiayias, A.; Moore, C.; Russell, A. The Generals’ Scuttlebutt: Byzantine-Resilient Gossip Protocols. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS ’22), Los Angeles, CA, USA, 7–11 November 2022; pp. 595–608. [Google Scholar] [CrossRef]
  210. Dai, T.; Jeitner, P.; Shulman, H.; Waidner, M. From IP to transport and beyond: Cross-layer attacks against applications. In Proceedings of the 2021 ACM SIGCOMM 2021 Conference, Virtual Event, USA, 23–27 August 2021; pp. 836–849. [Google Scholar] [CrossRef]
  211. Das, D.; Banerjee, S.; Ghosh, U.; Biswas, U.; Bashir, A.K. A decentralized vehicle anti-theft system using Blockchain and smart contracts. Peer- Netw. Appl. 2021, 14, 2775–2788. [Google Scholar] [CrossRef]
  212. Falzon, F.; Elkhiyaoui, K.; Manevich, Y.; De Caro, A. Short Privacy-Preserving Proofs of Liabilities. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS ’23), Copenhagen, Denmark, 26–30 November 2023; pp. 1805–1819. [Google Scholar] [CrossRef]
  213. Luo, R.; Luo, F.; Wang, B.; Chen, T. Smart Contract Vulnerability Detection Based on Variant LSTM. In Proceedings of the 2022 International Conference on Big Data, IoT, and Cloud Computing (ICBDICC ’22), Chengdu, China, 23–25 December 2022; pp. 1–4. [Google Scholar] [CrossRef]
  214. Mutemwa, M.; Masango, M.G.; Gcaza, N. Managing the Shift in the Enterprise Perimeter in Order to Delay a Cybersecurity Breach. In Proceedings of the International Conference on Artificial Intelligence and Its Applications, Virtual Event, Mauritius, 18–20 August 2021; pp. 1–10. [Google Scholar] [CrossRef]
  215. Su, Y.; Wang, B.; Xing, Q.; Wang, X. DISCA: Decentralized Infrastructure for Secure Community Attribute Certifying. In Proceedings of the 3rd International Conference on Advanced Information Science and System, Sanya, China, 19–21 November 2021; pp. 1–8. [Google Scholar] [CrossRef]
  216. Arora, S.; Li, Y.; Feng, Y.; Xu, J. SecPLF: Secure Protocols for Loanable Funds against Oracle Manipulation Attacks. In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security (AsiaCCS), Singapore, 1–5 July 2024; pp. 1394–1405. [Google Scholar] [CrossRef]
  217. Chen, Z.; Beillahi, S.M.; Long, F. FlashSyn: Flash Loan Attack Synthesis via Counter Example Driven Approximation. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering (ICSE), Lisbon, Portugal, 14–20 April 2024; pp. 1–13. [Google Scholar] [CrossRef]
  218. Eskandari, S.; Salehi, M.; Gu, W.C.; Clark, J. SoK: Oracles from the Ground Truth to Market Manipulation. In Proceedings of the 3rd ACM Conference on Advances in Financial Technologies, Arlington, VA, USA, 20–22 September 2021; pp. 127–141. [Google Scholar] [CrossRef]
  219. Xie, M.; Hu, M.; Kong, Z.; Zhang, C.; Feng, Y.; Wang, H.; Xue, Y.; Zhang, H.; Liu, Y.; Liu, Y. DeFort: Automatic Detection and Analysis of Price Manipulation Attacks in DeFi Applications. In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Vienna, Austria, 15–19 July 2024; pp. 402–414. [Google Scholar] [CrossRef]
  220. Cao, C.; Wu, J.; Qi, H.; Eda, S. Blockchain-based Runtime Attestation against Physical Fault Injection Attacks on Edge Devices. In Proceedings of the Eighth ACM/IEEE Symposium on Edge Computing (SEC), Wilmington, DE, USA, 6–9 December 2023; pp. 133–144. [Google Scholar] [CrossRef]
  221. Kavya, S.; Sumathi, D. Staying ahead of phishers: A review of recent advances and emerging methodologies in phishing detection. Artif. Intell. Rev. 2024, 58, 50. [Google Scholar] [CrossRef]
  222. Li, S.; Gou, G.; Liu, C.; Xiong, G.; Li, Z.; Xiao, J.; Xing, X. TGC: Transaction Graph Contrast Network for Ethereum Phishing Scam Detection. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), Austin, TX, USA, 4–8 December 2023; pp. 352–365. [Google Scholar] [CrossRef]
  223. Ali, W.; Kumar, R.; Zhou, X.; Shao, J. Responsible Recommendation Services with Blockchain Empowered Asynchronous Federated Learning. ACM Trans. Intell. Syst. Technol. 2024, 15, 78. [Google Scholar] [CrossRef]
  224. Alja’afreh, M.; Al Mallah, R.; Karime, A.; El Saddik, A. Cybersecurity in the Metaverse: Challenges and Approaches. In Proceedings of the 2023 International Conference on Intelligent Metaverse Technologies & Applications (iMETA), Tartu, Estonia, 2–4 October 2023; pp. 1–8. [Google Scholar] [CrossRef]
  225. Dargahi, T.; Ahmadvand, H.; Alraja, M.N.; Yu, C.M. Integration of Blockchain with Connected and Autonomous Vehicles: Vision and Challenge. J. Data Inf. Qual. 2022, 14, 5. [Google Scholar] [CrossRef]
  226. Desai, N.; Maesa, D.D.F.; Sastry, N.; Schneider, S.; Ricci, L. Preserving Privacy of Vulnerable Users across Heterogeneous Sensitive Sensor Data Streams using Smart Contracts. In Proceedings of the Fifth ACM International Workshop on Blockchain-enabled Networked Sensor Systems, Istanbul, Turkiye, 13 November 2023; pp. 2–8. [Google Scholar] [CrossRef]
  227. Haque, S.M.U.; Sofi, S.A.; Sholla, S. A privacy-preserving deep learning framework for highly authenticated blockchain secure storage system. Multimed. Tools Appl. 2024, 83, 84299–84329. [Google Scholar] [CrossRef]
  228. He, Z.; Song, S.; Bai, Y.; Luo, X.; Chen, T.; Zhang, W.; He, P.; Li, H.; Lin, X.; Zhang, X. TokenAware: Accurate and Efficient Bookkeeping Recognition for Token Smart Contracts. ACM Trans. Softw. Eng. Methodol. 2023, 32, 26. [Google Scholar] [CrossRef]
  229. Jia, Y.; Madathil, V.; Kate, A. HomeRun: High-efficiency Oblivious Message Retrieval, Unrestricted. In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security, Salt Lake City, UT, USA, 14–18 October 2024; pp. 2012–2026. [Google Scholar] [CrossRef]
