Bitcoin Security Endangered By Powerful Mining Pool

An anonymous reader writes Ars Technica reports that for the first time in Bitcoin's five-year history, a single entity has repeatedly provided more than half of the total computational power required to mine new digital coins, in some cases for sustained periods of time. It's an event that, if it persists, signals the end of crypto currency's decentralized structure."

This is what we've warned you about

But all the early-adopters / ponzi-schemers kept insisting that it was impossible.

Told. You. So.

Re:This is what we've warned you about

[billstewart]

Mining pools and custom hardware do make it possible for a large enough group to get over 50%, especially as the need for mining hardware crowds CPU and GPU miners out of the game. We'll see whether they decide it's more useful to stay over 50% and cheat, stay over 50% and not cheat, or split the pool into two or more pieces to keep the value of their Bitcoins higher than they would be if the market abandons Bitcoin because of perceptions of cheating.

Re:This is what we've warned you about

[gweihir]

Indeed. However, they are killing their own revenue-stream this way, unless people stay stupid. Well, judging from earlier ponzi-schemes, people will stay stupid until all their money is gone...

Re:This is what we've warned you about

[ArsonSmith]

This is it? I kept away from Bitcoin and the literally millions of dollars I could have made and this is the big fizzle that I was warned about. Fuck you! Fuck you and your fear mongering.

Re:This is what we've warned you about

[TapeCutter]

millions of dollars I could have made

Hindsight is always 20/20, you made a decision based on a risk judgement because nobody can predict the future, we all have to wait for it to happen. Also what did you do with the money you didn't put into mining, I doubt you hide it under the mattress?

Re:I now have 50% of the Slashdot comments here!

[NoNonAlphaCharsHere]

Heh. I just stole 17% of your total.

It's just human nature...

[mpthompson]

But having a single entity in GHash's position, of holding 51 percent of the mining power, of being in a monopoly position, of being able to launch any of these attacks at will, completely violates the spirit and intent of Bitcoin as a currency.

Given enough of an incentive, has there ever been in history a man-made system, technical, political or otherwise, that hasn't been undermined and exploited by those with the capability and power to do so?

Probably best this happens to Bitcoin sooner rather than later. As fine as Bitcoin is, believing that technology alone can defeat human nature is a fools errand. We are betting off investing in creating more moral men and woman and a society that sustains them than technology that is supposed to be infallible against basic human nature.

Re:It's just human nature...

[Beck_Neard]

Not to mention that every time a bug or vulnerability has been found in some part of the bitcoin ecosystem (like in Mt.Gox's non-standard trading software), the vulnerability HAS been exploited. Every single time. If you really think that someone isn't going to use this power (or hasn't already), you're dead wrong. Even worse, they can double-trade coins in a way that no one would ever find out, even if they dropped back below 51%. A few smaller cryptocurrencies got completely destroyed by 51% attacks. I think the bitcoin community will be watching this development very closely.

Re:It's just human nature...

Not to mention the environmental damage is huge. They use a ton of electricity to basically do nothing... they're not curing cancer or anything. They're making up numbers.

Re:It's just human nature...

[TapeCutter]

I agree. The main problem with modern capitalism is that a particular economic activity does not have to make sense, nor does it have to contribute to the growth/maintenance of civilization, it just has to make a profit. OTOH the phrases "make sense" and "civilization" are both subjective terms.

Bitcoins are just an obvious example. Here in Australia we ship millions of tons of bauxite several thousand km's from a mine bathed in sub-tropical desert sunshine all year round to the southern end, and turn it into aluminium. We spent billions on port infrastructure to do so. Why? - Because the southern state's government build a brown coal generator specifically for the smelter and sold the electricity to the smelter for virtually zero profit. It beggars belief that it was (supposedly) more "economical" to do this than it was to build a solar smelter right next to the "fly in, fly out" mine located in the middle of the fucking desert.

To the right wing nutters that may misinterpret the above, I'm not advocating we throw away capitalism. I agree that no matter what the game is, people will adapt to the rules of the game guided by self interest, but without rules there is no game. We need to step back and rethink the rules in light of the object of the game.

Re:It's just human nature...

[Rockoon]

To the right wing nutters that may misinterpret the above, I'm not advocating we throw away capitalism

Clearly, since your example begins with government having a power plant built and then selling its capacity at cost.

