A malicious miner successfully executed a double spend attack on the Bitcoin Gold network last week, making BTG at least the third altcoin to succumb to a network attack during that timespan.
[...] To execute the attack, the miner acquired at least 51 percent of the network's total hashpower, which provided them with temporary control of the blockchain. Obtaining this much hashpower is incredibly expensive — even on a smaller network like bitcoin gold — but it can be monetized by using it in tandem with a double spend attack.
After gaining control of the network, the attacker began depositing BTG at cryptocurrency exchanges while also attempting to send those same coins to a wallet under their control. Ordinarily, the blockchain would resolve this by including only the first transaction in the block, but the attacker was able to reverse transactions since they had majority control of the network.
Consequently, they were able to deposit funds on exchanges and quickly withdraw them again, after which they reversed the initial transaction so that they could send the coins they had originally deposited to another wallet.
A bitcoin gold address implicated in the attack has received more than 388,200 BTG since May 16 (mostly from transactions it sent to itself). Assuming all of those transactions were associated with the double spend exploit, the attacker could have stolen as much as $18.6 million worth of funds from exchanges.
The last transaction was sent on May 18, but the attacker could theoretically attempt to resume it if they still have access to enough hashpower to gain control of the blockchain.
Bitcoin gold's developers advised exchanges to address the attack by increasing the number of confirmations required before they credit deposits to customer accounts. Blockchain data indicates that the attacker successfully reversed transactions as far back as 22 blocks, leading developers to advise raising confirmation requirements to 50 blocks.
Bitcoin Gold appears to use a standard ~10 min block rate so the new recommendation is for exchanges to hold funds for ~8 hours before clearing them.
(Score: 3, Insightful) by Snow on Thursday May 24 2018, @05:48PM (20 children)
Ripple instamined the vast majority of XRP and assigned them to themselves.
Ripple's central authorities are also a liability because a government could knock down their door and shut the entire network down.
(Score: 2) by JoeMerchant on Thursday May 24 2018, @06:11PM (9 children)
I totally agree on both points, however... I do like the basic premises behind Ripple - web-of-trust over proof-of-work.
I think where they are missing the point is that they are holding on too tight. If (big if) they could provide some incentive-rewards for running validator nodes, speed development of a larger trusted core of validators, and of course burn the hell out of bad actors, I think they'd have something worth using. Of course, there's always the problem that your trusted core of validators gets pwned by some party that just wants to screw the system over (Warren Buffet's buddies?), but that could be what's happening in Bitcoin Gold right now, too.
They have some interesting ideas about operating as an exchange platform, but at the end of the day they still publish their XRP and it tracks BTC nearly 1:1, the open market never ceases to amaze me in how deep it does not look when determining value.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Thursday May 24 2018, @06:37PM (8 children)
... layer.
Yes, you're right: There is a lot more trust in the world than zero, and that trust can be exploited for mutual profit.
However, Bitcoin is a more fundamental system the that; it works not only when there is zero trust, but also in the face of active attackers.
So, build your trust into a higher-level protocol, but use Bitcoin to take snapshots of the state of your trustworthy world, or use Bitcoin to escape potential attacks when trustworthiness becomes uncertain.
(Score: 2) by JoeMerchant on Thursday May 24 2018, @07:23PM (7 children)
Does it, really? You're trusting more than 50% of the hashing power to play fairly. I believe there's not really a way to increase that ratio in your "trust free zone," either: say you require 80% agreement, well - now an attacker only needs to gain 21% control to shut down processing.
🌻🌻 [google.com]
(Score: 1, Interesting) by Anonymous Coward on Thursday May 24 2018, @10:19PM (6 children)
Firstly, having a hashing majority simply allows one, at great cost, to make a limited set of mild manipulations for a limited time (people start noticing), such as toppling a handful of the top blocks, slowing down the processing of particular transactions, etc. Meanwhile, each new block secures ever more the blocks on which it is built, which is still a service, and is one reason why Bitcoin would probably serve best as a settlement layer.
Secondly, if there's enough aggravation, it could be incentive to whip up support among fair players (or just opponents of the attacker, such as one government against another) to fund competing minors. There's a huge incentive to keep an attacker from ruining the value that has been poured into growing the system.
Secondly, nobody really has to put up with it; if there's enough aggravation, both miners and non-miners could agree on new rules that disadvantages the bad actor, which might be enough to render such an attack too expensive to keep repeating; this need not be too invasive, either, as a soft fork could allow people to begin transacting with a different PoW algorithm, essentially transitioning to a side chain where the bad actor must once again foot the bill of building up a majority hashing rate.
