SoylentNews is people
SoylentNews
from the Oops,-the-honest-people-are-in-a-minority-again dept.
A malicious miner successfully executed a double spend attack on the Bitcoin Gold network last week, making BTG at least the third altcoin to succumb to a network attack during that timespan.
[...] To execute the attack, the miner acquired at least 51 percent of the network's total hashpower, which provided them with temporary control of the blockchain. Obtaining this much hashpower is incredibly expensive — even on a smaller network like bitcoin gold — but it can be monetized by using it in tandem with a double spend attack.
After gaining control of the network, the attacker began depositing BTG at cryptocurrency exchanges while also attempting to send those same coins to a wallet under their control. Ordinarily, the blockchain would resolve this by including only the first transaction in the block, but the attacker was able to reverse transactions since they had majority control of the network.
Consequently, they were able to deposit funds on exchanges and quickly withdraw them again, after which they reversed the initial transaction so that they could send the coins they had originally deposited to another wallet.
A bitcoin gold address implicated in the attack has received more than 388,200 BTG since May 16 (mostly from transactions it sent to itself). Assuming all of those transactions were associated with the double spend exploit, the attacker could have stolen as much as $18.6 million worth of funds from exchanges.
The last transaction was sent on May 18, but the attacker could theoretically attempt to resume it if they still have access to enough hashpower to gain control of the blockchain.
Bitcoin gold's developers advised exchanges to address the attack by increasing the number of confirmations required before they credit deposits to customer accounts. Blockchain data indicates that the attacker successfully reversed transactions as far back as 22 blocks, leading developers to advise raising confirmation requirements to 50 blocks.
Bitcoin Gold appears to use a standard ~10 min block rate so the new recommendation is for exchanges to hold funds for ~8 hours before clearing them.
(Score: 3, Interesting) by bob_super on Thursday May 24 2018, @04:44PM (4 children)
> the miner acquired at least 51 percent of the network's total hashpower
Well .. there's your problem.
What can you do about that? Make it an 80% decision, hoping that the same people who can summon 51% somehow can't get to 80%?
It's a normal cryptocurrency issue. How about you tell us how that major achievement happened, dear TFA ?
(Score: 2) by JoeMerchant on Thursday May 24 2018, @04:52PM (2 children)
I'd say it's a normal Proof Of Work cryptocurrency issue. As for how: isn't that rather obvious? The attackers' combined efforts hashed faster than everyone else put together.
As unsuccessful as it has been at gaining popular adoption for securing e-mail and similar communications, I've long thought that a Web-of-Trust type solution seems appropriate here. As I mentioned above, it looks like Ripple is slowly working toward that kind of solution - slowly because they can already process 1500+ transactions per second without having to open up too wide of a web. Do I trust them to successfully implement a wide web of trustable validators? No, no I don't - and I don't like their 100B reserve currency just waiting to be dumped by decision of the validators, either. But I do like the core concepts, especially throwing PoW under the bus.
🌻🌻 [google.com]
(Score: 2) by bob_super on Thursday May 24 2018, @05:13PM (1 child)
> The attackers' combined efforts hashed faster than everyone else put together.
Considering that the whole point of PoW is how unlikely that is, by design, it would have been nice to read about actual rates, and how they were achieved.
(Score: 2) by JoeMerchant on Thursday May 24 2018, @05:20PM
I think you can infer the actual rates required from the data here: https://bitinfocharts.com/bitcoin%20gold/ [bitinfocharts.com]
As for how... yeah, I bet the exchange(s) that got hit with > $18M in double-spend fraud would like to know that, too.
🌻🌻 [google.com]
(Score: 1) by HyperQuantum on Friday May 25 2018, @11:17AM
Wouldn't this just create a different kind of problem? Anyone who would get more than 20% could then veto any transaction. "That's a nice business you got there... now pay me if you want your transactions to succeed"