  230. Kashif, M.; Kalkan, K. Differential privacy preserving based framework using blockchain for internet-of-things. Peer-to-Peer Netw. Appl. 2025, 18, 33. [Google Scholar] [CrossRef]
  231. Kasyap, H.; Tripathy, S. Privacy-preserving Decentralized Learning Framework for Healthcare System. ACM Trans. Multimed. Comput. Commun. Appl. 2021, 17, 68. [Google Scholar] [CrossRef]
  232. Li, Y.; Soska, K.; Huang, Z.; Bellemare, S.; Quintyne-Collins, M.; Wang, L.; Liu, X.; Song, D.; Miller, A. Ratel: MPC-extensions for Smart Contracts. In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, Singapore, 1–5 July 2024; pp. 336–352. [Google Scholar] [CrossRef]
  233. Liang, W.; Ji, N. Privacy challenges of IoT-based blockchain: A systematic review. Clust. Comput. 2022, 25, 2203–2221. [Google Scholar] [CrossRef]
  234. Mahajan, H.B.; Junnarkar, A.A. Smart healthcare system using integrated and lightweight ECC with private blockchain for multimedia medical data processing. Multimed. Tools Appl. 2023, 82, 44335–44358. [Google Scholar] [CrossRef]
  235. Wang, Q.; He, L.; Zhu, X.; Huang, Y.; Li, Z. Privacy Protection of Blockchain Security Development Status. In Proceedings of the 2021 4th International Conference on Information Systems and Computer Aided Education (ICISCAE), Dalian, China, 17–19 September 2021; pp. 2592–2596. [Google Scholar] [CrossRef]
  236. Wang, Q.; Chen, S.; Xiang, Y. Anonymous Blockchain-based System for Consortium. ACM Trans. Manag. Inf. Syst. 2021, 12, 26. [Google Scholar] [CrossRef]
  237. Yang, H.; Yuan, L.; Wang, S. Design of Blockchain Smart Contract Based on Ring Signature. In Proceedings of the 2021 9th International Conference on Communications and Broadband Networking (ICCBN), Shanghai, China, 15–17 January 2021; pp. 108–114. [Google Scholar] [CrossRef]
  238. Ye, Z.; Chen, C.L.; Weng, W.; Sun, H.; Tsaur, W.J.; Deng, Y.Y. An anonymous and fair auction system based on blockchain. J. Supercomput. 2023, 79, 13909–13951. [Google Scholar] [CrossRef]
  239. Zhang, Y.; Wu, Y.; Wang, J.; Liu, B.; Liu, A.; Chen, X. Blockchain Query Framework Based on Trusted Execution Environment. In Proceedings of the 2024 5th International Conference on Computing, Networks and Internet of Things, Tokyo, Japan, 26–28 January 2024; pp. 182–185. [Google Scholar] [CrossRef]
  240. Zhang, Z.; Lei, Y.; Yan, M.; Yu, Y.; Chen, J.; Wang, S.; Mao, X. Reentrancy Vulnerability Detection and Localization: A Deep Learning Based Two-phase Approach. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), Rochester, MI, USA, 10–14 October 2022; pp. 1–13. [Google Scholar] [CrossRef]
  241. Liao, J.; Zhang, F.; Sun, W.; Shi, W. Speedster: An Efficient Multi-party State Channel via Enclaves. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, Nagasaki, Japan, 30 May–3 June 2022; pp. 637–651. [Google Scholar] [CrossRef]
  242. Alexopoulos, N.; Vasilomanolakis, E.; Roux, S.L.; Rowe, S.; Mühlhäuser, M. TRIDEnT: Towards a decentralized threat indicator marketplace. In Proceedings of the 35th Annual ACM Symposium on Applied Computing, Brno, Czech Republic, 30 March–3 April 2020; pp. 332–341. [Google Scholar] [CrossRef]
  243. Ashizawa, N.; Yanai, N.; Cruz, J.P.; Okamura, S. Eth2Vec: Learning Contract-Wide Code Representations for Vulnerability Detection on Ethereum Smart Contracts. In Proceedings of the 3rd ACM International Symposium on Blockchain and Secure Critical Infrastructure, Hong Kong, China, 3–5 June 2021; pp. 47–59. [Google Scholar] [CrossRef]
  244. Bhamidipati, V.S.V.; Chan, M.; Chamorro, D.; Jain, A.; Murthy, A. Adaptive Security for Smart Contracts using High Granularity Metrics. In Proceedings of the 3rd International Conference on Vision, Image and Signal Processing, Vancouver, BC, Canada, 28–30 November 2019; pp. 1–6. [Google Scholar] [CrossRef]
  245. Chen, W.; Sun, Z.; Wang, H.; Luo, X.; Cai, H.; Wu, L. WASAI: Uncovering vulnerabilities in Wasm smart contracts. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, Daejeon, Republic of Korea, 18–22 July 2022; pp. 703–715. [Google Scholar] [CrossRef]
  246. Chen, Z.; Liu, Y.; Beillahi, S.M.; Li, Y.; Long, F. Demystifying Invariant Effectiveness for Securing Smart Contracts. Proc. ACM Softw. Eng. 2024, 1, 1772–1795. [Google Scholar] [CrossRef]
  247. Chua, M.Y.K.; Yee, G.O.M.; Gu, Y.X.; Lung, C.H. Threats to Online Advertising and Countermeasures: A Technical Survey. Digit. Threat. Res. Pract. 2020, 1, 11. [Google Scholar] [CrossRef]
  248. Coblenz, M.; Oei, R.; Etzel, T.; Koronkevich, P.; Baker, M.; Bloem, Y.; Myers, B.A.; Sunshine, J.; Aldrich, J. Obsidian: Typestate and Assets for Safer Blockchain Programming. ACM Trans. Program. Lang. Syst. 2020, 42, 14. [Google Scholar] [CrossRef]
  249. Crincoli, G.; Iadarola, G.; La Rocca, P.E.; Martinelli, F.; Mercaldo, F.; Santone, A. Vulnerable Smart Contract Detection by Means of Model Checking. In Proceedings of the Fourth ACM International Symposium on Blockchain and Secure Critical Infrastructure, Nagasaki, Japan, 18–20 May 2022; pp. 3–10. [Google Scholar] [CrossRef]
  250. Cui, S.; Zhao, G.; Gao, Y.; Tavu, T.; Huang, J. VRust: Automated Vulnerability Detection for Solana Smart Contracts. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, CA, USA, 7–11 November 2022; pp. 639–652. [Google Scholar] [CrossRef]
