Paper 2020/1440

SoK: Cyber-Attack Taxonomy of Distributed Ledger- and Legacy Systems-based Financial Infrastructures

Ralph Ankele, Kai Nahrgang, Branka Stojanovic, and Atta Badii


Nowadays, virtually all products and services offered by financial institutions are backed by technology. While the frontend banking services seem to be simple, the core-banking backend systems and architecture are complex and often based on legacy technologies. Customer-facing applications and services are evolving rapidly, yet they have data dependencies on core banking systems running on ancient technology standards. While those legacy systems are preferred for their stability, reliability, availability, and security properties, in adapting the frontends and services many security and privacy issues can occur. Clearly, this issues are arising as those systems have been designed decades ago, without considering the enormous amounts of data that they are required to handle and also considering different threat scenarios. Moreover, the trend towards using new technologies such as Distributed Ledger Technologies (DLT) has also emerged in the financial sector. As the nodes in DLT systems are decentralized, additional security threats come to light. The focus of this work is the security of financial technologies in the FinTech domain. We provide relevant categorization and taxonomies for a better understanding of the main cyber-attack types, and suitable countermeasures. Our findings are supported by using security-by-design principles for some selected critical financial use-cases, and include a detailed discussion of the resulting threats, attack vectors and security recommendations.

Available format(s)
Publication info
Preprint. MINOR revision.
DLTblockchaincyber-attack taxonomyFinTechthreat modellingcyber-attack countermeasure
Contact author(s)
ralph ankele 2015 @ live rhul ac uk
branka stojanovic @ joanneum at
kai nahrgang @ joanneum at
2020-11-19: received
Short URL
Creative Commons Attribution


      author = {Ralph Ankele and Kai Nahrgang and Branka Stojanovic and Atta Badii},
      title = {SoK: Cyber-Attack Taxonomy of Distributed Ledger- and Legacy Systems-based Financial Infrastructures},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1440},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.