The suggestion to reverse transactions on the bitcoin blockchain has caused an uproar on social media with several community members espousing such an idea is not only infeasible but reckless.
Monacoin, bitcoin gold, zencash, verge and now, litecoin cash.
At least five cryptocurrencies have recently been hit with an attack that used to be more theoretical than actual, all in the last month. In each case, attackers have been able to amass enough computing power to compromise these smaller networks, rearrange their transactions and abscond with millions of dollars in an effort that’s perhaps the crypto equivalent of a bank heist.
More surprising, though, may be that so-called 51% attacks are a well-known and dangerous cryptocurrency attack vector.
While there have been some instances of such attacks working successfully in the past, they haven’t exactly been all that common. They’ve been so rare, some technologists have gone as far as to argue miners on certain larger blockchains would never fall victim to one. The age-old (in crypto time) argument? It’s too costly and they wouldn’t get all that much money out of it.
But that doesn’t seem to be the case anymore.
NYU computer science researcher Joseph Bonneau released research last year featuring estimates of how much money it would cost to execute these attacks on top blockchains by simply renting power, rather than buying all the equipment.
One conclusion he drew? These attacks were likely to increase. And, it turns out he was right.
“Generally, the community thought this was a distant threat. I thought it was much less distant and have been trying to warn of the risk,” he told CoinDesk, adding:
“Even I didn’t think it would start happening this soon.”
Inside the attacks
Stepping back, cryptocurrencies aim to solve a long-standing computer science issue called the “double spend problem.”
Essentially, without creating an incentive for computers to monitor and prevent bad behavior, messaging networks were unable to act as money systems. In short, they couldn’t prevent someone from spending the same piece of data five or even 1,000 times at once (without trusting a third party to do all the dirty work).
That’s the entire reason they work as they do, with miners (a term that denotes the machines necessary to run blockchain software) consuming electricity and making sure no one’s money is getting stolen.
To make money using this attack vector, hackers need a few pieces to be in place. For one, an attacker can’t do anything they want when they’ve racked up a majority of the hashing power. But they are able to double spend transactions under certain conditions.
It wouldn’t make sense to amass all this expensive hashing power to double spend a $3 transaction on a cup of coffee. An attacker will only benefit from this investment if they’re able to steal thousands or even millions of dollars.
As such, hackers have found various clever ways of making sure the conditions are just right to make them extra money. That’s why attackers of monacoin, bitcoin gold, zencash and litecoin cash have all targeted exchanges holding millions in cryptocurrency.
By amassing more than half of the network’s hashing power, the bitcoin gold attacker was able to double spend two very expensive transactions sent to an exchange.
Through three successful attacks of zencash (a lesser-known cryptocurrency that’s a fork of a fork of privacy-minded Zcash), the attacker was able to run off with about more than 21,000 zen (the zencash token) worth well over $500,000 at the time of writing.
Though, the attack on verge was a bit different since the attacker exploited insecure rules to confuse the network into giving him or her money. Though, it’s clear the attacks targeted verge’s lower protocol layer, researchers are debating whether they technically constitute 51% attacks.
Small coins at risk
But, if these attacks were uncommon for such a long time, why are we suddenly seeing a burst of them?
In conversation with CoinDesk, researchers argued there isn’t a single, clear reason. Rather, there a number of factors that likely contributed. For example, it’s no coincidence smaller coins are the ones being attacked. Since they have attracted fewer miners, it’s easier to buy (or rent) the computing power necessary needed to build up a majority share of the network.
Further, zencash co-creator Rob Viglione argued the rise of mining marketplaces, where users can effectively rent mining hardware without buying it, setting it up and running it, has made it easier, since attackers can use it to easily buy up a ton of mining power all at once, without having to spend the time or money to set up their own miners.
Meanwhile, it’s grown easier to execute attacks as these marketplaces have amassed more hashing power.
“Hackers are now realizing it can be used to attack networks,” he said.
As a data point for this, someone even erected a website Crypto51 showing how expensive it is to 51% attack various blockchains using a mining marketplace (in this instance, one called NiceHash). Attacking bytecoin, for example, might cost as little as $719 to attack using rented computing power.
“If your savings are in a coin, or anything else, that costs less than $1 million a day to attack, you should reconsider what you are doing,” tweeted Cornell professor Emin Gün Sirer.
On the other hand, larger cryptocurrencies such as bitcoin and ethereum are harder to 51% attack because they’re much larger, requiring more hashing power than NiceHash has available.
“Bitcoin is too big and there isn’t enough spare bitcoin mining capacity sitting around to pull off the attack,” Bonneau told CoinDesk.
But, while Crypto51 gives a rough estimate, ETH Zurich research Arthur Gervais argued to take the results with a grain of salt, since it “ignores” the initial costs of buying hard and software. “Thus, the calculations are oversimplified in my mind,” he added.
The solution: a longer wait
Gervais further argues it’s worth putting these attacks into context. Though a 51% attack is perhaps the most famous cryptocurrency attack, it’s not necessarily the worst in his mind.