  251. Eshghie, M.; Artho, C.; Gurov, D. Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning. In Proceedings of the Evaluation and Assessment in Software Engineering, Trondheim, Norway, 21–22 June 2021; pp. 305–312. [Google Scholar] [CrossRef]
  252. Gao, C.; Yang, W.; Ye, J.; Xue, Y.; Sun, J. sGuard+: Machine Learning Guided Rule-Based Automated Vulnerability Repair on Smart Contracts. ACM Trans. Softw. Eng. Methodol. 2024, 33, 114. [Google Scholar] [CrossRef]
  253. Garfatta, I.; Klai, K.; Graïet, M.; Gaaloul, W. Model Checking of Vulnerabilities in Smart Contracts: A Solidity-to-CPN Approach. In Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing, Virtual Event, 25–29 April 2022; pp. 316–325. [Google Scholar] [CrossRef]
  254. Ghaleb, A. Towards Effective Static Analysis Approaches for Security Vulnerabilities in Smart Contracts. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, Rochester, MI, USA, 10–14 October 2022; pp. 1–5. [Google Scholar] [CrossRef]
  255. Hamdi, A.; Fourati, L.; Ayed, S. Vulnerabilities and attacks assessments in blockchain 1.0, 2.0 and 3.0: Tools, analysis and countermeasures. Int. J. Inf. Secur. 2024, 23, 713–757. [Google Scholar] [CrossRef]
  256. Hao, X.; Ren, W.; Zheng, W.; Zhu, T. SCScan: A SVM-Based Scanning System for Vulnerabilities in Blockchain Smart Contracts. In Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China, 29 December–1 January 2021; pp. 1598–1605. [Google Scholar] [CrossRef]
  257. Hettmer, M.; Severin, B.; Blum, F.; Gruhn, V. Towards Assessing the Real-World Impact of Defects in Blockchain-Based Smart Contracts. In Proceedings of the 1st International Workshop on Software Defect Datasets, San Francisco, CA, USA, 11 July 2023; pp. 6–10. [Google Scholar] [CrossRef]
  258. Huang, Y.; Jiang, B.; Chan, W.K. EOSFuzzer: Fuzzing EOSIO Smart Contracts for Vulnerability Detection. In Proceedings of the 12th Asia-Pacific Symposium on Internetware, Singapore, 28–30 December 2020; pp. 99–109. [Google Scholar] [CrossRef]
  259. Ibba, G.; Aufiero, S.; Neykova, R.; Bartolucci, S.; Ortu, M.; Tonelli, R.; Destefanis, G. A Curated Solidity Smart Contracts Repository of Metrics and Vulnerability. In Proceedings of the 20th International Conference on Predictive Models and Data Analytics in Software Engineering, Porto de Galinhas, Brazil, 14–18 October 2024; pp. 32–41. [Google Scholar] [CrossRef]
  260. J J, L.; Singh, K.; Chakravarthi, B. Digital forensic framework for smart contract vulnerabilities using ensemble models. Multimed. Tools Appl. 2023, 83, 51469–51512. [Google Scholar] [CrossRef]
  261. Jiao, T.; Xu, Z.; Qi, M.; Wen, S.; Xiang, Y.; Nan, G. A Survey of Ethereum Smart Contract Security: Attacks and Detection. Distrib. Ledger Technol. Res. Pract. 2024, 3, 23. [Google Scholar] [CrossRef]
  262. Khor, J.; Masama, M.A.; Sidorov, M.; Leong, W.; Lim, J. An Improved Gas Efficient Library for Securing IoT Smart Contracts Against Arithmetic Vulnerabilities. In Proceedings of the 2020 9th International Conference on Software and Computer Applications, Langkawi, Malaysia, 18–21 February 2020; pp. 326–330. [Google Scholar] [CrossRef]
  263. Kitzler, S.; Victor, F.; Saggese, P.; Haslhofer, B. Disentangling Decentralized Finance (DeFi) Compositions. ACM Trans. Web 2023, 17, 10. [Google Scholar] [CrossRef]
  264. Lê Hồng, B.; Lê Đc, T.; Đoàn Minh, T.; Trần Tuấn, D.; Phan Thế, D.; Phạm Văn, H. Contextual Language Model and Transfer Learning for Reentrancy Vulnerability Detection in Smart Contracts. In Proceedings of the 12th International Symposium on Information and Communication Technology (SoICT), Ho Chi Minh City, Vietnam, 7–8 December 2023; pp. 739–745. [Google Scholar] [CrossRef]
  265. Li, P.; Wang, G.; Xing, X.; Zhu, J.; Gu, W.; Zhai, G. A smart contract vulnerability detection method based on deep learning with opcode sequences. Peer-to-Peer Netw. Appl. 2024, 17, 3222–3238. [Google Scholar] [CrossRef]
  266. Li, P.; Li, S.; Ding, M.; Yu, J.; Zhang, H.; Zhou, X.; Li, J. A Vulnerability Detection Framework for Hyperledger Fabric Smart Contracts Based on Dynamic and Static Analysis. In Proceedings of the International Conference on Evaluation and Assessment in Software Engineering (EASE), Gothenburg, Sweden, 13–15 June 2022; pp. 366–374. [Google Scholar] [CrossRef]
  267. Li, W.; Li, X.; Li, Z.; Zhang, Y. COBRA: Interaction-Aware Bytecode-Level Vulnerability Detector for Smart Contracts. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering (ASE), Sacramento, CA, USA, 21–25 October 2024; pp. 1358–1369. [Google Scholar] [CrossRef]
  268. Li, Z.; Zhou, Y.; Guo, S.; Xiao, B. SolSaviour: A Defending Framework for Deployed Defective Smart Contracts. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), Austin, TX, USA, 6–10 December 2021; pp. 748–760. [Google Scholar] [CrossRef]
  269. Liao, X. Smart Contract Vulnerability Detection Based on Dynamic and Static Combination. In Proceedings of the International Conference on Digital Economy, Blockchain and Artificial Intelligence, Guangzhou, China, 10–11 April 2024; pp. 412–416. [Google Scholar] [CrossRef]
  270. Liao, Z.; Zheng, Z.; Chen, X.; Nan, Y. SmartDagger: A Bytecode-Based Static Analysis Approach for Detecting Cross-Contract Vulnerability. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Daejeon, Republic of Korea, 18–22 July 2022; pp. 752–764. [Google Scholar] [CrossRef]
  271. Ma, C.; Song, W.; Huang, J. TransRacer: Function Dependence-Guided Transaction Race Detection for Smart Contracts. In Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), San Francisco, CA, USA, 11–17 December 2023; pp. 947–959. [Google Scholar] [CrossRef]
