Bitcoin Security Endangered By Powerful Mining Pool

An anonymous reader writes Ars Technica reports that for the first time in Bitcoin's five-year history, a single entity has repeatedly provided more than half of the total computational power required to mine new digital coins, in some cases for sustained periods of time. It's an event that, if it persists, signals the end of crypto currency's decentralized structure."

Re:This is what we've warned you about

[billstewart]

Mining pools and custom hardware do make it possible for a large enough group to get over 50%, especially as the need for mining hardware crowds CPU and GPU miners out of the game. We'll see whether they decide it's more useful to stay over 50% and cheat, stay over 50% and not cheat, or split the pool into two or more pieces to keep the value of their Bitcoins higher than they would be if the market abandons Bitcoin because of perceptions of cheating.

It's just human nature...

[mpthompson]

But having a single entity in GHash's position, of holding 51 percent of the mining power, of being in a monopoly position, of being able to launch any of these attacks at will, completely violates the spirit and intent of Bitcoin as a currency.

Given enough of an incentive, has there ever been in history a man-made system, technical, political or otherwise, that hasn't been undermined and exploited by those with the capability and power to do so?

Probably best this happens to Bitcoin sooner rather than later. As fine as Bitcoin is, believing that technology alone can defeat human nature is a fools errand. We are betting off investing in creating more moral men and woman and a society that sustains them than technology that is supposed to be infallible against basic human nature.

Re:It's just human nature...

[Beck_Neard]

Not to mention that every time a bug or vulnerability has been found in some part of the bitcoin ecosystem (like in Mt.Gox's non-standard trading software), the vulnerability HAS been exploited. Every single time. If you really think that someone isn't going to use this power (or hasn't already), you're dead wrong. Even worse, they can double-trade coins in a way that no one would ever find out, even if they dropped back below 51%. A few smaller cryptocurrencies got completely destroyed by 51% attacks. I think the bitcoin community will be watching this development very closely.

Re:It's just human nature...

[TapeCutter]

I agree. The main problem with modern capitalism is that a particular economic activity does not have to make sense, nor does it have to contribute to the growth/maintenance of civilization, it just has to make a profit. OTOH the phrases "make sense" and "civilization" are both subjective terms.

Bitcoins are just an obvious example. Here in Australia we ship millions of tons of bauxite several thousand km's from a mine bathed in sub-tropical desert sunshine all year round to the southern end, and turn it into aluminium. We spent billions on port infrastructure to do so. Why? - Because the southern state's government build a brown coal generator specifically for the smelter and sold the electricity to the smelter for virtually zero profit. It beggars belief that it was (supposedly) more "economical" to do this than it was to build a solar smelter right next to the "fly in, fly out" mine located in the middle of the fucking desert.

To the right wing nutters that may misinterpret the above, I'm not advocating we throw away capitalism. I agree that no matter what the game is, people will adapt to the rules of the game guided by self interest, but without rules there is no game. We need to step back and rethink the rules in light of the object of the game.

Ghash.IO is not consistently over 51%, yet anyways

[mysidia]

Not yet anyways.

6 months ago GHash.IO promised they would (1) Take steps to prevent accumulating 51% hashing power, including: not accepting new miners, and (2) They would not attempt an attack, and (3) They would provide cex.io users an option to use another mining pool (They have apparently not implemented (3) yet).

A DDoS against the pool was reported to occur yesterday, which adversely affected mining. At one point... their hashrate was reported to have dropped to 7%. Then BitFury pulled 1 PH/s out of their pool.

Bitcoin stopped being distributed a long time ago.

[Animats]

Bitcoin stopped being a distributed system a long time ago. All the serious miners now have data-center sized installations of custom boards with custom ASICs. Some are liquid-cooled. The original idea was millions of end users running Bitcoin mining as a background job on their CPU. That's totally dead.

What happens if

[goombah99]

I wonder what happens if someone with more than enough CPU power to get 99% of the mining jumps in one night. What kind of Damage could they do in a short interval before people notice? What if their goals were not to steal bitcoins but rather to snatch all the coins from, say, Kim Jong Un, or Al Queda. E.g. for example the NSA or Samsung or Saudi arabia. They would not care about the loss of value in their stolen coins, the point is to deprive an adversaries use of them.

