A malicious miner successfully executed a double spend attack on the Bitcoin Gold network last week, making BTG at least the third altcoin to succumb to a network attack during that timespan.
[...] To execute the attack, the miner acquired at least 51 percent of the network's total hashpower, which provided them with temporary control of the blockchain. Obtaining this much hashpower is incredibly expensive — even on a smaller network like bitcoin gold — but it can be monetized by using it in tandem with a double spend attack.
After gaining control of the network, the attacker began depositing BTG at cryptocurrency exchanges while also attempting to send those same coins to a wallet under their control. Ordinarily, the blockchain would resolve this by including only the first transaction in the block, but the attacker was able to reverse transactions since they had majority control of the network.
Consequently, they were able to deposit funds on exchanges and quickly withdraw them again, after which they reversed the initial transaction so that they could send the coins they had originally deposited to another wallet.
A bitcoin gold address implicated in the attack has received more than 388,200 BTG since May 16 (mostly from transactions it sent to itself). Assuming all of those transactions were associated with the double spend exploit, the attacker could have stolen as much as $18.6 million worth of funds from exchanges.
The last transaction was sent on May 18, but the attacker could theoretically attempt to resume it if they still have access to enough hashpower to gain control of the blockchain.
Bitcoin gold's developers advised exchanges to address the attack by increasing the number of confirmations required before they credit deposits to customer accounts. Blockchain data indicates that the attacker successfully reversed transactions as far back as 22 blocks, leading developers to advise raising confirmation requirements to 50 blocks.
Bitcoin Gold appears to use a standard ~10 min block rate so the new recommendation is for exchanges to hold funds for ~8 hours before clearing them.
(Score: 3, Insightful) by JoeMerchant on Thursday May 24, @04:36PM (1 child)
I only recently became aware of how Ripple operates [ripple.com].
There are pluses and minuses to Ripple's curated list of trusted validators approach.
I think Bitcoin Gold just demonstrated a minus of trusting the collective network to operate more than 50% honestly because it's just so damn expensive to gain majority share.
(Score: 0) by Anonymous Coward on Thursday May 24, @05:01PM
Each individual's personal risk profile can be used to determine how one uses the network.
These exchanges lost, because they were risk taking rather than risk averse.
On a decentralized PoW blockchain Just wait longer for exponentially stronger statistical guarantees.
All this proved is that, as usual, nobody in a position of power actually knows what he's doing.
(Score: 2) by MichaelDavidCrawford on Thursday May 24, @04:40PM
Just five individuals control 30% of BitCoin's hash rate.
This commenced when the Godless Commies built lots of coal-fired power plants so as to promote the economic development of rural communities. The hoped-for development didn't work out so China was possessed of vast quantities of idle generating capacity.
All it really takes to Mine The Wealth Of Croseus is to purchase one single rig then bootstrap. One's income growth is not quite geometric because the difficulty factor of most cryptos increases with time so as to maintain a constant rate of newly-mined blocks as technology advances and so hash rate increases.
In the case of BitCoin that rate is roughly one block each ten minutes.
(Strictly speaking, the difficulty is actually _decreasing_ but the effort required to solve a block increases as that solution requires a hash of the header to be less than the value of the block's difficulty field.)
We now have the problem that Bitmain makes the very fastest and most energy efficient ASIC rigs. It also operates Antpool which quite likely has the highest hash rate of all the world's pools.
I myself am bootstrapping but I have better ways to
spank the monkeyspend my time than stressing over electric bills and the depreciation of industrial air conditioners. My plan is to fill one full rack with Antiminers and power supplies. That would at last free me from selling my bodylabor to The Man and so grant my freedom to focus on hookers and blowmy music and my writing.
I have come to regard music and writing as my life's work as I have come to understand that no code I could ever hope to write would
ever shipoutlive me.
"MICHAEL DAVID CRAWFORD IS A LYING MOTHERFUCKER."
-- Anonymous Coward
(Score: 2) by bob_super on Thursday May 24, @04:44PM (1 child)
> the miner acquired at least 51 percent of the network's total hashpower
Well .. there's your problem.
What can you do about that? Make it an 80% decision, hoping that the same people who can summon 51% somehow can't get to 80%?
It's a normal cryptocurrency issue. How about you tell us how that major achievement happened, dear TFA ?
(Score: 2) by JoeMerchant on Thursday May 24, @04:52PM
I'd say it's a normal Proof Of Work cryptocurrency issue. As for how: isn't that rather obvious? The attackers' combined efforts hashed faster than everyone else put together.
As unsuccessful as it has been at gaining popular adoption for securing e-mail and similar communications, I've long thought that a Web-of-Trust type solution seems appropriate here. As I mentioned above, it looks like Ripple is slowly working toward that kind of solution - slowly because they can already process 1500+ transactions per second without having to open up too wide of a web. Do I trust them to successfully implement a wide web of trustable validators? No, no I don't - and I don't like their 100B reserve currency just waiting to be dumped by decision of the validators, either. But I do like the core concepts, especially throwing PoW under the bus.
(Score: 2) by SomeGuy on Thursday May 24, @05:09PM
I dunno. I think I'll just stick to good old American paper dollar bills.
.. although they are now worth only about half what they were just a few years ago. :(