  272. Mi, F.; Zhao, C.; Wang, Z.; Halim, S.M.; Li, X.; Wu, Z.; Khan, L.; Thuraisingham, B. An Automated Vulnerability Detection Framework for Smart Contracts. Distributed Ledger Technologies: Research and Practice 2024, 3, 3705616. [Google Scholar] [CrossRef]
  273. Nguyen, H.H.; Nguyen, N.M.; Doan, H.P.; Ahmadi, Z.; Doan, T.N.; Jiang, L. MANDO-GURU: Vulnerability Detection for Smart Contract Source Code by Heterogeneous Graph Embeddings. In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), Singapore, 14–18 November 2022; pp. 1736–1740. [Google Scholar] [CrossRef]
  274. Otoni, R.; Marescotti, M.; Alt, L.; Eugster, P.; Hyvärinen, A.; Sharygina, N. A Solicitous Approach to Smart Contract Verification. ACM Trans. Priv. Secur. 2023, 26, 15. [Google Scholar] [CrossRef]
  275. Pani, S.; Nallagonda, H.V.; Vigneswaran; Medicherla, R.K.; Rajan, M. SmartFuzzDriverGen: Smart Contract Fuzzing Automation for Golang. In Proceedings of the 16th Innovations in Software Engineering Conference (ISEC), Allahabad, India, 23–25 February 2023; pp. 1–11. [Google Scholar] [CrossRef]
  276. Patel, A.; Chauhan, K.; Maini, S.; Goyal, M. Smart Contract Vulnerabilities Detection Using Deep Learning. In Proceedings of the 2024 Sixteenth International Conference on Contemporary Computing (IC3), Noida, India, 1–3 August 2024; pp. 349–356. [Google Scholar] [CrossRef]
  277. Qian, P.; Liu, Z.; Yin, Y.; He, Q. Cross-Modality Mutual Learning for Enhancing Smart Contract Vulnerability Detection on Bytecode. In Proceedings of the ACM Web Conference 2023 (WWW ’23), Austin, TX, USA, 30 April–4 May 2023; pp. 2220–2229. [Google Scholar] [CrossRef]
  278. Russo, A.; Lax, G.; Dromard, B.; Mezred, M. A System to Access Online Services with Minimal Personal Information Disclosure. Inf. Syst. Front. 2022, 24, 1563–1575. [Google Scholar] [CrossRef]
  279. Su, P.; Hu, J. Smart contract vulnerabilities detection with bidirectional encoder representations from transformers and control flow graph. Multimed. Syst. 2024, 30, 204. [Google Scholar] [CrossRef]
  280. Wang, B.; Yuan, X.; Duan, L.; Ma, H.; Wang, B.; Su, C.; Wang, W. DeFiScanner: Spotting DeFi Attacks Exploiting Logic Vulnerabilities on Blockchain. IEEE Trans. Comput. Soc. Syst. 2024, 11, 1577–1588. [Google Scholar] [CrossRef]
  281. Wang, C.; Li, Y.; Gao, J.; Wang, K.; Zhang, J.; Guan, Z.; Chen, Z. SolaSim: Clone Detection for Solana Smart Contracts via Program Representation. In Proceedings of the 32nd IEEE/ACM International Conference on Program Comprehension (ICPC), Lisbon, Portugal, 16–17 May 2024; pp. 258–269. [Google Scholar] [CrossRef]
  282. Wang, H.; Hu, Y.; Wu, H.; Liu, D.; Peng, C.; Wu, Y.; Fan, M.; Liu, T. Skyeye: Detecting Imminent Attacks via Analyzing Adversarial Smart Contracts. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering (ASE), Sacramento, CA, USA, 27 October–1 November 2024; pp. 1570–1582. [Google Scholar] [CrossRef]
  283. Wen, H.; Liu, H.; Song, J.; Chen, Y.; Guo, W.; Feng, Y. FORAY: Towards Effective Attack Synthesis against Deep Logical Vulnerabilities in DeFi Protocols. In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS), Salt Lake City, UT, USA, 14–18 October 2024; pp. 1001–1015. [Google Scholar] [CrossRef]
  284. Xue, Y.; Ma, M.; Lin, Y.; Sui, Y.; Ye, J.; Peng, T. Cross-contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, 21–25 September 2020; pp. 1029–1040. [Google Scholar] [CrossRef]
  285. Yan, C.; Zhang, C.; Lu, Z.; Wang, Z.; Liu, Y.; Liu, B. Blockchain abnormal behavior awareness methods: A survey. Cybersecurity 2022, 5, 5. [Google Scholar] [CrossRef]
  286. Zheng, Z.; Zhang, N.; Su, J.; Zhong, Z.; Ye, M.; Chen, J. Turn the Rudder: A Beacon of Reentrancy Detection for Smart Contracts on Ethereum. In Proceedings of the 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE), Melbourne, Australia, 14–20 May 2023; pp. 295–306. [Google Scholar] [CrossRef]
  287. Ding, M.; Li, P.; Li, S.; Zhang, H. HFContractFuzzer: Fuzzing Hyperledger Fabric Smart Contracts for Vulnerability Detection. In Proceedings of the Evaluation and Assessment in Software Engineering (EASE), Trondheim, Norway, 21–23 June 2021; pp. 321–328. [Google Scholar] [CrossRef]
  288. Dong, C.; Huang, H.; Shang, Y. Erinys: Efficient Fuzzing by Function Invoke Sequence Generation for Smart Contracts. In Proceedings of the 2024 8th International Conference on Big Data and Internet of Things (BDIOT), Macau, China, 23–25 August 2024; pp. 236–241. [Google Scholar] [CrossRef]
  289. Jang, D.; Askar, A.; Yun, I.; Tong, S.; Cai, Y.; Kim, T. Fuzzing@Home: Distributed Fuzzing on Untrusted Heterogeneous Clients. In Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Limassol, Cyprus, 26–28 October 2022; pp. 1–16. [Google Scholar] [CrossRef]
  290. Ren, M.; Yin, Z.; Ma, F.; Xu, Z.; Jiang, Y.; Sun, C.; Li, H.; Cai, Y. Empirical Evaluation of Smart Contract Testing: What Is the Best Choice? In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Aarhus, Denmark, 11–17 July 2021; pp. 566–579. [Google Scholar] [CrossRef]
  291. Ye, M.; Nan, Y.; Dai, H.N.; Yang, S.; Luo, X.; Zheng, Z. FunFuzz: A Function-Oriented Fuzzer for Smart Contract Vulnerability Detection with High Effectiveness and Efficiency. ACM Trans. Softw. Eng. Methodol. 2024, 33, 191. [Google Scholar] [CrossRef]
  292. Zhao, X.; Qu, H.; Xu, J.; Li, X.; Lv, W.; Wang, G.G. A systematic review of fuzzing. Soft Comput. 2024, 28, 5493–5522. [Google Scholar] [CrossRef]
