This paper presents a comprehensive survey on the security of blockchain systems. It systematically examines the security threats to blockchain and surveys real attacks on popular blockchain systems. The paper also reviews security enhancement solutions for blockchain and suggests future research directions. Blockchain technology, initially developed for cryptocurrency, has evolved to support smart contracts and is now applied in various fields. However, security vulnerabilities and attacks have been reported, such as the 2016 DAO hack, where a recursive calling vulnerability led to the theft of 60 million dollars. The paper discusses common risks to blockchain systems, including 51% attacks, private key security, criminal activities, double spending, and transaction privacy leakage. It also addresses specific risks to blockchain 2.0, such as vulnerabilities in smart contracts, under-optimized smart contracts, under-priced operations, and attacks like selfish mining, DAO, BGP hijacking, eclipse, liveness, and balance attacks. The paper proposes security enhancements, including SMARTPOOL, a novel mining pool system, and OYENTE, a symbolic execution tool for detecting bugs in Ethereum smart contracts. It also introduces a quantitative framework for analyzing blockchain performance and security. The paper concludes that blockchain systems require further research to enhance their security and address the identified risks.This paper presents a comprehensive survey on the security of blockchain systems. It systematically examines the security threats to blockchain and surveys real attacks on popular blockchain systems. The paper also reviews security enhancement solutions for blockchain and suggests future research directions. Blockchain technology, initially developed for cryptocurrency, has evolved to support smart contracts and is now applied in various fields. However, security vulnerabilities and attacks have been reported, such as the 2016 DAO hack, where a recursive calling vulnerability led to the theft of 60 million dollars. The paper discusses common risks to blockchain systems, including 51% attacks, private key security, criminal activities, double spending, and transaction privacy leakage. It also addresses specific risks to blockchain 2.0, such as vulnerabilities in smart contracts, under-optimized smart contracts, under-priced operations, and attacks like selfish mining, DAO, BGP hijacking, eclipse, liveness, and balance attacks. The paper proposes security enhancements, including SMARTPOOL, a novel mining pool system, and OYENTE, a symbolic execution tool for detecting bugs in Ethereum smart contracts. It also introduces a quantitative framework for analyzing blockchain performance and security. The paper concludes that blockchain systems require further research to enhance their security and address the identified risks.