Slashdot Mirror
Blockchain's Once-Feared 51% Attack Is Now Becoming Regular (telegra.ph)
Monacoin, bitcoin gold, zencash, verge and now, litecoin cash. At least five cryptocurrencies have recently been hit with an attack that used to be more theoretical than actual, all in the last month. From a report: In each case, attackers have been able to amass enough computing power to compromise these smaller networks, rearrange their transactions and abscond with millions of dollars in an effort that's perhaps the crypto equivalent of a bank heist. More surprising, though, may be that so-called 51% attacks are a well-known and dangerous cryptocurrency attack vector. While there have been some instances of such attacks working successfully in the past, they haven't exactly been all that common. They've been so rare, some technologists have gone as far as to argue miners on certain larger blockchains would never fall victim to one.
The age-old (in crypto time) argument? It's too costly and they wouldn't get all that much money out of it. But that doesn't seem to be the case anymore. NYU computer science researcher Joseph Bonneau released research last year featuring estimates of how much money it would cost to execute these attacks on top blockchains by simply renting power, rather than buying all the equipment. One conclusion he drew? These attacks were likely to increase. And, it turns out he was right. "Generally, the community thought this was a distant threat. I thought it was much less distant and have been trying to warn of the risk," he told CoinDesk, adding: "Even I didn't think it would start happening this soon."
The age-old (in crypto time) argument? It's too costly and they wouldn't get all that much money out of it. But that doesn't seem to be the case anymore. NYU computer science researcher Joseph Bonneau released research last year featuring estimates of how much money it would cost to execute these attacks on top blockchains by simply renting power, rather than buying all the equipment. One conclusion he drew? These attacks were likely to increase. And, it turns out he was right. "Generally, the community thought this was a distant threat. I thought it was much less distant and have been trying to warn of the risk," he told CoinDesk, adding: "Even I didn't think it would start happening this soon."
Blockchain+
Bigger, better, blockier. Just try us.
For every motherfucker out there with a computer, there's another motherfucker out there with a computer.
The strategy for hacking blockchain is no different from hacking anything else: Learn the theory then apply the theory.
It little behooves the best of us to comment on the rest of us.
The entirety of the Netherlands is growing tulips instead of food. People are prostituting them selves for chucky cheese tokens entire coal power stations being built just for funbux.
I hope the 51%ers wreck as many cryptocurrencies as possible to crash the market so the environment can be saved, graphics cards go back to making graphics and people go back to investing into stocks of real companies that provide real services.
I don't see the point either. I have nothing against them, but it just falls under the category of "a fool and his money...."
OK it's a bug if you want "no single person" to control a blockchain, but it's a feature for "captive" blockchains like bank- or governmetn-backed digital tokens.
If the US Federal Reserve wants to issue tokens with a fixed value of, say, 1 United States Dollar, they will want to "control" the blockchain, perhaps only allowing banks and other licensed entities to process transactions.
The same goes for a business that uses transferable tokens as gift certificates - they or their agent will want to control the blockchain associated with those "e-gift certificates."
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
So there is this old adage. Goes something like this.
If you build it they will work around it.
Maybe that is just my cynical take on things which has been learned over years and years of systems development and implementations.
Bottom line.
Never say never.
If it is, someone will find a way to benefit from it and/or work around it, legal or not.
On that note. I like my finances to be on paper.
I like my money to have a trail.
I like that my money is insured and backed.
I don't worry that my money is going to disappear (minus the wife on a shopping spree of course)
This, this right here is a problem that unfortunately cant be fixed. Sure it will get pushed, pulled, tilted, shifted and otherwise moved about, but this problem is never going to go away. (yes, I said never and I stand by it). Anonymous finances will lead to anonymous losses.
Now we can go back to the old ways of buying drugs: Cash and sex.
If I were into that kind of thing, I'd use a botnet to do it.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
... only for PoW alt-coins which are barely used. Bitcoin and Ethereum are safe. This kind of attack will be impossible against these two currencies unless you have hundreds of millions of dollars to spare.