  293. Aniello, L.; Halak, B.; Chai, P.; Dhall, R.; Mihalea, M.; Wilczynski, A. Anti-BlUFf: Towards counterfeit mitigation in IC supply chains using blockchain and PUF. Int. J. Inf. Secur. 2021, 20, 445–460. [Google Scholar] [CrossRef]
  294. Marjanović, J.; Dalčeković, N.; Sladić, G. Improving Critical Infrastructure Protection by Enhancing Software Acquisition Process Through Blockchain. In Proceedings of the 7th Conference on the Engineering of Computer Based Systems, Novi Sad, Serbia, 2–3 September 2021; pp. 1–7. [Google Scholar] [CrossRef]
  295. Xuan, S.; Tang, H.; Wang, W.; Yang, W. Application of Block Chain Technology in Constructing Network Threat Intelligence System. In Proceedings of the 2020 2nd International Conference on Blockchain Technology, Hilo, HI, USA, 2–4 March 2020; pp. 144–149. [Google Scholar] [CrossRef]
  296. Lew, C.C.; Torres, C.F.; Shinde, S.; Brandenburger, M. Revisiting Rollbacks on Smart Contracts in TEE-protected Private Blockchains. In Proceedings of the 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Vienna, Austria, 8–12 July 2024; pp. 217–224. [Google Scholar] [CrossRef]
  297. Rajmohan, R.; Kumar, T.A.; Sandhya, S.G.; Hu, Y.C. R-GCN: A residual-gated recurrent unit convolution network model for anomaly detection in blockchain transactions. Multimed. Tools Appl. 2024, 83, 87527–87551. [Google Scholar] [CrossRef]
  298. Shetty, M.; Tamane, S. Unveiling bitcoin network attack using deep reinforcement learning with Boltzmann exploration. Peer-to-Peer Netw. Appl. 2025, 18, 47. [Google Scholar] [CrossRef]
  299. Yang, S.; Zhang, F.; Huang, K.; Chen, X.; Yang, Y.; Zhu, F. SoK: MEV Countermeasures. In Proceedings of the Workshop on Decentralized Finance and Security (DeFiSec), Salt Lake City, UT, USA, 14 April 2024; pp. 21–30. [Google Scholar] [CrossRef]
  300. Masmoudi, M.; Amous, I.; Zayani, C.A.; Sèdes, F. Trust attack prevention based on Spark-blockchain in social IoT: A survey. Int. J. Inf. Secur. 2024, 23, 3179–3198. [Google Scholar] [CrossRef]
  301. Wang, P.; Ding, Y.; Sun, M.; Wang, H.; Li, T.; Zhou, R.; Chen, Z.; Jing, Y. Building and Maintaining a Third-Party Library Supply Chain for Productive and Secure SGX Enclave Development. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), Seoul, Republic of Korea, 27 June–19 July 2020; pp. 100–109. [Google Scholar] [CrossRef]
  302. Zichichi, M.; Ferretti, S.; D’Angelo, G.; Rodríguez-Doncel, V. Data governance through a multi-DLT architecture in view of the GDPR. Clust. Comput. 2022, 25, 4515–4542. [Google Scholar] [CrossRef]
  303. Zhong, Z.; Zheng, Z.; Dai, H.N.; Xue, Q.; Chen, J.; Nan, Y. PrettySmart: Detecting Permission Re-delegation Vulnerability for Token Behaviors in Smart Contracts. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering (ICSE), Lisbon, Portugal, 14–20 April 2024; pp. 1–12. [Google Scholar] [CrossRef]
  304. Zhang, Q.; Zhao, Z. Distributed storage scheme for encryption speech data based on blockchain and IPFS. J. Supercomput. 2023, 79, 897–923. [Google Scholar] [CrossRef]
  305. Zhang, J.; Bai, F.; Shen, T.; Gong, B.; Luo, J. Trusted Blockchain-Based Data Fingerprinting Differential-Traceability and SkipList Indexing Methods in Privacy Protection. In Proceedings of the 2022 4th Blockchain and Internet of Things Conference (BIOTC), Tokyo, Japan, 5–7 August 2022; pp. 73–83. [Google Scholar] [CrossRef]
  306. Yuan, B.; Wan, J.; Wu, Y.H.; Zou, D.Q.; Jin, H. On the Security of Smart Home Systems: A Survey. J. Comput. Sci. Technol. 2023, 38, 228–247. [Google Scholar] [CrossRef]
  307. Yi, X.; Zhou, Y.; Lin, Y.; Xie, B.; Chen, J.; Wang, C. Digital rights management scheme based on redactable blockchain and perceptual hash. Peer-to-Peer Netw. Appl. 2023, 16, 2630–2648. [Google Scholar] [CrossRef]
  308. Yang, S.; Chen, J.; Huang, M.; Zheng, Z.; Huang, Y. Uncover the Premeditated Attacks: Detecting Exploitable Reentrancy Vulnerabilities by Identifying Attacker Contracts. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering (ICSE), Lisbon, Portugal, 14–20 April 2024; pp. 1–12. [Google Scholar] [CrossRef]
  309. Wu, J.; Wang, Y.; Wang, R.; Chen, J.; Zheng, Z. Can Neural Networks Help Smart Contract Testing? An Empirical Study. In Proceedings of the 14th Asia-Pacific Symposium on Internetware, Hangzhou, China, 21–23 October 2023; pp. 79–89. [Google Scholar] [CrossRef]
  310. Wu, A.; Guo, Y.; Guo, Y. A decentralized lightweight blockchain-based authentication mechanism for Internet of Vehicles. Peer-to-Peer Netw. Appl. 2023, 16, 1340–1353. [Google Scholar] [CrossRef]
  311. Sun, Y.; Wu, D.; Xue, Y.; Liu, H.; Wang, H.; Xu, Z.; Xie, X.; Liu, Y. GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering (ICSE), Lisbon, Portugal, 14–20 April 2024; pp. 1–13. [Google Scholar] [CrossRef]
  312. Pailoor, S.; Chen, Y.; Wang, F.; Rodríguez, C.; Van Geffen, J.; Morton, J.; Chu, M.; Gu, B.; Feng, Y.; Dillig, I. Automated Detection of Under-Constrained Circuits in Zero-Knowledge Proofs. Proc. ACM Program. Lang. 2023, 7, 1510–1532. [Google Scholar] [CrossRef]
  313. Ooi, S.K.; Ooi, C.A.; Yeap, J.A.L.; Goh, T.H. Embracing Bitcoin: Users’ perceived security and trust. Qual. Quant. 2021, 55, 1219–1237. [Google Scholar] [CrossRef]
  314. Oh, S.J.; Xiao, S.; Park, B.I.; Roh, T. Coping or threat? Unraveling the mechanisms enabling user acceptance of blockchain technologies. Inf. Technol. Manag. 2023, 24, 261–278. [Google Scholar] [CrossRef]
