Oddly enough, one of the selling points of Bitcoin Gold (a hard fork of Bitcoin) was its use of Equihash instead of SHA-256. The idea was that a memory-hard proof-of-work function would inoculate Bitcoin Gold from miner centralization.
The problem with mining centralization is that sufficiently powerful miners can attack the network by rewriting blocks. This opens the door to double spending.
This was exactly the attack the article described.
It appears that Bitcoin Gold's decision to use Equihash led to this mess. The algorithm is used by several other coins. Hardware optimized for this algorithm can therefore be used with equal ease to mine on a network or attack it.
Bitcoin Cash may be headed for a similar fate. It retains SHA-256, but is a minority chain in terms of hash power. A powerful Bitcoin miner deciding to perform double spends on Bitcoin Cash would have everything needed to do repeat the Bitcoin Gold attack.
BTW, a similar attack recently occured on Verge:
https://blog.theabacus.io/the-verge-hack-explained-7942f63a3...
It's possible that any altcoin that becomes sufficiently valuable will suffer similar attacks to the ones that have now taken place on Verge and Bitcoin Gold.
So this would require an attacker to pay into the exchange with BTCg, have the deposit clear and approve for trading, trade it for another currency, and have that trade settle and be clear for withdrawal, and then process the withdrawal, all in under 4 hours. After which point the attacking miner surfaces a longer chain they had been keeping which doesn’t include the original BTCg deposit.
Alternatively, if the exchange isn’t smart enough to pay short-term withdrawals with inputs that link back to the recent deposit, an attacker could just deposit and then withdraw with no trade and the withdraw transaction is valid even if the deposit is double-spent.
An exchange that lets a trader deposit millions in one crypto-asset, exchange it for another, and clear a withdrawl in 4 hours... got what was coming to them? Where’s the KYC process for a million-dollar deposit?
There’s a reason new deposits in a brokerage account take a few days to settle / be cleared for trading. And again after selling before funds can be withdrawn. And that’s a currency where most transactions can be reversed!
It would be one thing to allow 10 block settlement for Bitcoin main-net. It’s another to allow it with a thinly mined alt-coin.
more details here:
https://forum.bitcoingold.org/t/double-spend-attack-on-excha...
Bitcoin gold was a fork to try and decentralize mining. It changed to a proof of work that is supposed to be ASIC resistant. It looks like the typical situation is mining by GPU for equihash (BTG PoW).
BTG hashrate is at ~30MH/s at the moment, where Zcash's hashrate is at ~486MH/s.
I don't have the numbers off hand, but it'd be interesting to see how many GPUs you'd need to pull of a double spend against BTG and if any of the other equihash coins saw a drop off during the attack.
It'd be really interesting if it wasn't a rental attack, but an invested miner just switching over to BTG to achieve the hack.
They reversed 22 blocks, the recommendation is to increase the # of confirmations to rely upon to 50. If you are trying to react to 51% attack doubling the number of confirmations only doubles the cost of attack, and the attacker likely just doubled the number of BTG they have. If they can pay the electricity/rental cost for the attack they have enough BTG to execute the attack in a cost effective manner again.
Crypto currencies are worthless unless they have an enormous amount of hashing power behind them.
We could really do with a webpage with a list of crypto currencies, the hashing power currently behind them, and how much it would cost somebody to take over 50% of the network.
Or does that already exist?
> Ordinarily, the blockchain would resolve this by including only the first transaction in the block, but the attacker was able to reverse transactions since they had majority control of the network.
Not a very precise explanation, just checking, what exactly does this mean?
I always thought the way a 51% double-spend attack worked was by broadcasting a transaction for human consumption (eg, I'll give you Y coins for Z dollars), then secretly mining your own blockchain for the N successive chains following it. After the humans have completed the human-level transactions after waiting the standard N successive blocks with no transaction conflicts, you release your own secret blockchain fork back into the public with data that contradicts the current popular one and instruct your network to ignore the competing publicly-acceptable chain. The new private one wins so long as it is equally as long as the public one which it should be because you have more compute power than the rest of the public.
Is that basically what happened here?
>Obtaining this much hashpower is incredibly expensive
Is it? Presumably you only need to maintain it for a short amount of time. Sounds like something one could smash with google cloud preemptible GPUs or similar. Especially since such an attacker is presumably not above using a stolen CC or three.
I'm just waiting for the day when it's revealed that ~70% of miners on a top 5 cryptocurrency are compromised by a specialized worm or malware. We'll probably only find out after the double spending is discovered but this type of outcome seems almost inevitable. The people writing this type of software are definitely financially motivated, but I can easily imagine such a person throwing away millions of dollars in 0-days just to fulfill such a hackneyed cyberpunk cliche.
