Assessing the Threat of Blockchain-based Botnets

Leon Böck, Nikolaos Alexopoulos, Emine Saracoglu, Max Mühlhäuser, Emmanouil Vasilomanolakis

Research output: Contribution to book/anthology/report/conference proceedingArticle in proceedingResearchpeer-review


Time and time again the security community has faced novel threats that were previously never analyzed, sometimes with catastrophic results. To avoid this, proactive analysis of envisioned threats is of great importance. One such threat is blockchain-based botnets. Bitcoin, and blockchain-based decentralized cryptocurrencies in general, promise a fair and more transparent financial system. They do so by implementing an open and censorship-resistant atomic broadcast protocol that enables the maintenance of a global transaction ledger, known as a blockchain. In this paper, we consider how this broadcast protocol may be used for malicious behavior as a botnet command and control (C2) channel. Botmasters have been known to misuse broadcasting platforms, like social media, as C2 channels. However, these platforms lack the integral censorship-resistant property of decentralized cryptocurrencies. In this paper, we provide a comprehensive systematization of knowledge study on using blockchains as botnet C2 channels, generating a number of important insights. We set off by providing a critical analysis of the state of the art of blockchain-based botnets, along with an abstract model of such a system. We then examine the inherent limitations of the design, in an attempt to challenge the feasibility of such a botnet. With such limitations in mind, we move forward with an experimental analysis of the detectability of such botnets and discuss potential countermeasures. Contrary to previous work that proposed such botnets, we provide a broad overview of the associated risk and view the problem in relation to other existing botnet C2 channels. We conclude that despite its limitations, the blockchain, as a backup mechanism, practically renders attempts to suppress the control channel of a botnet futile. Thus, more focus should be put on detecting and disinfecting machines at the network edge (router) or even per-bot level.

Original languageEnglish
Title of host publication2019 APWG Symposium on Electronic Crime Research (eCrime)
Number of pages11
Publication date19 Mar 2020
Article number9037600
ISBN (Print)978-1-7281-6384-0
ISBN (Electronic)978-1-7281-6383-3
Publication statusPublished - 19 Mar 2020
Event2019 APWG Symposium on Electronic Crime Research (eCrime) - Pittsburgh, United States
Duration: 13 Nov 201915 Nov 2019


Conference2019 APWG Symposium on Electronic Crime Research (eCrime)
CountryUnited States


  • blockchain
  • botnets

Fingerprint Dive into the research topics of 'Assessing the Threat of Blockchain-based Botnets'. Together they form a unique fingerprint.

  • Cite this

    Böck, L., Alexopoulos, N., Saracoglu, E., Mühlhäuser, M., & Vasilomanolakis, E. (2020). Assessing the Threat of Blockchain-based Botnets. In 2019 APWG Symposium on Electronic Crime Research (eCrime) [9037600] IEEE.