  315. Ma, F.; Ren, M.; Ouyang, L.; Chen, Y.; Zhu, J.; Chen, T.; Zheng, Y.; Dai, X.; Jiang, Y.; Sun, J. Pied-Piper: Revealing the Backdoor Threats in Ethereum ERC Token Contracts. ACM Trans. Softw. Eng. Methodol. 2023, 32, 61. [Google Scholar] [CrossRef]
  316. Luo, F.; Luo, R.; Chen, T.; Qiao, A.; He, Z.; Song, S.; Jiang, Y.; Li, S. SCVHunter: Smart Contract Vulnerability Detection Based on Heterogeneous Graph Attention Network. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering (ICSE), Lisbon, Portugal, 14–20 April 2024; pp. 1–13. [Google Scholar] [CrossRef]
  317. Li, W.; Jia, S.; Liu, L.; Zheng, F.; Ma, Y.; Lin, J. CryptoGo: Automatic Detection of Go Cryptographic API Misuses. In Proceedings of the 38th Annual Computer Security Applications Conference (ACSAC), Austin, TX, USA, 5–9 December 2022; pp. 318–331. [Google Scholar] [CrossRef]
  318. Lewis, T.G. Digital Economy: The Economics of the Digital Economy. Ubiquity 2023, 2023, 1. [Google Scholar] [CrossRef]
  319. Kong, Q.; Chen, J.; Wang, Y.; Jiang, Z.; Zheng, Z. DeFiTainter: Detecting Price Manipulation Vulnerabilities in DeFi Protocols. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Seattle, WA, USA, 17–21 July 2023; pp. 1144–1156. [Google Scholar] [CrossRef]
  320. Karode, T.; Werapun, W. Robustness against fraudulent activities of a blockchain-based online review system. Peer-to-Peer Netw. Appl. 2022, 15, 92–106. [Google Scholar] [CrossRef]
  321. Ipchi Sheshgelani, M.; Pashazadeh, S.; Salehpoor, P. Cooperative hybrid consensus with function optimization for blockchain. Clust. Comput. 2023, 26, 3565–3576. [Google Scholar] [CrossRef]
  322. Ellul, J.; Galea, J.; Ganado, M.; Mccarthy, S.; Pace, G.J. Regulating Blockchain, DLT and Smart Contracts: A technology regulator’s perspective. ERA Forum 2020, 21, 209–220. [Google Scholar] [CrossRef]
  323. Chen, Y.; Sun, Z.; Gong, Z.; Hao, D. Improving Smart Contract Security with Contrastive Learning-based Vulnerability Detection. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering (ICSE), Lisbon, Portugal, 14–20 April 2024; pp. 1–11. [Google Scholar] [CrossRef]
  324. Aljabri, A.; Jemili, F.; Korbaa, O. Intrusion detection in cyber-physical system using rsa blockchain technology. Multimed. Tools Appl. 2023, 83, 48119–48140. [Google Scholar] [CrossRef]
  325. Andreica, T.; Musuroi, A.; Anistoroaei, A.; Jichici, C.; Groza, B. Blockchain integration for in-vehicle CAN bus intrusion detection systems with ISO/SAE 21434 compliant reporting. Sci. Rep. 2024, 14, 8169. [Google Scholar] [CrossRef] [PubMed]
  326. Bakar, A.; Zouhair, A.; En-Naimi, E.M. Review of Vulnerabilities and Countermeasures Against Sybil Attacks on Decentralized Systems Based on Machine Learning Algorithms. In Proceedings of the 6th International Conference on Networking, Intelligent Systems & Security (NISS), Larache, Morocco, 24–26 May 2023; pp. 1–5. [Google Scholar] [CrossRef]
  327. Bargayary, B.; Medhi, N. Preserving flow table integrity in OpenFlow networks through smart contract. Clust. Comput. 2024, 27, 4569–4588. [Google Scholar] [CrossRef]
  328. Bhan, R.; Pamula, R.; Faruki, P.; Gajrani, J. Blockchain-enabled secure and efficient data sharing scheme for trust management in healthcare smartphone network. J. Supercomput. 2023, 79, 16233–16274. [Google Scholar] [CrossRef] [PubMed]
  329. Bhudia, A.; Cartwright, A.; Cartwright, E.; Hurley-Smith, D.; Hernandez-Castro, J. Game Theoretic Modelling of a Ransom and Extortion Attack on Ethereum Validators. In Proceedings of the 18th International Conference on Availability, Reliability and Security (ARES), Benevento, Italy, 29 August–1 September 2023; pp. 1–11. [Google Scholar] [CrossRef]
Futureinternet 17 00183 g001
Figure 1. PRISMA flow diagram for study selection in the systematic review.
Figure 1. PRISMA flow diagram for study selection in the systematic review.
Futureinternet 17 00183 g001
Futureinternet 17 00183 g002
Figure 2. A comprehensive classification of attacks in blockchain technology.
Figure 2. A comprehensive classification of attacks in blockchain technology.
Futureinternet 17 00183 g002
Futureinternet 17 00183 g003
Figure 3. Publication frequency based on included studies.
Figure 3. Publication frequency based on included studies.
Futureinternet 17 00183 g003
Futureinternet 17 00183 g004
Figure 4. Distribution of attack categories and their frequencies in the included studies.
Figure 4. Distribution of attack categories and their frequencies in the included studies.
Futureinternet 17 00183 g004
Futureinternet 17 00183 g005
Figure 5. Distribution of core reasons for vulnerabilities across the included studies.
Figure 5. Distribution of core reasons for vulnerabilities across the included studies.
Futureinternet 17 00183 g005
Table 1. A comprehensive overview of blockchain security attacks.
Table 1. A comprehensive overview of blockchain security attacks.
Attack NameCause of VulnerabilityImpact on SectorsReferences
51% Attack
  • Low network hash rate;
  • Centralized mining power;
  • Renting computational resources;
  • Lack of honest economic incentives;
  • Low attack execution cost.
  • Cryptocurrency exchanges;
  • DeFi platforms;
  • Blockchain-based supply chains.
 [53,54,55]
Smart Contract Vulnerabilities
  • Programming errors;
  • Complex business logic;
  • Inadequate testing and auditing;
  • Lack of standards and best practices.
  • DeFi platforms;
  • Cryptocurrencies;
  • DAOs;
  • Supply chain systems.
