Posted on

BitPico: BCash Defense Against an Attack is to “Censor, Manipulate, Blame and Cry”

BitPico, the anonymous group of developers known in the crypto sphere for the tests they conducted on the integrity of several blockchains, has announced that they are preparing an attack on the Bitcoin Cash network to evaluate how well it can withstand such stress.

According to BitPico, the intention is to find out whether Bitcoin Cash is a blockchain with a high level of centralization or is it transparent about its degree of decentralization.

The account says they expect to conduct a progressive stress test of up to 5000 nodes in 6 weeks, with the intention of seeing the consequences and testing the integrity of the network.

However, one of the most prominent threats is the security they claim to have of being able to fork the chain and verify that a 51% attack is possible.

The group has earned an important reputation for being able to perform stress tests on various platforms. One of the most common ways is to perform an excesive number of operations and requests, or DDoS attacks.

The BCH community in Reddit which, curiously enough, is more active in r/BTC than in the official Reddit of said altcoin r/BCH has criticized the announcement. Some question its veracity while others criticize that the attack may be more than just ethical hacking.

Reddit user chainxor commented that performing a 51% attack would be extremely costly and highly unlikely to happen for at least one group with little investment capacity.

BitPico: “Attacks” Also Happen on Social Media

After the news broke, other media outlets criticized BitPico’s seemingly dishonest intent and were quick to discredit it, calling into question its reputation for unsuccessfully attacking the LN network.

Faced with these statements, BitPico directly questioned the low level of impartiality of the article. For Bitpico, BCH uses some media to censor facts and manipulate information.

They mention that BCH’s “only defense is to censor, manipulate, blame and cry.”

A Little More Technical:

A few days ago, BitPico tweeted a transcript of an unpublished interview for Coindesk. In the sample the procedure that would follow to carry out the attacks on the network of BCH and to try a fork of the famous altcoin:

– Why do you think you’ll be able to fork the blockchain?

There are only a handful of mining pools and not enough nodes to enforce network rules; isolating majority of these nodes allows us to utilize our own nodes to withhold blocks and/or headers, reject blocks and/or headers, purposefully fail to relay block’s and/or headers and so on.

Recently the Bitcoin Cash network has hard forked to accept 32 Megabyte blocks. With a combination of sybil attacks and our farm producing 32 Megabyte blocks (in-advance) we can inject enough blocks to induce latency and churn into the network so that miners will fall behind on consensus and begin to build their own chains since we will have isolated all of the miners nodes to our own nodes with different rules regarding blocks sizes they are willing to accept.

At this point anyone can double-spend at any Bitcoin Cash Zero Confirmation merchant, even from a light client and with zero-effort; the funds will simply show back up once

loading…

Posted on

Bitmain Dominates Bitcoin Mining Hashrate – Almost at 51 Percent

Bitmain has attained approximately 42 percent control of the Bitcoin network hashrate. This figure brings the company tantalizingly close to 51 percent mark where things could get interesting. Bitmain is the biggest manufacturer of BTC mining hardware, and they also own the largest Bitcoin mining pools in the market.

Bitmain Almost at 51 Percent Control

According to the figures released by BTC.com, Bitmain’s mining pools continue to dominate the network hashrate. The company owns the BTC.com and AntPool mining pools. During this past week, BTC.com and AntPool found 27.2 percent and 14.6 percent of all Bitcoin blocks. Thus, Bitmain effectively controlled 42 percent of the network hashrate in the last week.

Perhaps even more profound is the fact that Bitmain doesn’t utilize all of its hashpower BTC mining. The company also mines Bitcoin Cash, the most popular BTC fork. Both BTC and BCH use the same proof of work (PoW) algorithm. Thus, the same mining hardware can be used to mine both. However, one miner cannot mine both cryptocurrencies simultaneously. As a result, Bitmain shares its hashpower between both networks.

In the previous seven days, BTC.com and AntPool controlled 10.4 percent and 10.6 percent respectively, of the BCH hashrate. This means that Bitmain found approximately 21 percent of all Bitcoin Cash blocks discovered in the last one week.

Implications of Bitmain Gaining More Control

Assuming the company decided to apply all of its mining resources to the BTC network, its control of the blockchain’s hashrate would increase. This increase, however, wouldn’t be linear since the mining difficulty in BTC exceeds that of BCH by over 70 percent. Thus, only an additional three percent would be added to Bitmain’s control if it stopped sharing its hashpower between BTC and BCH, focusing only on Bitcoin. By so doing, Bitmain would control 45 percent of BTC’s network hashrate.