PoS coins are not affected but they are vulnerable to another type of attack (network cloning) - no one has carried such an attack yet though.
is https://www.crypto51.app/ saying that $630K would make me solely authoritative for the bitcoin BC for a couple hours or so ?
"Blockchain's"
Because there's only one blockchain?
What is this, Highlander?
Or just clickbait journalism?
That's not an attack vector, that's using the rules to your advantage. The designers expressly adopted a design rule that says that "51% of the current computing power dictates reality." The designer may not have intended for any one group to amass 51% of the current computing power, but intending that nothing "bad" will ever happen is not sufficient in engineering, contracts, law, or any other aspect of human endeavor that has evolved to survive contact with the real world.
A bunch of people who want to make money using blockchain technology are become quite ticked off that a group of other people who want to make money using blockchain technology are using that blockchain technology as expressly designed to take their money.
Thankfully the article seems to be focused on improving the designs rather than demands that governments intervene in these "government not welcome" currency projects.
Should say "crypto currency's use of blockchain"
nothing to see here - move along
The main potential gains from a 51% attack are (1) trashing of a blockchain, primarily reducing its credibility, or (2) double (triple?) spending.
Basic theory assumes that the financial advantage of playing nice and mining is greater than can be achieved from the above.
I would like to see the math on that. Because, in theory, I could get a loan of a bunch coin, rent enough computing power for a 51% attack with that coin, short the coin, double (triple?) spend the coin, and then buy the coin I need at a reduced price after the market responds to the shock. Bitcoin itself may be too big to attack in this manner at this moment in time, but...
I cannot speak to all blockchains, but the basic theory makes assumptions that hardware is a sticky and expensive thing, so the weight of many servers already dedicated to a blockchain will be too high a barrier to scale.
The new world may utterly crush those assumptions because: (1) there is a large and growing ecosystem of efficient blockchain mining machines that will happily and quickly work on another blockchain for the right fee, (2) that ecosystem is rapidly growing and well beyond the scope of any one blockchain, (3) the ability to simply rent one thousand servers for an hour is getting easier and easier, and cheaper and cheaper.
Comment removed based on user account deletion
This is more akin to a run on a currency than a bank heist. George Soros did the same to the GBP and the GBP is one of the biggest currencies in the world. Any small country's currency is vulnerable to a similar attack. They protect against it by holding USD reserves. This gives the US way too much control as any country the US wants to f*ck with US can put sanctions so that they cant use US banks and without using US banks its very difficult to hold USD reserves (Iran and North Korea come to mind as being F*cked over by the US).
Crypto currency holders of smaller currencies will have to take a similar strategy by holding Bitcoin reserves. Whenever a currency is coming under attack holders should immediately withdraw into Bitcoin and then the schmucks doing the 51% attack will be left with a large farm of machines setup to mine something with zero value. At least with Bitcoin there is no central authority which can put economic sanctions on you for idealogical reasons.
**Life is too short to be serious**
There's nothing about a 51% attack that involves breaking cryptography.
Most blockchains work by consensus of 51% of the compute power in the pool agreeing on a result being close enough to satisfy the difficulty level for that block. If you control 51% of the compute, you can make your result win the consensus every time. You're not breaking any encryption. Just steamrolling everyone else.
The goal of the 10 cent coke bottle deposit is NOT to make coke bottles into a hobo currency. The goal is to have distributed recycling (back when we reused bottles). To do that you needed an incentive.
In a similar fashion, recycling (as opposed to re-use) in general was spawned as a PR move to solve a problem for the nascent alumumin can industry, and not because its somehow the ethical thing to do. Steel cans rust (or at least thy used to ) so they naturally biodegrade. Same with paper and cloth packaging. But rise of plastic in the 50s creates a non-biodegradable trash problem that people in the 60s really felt was a moral insult to mother earth. The aluminum can people saw the problem with introducing a product to replace steel cans that wasn't re-usable like glass and would not biodegrade like all other packaging and was even more resource intensive to manufacture. So they solved two problems at the same time: Promote recycling. By paying for aluminum cans they got people to see them as better for the earth. And they also got back their expensive materials to reprocess.