He pointed to other malicious bugs, such as one found in zcoin, where, if exploited, a user would have been able to print as many zcoin as they would like. But 51% attacks are still troubling since they can still be worthwhile sometimes, impacting exchanges or whoever happens to be in the crosshairs of the attacker.
“As an industry, we have to put an end to this risk,” Viglione said, pointing to efforts on zencash to stop this from happening again.
Either way, one way for users or exchanges to make sure they aren’t defrauded is to only accept money that’s older, or has been buried by more blocks of transactions, called “confirmations.” The more confirmations there have been, the harder the funds are to steal in a 51% attack.
Initially, exchanges where bitcoin gold was stolen required only five confirmations, and the attacker was able to reverse all of them with their hashing power. In response to the attacks, they have upped the number of confirmations to 50, which has successfully plugged up the attacks, at least for now.
Because of this, developers and researchers contend bigger blockchains with more hashing power behind them are more secure since they require fewer confirmations.
As bitcoin entrepreneur John Light put it:
“Remember this next time someone tells you they use altcoins because they’re ‘cheaper’ to use.”
Fire alarm switch image via Shutterstock
The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.
Privacy-oriented cryptocurrency verge has dealt with several attacks recently, displaying how difficult it is to code blockchains without exploits.
Edan Yago is CEO and founder of Epiphyte, a startup performing FX funds settlement on the bitcoin blockchain for financial institutions.
In this opinion piece, Yago discusses one of the biggest theoretical attacks against bitcoin, and why he believes an upcoming software change fits its definition. Follow Edan Yago on Twitter
In bitcoin’s Necronomicon of possible attacks and weaknesses, one reigns supreme – the 51% attack.
If there is a fear that has played on people’s minds as the end-of-days scenario for bitcoin, it is this. Attackers who hold more than 50% of hashing power could stop transactions from confirming and even reverse some transactions. They could undermine the whole project.
Bitcoin’s design and its system of economic incentives has been set up specifically to combat the destructive potential of a 51% attack. And it has worked. The 51% attack has remained a hypothetical bogeyman. Until now.
By all indication, a coordinated 51% attack will begin on, or around, Nov. 16. That’s when a consortium of miners representing substantially more than 50% of the network’s hashing power and an allied group of blockchain startups will seek to increase the block size.
This will require a hard fork, which while controversial, is a legitimate desire. In itself, this is not an attack.
Where it goes wrong
However, the consortium‘s effort has evolved beyond a simple fork. It is now being developed not simply as an effort to fork the chain, but to do so in such a way as to deliberately prevent the continued existence of the status quo chain.
Specifically, the developers involved have declined to introduce replay protection.
The 2x fork will create a situation where transactions performed on one fork, can be “replayed” on the second fork. In effect, users will have funds on both blockchains, but any transaction they perform on one blockchain could lead to a loss of funds on the other blockchain.
Replay protection is a fairly easy-to-implement method to protect users from this risk. Network attacks are those actions taken with the intention of disrupting the protocol’s normal functioning. The 2x change, bereft of replay protection, causes massive disruption. This is by design.
Without replay protection in place, a minority chain becomes less likely to survive.
Question of motives
The preferred outcome for the consortium is that the status quo chain ceases to exist, that its transactions fail to confirm.
This is the literal definition of a 51% attack. If it sounds a bit bizarre to call the consortium’s effort an attack, that’s because it is. The consortium comprises many real supporters of bitcoin, acting in what they believe is good faith. They don’t mean to be attacking bitcoin.
However, without replay protection their efforts are like an autoimmune disease, having become overzealous and perverted.
So, bitcoin is finally coming to come face-to-face with the mother of all attacks. This is a watershed moment. The very worst outcomes are bad indeed.
Transactions could grind to a halt, faith in the system could be lost, bitcoin and by extension, the entire blockchain world could prove to be far more vulnerable to attack than we hoped.
We shall overcome
However, there is also another possible, even more likely, outcome.
Bitcoin could prove resilient to the consortium’s attack and emerge battered but unbroken. In so doing, bitcoin will have proven itself resilient to even its greatest foe.
It is hard to overstate how important this will be to bitcoin’s perceived reliability. Bitcoin has always been haunted by the risk that its rules might come to be dictated by special interest groups or hostile, state-sponsored parties.
This risk is never going completely away, but instead of the risk being a hypothetical bogeyman, it will become a much more prosaic thing: a successfully managed risk.
The 51% attack is bitcoin’s boss level. I don’t think it’s an exaggeration to say that we are now at the end of the beginning. If we successfully overcome this coming challenge, bitcoin will no longer be just an experiment, it will be a fact.
But don’t expect less drama — we are now entering bitcoin’s adolescence.
HODL on tight, things will get hairy.
Disagree? Have your say on the Segwit2x debate. Email CoinDesk managing editor Marc Hochstein at firstname.lastname@example.org to pen your rebuttal.
Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which helped organize the Segwit2x agreement.
Toy monster image via Shutterstock
The leader in blockchain news, CoinDesk strives to offer an open platform for dialogue and discussion on all things blockchain by encouraging contributed articles. As such, the opinions expressed in this article are the author’s own and do not necessarily reflect the view of CoinDesk.