SoylentNews is people
SoylentNews
from the Oops,-the-honest-people-are-in-a-minority-again dept.
A malicious miner successfully executed a double spend attack on the Bitcoin Gold network last week, making BTG at least the third altcoin to succumb to a network attack during that timespan.
[...] To execute the attack, the miner acquired at least 51 percent of the network's total hashpower, which provided them with temporary control of the blockchain. Obtaining this much hashpower is incredibly expensive — even on a smaller network like bitcoin gold — but it can be monetized by using it in tandem with a double spend attack.
After gaining control of the network, the attacker began depositing BTG at cryptocurrency exchanges while also attempting to send those same coins to a wallet under their control. Ordinarily, the blockchain would resolve this by including only the first transaction in the block, but the attacker was able to reverse transactions since they had majority control of the network.
Consequently, they were able to deposit funds on exchanges and quickly withdraw them again, after which they reversed the initial transaction so that they could send the coins they had originally deposited to another wallet.
A bitcoin gold address implicated in the attack has received more than 388,200 BTG since May 16 (mostly from transactions it sent to itself). Assuming all of those transactions were associated with the double spend exploit, the attacker could have stolen as much as $18.6 million worth of funds from exchanges.
The last transaction was sent on May 18, but the attacker could theoretically attempt to resume it if they still have access to enough hashpower to gain control of the blockchain.
Bitcoin gold's developers advised exchanges to address the attack by increasing the number of confirmations required before they credit deposits to customer accounts. Blockchain data indicates that the attacker successfully reversed transactions as far back as 22 blocks, leading developers to advise raising confirmation requirements to 50 blocks.
Bitcoin Gold appears to use a standard ~10 min block rate so the new recommendation is for exchanges to hold funds for ~8 hours before clearing them.
(Score: 0) by Anonymous Coward on Thursday May 24 2018, @06:37PM (8 children)
... layer.
Yes, you're right: There is a lot more trust in the world than zero, and that trust can be exploited for mutual profit.
However, Bitcoin is a more fundamental system the that; it works not only when there is zero trust, but also in the face of active attackers.
So, build your trust into a higher-level protocol, but use Bitcoin to take snapshots of the state of your trustworthy world, or use Bitcoin to escape potential attacks when trustworthiness becomes uncertain.
(Score: 2) by JoeMerchant on Thursday May 24 2018, @07:23PM (7 children)
Does it, really? You're trusting more than 50% of the hashing power to play fairly. I believe there's not really a way to increase that ratio in your "trust free zone," either: say you require 80% agreement, well - now an attacker only needs to gain 21% control to shut down processing.
🌻🌻 [google.com]
(Score: 1, Interesting) by Anonymous Coward on Thursday May 24 2018, @10:19PM (6 children)
Firstly, having a hashing majority simply allows one, at great cost, to make a limited set of mild manipulations for a limited time (people start noticing), such as toppling a handful of the top blocks, slowing down the processing of particular transactions, etc. Meanwhile, each new block secures ever more the blocks on which it is built, which is still a service, and is one reason why Bitcoin would probably serve best as a settlement layer.
Secondly, if there's enough aggravation, it could be incentive to whip up support among fair players (or just opponents of the attacker, such as one government against another) to fund competing minors. There's a huge incentive to keep an attacker from ruining the value that has been poured into growing the system.
Secondly, nobody really has to put up with it; if there's enough aggravation, both miners and non-miners could agree on new rules that disadvantages the bad actor, which might be enough to render such an attack too expensive to keep repeating; this need not be too invasive, either, as a soft fork could allow people to begin transacting with a different PoW algorithm, essentially transitioning to a side chain where the bad actor must once again foot the bill of building up a majority hashing rate.
(Score: 3, Funny) by Justin Case on Thursday May 24 2018, @10:48PM
Hell yeah I'd fund that! And them with whips even!!! I'm assuming because it's all blockchain the feds will never bust me since I'll be invisible.
Let's keep it tasteful, though. No minors under 12. That's just creepy. Especially if they're wrestling naked in a giant vat of olive oil.
Oh, you meant "miners"?
See, sometimes literacy does matter.
(Score: 2) by JoeMerchant on Friday May 25 2018, @03:11PM (4 children)
So, the bad actor has forced manual intervention (I know, ethereum does this all the time), and changing everybody else's hashing gear to run away from them.
Except, what's to stop this bad actor from adapting their hashing gear over onto the new fork and doing it all over again?
I think some of what is going on with Bitcoin Gold and the other exploited coins is that there's so much compatibility between competing miner networks that somebody has built up a powerful hashing pool and is jumping from one relatively little network to the next, thrashing them and then moving on. This does not bode well for the whole theory of a distributed multi-layered Proof Of Work system, since each independent honest miner network will have to be bigger (more expensive) than the largest malicious network out there.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Friday May 25 2018, @05:56PM
People can still use the old rules.
(Score: 1) by khallow on Sunday May 27 2018, @12:57AM (2 children)
The lack of profitability?
(Score: 2) by JoeMerchant on Sunday May 27 2018, @02:22AM (1 child)
I'm just going to throw out a guess here that $18M in the space of less than a day was a profitable day for the attacker.
🌻🌻 [google.com]
(Score: 1) by khallow on Sunday May 27 2018, @04:20AM