So the point of paying for alumium was not to turn aluminum cans into Hobo currency either. It was to enable everything else. The fact that it induced the neccessary behaviours was the reason to pay pennies for cans.
I perceive that people misunderstand the purpose of crytocurrency. The goal is not to have a currency. It's to have a distributed ledger but in order to have that a currency is neccessary for two reasonss.
first, in order to vanquish the doule-spend problem it's essential to a crytpocurrency that it be very expensive to bless a ledger entry and because computing power grows the cost must increase with time.
Second, since the whole point is that the block chain is a distributed ledger there has to be a way to pay the people who pick up the cans and bottles. Namely, you include a payment into the ledger too. So it has to be a currency.
But the currency isn't the reason for it. it's the necessary glue to make it work
SO the two problems with crytpo currencies that are intrinsic are not the currency part or the speculative bubble part. (afterall we could use cans and bottles as currncy if we really wanted to-- whether or not people accept something is a different matter than it's intrinsic value.)
specifically: if the expansion rate of the cost isn't managed right it becomes an energy consuming nightmare. but if you undershoot the expansion rate then the double-spend problem isn't fixed.
Getting that right is probably not yet solved by any existing crypto currency. But that doesn't mean it can't be gotten right. We just don't know either way right now.
Some drink at the fountain of knowledge. Others just gargle.
Regular on shitcoins perhaps which only attract the FOMOs and the pump 'n' dumpers.
The problem with the distributed ledger is outside of crypto coins is a solution in search of a problem, and almost every single use I've seen the follow up question "but who asked for this? And what's the use case that can't be solved by good old fashion public key exchange signing or just putting the quicken backups in a safe like worked perfectly well for the past century or three
Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
I don't see the point either. I have nothing against them, but it just falls under the category of "a fool and his money...."
That is the exact point. Its operating in a range outside of regulators, so it is much easier to dupe people into giving you money.
I'm a good cook. I'm a fantastic eater. - Steven Brust
In security we evaluate cryptographic systems as a whole, not just part of them. Side-channel attacks also break the cryptographic system, and of course you can also exploit design flaws in the protocols.
In related news, "Battering Rams are a known attack vectors for doors". yeah. sure.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Hey cool - and at the same time we get to use enormous amounts of energy to create something with zero lasting. Using so much power that we've overstressed some cheap grids here in the states. That sounds like a great idea. Have computers chugging away to produce nothing of value. Wooooo environment!
Well I sort of agree. I keep seeing these cases where some company proposes to have records stored in block chain and to use a central administration to bless the ledger. Huh?? that makes zero sense. If it's not distributed or it's something that can be easily centralized then centralize it. Adding block chain makes no sense. On the other hand there's lots of things one might want to timestamp that need a trustworthy public proof. For example a laboratory notebook showing proof of an invention could be hashed and then block chained publicly. Then the company is freed of a keeping a chain of custody. This might also solve so trade secret issues for companies. If they patent they have to disclose. But if they fear disclosing and someone else patents they have to have so proof later that they had always been using the patent process before it was patented.
Some drink at the fountain of knowledge. Others just gargle.
indeed that is a question isn't it.
It seems to me that if the expansion were done right then it should stay at exactly the same cost and only grow in proportion to the transaction's value. That is as computers make computation cheaper, raise the cost to the same constant cost. However, that doesn't solve the problem until the the cost is about 1/2 the transaction size.
That being said the amount of energy spent on bitcoin is orders of magnitude less than the cost spent on Mastercard when you include all the costs. By all the costs I mean, mastercard is full of people (customer service... point of sale terminal installers, mail processing and mail delivery all are people neccessary to mastercard.) All those people have to eat and buy clothing. So there's a measurable slice of people needed for master card to exist. If you didnt need those people at all and could replace them all with "just" a low manpower nuclear power plant, the level of human labor freed up for other productive uses would be staggering.