Also, we know that things like stuxnet exist. Imagine something even a fraction as crazy as that targeting mining nodes. It's going to happen eventually.
How many millions? Is it time to update http://dayssinceacryptocurrencyexchangehaslostmorethan100mil... ?
Meh. I think I'm just gonna go ahead and add it. I haven't been paying close attention. I'm sure I've missed 1 or 2.
Knee jerk reaction: Good.
However since it is a 'Bitcoin cash' type coin this will ultimately hurt bitcoin and the community as a whole. I can already see the buzz "Bitcoin double spending attack!" articles
Satoshi really downplayed 51% attacks in his/her original whitepaper[1]:
> The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.
Apparently he didn't realize that coins could quickly be transferred to other crypto and not held, so who cares about the value of the stolen goods.
So much energy from the brightest minds of our age dedicated to getting something for nothing. I'm outa here.
I met the founder of Bitcoin Gold a few month before, I can not tell if there is any other reason he forked bitcoin than mere profit. He said he was going to fork ether as well. Given the speculative nature of the people involved in this network. could this be a inside job?
Every POW coin should either switch to POS or if they are going to stick with POW they need to focus on a different algorithm and let ASIC development happen. The key to being a weaker chain is to encourage the community to build an ASIC just for your coin. I don't understand this push by many POW coins on sticking with commodity hardware, except for a few giants (zcash, eth, monero) you're going to get destroyed.
Dedicated ASIC only for your chain = good. Commodity hardware = bad.
How is the price https://www.coingecko.com/en/price_charts/bitcoin-gold/usd still good when this is all over the news?
If Bitcoin became the dominant currency of humanity, eventually we’d darken the galaxy by building Dyson shells in the ultimate energy arms race to prevent a 51% attack.
Joking. Mostly.
Bitcoin Gold has a director of communications?
Curious if this is illegal in anyway?
I suppose there will be increasing incentive to do the numbers on the hash cost to take over a coin and to execute these attacks.
Neat.
What's interesting to me is that the bit game theory that is supposed to make such an attack unprofitable seems not to be holding here. Supposedly the idea that the blockchain was insecure would devalue the coin to such a degree as to disincentive people from attempting these sorts of attacks. I see virtually no movement in the price of BTG and relatively little in XVG (also attacked this week). If anything, the fact that the chain's integrity can be compromised and nothing happens appears to undermine a core assumption of Nakamoto consensus.
A few thoughts:
- It rubs me the wrong way to call it an "exploit" when 51% attacks are a core part of the way blockchains function.
- I'm surprised that the price for bitcoin gold isn't tanking. That's a sign that the crypto marketplace really isn't healthy right now, imo
- Conversely I'm surprised that this isn't causing a spike in coins that are more robust in regards to 51% attacks, like BTC and BURST (because they're both the majority coin in the realm of the resources they require)
This puzzles me. Although a miner with enough hash power can do a double spend, it's obvious from the blockchain that they did so. To bring this off, you have to have huge hash power and be anonymous. That limits the number of possible attackers.
Bitmain could do this to Bitcoin, but everybody knows where Bitmain is.
The team behind Cardano is proving their algorithms. I think they have even proven Bitcoin in the process, of proving their own algos.
I guess this is why one would like proofs, and proglangs that can (to some extend) incorporate the proofs/laws so your code is checked against them.
If all that is required to reverse transactions is 51% control, cannot the transactions that occurred during the double spend attack also be reversed by a 51% coalition once the attacker loses its majority?
<snark>Remind me again why cryptocurrency are a good idea</snark>
Seriously, the idea of smart contracts can truly be of value if attacks like this are no longer possible.
The strange thing about this is that there is no visible effect on the price of BTG. It is going down true - but most crypto go down now - and when you look at the chart you would not guess that there was such a dramatic event: https://cryptowat.ch/markets/bitfinex/btg/usd
Well it was scamish to begin with. 100,000 coins were premined when it forked. With a lot less mining competition a double spend attack was just waiting to happen. It is possible to also do a double spend attack on Bitcoin and Bitcoin Cash. It's just not very feasible because you would need A LOT of hashing power. So this comes as no surprise to me at least.
If Bitcoin Gold weren't worthless before, it is now.
If it weren't so difficult and risky to sell this, it would be worth almost nothing already.
Stupid question: If an attack allows to successfully double spend, can you also triple spend or quadruple spend?
Is there a laymans explination for this attack?