This sort of thing is highly unlikely in real capitalism where the owner of the power plant would want to justify this particular use of the money over other particular uses. It is only through force of government, with specific government action, that your example exists at all.

But yes, the Statist might try to pass off your example as an "anti-capitalism" thing.

Re:It's just human nature...

[mythosaz]

Illegal?

In what country? Internetia?

Ghash.IO is not consistently over 51%, yet anyways

[mysidia]

Not yet anyways.

6 months ago GHash.IO promised they would (1) Take steps to prevent accumulating 51% hashing power, including: not accepting new miners, and (2) They would not attempt an attack, and (3) They would provide cex.io users an option to use another mining pool (They have apparently not implemented (3) yet).

A DDoS against the pool was reported to occur yesterday, which adversely affected mining. At one point... their hashrate was reported to have dropped to 7%. Then BitFury pulled 1 PH/s out of their pool.

Bitcoin stopped being distributed a long time ago.

[Animats]

Bitcoin stopped being a distributed system a long time ago. All the serious miners now have data-center sized installations of custom boards with custom ASICs. Some are liquid-cooled. The original idea was millions of end users running Bitcoin mining as a background job on their CPU. That's totally dead.

What happens if

[goombah99]

I wonder what happens if someone with more than enough CPU power to get 99% of the mining jumps in one night. What kind of Damage could they do in a short interval before people notice? What if their goals were not to steal bitcoins but rather to snatch all the coins from, say, Kim Jong Un, or Al Queda. E.g. for example the NSA or Samsung or Saudi arabia. They would not care about the loss of value in their stolen coins, the point is to deprive an adversaries use of them.

Does the Amazon or Azure networks have enough rentable time to pull this off?

Re:What happens if

[goombah99]

Also if the bit coin miners get concentrated into just a few, what happens if these 3 were to get DDOSed? if the big miners are off line then would the next largest miner have a window of time where they controlled more than 50% of the mine? Would they be able to pull off some shenanigans in that time?

Re:What happens if

[gweihir]

Amazon and Azure are far too expensive, unless a state-actor is willing to invest a few billions.

Re:What happens if

[sFurbo]

The difficulty is updated every 2016 blocks, or roughly every two weeks. If the amount resources spent on mining was suddenly reduced extensively, the mining would just go much slower until the next update, so no one would be able to take advantage of that (although it could be problematic for bitcoin, if e.g. the update went from 10 minutes to 100 minutes). After the next difficulty update, the difficulty would be low, but if the mining pools were back up, you would not be able to control bitcoin. Even if the update rate goes to 1 minute, this will only persist for 201,6 minutes, or a few hours.

All of this is assuming that no other response was done in the two weeks after the DDOS.

Re:What happens if

[lgw]

If someone rents 1,000,000 Amazon severs to mine bitcoins, would you pick a DDOS fight with that. Even with special purpose HW, it's unlikely to be a small pipe.

Re:What happens if

[N3x)(]

Well the thing is, getting 51% doesn't mean you can steal any coins. It means you get to control who can and cannot spend their coins. Also you would be able to do "double spends" of coins in certain situations. Getting 51% means you control the transfer service not the coins themselves. Also it would be really really expensive and once you stop the network will start working as normal again.

Re:What happens if

[fuzzyfuzzyfungus]

If someone rents 1,000,000 Amazon severs to mine bitcoins, would you pick a DDOS fight with that. Even with special purpose HW, it's unlikely to be a small pipe.

One potential complication is that 'mining' isn't particularly bandwidth intensive (not quite zero, and more miners require more bandwidth, to cover updating all of them when it a block is found and you need to get new work units immediately since you now know that all the other candidates are incorrect; but overall quite minimal); but it is computationally demanding and very much rewards specialized hardware.

Most of the hardware you can easily rent in places with ample bandwidth will be aimed at customers who want to do web services. Comparatively anemic CPUs; plenty of storage and RAM, nice fat connection; maybe some offerings with faster CPUs or GPU compute units if the vendor has been dabbling with those sorts of customers.

I definitely wouldn't pick a bandwidth fight with such a thing, unless I had some delightfully clever amplification attack up my sleeve; but even at Amazon prices you would be burning insane amounts of money to get a hashrate that would even make you worth paying attention to.