Some drink at the fountain of knowledge. Others just gargle.
we have Republic to protect us from California, thankfully
Solution in search of a problem?
What about micropayments? When the fees on credit card transactions are ten or a hundred times the amount people would pay for a micro-transaction, then the credit card is not an option.
#DeleteFacebook
But for how long? regulators are already taking notice, and some are already regulating. The rest are sure to follow shortly.
And then what are you left with?
The problem of micropayments and the problem of byzantine fault tolerance have little to do with each other. Byzantine fault tolerance is so expensive to get, it would be very strange if it turned out to just accidentally be good for something different to.
So we should not have been surprised that bitcoin stopped being good for micropayments long ago.
xkcd is not in the sudoers file. This incident will be reported.
It would be nice if the hash calculation were also solving some other problem of lasting value. As an example, let people submit NP hard problems they actually need solved. Like say planning an airline's schedule of matching pilots and planes under varied weather scenarios. I think ethereium might have this in mind. You could also use the heat to heat something you were going to heat anyhow, like your house or for drying water out of biofuels. The latter is one of the big energy costs for ethanol based fuels.
Some drink at the fountain of knowledge. Others just gargle.
Because blockchain!
This is exactly the issue. Nobody knows why we want it. Somebody came up with a cool new technology, but just because the technology exists, doesn't mean there is any actual use for it. People keep trying to kludge a purpose on to it, but so far every one of those purposes is better served with existing tools.
I'm not going to say that blockchain technology is useless. But I will say that nobody has yet come up with a good use for it.
But we know what value mastercard provides. We don't know what value blockchain provides.
Comparing the power use of the two is therefore somewhat irrelevant.
Mastercard allows me to shop both in person and online with certainty. I present my card, and within a couple of seconds we have certainty that my transaction is approved and will go through. I know that even if the merchant finds a way to double bill me, mastercard will indemnify me for it, and I know what the transaction will cost me in relation to the amount of money I have, and in relation to every other transaction I make, because they all use the same currency.
Blockchain transactions on the other hand have none of the certainty, none of the speed, and none of the security. They also aren't tied to the currency used for everything else, so the wild price swings can, and will, affect you. Also by your own admission, blockchain isn't even supposed to be for payment, just as a distributed ledger. Something that nobody has ever found a use for that isn't already better served by other existing tools.
I'm not saying the technology is completely useless. But I can confidently say that nobody has found a practical use for it yet other than to try to find the "greater fool" willing to pay more for it than it cost the original person.
Depends how quickly you can cash out. It likely doesn't take long to cash out if you know how and have pre-arranged it, and you only need it to happen a fraction of a second faster than the time it takes the crypto currency value to tank.
At the moment you are right, with the exception of it extreme uses in international money laundering, evasion of laws odious to Libertarians, and a refuge for people with domineering central banks (zimbawe and china for instance).
on the otherhand the internet was pretty useless when there were only two connections. And why would you want to text people before there was a blackberry when you could just call them.
Some drink at the fountain of knowledge. Others just gargle.
All the splinter chains are vulnerable to Beowulf-cluster alliance attacks.
Unless you've got 51% of all available blockchain compute over all blockchains held by honest parties, your blockchain is at risk if all the hostile compute coalesces for a quick, selective heist (before going back to its sundry regular programming).
Even worse: all available blockchain compute includes Amazon's instant army (and any other advanced GPU cloud service), though perhaps the ASIC-advantage presently renders this moot (I don't follow this closely enough to know for any specific currency).
Bear in mind: you might only need to rent the instant army for a few minutes to tip the balance of power.
Mathematically, the ideal solution is to only have one blockchain, making the 51% bar is a sizeable fraction of all marginal or repurposable compute available, on a global basis.
Put that in your blockchain ICO and smoke it.
Yeah, yeah, I know—I'm exaggerating for effect—and my claim is barely 51% true, which is hardly true at all, by traditional standards, supposing you still believe in those, when obviously the whole point of your ICO is that you clearly don't.