Bitmain controlling 51 percent of the BTC network hashrate has profound implications for the immutability of the cryptocurrency’s ledger. 51 percent control of a blockchain network, in theory, would enable the company to carry out double-spend attacks thus compromising the integrity of BTC transactions. Bitmain is unlikely to have any incentive to engage in such activities, but cybercriminals could hack the company and commandeer their operations.

To forestall such an occurrence, the company has always operated in small divisions with some pools having a semblance of independence from the company. For example, BTC.com is somewhat independent of Bitmain even though the company owns the BTC.com platform.

The Increasing Bitcoin Hashrate

Despite the steady decline in BTC prices since the start of the year, the network hashrate has moved in the other direction. In fact, BTC mining hash rate has tripled since December 2017, while the price of Bitcoin has dropped to approximately a third of its value within the same period.

With the drop in prices and the increasing hashrate, it is currently more difficult to mine Bitcoin than it was in December 2017. For smaller mining operations, the price drop is a significant problem that could render them unable to continue the business. If they close up shop and new miners don’t enter the market, there is the possibility of Bitmain grabbing control of a much larger share of the hashrate. Since Bitmain manufactures its hardware, it can most likely survive for much longer even in the face of increasing mining difficulty and reducing prices.

Bitcoin is currently down to its lowest level since the start of 2018. BTC prices fell below $6,000 for the first time in 2018 as the top-ranked crypto continues to struggle.

Should Bitcoin enthusiasts be concerned about a possible 51 percent control of the blockchain’s hashrate by Bitmain? Will the increasing hashrate and declining price levels force miners to quit? Let us know your views in the comment section below.

Image courtesy of BTC.com, Blockchain.info, and CoinMarketCap.

loading…

Posted on

51% Attack: ZenCash the Latest Victim of a Suspected Double-Spend Attack

ZenCash is the latest cryptocurrency to suffer a suspected 51% attack in the last two months. Others like Electroneum, Verge, and Bitcoin Gold have also fallen victim to the 51% percent attack – the number one scourge of the poorly secured public blockchain network.

Details of the Attack

According to a report on the ZenCash blog, the attack occurred in the early hours (GMT) on June 3, 2018. The suspected hacker took control of a pool operator rolling back a few transactions. The attacker succeeded in pushing back 38 blocks and carrying out a double spend attack in the space of four blocks. In the end, the suspected attacker performed two double-spend attacks of 6,600 ZEN and 13,000 ZEN respectively. At the current market rate, the hack cost the network about $550,000. The price of ZenCash has declined by 7 percent since the hack.

Details released by ZenCash show that znkMXdwwxvPp9jNoSjukAbBHjCShQ8ZaLib is the suspected pool address. At the end of the exploit, the funds were deposited in this address – zneDDN3aNebJUnAJ9DoQFys7ZuCKBNRQ115. ZenCash is already investigating the attack in tandem with connected exchange platforms. At the time of writing this article, there are no indications as to what the suspected hacker did with the funds.

The attack may have been more severe but for the timely intervention of the team who immediately alerted exchange platforms of the hack. By increasing the confirmations for large deposits, exchange platforms can help in thwarting 51% attacks. According to ZenCash, the hash rate at the time of the exploit was about 58MSol/s. Preliminary indications point to the attacker running a private mining operation with enough hash power to hijack a mining pool. The hacker could also have increased his/her computing power by renting additional hash power.

51% Attacks are all the Rage Right Now

Since April, there have been at least five 51% attacks on four different cryptocurrency networks, including ZenCash. Verge (XVG) has been hit at least two times with more than $2 million lost. Equi-hash-based digital currencies seem to be the most prone to such attacks. In a 51% attack, the hacker gains control of more than half of the computing power of the network. Thus, they manipulate timestamps and manufacture blocks, earning mining rewards. The attacker can also combine this exploit with a double-spend attack which is even more devastating.

Recently, EWN published a story that showed how for less than $1,000 some cryptocurrencies networks could be hacked. The ZenCash hack lasted for about four hours. Based on that report, the hacker may have spent $30,000 in prosecuting the hack. The presence of hash-renting services like NiceHash is undoubtedly a huge problem for smaller blockchains.

The size of a blockchain is usually the best defense against a 51% attack. Electricity and hardware maintenance costs are also an obstacle against carrying out such attacks. However, with hackers being able to rent hash power for a relatively cheap amount, then smaller blockchain surely have a reason to worry. The recent spate of attacks has also added more fire to the ASIC vs. GPU debate and how centralized mining can offer more security for blockchains.

Are you concerned about the recent spate of 51% attacks in the cryptocurrency market at the moment? Will these attacks compromise the integrity of the industry in the long run? Keep the conversation going in the comment section below.

Images courtesy of ZenCash, CoinMarketCap, and Pixabay.