(Score: 3, Funny) by Justin Case on Thursday May 24 2018, @10:48PM
Hell yeah I'd fund that! And them with whips even!!! I'm assuming because it's all blockchain the feds will never bust me since I'll be invisible.
Let's keep it tasteful, though. No minors under 12. That's just creepy. Especially if they're wrestling naked in a giant vat of olive oil.
Oh, you meant "miners"?
See, sometimes literacy does matter.
(Score: 2) by JoeMerchant on Friday May 25 2018, @03:11PM (4 children)
So, the bad actor has forced manual intervention (I know, ethereum does this all the time), and changing everybody else's hashing gear to run away from them.
Except, what's to stop this bad actor from adapting their hashing gear over onto the new fork and doing it all over again?
I think some of what is going on with Bitcoin Gold and the other exploited coins is that there's so much compatibility between competing miner networks that somebody has built up a powerful hashing pool and is jumping from one relatively little network to the next, thrashing them and then moving on. This does not bode well for the whole theory of a distributed multi-layered Proof Of Work system, since each independent honest miner network will have to be bigger (more expensive) than the largest malicious network out there.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Friday May 25 2018, @05:56PM
People can still use the old rules.
(Score: 1) by khallow on Sunday May 27 2018, @12:57AM (2 children)
The lack of profitability?
(Score: 2) by JoeMerchant on Sunday May 27 2018, @02:22AM (1 child)
I'm just going to throw out a guess here that $18M in the space of less than a day was a profitable day for the attacker.
🌻🌻 [google.com]
(Score: 1) by khallow on Sunday May 27 2018, @04:20AM
(Score: 3, Interesting) by JoeMerchant on Thursday May 24 2018, @06:58PM (9 children)
Holy F! - I just found this nugget:
That's out of a 100B total pool, so they're floating themselves 1B XRP per month for 8+ years... and yet it continues to track BTC at a fixed ratio.
Shenanigans.
🌻🌻 [google.com]
(Score: 1) by khallow on Friday May 25 2018, @02:26AM (8 children)
(Score: 2) by JoeMerchant on Friday May 25 2018, @11:55AM (7 children)
Exactly: Shenanigans. Illegal shenanigans if that's what they're doing: https://www.pymnts.com/cryptocurrency/2018/bitcoin-criminal-probe-regulation/ [pymnts.com]
🌻🌻 [google.com]
(Score: 1) by khallow on Friday May 25 2018, @12:00PM (6 children)
(Score: 2) by JoeMerchant on Friday May 25 2018, @01:13PM (5 children)
From the linked article: spoofing and wash trading are illegal.
If individuals or groups are trading XRP with themselves in order to manipulate the market price up or down, that's wash trading, and illegal.
Like most bad laws it's difficult to prove: intent or collusion or manipulation of market price, but that doesn't change the illegal status, and in every market manipulation there are damaged parties who either paid more or received less than they would have without the manipulation (or, as you say: muscling).
What really makes it illegal is somebody's willingness to pursue it in a court of law coupled with a victory - then it becomes case law, of which there is quite a bit existing for wash trading. The legal system in its current form isn't one I love, but it is the one we have.
🌻🌻 [google.com]
(Score: 1) by khallow on Saturday May 26 2018, @03:26AM (4 children)
And that has what to do with the managers of the currency?
Except when it's not illegal. For example, stock buybacks aren't illegal.
(Score: 2) by JoeMerchant on Saturday May 26 2018, @11:59AM (3 children)
Unless you've sold stock to a colluding party, and then buy it back in a short time frame, that becomes an illegal wash.
What's colluding? What's short? Yeah, the law sucks, but it's the law.
🌻🌻 [google.com]
(Score: 1) by khallow on Saturday May 26 2018, @09:29PM (2 children)
So not always illegal as I already noted.
(Score: 2) by JoeMerchant on Saturday May 26 2018, @09:54PM (1 child)
And f-ing hard to prove in court, which is why all the chat room pump and dumps of the 2000 dot-com bust got away with their shenanigans.
Illegal if you can bring a case and make it stick. Cybercurrency traders are an order of magnitude bolder than the chat roomers from ~20 years ago, I'm sure there's available records all over the internet that would make a case for wash sales and even spoofing (I think one guy is actually using Spoofer as his pseudonym...) Now, does anybody care enough to bring the case? We will see.
🌻🌻 [google.com]
(Score: 1) by khallow on Sunday May 27 2018, @12:55AM