Goodness knows why I'm replying to an AC, but the inability to reverse transactions is a feature! People get scammed all the time by customers reversing credit card charges once the transaction is complete. You can go ask Steve Wozniak about it.
None of the items you mentioned are really drawbacks. Protecting access to private keys is not that difficult if you're competent with computer security.
you need some kind of enforcement capable of setting things right. Something that can govern, if even just a little bit.
Cryptocurrencies are clearly not for you! If you need a babysitter you can use the traditional money system.
A pile of money. The early adopters and scammers will get rich quick and get out. If they are not already out, they are likely fools.
I'm a good cook. I'm a fantastic eater. - Steven Brust
See the last line of my previous comment.
I didn't say it would be useless forever. just that it's useless right now. And it's not a scale thing like the internet or texting. It's a fundamental problem of figuring out a use for it. Right now there is no use case. I can't predict the future, and it's possible that there will be a use case in the future, but right now there's none. I won't write off the technology as a whole, but so far this is a solution in search of a problem. We may yet see this solve some problem, but it hasn't happened yet.
This is why we don't need 600+ altcoins and never did. Blockchains require large groups. These currencies don't have them. Stop inventing new ones thinking you'll get rich, people!
Decentralized isn't necessarily the problem though, The average person doesn't understand the current financial system, nor do they care whether something is "centralized" or "decentralized". People simply look at the pros and cons. People will even accept more risk, if there's a tradeoff that offsets it. (look at IOT for example, people will accept the risk of their door locks being hacked for the convenience of having them accessible from their smartphone). But blockchain solves none of the problems people have with their existing payment solutions, while introducing several new ones. That's why it isn't a useful currency. Here are some of the top concerns people have about their payment methods, and how blockchain addresses them:
- Fees. People complain about paying their banks for transactions, but realistically credit cards don't charge the end user, and the fee they do charge to the merchant is not waived if you don't use one in most cases (I know there are a small handful of businesses that reduce their price for cash purchases, but it's not normal) Meanwhile blockchain does have transaction fees (and sometimes incredibly high ones!), just to different people. Additionally many credit cards offer points of some form, or even cash back. It's cheaper for me to use a credit card than cash, and cash is cheaper than blockchain.
- Peer to Peer. People want to be able to send money from one person to another quickly and easily. Most banks make this difficult. Unfortunately, transactions using blockchain aren't quick enough for someone trying to sell something to another person (I don't want to sit around waiting for minutes, hours, or days, to see if I should hand over the item) and also have added fees. Cash still wins this one.
- Theft, people don't want to be on the hook if someone steals their wallet. Cash is gone if someone takes your wallet, but at least you probably don't have all of your money in cash in your pocket, most of it is probably in the bank. Credit cards idemnify you against theft, as does the bank. Blockchain has no protections at all against theft, and there's a high chance that you could have all your eggs in one basket (sure you COULD have multiple wallets and maybe only 1 will be hacked, but will you actually? and even if you do, can you guarantee an attacker won't get more than one?) Credit cards are the safest one here, followed by banks,
Now if they made great progress in the first 2 items compared to the traditional payment methods, then people would probably accept the third one. But when all 3 are worse, they won't adopt it. This means that nobody really uses blockchain currencies as a payment method, they use them to gamble that someone else will pay more for it than they did. And that's all it's really used for.
Future forks of cryptos may require geographic diversification of mining power using a non-spoofable, terrestrial GPS alternative that supports public key cryptography. http://bit.ly/2xxnDds
There is value in being able to transact in a way that is immutable/undeletable and available to everyone.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
A pile of money. The early adopters and scammers will get rich quick and get out. If they are not already out, they are likely fools.
Except if any significant portion of coins are sold the market crashes. If you have a large sum of coins now, you can't sell them. They are hypothetical assets.