Posted on

Charlie Lee: Litecoin is “Extremely Secure”

In a recent tweet, Charlie Lee stated that Litecoin is an extremely secure cryptocurrency, discarding the possibility of a 51% attack.

The tweet calms the anguish of many users given the recent wave of attacks on several altcoins as a result of the exploitation of their consensus algorithms.

Recently, Verge (XVG) suffered two 51% attacks as a result of an induced reduction in the difficulty of its mining. Verge uses five consensus algorithms, being Scrypt — the same one used by LTC — one of them.

The hacker’s M.O was to attack only one consensus algorithm instead of all five. They chose Scrypt, something that could have triggered some alarms.

According to Charlie Lee, Litecoin is extremely secure because it is the leading crypto using that precise consensus algorithm.

By his reasoning, having a much higher market cap than the rest of its “sisters,” the costs associated with a hack would be higher than the profits.

He advised relying mostly on the most important crypto of each consensus algorithm as a security measure.

Also, Mr Lee published a series of studies that show how easy it is to carry out 51% of attacks, mainly due to the reduction in energy costs.

¿What Makes Litecoin “Extremely Secure”?

However, speaking about Litecoin, Charlie Lee thinks “miners won’t attack and kill their cash chickun,” that is to say, even if they associate themselves, the damage caused by a miners’ attack would considerably reduce their profitability.

Litecoin is 99% dominant in the ecosystem of Scrypt-based PoW altcoins. The amount of resources needed for a hack is hundreds of times higher than its nearest competitor:

Other reasons Charlie Lee pointed out for promoting confidence in his altcoin were:

  • Pools are well distributed (largest 22%)
  • Hashrate up 50x (past 1 year)
  • High capital costs to attack ($322-761MM + ~$38-50k/hr)

The problem of pool mining has been widely criticized along with the design of ASICS for cryptos with non-ASIC-friendly algorithms such as Litecoin, Ethereum or Monero.

This situation has been resolved in many ways depending on how the proponents deal with the issue:

  • Monero is the most active and categorical. They automatically announced a fork to avoid their ASIC mining.
  • Ethereum had a strong movement that wanted to make a fork like Monero. However, Vitalik Buterin opposed and preferred to focus on his migration to PoS.
  • Litecoin made no substantial changes to its configuration, including Charlie Lee saying that ASICS could be a good opportunity for innovation.

At this time, Litecoin is quoted at a price of 116$ according to coinmarketcap.com data.

Neither Verge nor the rest of the altcoins’ spokespersons have issued any statements regarding Mr Lee’s tweets

Posted on

51% Attacks for Under $1000: New Site Shows Alarmingly Low Attack Costs

A Reddit user posted a website they made displaying the staggeringly low costs of carrying out a 51% attack on coins with few nodes or low security. Bytecoin could be taken over allowing users to double-spend the same funds twice for as little as $557 an hour, while Bitcoin Gold could be attacked for $3,800 an hour.

Other sites have tackled the 51% attack cost estimates before, but with a fatal flaw: They assumed the attackers were buying the hardware, when really it can just be rented remotely. While the hardware required to attack the Bitcoin network would cost $1 billion with hourly electricity costs of $500,000, other coins are not quite as secure.

The NiceHash service allows users to rent hashing power to mine cryptocurrency, providing the vast server farms necessary so the users can avoid the astronomical capital investment costs. NiceHash only has 2% of the hardware required to attack the Bitcoin network, but other currencies are well within reach.

What is a 51% attack?

Bitcoin was designed with the Proof of Work system which requires people to verify transactions with by using powerful computers to guess the number to complex algorithms. These people are called miners, and the more miners there are, the more difficult the algorithms become and the more processing power is required to run the network. This makes it very expensive to consider attacking large networks: Bitcoin alone uses more electricity than the island of Ireland.

The method of guessing numbers is called hashing, and the number of guesses a miner can make is called the hash rate. A miner or mining group controlling 51% of the hash rate is essentially in complete, non-competetive control of the entire network. Let’s say an attacker is in control of “X-coin”. They could send their X-coins to an exchange and trade them for Bitcoin, and then eliminate the transaction history from the blockchain history, leaving them with the original X-coin amount and the new Bitcoin as well.

If the figures are accurate, this is a major security concern for many different alt-coins using the Proof of Work system. The Proof of Stake system could theoretically be subjected to a 51% attack as well, but attackers would need to purchase and stake approximately half of the total coin supply. Buying coins drives up the price, making it very expensive to acquire half – it also makes it difficult to estimate the cost of an attack.

Charlie Lee of Litecoin is among the many people concerned at the figures displayed on the Crypto51.app website.