 [56,57]
Man-in-the-Middle Attack
  • Intercepted communication between nodes;
  • Stolen private keys;
  • Tampered transaction data.
  • Blockchain networks;
  • Cryptocurrency exchanges;
  • Healthcare.
 [40,41,42]
Replay Attack
  • Shared transaction history;
  • Incompatible message formats;
  • Lack of replay protection.
  • Cryptocurrency exchanges;
  • DeFi platforms;
  • Blockchain-based supply chains.
 [51,58]
Double-Spending Attack
  • Delayed transaction confirmation;
  • Network latency and forks;
  • Acceptance of unverified transactions.
  • Cryptocurrencies;
  • Crypto-payment systems;
  • PoW-based solutions.
 [36,38,59]
Routing Attack
  • Manipulated routing protocols;
  • False routing information.
  • P2P networks;
  • PoW/PoS-based systems;
  • Healthcare.
 [43,60]
Sybil Attack
  • Fake node insertion in routing tables;
  • Ignoring node authentication;
  • Centralized computational authority.
  • Cryptocurrencies;
  • Blockchain-based supply chains;
  • P2P networks.
 [61,62,63]
Race Attack
  • Simultaneous contradictory transactions;
  • Lack of transaction validation.
  • P2P networks;
  • Cryptocurrency exchanges;
  • Crypto-payment systems.
 [64,65]
Eclipse Attack
  • Isolation of nodes by malicious peers;
  • Exploitation of untrusted peers;
  • Weak peer-to-peer protocols.
  • PoW-based solutions;
  • Healthcare;
  • Blockchain networks.
 [37,66,67]
Table 2. A summarized overview of the detection and mitigation techniques for blockchain attacks.
Table 2. A summarized overview of the detection and mitigation techniques for blockchain attacks.
AttackDetection TechniquesSecurity Measures (Mitigation)References
51% Attack
  • Monitor unusual network behavior;
  • Analyze mined blocks and block reorganization;
  • Detect double spending and suspicious transactions;
  • Observe mining pool activities;
  • Implement alerting mechanisms.
  • Use robust consensus mechanisms;
  • Increase network size and decentralization;
  • Apply checkpoints and diverse mining communities.
 [83,84,85]
Smart Contract Vulnerabilities
  • Static analysis (e.g., symbolic execution, control flow graphs);
  • Dynamic analysis (e.g., fuzz testing, runtime monitoring);
  • Formal verification and code auditing.
  • Adopt best design patterns and access control mechanisms;
  • Conduct regular security audits;
  • Use upgradeable contracts and comprehensive testing.
 [57,71,72]
Double-Spending Attack
  • Monitor transaction verification times;
  • Analyze block confirmation and ledger consistency;
  • Detect suspicious fork creation.
  • Increase confirmation times and block consistency;
  • Use key-evolving cryptography;
  • Disable unconfirmed connections.
 [36,59,86]
Race Attack
  • Monitor transaction broadcasts;
  • Insert observer nodes for suspicious activity.
  • Periodic transaction monitoring;
  • Deploy observer nodes for continuous surveillance.
 [46,87]
Replay Attack
  • Detect duplicate transactions;
  • Analyze transaction history in forked chains.
  • Implement strong replay protection;
  • Use coin-splitting techniques;
  • Opt-in replay protection.
 [51,58]
Sybil Attack
  • Monitor node reputation and activity;
  • Identify suspicious node behavior during PoW initiation.
  • Restrict high-computing-power nodes;
  • Implement non-refundable deposits (e.g., currency burning);
  • Use fidelity bonds and coin-age mechanisms.
 [61,62]
Eclipse Attack
  • Use anomaly detection tools;
  • Run seeding and eliminate exploitation windows.
  • Implement timestamp-based protocols;
  • Use threat database models for detection;
  • Enhance network load monitoring.
 [37,66]
Man-in-the-Middle Attack
  • Detect unusual network activity;
  • Check transaction discrepancies;
  • Monitor potentially malicious nodes.
  • Encrypt communication between nodes;
  • Use multi-factor authentication for private key access;
  • Employ public key infrastructure and biometric authentication.
 [74,76]
Routing Attack
  • Monitor network traffic patterns;
  • Use reputation systems to identify malicious nodes.
  • Secure routing protocols using digital certificates;
  • Apply distributed consensus mechanisms.
 [88,89]
Table 3. Blockchain attack targets and key factors influencing likelihood for different types of attacks.
Table 3. Blockchain attack targets and key factors influencing likelihood for different types of attacks.
Attack TypeTargetKey Factors Influencing Likelihood
51% AttackPoW (Bitcoin, Litecoin, Small Chains)Hash rate concentration, mining cost, network difficulty
Sybil AttackPoS, Permissionless ChainsNode diversity, validator stake, network entry barriers
Eclipse AttackP2P NodesNetwork size, node connectivity, topology
Smart Contract VulnerabilitiesEthereum, BSC, DeFi ContractsCode vulnerabilities, audit quality, formal verification
Double-Spending AttackPoW/PoS NetworksTransaction finality, block confirmation time
Routing AttackAll Blockchain NetworksISP dependency, network propagation speed
Replay AttackTransaction AuthenticationWeak authentication, transaction replay capability
Man-in-the-Middle AttackBlockchain Communication LayerUnencrypted communication, weak key exchange
Race AttackPoW/PoS Networks (Fast Transaction Confirmations)Transaction propagation speed, network latency, low block confirmation requirements
Table 4. Keyword frequencies of the included studies.
Table 4. Keyword frequencies of the included studies.
KeywordCount
Technology/Technologies4378
Security11,518
Systems3697
Blockchain16,400
Distributed2112
Privacy4454
Information5438
Control2881
Encryption1633
Detection7043
Prevention381
Attack5450
Vulnerability/Vulnerabilities8422
Protocol1901
Transaction5249
Network6848
Bitcoin1971
Ethereum4672
Smart13,760
Internet2375
Cryptocurrency/Cryptocurrencies1221
Strategies554
Strategy590
Mitigation385
Cryptography642
IoT633
Tether20
Table 5. Cybersecurity attacks and their impacts based on their attack categories.
Table 5. Cybersecurity attacks and their impacts based on their attack categories.
Reference(s)Attack CategoryImpact Result
[103,104,105,106]AI/ML SecurityUnreliable vulnerability detection, financial exploitation risks, missed security flaws in contract audits, and unpatched vulnerabilities in deployed contracts.
 [107]Application VulnerabilityUndetected execution faults in Web3 applications, leading to potential security breaches.
[69,70,108,109,110,111,112,113,114,115,116]Authentication or AuthorizationUser errors, private key leaks, unauthorized access attempts, patient data exposure, healthcare service disruptions, legal liabilities, data breaches, loss of intellectual property, regulatory penalties, compromised data integrity, financial loss, reputation damage, operational disruption, unauthorized vehicle use, financial fraud, identity theft, data theft, and unauthorized smart contract execution.
