I've found several small vulnerabilities in one blockchain - NEM. Not totally fatal ones, just annoying ones, and I used them because the people behind the chain cheated me.<p>First there is a transaction bandwidth amplification attack whereby you send different transactions to each node. These nodes then try to synchronize with each other and the resulting bandwidth used to synchronize is basically amplified by the number of nodes.<p>The next is unwanted transactions. I basically swore at everyone with a balance over a couple of dollars, and this transaction showed up in everyone's wallet. I used both a vanitygen address with a swear in it, and created a custom token name.<p>The next is specific to NEM, and it consisted of a levy on transacting the token. Basically if someone sent it away, it cost them some coins that came to me. They ended up breaking their own levy system by creating a few tokens that used my token as a levy in order to avoid giving me money.<p>The next was also specific to NEM, and was an attack on the voting module during an on-chain election. I saw that counting voting required looking at all transactions to a specific address, and spammed that address with tens of thousands of bad votes that made reading the results take a long time. I also created thousands of polls that made searching for the highly anticipated vote much more difficult. They had to release a new client to try to help people vote.<p>Another vulnerability is due to expiration of tokens. In my first round the levy I charged was minimal (it was somewhere around $0.30), but in the second round I sent during their "airdrop opt-in" where they launched a new chain called "Symbol" I jacked up the levy. This time, because of the increased token price, and the increased levy it cost about $400 to send my token. Several people paid it. Hey, the chain is truth right?<p>This doesn't even mention the conventional types of things like showing up outside any events the people in charge spoke at and protesting them in person. I showed up at at least 6 of their advertised events in different cities around the US where I shared my side of the story about how they were untrustworthy.<p>I believe this is why they even launched "Symbol". They had to re-brand because they couldn't deal with NEM's history of cheating people.