"but the attacker was able to reverse transactions since they had majority control of the network."
I thought these crypto currencies didn't allow for reversing a transaction? Or is this "reversing" such as just deposit and then withdraw?
How is the price not crashing? It's down 10%, which is pretty much like the rest of the market.
It's weird the reaction on cryptocurrency prices today has been so correlated, you'd expect a flight from smaller more vulnerable coins into the larger market caps.
Then again maybe everyone is just freaking out about the tether expansion...
So BTG has a hash rate in the order of tens of M using the same hashing algorithm that is used on the ETH network, which has a hash rate in the order of hundreds of T? So a millionth (10e-6) of ETH hashrate could 51% BTG?
What do you want to bet the attacker shorted other crypto while they were at it?
Anyone well versed in this topic care to comment about how these attacks might/might not relate to the 'proof of work vs proof of stake' debate in the wider cryptocurrency world?
I am just going to say two things: 1 it was only a matter of time 2 LoL
No one would ever actually do a double spend attack as it would be more profitable to mine the currency instead --Every cryptocurrency enthusiast ever.
That's going to be okay though, right? Given that it's clear fraud, the FDIC should be able to step in and make investors whole, right?
I met the founder of Bitcoin Gold at a meetup which turned out to be a sales pitch for Bitconnect, funnily enough.
Yes Bitcoin is vulnerable to a 51% attack right now and so are all other PoW coins.
That's why crypto is still in its infancy.
That's why Proof-of-stake is the way to go, you will never see a major coinholder undermining the coin
Is there any way to prevent 51% attacks in bitcoin forks besides increasing confirmations?
To me, this shows how Bitcoin type cryptocurrency mining incentives line up. For good actors, there is little to no incentive to seek 51% capacity whereas there is a lot of incentive for bad actors to seek it. As an economic activity, the logic of ruthless competition makes double spend capability the holy grail. Double spend is the sole reward for 51% capacity.
I hate to toss in a commonplace, but can’t anyone here play this game?
I wonder if the idea for this attack came from Silicon Valley tv series
Wait a minute. Isn't bitcoin supposed to be immune from this?
Who is taking the money? What is it going to be spent on?
3 attacks in one week?! Who needs this kind of money?
Bolivar isn't goitto zero.
Bitcoin base value is comedy value .. ok.
Purely hypothetical and mostly stupid: could double spending attacks be a way to overcome the issue of a limited supply of coins and the fact the total number of coins tends to zero as old coins are lost?
how the heck did he acquire majority hash? Afaiu, this requires massive computational resources that no individual has access to
Hence why Iota is still using their coordinator.
maybe Bitcoin Diamond will prove harder
play stupid games (like listing shitcoins) win stupid prizes
And the freakout cycle begins anew.
Oh dear, it's not looking good for Bitcoin. Will Bitcoin recover, or should we let other crypto kings such as Verge take over already?
When Bitcoin was running up to $20,000, I tried to analyze the system and come to a personal conclusion about its equilibrium value, because I didn't want to miss out if it really was the currency of the future.
I ended up not investing, because of the possibility of a double-spend attack. I think that cryptocurrency enthusiasts are seriously underestimating the importance of double-spending attacks to the economics of bitcoin and other cryptocurrencies.
A few points that convinced me not to put my money into this system:
If hash capacity were traded on a perfectly competitive market, then it would always make sense to rent 51% of the capacity at market rates, earn the transaction fees, and also perform a double-spending attack. There is no equilibrium point for transaction fees where this attack becomes uneconomical. The only defense is that the market for hash capacity is imperfect.
The market for hash capacity is going to become more efficient over time. ASIC miners will be commoditized, so that hardware investment becomes a much smaller factor in hash cost versus energy. This might be even worse during a bitcoin downturn, because there could be a glut of ASIC miners.
Miners will coordinate with market prices, turning off capacity when the price dips (for example, because someone is underbidding to create a 51% attack). If mining becomes more decentralized, it will be harder for miners to act in their common interest (fending off 51% attacks) and against their immediate interest (selling their hashrate to the highest bidder, or taking it off the market during an underbidding attack).
High transaction volume is not necessarily any help - the more transaction volume, the higher the cost of the attack, but the greater the rewards. The semi-anonymous nature of bitcoin means that one could easily flood the network with double-spend transactions. Attacking a huge network like bitcoin would be an audacious and expensive act, but there are certainly organizations with the resources to do it, e.g. intelligence agencies, organized crime. The massive rewards to such an attack also offset fixed costs such as writing and testing the software to carry out the attack.