This paper exposes a novel resource-exhaustion attack targeting Large Reasoning Model (LRM) servers: adversaries implicitly elongate inference chains to induce DDoS-like service overload or failure. To realize this, we propose the first character-level multi-radix ASCII obfuscation mechanism for stealthy inference expansion—preserving both user query semantics and answer correctness while significantly increasing computational load. Our approach integrates multi-base ASCII encoding obfuscation, inference-path steering, and lightweight prompt perturbation, achieving high stealthiness and low observability. Evaluated on the o3 model using the HumanEval benchmark, our method increases response length by over 2.5× without degrading functional correctness. This work establishes a critical empirical foundation for LRM service security assessment and introduces a new adversarial paradigm for probing inference-time vulnerabilities.

Large Reasoning Models (LRMs) have demonstrated promising performance in complex tasks. However, the resource-consuming reasoning processes may be exploited by attackers to maliciously occupy the resources of the servers, leading to a crash, like the DDoS attack in cyber. To this end, we propose a novel attack method on LRMs termed ExtendAttack to maliciously occupy the resources of servers by stealthily extending the reasoning processes of LRMs. Concretely, we systematically obfuscate characters within a benign prompt, transforming them into a complex, poly-base ASCII representation. This compels the model to perform a series of computationally intensive decoding sub-tasks that are deeply embedded within the semantic structure of the query itself. Extensive experiments demonstrate the effectiveness of our proposed ExtendAttack. Remarkably, it increases the length of the model's response by over 2.5 times for the o3 model on the HumanEval benchmark. Besides, it preserves the original meaning of the query and achieves comparable answer accuracy, showing the stealthiness.