Maybe you think you can sell them on the down low. And no one will notice. And no one will ever have the same idea as you. Good luck with that.
pizza.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
There is nothing that prevents a service like cloud storage or video hosting site or anything else from creating a publicly accessible data storage without exposing an API that allows editing or deleting content. That doesn't exist not because the limit is people not technology.
because the baseline for crypto currencies is and remains drugs and money laundering. What I'm wondering is if governments will ever crack down on that. If they do expect the value to plummet. Currency is worthless if it can't be exchanged for goods/services, and there's almost nobody taking even bitcoin for anything of actual value, let alone all the other currencies out there.
If I sound harsh it's because I'm a little ticked that a buddy of mine spend a bunch of real money on one of those "Proof of Stake" coins that is basically an unregulated security minus anything of value backing it like a company. He didn't spend a lot of money, but OTOH he doesn't have a lot. I'm sick and tired of seeing folks taken advantage. Studies have shown people make bad decisions when they get desperate, and that makes desperate people ideal marks. But all I hear from anybody is Caveat Emptor.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Dogecoin and Reddcoin, and probably another hundred or so crypto-currencies.
There's more than just Bitcoin and Litecoin out there.
#DeleteFacebook
"I know there are a small handful of businesses that reduce their price for cash purchases, but it's not normal"
Unless you're a gas station, at least in southern California. I can name only one single station (in a small mountain town) in SoCal that does not charge around a dime a gallon extra for plastic - and I've seen the same in any other part of the country that I've encountered.
I don't know how many gas stations there are out there compared to other businesses, or how there gross sales compare to others, but I don't think they would be classified as 'a small handful' by any reasonable means.
And as a counter point, I have never seen that practice at any gas station in any of the countries I have ever visited (including yours). So I'd say the sample size is extremely small. Which would stand to reason as it is also against their contract with their card processor to charge different rates for card vs cash so they risk losing their ability to accept cards at all. Which would also kill their ability to sell to any fleet. A risk very few businesses are willing to take.
A simple visit to arco.com will show that they are alive and well and expanding into Mexico. hey are now part of BP, but the brand continues. They still refuse credit cards, and still charge a 35 cent 'convenience' fee for using debit cards. (They are also ubiquitous in SoCal).
Visa and MasterCharge used to ban cash discounts in their contracts. They were sued by the DoJ back in 2010, immediately settled, and agreed to never again discourage merchants from offering cash discounts or pushing other forms of payments.
And yet, nobody ever provides a cash discount. Funny that.
Thing is it would be stupid for a consumer to use cash. It's against their self interest. Credit cards are ALWAYS cheaper for the consumer than cash. Every single time.
There's no discount for cash, and you get points or cash back on credit cards. Even if you don't get points or cash back, you still get an interest free 30 day loan, that alone is worth something.
For the retailer it may be another story, but even there it's not so clear cut. I do know a major chain that tried to encourage cash at one point, but they ended up giving up. Their reasoning was that it was so much more expensive to handle the cash that it wiped out any savings (counting the cash, dealing with change, making deposits, accounting for differences in the register, etc) So even for a retailer credit cards can make more sense.
And then of course there is cryptocurrency, all the negatives of cash, AND all the negatives of credit cards, with none of the advantages of either....
Oh, I agree with you. The people using it as a get-rich scheme have already cashed out. The ones still left holding tons of coins are the ones that are screwed and must carefully maintain the bubble lest their "assets" become worthless. (or "more worthless", whatever)
I'm a good cook. I'm a fantastic eater. - Steven Brust
"And yet, nobody ever provides a cash discount. Funny that."
An extraordinary claim which can be disproved by a casual drive through California, via Google Maps' Street View feature. A typical intersection can be found at http://tinyurl.com/ya8xojyl; a corner on Ventura Blvd where Shell, Chevron, and an independent station are all advertising both cash and credit prices.
For a wider view, go to GasBuddy.com, a crowd sourced gas price survey. You have to join to get full details, but their [public] summary information indicates whether a cash discount applies. You can punch in locations all over the US; cash discounts abound.
I'll stand by my original comment: that cash discounts are offered by far more than "a handful of small businesses", and that the dollar volume represented by the US stations alone offering such discounts is freakin' huge.