If anything, I'd consider the reverse strategy: much of the world's crazy-ASIC capacity is probably on relatively narrow pipes because that's all they need. Don't bother trying to rent enough to out-compute them, use the rentals in high-bandwidth areas to knock as many ASIC clusters that aren't your collaborators as possible offline.

Re:What happens if

[fuzzyfuzzyfungus]

Malware is handy because it makes Ghashes/watt much less relevant (though, with the portion of today's computing power that is in battery powered or thermally constrained devices, you have to be careful that your compute malware doesn't cause even the most idiotic of users to notice that their laptop now scalds their flesh and lasts 45 minutes on a full charge and bring it in for repair, an uptick that vendors would probably notice relatively quickly and get actually-competent security consultants involved in); but what it doesn't do is change the fact that CPU mining is basically a toy at this point.

Sporadic amounts of time on a few hundred thousand to few million CPUs is still hardly valueless, especially if you pay none of the costs other than a command-and-control server; but you'll be a relatively small player. Not a bad gig if you can get it; but you won't be a kingmaker.

Re:What happens if

[fuzzyfuzzyfungus]

Given the fairly low bandwidth demands of bitcoin mining (only slightly higher than just keeping a client up to date with the blockchain, and increasing with size only by a fairly low constant factor as you need to grab more work units), I wonder what sort of connections most of the world's bitcoin hashing power is on?

Unless there is some sort of "yeah, it's just DSL speeds, but we do something really clever upstream to make it as hard to DDOS as a connection a million times as fast" service, that might actually be how Amazon, Azure, or any other web-services-oriented rental service could manipulate the bitcoin scene:

Not by computing; because CPU miners are toys; but by DDOSing all concentrations of mining power not aligned with they hypothetical attacker into smoking craters long enough to substantially magnify the effective representation of the attacker's compute assets...

Perhaps Russian Business Network wishes to consider, yes?

Re:What happens if

[postbigbang]

There are still botnets, yes running on ancient XP machines with CPUs best measured in furlongs per fortnight, with zillions of captured kernels that might, for that brief moment, create hashing power of the kind that the world has never known. Dimming the planetary grid, perhaps even the very sun itself, t even phashes would be spewed higher than a volcano, and for that brief moment, a new zillionaire would be annointed.

And at the end, we'd just have more hash. Pass me the ketchup bottle, please.

Re:What happens if

[jdavidb]

There are a whole host of reasons why what you are saying is impossible. First off, no matter how much CPU power you accumulated, you wouldn't be able to rival the hashes per second being put out by the custom hardware. If you rooted and botnetted every CPU on earth you would still only be a fraction of the hashes per second of the Bitcoin network. CPUs for Bitcoin mining were obsoleted by GPUs long ago, and both CPUs and GPUs are now way-obsoleted by ASIC.

Also, even if you were able to control a majority of the hash power on the Bitcoin network, you would still not be able to spend somebody else's Bitcoin. To do that you would have to crack the private key for the account containing the Bitcoin. Doing that is a totally different math problem from what Bitcoin mining hardware is doing, and there are a lot of visuals out there illustrating that it would likely take longer than the projected life of the universe to crack these keys using currently available methods. If you had a majority of hashpower on the network, you could alter the blockchain, which is the ledger showing in what order transactions occurred. This would allow you to double-spend your own Bitcoin and cheat somebody, but would not allow you to spend somebody else's.

Re:Where's the guns to their heads?

[mpthompson]

I believe the issue isn't so much whether one group can counteract another. Rather, it is something happening that the promoters of Bitcoin claim should not happen. It doesn't instill confidence in a crypto currency when what you say is impossible (or extremely improbable) is proven to be false and your only backup is relying on parties to "play fair".

Some newer coins intend to stay ASIC resistant

[Powercntrl]

While the threat of a 51% attack may be blown out of proportion (a pool sells their cut of the coins that are mined and it is in their best interest that the coin remain as valuable as possible - attacking a coin would be counterproductive), some altcoin developers have stated that they will change their coin's proof-of-work algorithm if ASICs are developed for it. Vertcoin and Execoin's developers have both stated they'll do whatever it takes to keep ASICs out.

Most of the speculation that fuels the pump-and-dump world of altcoins is based on the belief that Bitcoin may not end up being the cryptocoin that average people use to buy pizza, pay their bills, etc.

Re:Some newer coins intend to stay ASIC resistant

[SuricouRaven]

You can get ASICs for scrypt now. They don't perform very fast (My five-ASIC Gridseed miner is almost exactly as fast as my GPU), but they are very power-efficient.

Re:Ghash.IO is not consistently over 51%, yet anyw

[LordLimecat]

Oh they promised! Well, color me convinced.

Re:Bitcoin stopped being distributed a long time a

[GrandCow]

Bitcoin stopped being a distributed system a long time ago. All the serious miners now have data-center sized installations of custom boards with custom ASICs. Some are liquid-cooled. The original idea was millions of end users running Bitcoin mining as a background job on their CPU. That's totally dead.

This is absolutely hilarious. Not because it's a fake post (I honestly don't know if it is or not), but just the fact that someone would even think that this is a good enough idea to post that 'serious' miners are actually doing this. This is the California gold rush all over again... the only people making a profit off of the mining are the people selling the ASIC's/shovels. Mining isn't profitable and hasn't been for quite some time. While it might be if you ignore the hardware cost and only think of the electricity cost, you're still BARELY making a SLIGHT profit. That's only in places that you have very cheap electricity (or can find a way to make someone else pay for the electricity). And once again, that doesn't even count the cost of hardware in the first place. Lets not forget that there are other idiots funneling money into even faster hardware which makes your very expensive highly specialized and unable to be repurposed board basically worthless in a few months time, once the electricity cost passes what you'll make back from mining.

HINT: this is before you get your initial cost of hardware back out of the system. You will never make a net profit. Ever.

The only money in bitcoin right now is in speculating, and even then it's a suckers game. Your profits are based entirely on someone else guessing wrong and losing money into the system that you might be lucky enough to cash out at the right time. You can do that easier and without a datacenters worth of hardware with penny stocks. Also penny stocks are LEGAL! You don't have to worry about some new law negating all of your money like you have to do every day with bitcoin.

I'll just stop here because anyone that legit cares about bitcoin already had their opinion made before they even read a word of this comment.

Re:Ghash.IO is not consistently over 51%, yet anyw

[houstonbofh]

Oh they promised! Well, color me convinced.

And if they break it (like they did) a simple DDOS attack knocks them off the top spot, (like it did) and sets a scary precedent...

Re: Fear mongering much?

[sandertje]

It does have severe ramifications for other crypto currencies. The other crypto currencies are modeled on Bitcoin, with just some parameters different. If Bitcoin can be compromised, this nearly immediately means the other currencies can be compromised as well. The end of Bitcoin would thus also signify the end of most, if not all, other crypto currencies.

Re:Bitcoin stopped being distributed a long time a

[houstonbofh]

However, the large mining groups also make large targets. A simple DDOS makes them small potatoes again. http://www.cryptocoinsnews.com... A few of these and the big mining groups will start breaking up.

Re: Isn't the block chain what makes it decentrali

[sandertje]

If you control 51% of the hashing power in the network, you can modify the block chain while simultaneously self-verifying your version as the one-and-true block chain.

Re:Bitcoin stopped being distributed a long time a

Ignorant, misinformed, and outspokenly opinionated? What an unusual combination!

Some asshole on slashdot.org claims that you can't make money mining bitcoin so it must be true.

That's why the network difficulty continues to get exponentially more difficult right? Cause there's just THAT MANY suckers burning up electricity at no profit?

Here's what ACTUALLY happened: you tried to compete in an industry with high barriers to entry, while GROSSLY under-capitalized, with limited-zero competitive advantage. You failed to turn a profit therefore all the people investing in 20nm fab & data-centers are just fools with too much money.

Learn something about how the world works before spewing nonsense on the interblags please. I come here for serious business.

Re: Fear mongering much?

[viperidaenz]

That, and once bitcoin went bye bye, there would be an entity with massive computing power available to take over any other crypto currency.

The Night Shift @ Fort Meade

[Scot+Seese]

.. It's just the guys on the 3rd shift at Fort Meade, retasking server farm cycles.

Scrypt has been taken over by ASICs

[perpenso]

And scrypt is ASIC resistant.

It was erroneously thought to be so. ASICs have taken over scrypt mining. Two $90 ASIC scrypt miners (720 kh/s) using 7-8 watts each can beat a Radeon R9 290 (850 kh/s). Their combined hash rate is slightly less but when you factor in power costs they win. Note the ASIC miners are usually controlled by a Raspberry Pi to reduce power costs.

or a society that leverages selfishness for good

[raymorris]

> We are betting off investing in creating more moral men and woman

Attempts to do that have a not been as successful as we'd like. Religions, for example, have that as a primary goal. Unfortunately, religions are run by the same selfish, power-hungry humans who run all of our other systems.

Some of the founding fathers of the US wrote about attempting to create a system whereby the individual quest for money and power ends up benefiting the common good. Some native American tribes had such a system. In their tradition, every few years neighboring groups would gather to redistribute rankings - power and prestige. The ranking of each leader was determined by how much he gave away. A man of prestige would work a few years, carefully managing his capital to try to produce as much good stuff as he could in order to give away more than his neighbor, thereby retaining his title.

    Free and open source software is similar - one gains prestige by contributing a lot. Recruiters have computer programs thatlook for people with a lot of commits on Github and elsewhere. My own contribution to the Linux kernel gives me some cachet that helps with getting a good job, etc.

Some US founders wanted to use that idea as much as possible, and they succeeded in one way. They reasoned that the President would want to keep his power, so he'd resist any attempt by the senate to increase their relative power. Similarly, the house would want to be powerful, so they wouldn't let senate or president roll over them. That worked pretty well for 200 years, then presidential power increased vis-a-vis Congress. Each house of Congress is still pretty powerful, though, so they do keep the president in check to some extent.

Perhaps we could find more eways to make doing "right" also be the most profitable / prestigious. If someone controls a capital asset such as a large cargo ship, they'll WANT to do good thing X because the benefit to them is Y. What might X and Y be? Alternatively, people want (money/power/recognition/sex), in order to get what they want, they might need to do (something that benefits society). How can society benefit from people's attempt to get money, or power, or sex?

Don't say it can't be done. For thousands of years societies traded sex for marriage. People wanted sex, society wanted stability, and it was decided that the society would expect you to get married before having sex. Most people complied.

Re: Bitcoin stopped being distributed a long time

No. That's actually not what happened.

What happened is exactly what people who understand cryptography said would happen. Bitcoin's cryptographic cost has gone up, number of miners has gone down, specialized pools have reached critical mass, and the TRUST IN THE CURRENCY (which is the only asset it ever had) is gone.

So you can call everyone else losers for not investing enough capital. (Gotta spend money to make money, right? But with Bitcoin that's only true if you're an idiot.)

Bitcoin is dead. The only people still "investing" in it are speculators and miners who are either playing with someone else's money or worriedly working it hoping to recoup their "investment" and the majority are not going to make it.

Time for the sociopaths to shut up while the cryptographers work around them.

Re:Not really a problem

[91degrees]

You can makea lot of money from a drop in value. Short selling is possile with Bitcoin as well as any other fungible commodity.

Re:Bitcoin stopped being distributed a long time a

[Animats]

'serious' miners are actually doing this.

They are. Here's the biggest Bitcoin mining operation in North America as of Dec. 2013. (Annoying commercials, then skip ahead to 03:15). Generated $8 million/month at the time. Probably about $800K/month now; the difficulty has gone up 5x since then, and the price has dropped by half. It's in upstate Washington, where power is cheap and cooling is easy.

Stupidity

It appears that people who provide half of the mining power are so stupid to choose the most popular pool among the alternatives.

Re:Bitcoin stopped being distributed a long time a

[pantaril]

The original idea was millions of end users running Bitcoin mining as a background job on their CPU. That's totally dead.

The author of the original idea bets to disagree:

Long before the network gets anywhere near as large as that, it would be safe
for users to use Simplified Payment Verification (section 8) to check for
double spending, which only requires having the chain of block headers, or
about 12KB per day. Only people trying to create new coins would need to run
network nodes. At first, most users would run network nodes, but as the
network grows beyond a certain point, it would be left more and more to
specialists with server farms of specialized hardware. A server farm would
only need to have one node on the network and the rest of the LAN connects with
that one node.

That is from Satoshi Nakamoto's post from 2008: http://www.mail-archive.com/cr...

Re:Ghash.IO is not consistently over 51%, yet anyw

[davek]

Not yet anyways.

6 months ago GHash.IO promised they would
(1) Take steps to prevent accumulating 51% hashing power, including: not accepting new miners, and
(2) They would not attempt an attack, and (3) They would provide cex.io users an option to use another mining pool
(They have apparently not implemented (3) yet).

A DDoS against the pool was reported to occur yesterday, which adversely affected mining.
At one point... their hashrate was reported to have dropped to 7%.
Then BitFury pulled 1 PH/s out of their pool.

Excellent post. BTC haters gonna hate, and I don't understand why.

Funny thing about pooled mining, it's run by the users. User's don't like it? They go away.

Re:Where's the guns to their heads?

[Rich0]

One would assume that the thousands of other miners, if it was really that important to them, could easily step up their collective games and provide more hashing power than ghash can...

I wouldn't assume this at all. Back when everybody was mining with CPUs then a popular appeal might get people to donate a ton of unused CPU capacity to beating a big miner.

However, today mining is done with ASICs which are many orders of magnitude faster than any CPU you can buy. An Intel CPU might mine 10-20 Mhash/s, and and ASIC stats are measured in high GH/s to the low TH/s. So, you'd need 100,000 CPUs dedicated to mining to equal a single ASIC unit.

The current hash rate is 100 PH/s having doubled in the last two months, or the equivalent of 10 billion Intel CPUs. Are there even 10 billion modern Intel CPUs in existence? You'd probably need $100M to just buy that many ASICs (if I didn't miscount my zeros), which gives you a sense of the scale of Bitcoin mining today. That mining collective operates about $50M worth of hardware, though I guess controlling an entire currency for a $50M investment isn't bad.

It is a bit like saying that if it was really important people could team up in neighborhoods and produce cars, and the collective might of the entire US population could outproduce the big 3 car manufacturers. The problem is that an optimized robot-assisted assembly line can churn out a LOT of cars, and building one by hand in a garage takes a very long time even setting aside the logistics nightmare which isn't much better when you're making one car vs a million of them. 10k workers in a factory could very well produce more cars than the entire rest of the population working at home combined.

Re:Ghash.IO is not consistently over 51%, yet anyw

[mysidia]

you also need all miners in the pool to conspire to perform the attack?

You need most miners to either conspire or to not notice. To avoid conspiring; they have to detect that an attack is occuring and pull their hashing power out.

The pool essentially has control of what work the miners are being assigned, however.

A 51% premining attack would look like this:

(1) A miner in the pool discovers a block.
(2) Instead of the pool broadcasting the solution, it saves a copy of the solution, and starts distributing to miners work units for coming up with the _next_ block, without broadcasting the solution. It ignores a solution that any of the other pool's come up with
(3) The miners solve the following block; instead of broadcasting the solution, the pool saves the solution, and starts working on the next one....

Because the pool has more than 51% of the hashing capacity, it will eventually have mined a longer chain of blocks than any of the other pools.

Perhaps 6 or 7 blocks later; the pool conducting the selfish mining will broadcast all the solutions it came up with.

Since the selfish pool's chain is longer than the blockchain the rest of the network came up with (due to it having more hashing power), then the selfish pool's version will win.

A miner connected to the bitcoin network AND the pool, could in theory foil the attack. If all the miners were designed to broadcast any solution they come up with.... not /just/ to the pool, but also to the Bitcoin network, then the mining pool would not be able to conduct premining.

And since the pool is not in direct control of the individual miners; they couldn't necessarily force arbitrary changes.

Is this even true?

[jbmartin6]

Researchers at Cornell say something, that doesn't mean it is true. See for example, https://blockchain.info/pools. It seems what they are saying is that there were a few specific periods of time where GHash was doing 51% of the work. Most of the time this isn't the case though.

Re:Unicorns and rainbows

[1s44c]

Just like USD is a fantasy. All money but gold is pretend computer numbers, yet somehow money is still useful.

"How Hard Could It Be?"

[jpellino]

Should be the phrase in Latin on their icon coin image.