Does the Amazon or Azure networks have enough rentable time to pull this off?

Re:What happens if

[sFurbo]

The difficulty is updated every 2016 blocks, or roughly every two weeks. If the amount resources spent on mining was suddenly reduced extensively, the mining would just go much slower until the next update, so no one would be able to take advantage of that (although it could be problematic for bitcoin, if e.g. the update went from 10 minutes to 100 minutes). After the next difficulty update, the difficulty would be low, but if the mining pools were back up, you would not be able to control bitcoin. Even if the update rate goes to 1 minute, this will only persist for 201,6 minutes, or a few hours.

All of this is assuming that no other response was done in the two weeks after the DDOS.

Re:What happens if

[N3x)(]

Well the thing is, getting 51% doesn't mean you can steal any coins. It means you get to control who can and cannot spend their coins. Also you would be able to do "double spends" of coins in certain situations. Getting 51% means you control the transfer service not the coins themselves. Also it would be really really expensive and once you stop the network will start working as normal again.

Re:What happens if

[postbigbang]

There are still botnets, yes running on ancient XP machines with CPUs best measured in furlongs per fortnight, with zillions of captured kernels that might, for that brief moment, create hashing power of the kind that the world has never known. Dimming the planetary grid, perhaps even the very sun itself, t even phashes would be spewed higher than a volcano, and for that brief moment, a new zillionaire would be annointed.

And at the end, we'd just have more hash. Pass me the ketchup bottle, please.

Re:Bitcoin stopped being distributed a long time a

[GrandCow]

Bitcoin stopped being a distributed system a long time ago. All the serious miners now have data-center sized installations of custom boards with custom ASICs. Some are liquid-cooled. The original idea was millions of end users running Bitcoin mining as a background job on their CPU. That's totally dead.

This is absolutely hilarious. Not because it's a fake post (I honestly don't know if it is or not), but just the fact that someone would even think that this is a good enough idea to post that 'serious' miners are actually doing this. This is the California gold rush all over again... the only people making a profit off of the mining are the people selling the ASIC's/shovels. Mining isn't profitable and hasn't been for quite some time. While it might be if you ignore the hardware cost and only think of the electricity cost, you're still BARELY making a SLIGHT profit. That's only in places that you have very cheap electricity (or can find a way to make someone else pay for the electricity). And once again, that doesn't even count the cost of hardware in the first place. Lets not forget that there are other idiots funneling money into even faster hardware which makes your very expensive highly specialized and unable to be repurposed board basically worthless in a few months time, once the electricity cost passes what you'll make back from mining.

HINT: this is before you get your initial cost of hardware back out of the system. You will never make a net profit. Ever.

The only money in bitcoin right now is in speculating, and even then it's a suckers game. Your profits are based entirely on someone else guessing wrong and losing money into the system that you might be lucky enough to cash out at the right time. You can do that easier and without a datacenters worth of hardware with penny stocks. Also penny stocks are LEGAL! You don't have to worry about some new law negating all of your money like you have to do every day with bitcoin.

I'll just stop here because anyone that legit cares about bitcoin already had their opinion made before they even read a word of this comment.

Re:Ghash.IO is not consistently over 51%, yet anyw

[houstonbofh]

Oh they promised! Well, color me convinced.

And if they break it (like they did) a simple DDOS attack knocks them off the top spot, (like it did) and sets a scary precedent...

Re: Isn't the block chain what makes it decentrali

[sandertje]

If you control 51% of the hashing power in the network, you can modify the block chain while simultaneously self-verifying your version as the one-and-true block chain.

Re:This is what we've warned you about

[ArsonSmith]

This is it? I kept away from Bitcoin and the literally millions of dollars I could have made and this is the big fizzle that I was warned about. Fuck you! Fuck you and your fear mongering.

Scrypt has been taken over by ASICs

[perpenso]

And scrypt is ASIC resistant.

It was erroneously thought to be so. ASICs have taken over scrypt mining. Two $90 ASIC scrypt miners (720 kh/s) using 7-8 watts each can beat a Radeon R9 290 (850 kh/s). Their combined hash rate is slightly less but when you factor in power costs they win. Note the ASIC miners are usually controlled by a Raspberry Pi to reduce power costs.

or a society that leverages selfishness for good

[raymorris]

> We are betting off investing in creating more moral men and woman

Attempts to do that have a not been as successful as we'd like. Religions, for example, have that as a primary goal. Unfortunately, religions are run by the same selfish, power-hungry humans who run all of our other systems.

Some of the founding fathers of the US wrote about attempting to create a system whereby the individual quest for money and power ends up benefiting the common good. Some native American tribes had such a system. In their tradition, every few years neighboring groups would gather to redistribute rankings - power and prestige. The ranking of each leader was determined by how much he gave away. A man of prestige would work a few years, carefully managing his capital to try to produce as much good stuff as he could in order to give away more than his neighbor, thereby retaining his title.

    Free and open source software is similar - one gains prestige by contributing a lot. Recruiters have computer programs thatlook for people with a lot of commits on Github and elsewhere. My own contribution to the Linux kernel gives me some cachet that helps with getting a good job, etc.

Some US founders wanted to use that idea as much as possible, and they succeeded in one way. They reasoned that the President would want to keep his power, so he'd resist any attempt by the senate to increase their relative power. Similarly, the house would want to be powerful, so they wouldn't let senate or president roll over them. That worked pretty well for 200 years, then presidential power increased vis-a-vis Congress. Each house of Congress is still pretty powerful, though, so they do keep the president in check to some extent.

Perhaps we could find more eways to make doing "right" also be the most profitable / prestigious. If someone controls a capital asset such as a large cargo ship, they'll WANT to do good thing X because the benefit to them is Y. What might X and Y be? Alternatively, people want (money/power/recognition/sex), in order to get what they want, they might need to do (something that benefits society). How can society benefit from people's attempt to get money, or power, or sex?

Don't say it can't be done. For thousands of years societies traded sex for marriage. People wanted sex, society wanted stability, and it was decided that the society would expect you to get married before having sex. Most people complied.

Re:Bitcoin stopped being distributed a long time a

[pantaril]

The original idea was millions of end users running Bitcoin mining as a background job on their CPU. That's totally dead.

The author of the original idea bets to disagree:

Long before the network gets anywhere near as large as that, it would be safe
for users to use Simplified Payment Verification (section 8) to check for
double spending, which only requires having the chain of block headers, or
about 12KB per day. Only people trying to create new coins would need to run
network nodes. At first, most users would run network nodes, but as the
network grows beyond a certain point, it would be left more and more to
specialists with server farms of specialized hardware. A server farm would
only need to have one node on the network and the rest of the LAN connects with
that one node.

That is from Satoshi Nakamoto's post from 2008: http://www.mail-archive.com/cr...

Re:Where's the guns to their heads?

[Rich0]

One would assume that the thousands of other miners, if it was really that important to them, could easily step up their collective games and provide more hashing power than ghash can...

I wouldn't assume this at all. Back when everybody was mining with CPUs then a popular appeal might get people to donate a ton of unused CPU capacity to beating a big miner.

However, today mining is done with ASICs which are many orders of magnitude faster than any CPU you can buy. An Intel CPU might mine 10-20 Mhash/s, and and ASIC stats are measured in high GH/s to the low TH/s. So, you'd need 100,000 CPUs dedicated to mining to equal a single ASIC unit.

The current hash rate is 100 PH/s having doubled in the last two months, or the equivalent of 10 billion Intel CPUs. Are there even 10 billion modern Intel CPUs in existence? You'd probably need $100M to just buy that many ASICs (if I didn't miscount my zeros), which gives you a sense of the scale of Bitcoin mining today. That mining collective operates about $50M worth of hardware, though I guess controlling an entire currency for a $50M investment isn't bad.

It is a bit like saying that if it was really important people could team up in neighborhoods and produce cars, and the collective might of the entire US population could outproduce the big 3 car manufacturers. The problem is that an optimized robot-assisted assembly line can churn out a LOT of cars, and building one by hand in a garage takes a very long time even setting aside the logistics nightmare which isn't much better when you're making one car vs a million of them. 10k workers in a factory could very well produce more cars than the entire rest of the population working at home combined.