[117,118,119,120]Blockchain SecurityPerformance degradation, increased attack surface, data tampering risks, election result manipulation, transaction bottlenecks, and reduced performance.
 [121]Centralization VulnerabilityAnonymity loss and privileged operations due to centralized control.
 [122]Cloud SecurityState continuity violations in cloud-based systems.
 [123]Code InjectionDatabase manipulation through malicious code injection.
 [124,125]Code Reuse VulnerabilityPropagation of known security flaws and widespread deployment of vulnerable contracts.
 [126]Critical InfrastructureGrid data manipulation in critical infrastructure systems.
[127,128,129]Cross-Chain VulnerabilityUnintended contract behavior exploitation, cross-chain transaction fraud, and privacy leaks.
 [130]Cryptocurrency VulnerabilityBitcoin loss due to script flaws in cryptocurrency systems.
 [68,131,132,133,134,135,136,137]Cryptographic AttackUnauthorized data access in smart grids, data breaches, loss of user trust, legal liabilities, data theft, espionage, compromised encryption, and privacy leakage.
 [138,139,140]Data IntegrityLoss of critical digital evidence, unauthorized modifications, and compromised tenant data.
 [141,142,143,144]Data SecurityData loss, unauthorized access, medical data breaches, identity theft, and loss of control over information.
[145,146,147,148,149,150,151,152]Denial of ServiceService disruption, network security compromise, financial losses, blockchain slowdown, transaction delays, and smart contract failure.
 [153]Digital Asset TheftPlayer data compromises in digital asset systems.
 [154]Domain SecurityPhishing attacks and lost domain access due to security vulnerabilities.
 [155]EducationalKnowledge gaps in blockchain security education and training.
 [156]Electoral FraudVote tampering and lack of transparency in electoral systems.
 [157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173]Financial FraudFinancial fraud, illicit contract use, fund misuse, investor losses, scam tokens, unfair governance token distributions, and cyber threats to financial stability.
 [174,175]Fraud/Identity TheftFake degrees, credential fraud, compromised health data, and fraudulent registrations.
 [176]Identity ManagementHigher threat exposure in self-sovereign identity systems.
 [177]Incident ResponseDelayed security responses and uncoordinated mitigation efforts.
 [178]Insider ThreatCompromised smart grid infrastructure due to insider threats.
 [179,180,181]Intellectual Property TheftRevenue loss for copyright holders, unauthorized data usage, and copyright infringement.
 [119,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201]IoT VulnerabilityData interception, unauthorized access, widespread IoT network vulnerabilities, data leaks, privacy issues, sensitive data exposure, financial loss, and compromised industrial control systems.
 [202]MalwareData loss and ransom demands due to malware attacks.
 [203,204,205,206]Media ManipulationPublic misinformation, identity theft, political and financial misinformation risks, fake news, and lack of content authenticity.
 [207]Memory VulnerabilityMemory corruption and code execution vulnerabilities.
 [89,196,208,209,210,211,212,213,214,215]Network AttackOperational disruptions, compromised data integrity, financial losses, service disruption, data tampering, cybercriminal activities, and denial-of-service (DoS) attacks.
 [216,217,218,219]Oracle ManipulationFlash-loan-based financial exploits, price manipulations, inaccurate data inputs, and market manipulation.
 [152,220,221,222]Phishing/Social EngineeringUser credential theft, financial fraud, and unauthorized fund theft.
 [223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240]Privacy ViolationPrivacy violations in AI models, user identity theft, misinformation, data exposure, identity leaks, compromised vehicle safety, legal and financial risks, and unauthorized access to stored blockchain data.
 [241]Scalability SecurityHigh fees and slow transactions due to scalability issues.
 [163,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286]Smart Contract VulnerabilityFinancial exploits, blockchain instability, unauthorized fund transfers, contract hijacking, financial fraud, money laundering, and irreversible financial losses.
 [287,288,289,290,291,292]Software TestingSecurity vulnerabilities overlooked, undetected software vulnerabilities, and unreliable security testing results.
 [293,294]Supply Chain AttackMalfunctioning electronic components and compromised software due to supply chain attacks.
 [295]Threat IntelligenceSlow response to cyber threats due to inadequate threat intelligence.
 [296,297,298,299]Transaction ManipulationFinancial loss, disruption of services, unauthorized transactions, and financial manipulation.
 [300]Trust ExploitationFalse service discovery and compromised interactions due to trust exploitation.
 [301]Trusted Execution EnvironmentVulnerabilities in trusted execution environments.
 [109,123,278,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329]Various (studies that discuss attacks from multiple categories)Online fraud, identity theft, unauthorized access to ECUs, denial of service (DoS), financial losses, privacy violations, data breaches, network collapse, theft of NFTs, and unauthorized code execution.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Siam, M.K.; Saha, B.; Hasan, M.M.; Hossain Faruk, M.J.; Anjum, N.; Tahora, S.; Siddika, A.; Shahriar, H. Securing Decentralized Ecosystems: A Comprehensive Systematic Review of Blockchain Vulnerabilities, Attacks, and Countermeasures and Mitigation Strategies. Future Internet 2025, 17, 183. https://doi.org/10.3390/fi17040183

AMA Style

Siam MK, Saha B, Hasan MM, Hossain Faruk MJ, Anjum N, Tahora S, Siddika A, Shahriar H. Securing Decentralized Ecosystems: A Comprehensive Systematic Review of Blockchain Vulnerabilities, Attacks, and Countermeasures and Mitigation Strategies. Future Internet. 2025; 17(4):183. https://doi.org/10.3390/fi17040183

Chicago/Turabian Style

Siam, Md Kamrul, Bilash Saha, Md Mehedi Hasan, Md Jobair Hossain Faruk, Nafisa Anjum, Sharaban Tahora, Aiasha Siddika, and Hossain Shahriar. 2025. "Securing Decentralized Ecosystems: A Comprehensive Systematic Review of Blockchain Vulnerabilities, Attacks, and Countermeasures and Mitigation Strategies" Future Internet 17, no. 4: 183. https://doi.org/10.3390/fi17040183

APA Style

Siam, M. K., Saha, B., Hasan, M. M., Hossain Faruk, M. J., Anjum, N., Tahora, S., Siddika, A., & Shahriar, H. (2025). Securing Decentralized Ecosystems: A Comprehensive Systematic Review of Blockchain Vulnerabilities, Attacks, and Countermeasures and Mitigation Strategies. Future Internet, 17(4), 183. https://doi.org/10.3390/fi17040183

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop