Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blockchain's Once-Feared 51% Attack Is Now Becoming Regular (telegra.ph)

Posted by msmash on from the ruining-things-for-everyone dept.

Monacoin, bitcoin gold, zencash, verge and now, litecoin cash. At least five cryptocurrencies have recently been hit with an attack that used to be more theoretical than actual, all in the last month. From a report: In each case, attackers have been able to amass enough computing power to compromise these smaller networks, rearrange their transactions and abscond with millions of dollars in an effort that's perhaps the crypto equivalent of a bank heist. More surprising, though, may be that so-called 51% attacks are a well-known and dangerous cryptocurrency attack vector. While there have been some instances of such attacks working successfully in the past, they haven't exactly been all that common. They've been so rare, some technologists have gone as far as to argue miners on certain larger blockchains would never fall victim to one.

The age-old (in crypto time) argument? It's too costly and they wouldn't get all that much money out of it. But that doesn't seem to be the case anymore. NYU computer science researcher Joseph Bonneau released research last year featuring estimates of how much money it would cost to execute these attacks on top blockchains by simply renting power, rather than buying all the equipment. One conclusion he drew? These attacks were likely to increase. And, it turns out he was right. "Generally, the community thought this was a distant threat. I thought it was much less distant and have been trying to warn of the risk," he told CoinDesk, adding: "Even I didn't think it would start happening this soon."

24 of 168 comments (clear)

  1. CaptainDork's corollary: by CaptainDork · · Score: 3, Interesting

    For every motherfucker out there with a computer, there's another motherfucker out there with a computer.

    The strategy for hacking blockchain is no different from hacking anything else: Learn the theory then apply the theory.

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:CaptainDork's corollary: by parkinglot777 · · Score: 2

      Then you need to read TFA. Their targets are small cryptocurrencies because these currencies still have small networks. Also, they can make money if the condition is right.

      From TFA:

      To make money using this attack vector, hackers need a few pieces to be in place. For one, an attacker can't do anything they want when they've racked up a majority of the hashing power. But they are able to double spend transactions under certain conditions.

      ...

      As such, hackers have found various clever ways of making sure the conditions are just right to make them extra money. That's why attackers of monacoin, bitcoin gold, zencash and litecoin cash have all targeted exchanges holding millions in cryptocurrency.

      By amassing more than half of the network's hashing power, the bitcoin gold attacker was able to double spend two very expensive transactions sent to an exchange.

      Through three successful attacks of zencash (a lesser-known cryptocurrency that's a fork of a fork of privacy-minded Zcash), the attacker was able to run off with about more than 21,000 zen (the zencash token) worth well over $500,000 at the time of writing.

  2. We need to smash the money printing machines. by xack · · Score: 4, Insightful

    The entirety of the Netherlands is growing tulips instead of food. People are prostituting them selves for chucky cheese tokens entire coal power stations being built just for funbux.

    I hope the 51%ers wreck as many cryptocurrencies as possible to crash the market so the environment can be saved, graphics cards go back to making graphics and people go back to investing into stocks of real companies that provide real services.

    1. Re:We need to smash the money printing machines. by MasseKid · · Score: 4, Informative

      While I agree with most of your statement, cryptocurrencies do provide a real service. That service is a non-centralized bank transaction. The real value of this non-centralized bank transaction is where the speculation comes into play. That all being said, I don't think see such a network as being sustainable as the cost of transactions is exponential over time.

    2. Re:We need to smash the money printing machines. by Gravis+Zero · · Score: 5, Funny

      People are prostituting them selves for chucky cheese tokens

      Oh come on! Who among us hasn't given BJs and handies in the ally behind Chucky Cheese for tokens? You do realize they have pizza and video games, right? ;)

      --
      Anons need not reply. Questions end with a question mark.
    3. Re:We need to smash the money printing machines. by fred911 · · Score: 2

      'And the non-centralized feature is also one of the biggest drawbacks.'
      Dependent upon your viewpoint. Decentralization relies upon verification and trust of all nodes. The hive mentality verifies the trust.

      "What happens when someone accesses your wallet and steals your currency?"
      The same thing that happens when you loose fiat currency.

        "Who can reverse the transactions and get your money back?"
      See above. Even if the transfer was adjudicated as fraudulent the probability of receiving compensation from the verified criminal is close to nil.

      " Once you have ill intent, you need some kind of enforcement capable of setting things right. "

      There will always be ill intent and actors attempting to gain without contribution. What is necessary is an algorithm design that requires a greater amount than just a majority (50.1%) of the nodes to set the "hive" decision, without latency.

      "Something that can govern, if even just a little bit."

      Secure and properly executed code has no grey areas. And like The Constitution, we've not found a perfect solution. We have found one of the better solutions in recorded history. Blockchain development will evolve the same. As far as gruberment is concerned, they just want to legislate and monopolize their piece of the pie, as do bankers, without providing work that others can do cheaper.

      --
      09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    4. Re:We need to smash the money printing machines. by careysub · · Score: 4, Informative

      The Netherlands in fact is number TWO in the world in food exports, as measure by value! $93 billion vs $150 billion for the U.S.

      This is possible because the focus on high value vegetable crops (not cheap tonnage grains) and by having a large food processing industry. A lot of that value, is processing value-added, and may not even be from raw foods that The Netherlands produces itself, but imports.

      --
      Starships were meant to fly, Hands up and touch the sky - Nicky Minaj
  3. Re:rofl by olsmeister · · Score: 3

    I don't see the point either. I have nothing against them, but it just falls under the category of "a fool and his money...."

  4. Re:Coming soon by jfdavis668 · · Score: 5, Funny

    Blockchain 2, the Search for More Money.

  5. Re:Coming soon by pak9rabid · · Score: 2

    I'll wait for Blockchain++

  6. "Attack vector?" by DRJlaw · · Score: 4, Interesting

    In each case, attackers have been able to amass enough computing power to compromise these smaller networks, rearrange their transactions and abscond with millions of dollars in an effort that's perhaps the crypto equivalent of a bank heist. More surprising, though, may be that so-called 51% attacks are a well-known and dangerous cryptocurrency attack vector.

    That's not an attack vector, that's using the rules to your advantage. The designers expressly adopted a design rule that says that "51% of the current computing power dictates reality." The designer may not have intended for any one group to amass 51% of the current computing power, but intending that nothing "bad" will ever happen is not sufficient in engineering, contracts, law, or any other aspect of human endeavor that has evolved to survive contact with the real world.

    A bunch of people who want to make money using blockchain technology are become quite ticked off that a group of other people who want to make money using blockchain technology are using that blockchain technology as expressly designed to take their money.

    Thankfully the article seems to be focused on improving the designs rather than demands that governments intervene in these "government not welcome" currency projects.

  7. Depends on the value of shenanigans by Comrade+Ogilvy · · Score: 4, Interesting

    The main potential gains from a 51% attack are (1) trashing of a blockchain, primarily reducing its credibility, or (2) double (triple?) spending.

    Basic theory assumes that the financial advantage of playing nice and mining is greater than can be achieved from the above.

    I would like to see the math on that. Because, in theory, I could get a loan of a bunch coin, rent enough computing power for a 51% attack with that coin, short the coin, double (triple?) spend the coin, and then buy the coin I need at a reduced price after the market responds to the shock. Bitcoin itself may be too big to attack in this manner at this moment in time, but...

    I cannot speak to all blockchains, but the basic theory makes assumptions that hardware is a sticky and expensive thing, so the weight of many servers already dedicated to a blockchain will be too high a barrier to scale.

    The new world may utterly crush those assumptions because: (1) there is a large and growing ecosystem of efficient blockchain mining machines that will happily and quickly work on another blockchain for the right fee, (2) that ecosystem is rapidly growing and well beyond the scope of any one blockchain, (3) the ability to simply rent one thousand servers for an hour is getting easier and easier, and cheaper and cheaper.

    1. Re:Depends on the value of shenanigans by thegarbz · · Score: 2

      I cannot speak to all blockchains, but the basic theory makes assumptions that hardware is a sticky and expensive thing, so the weight of many servers already dedicated to a blockchain will be too high a barrier to scale.

      What hardware and where? Do you want to gain over 51% of power over Bitcoin? If it were available you could rent that kind of hasing power for $700k for one hour. And one hour is all you'll need to make off with more money than that.

      Fortunately Bitcoin is too big to make that kind of computational power available for rent. Most companies with ASICs massively parallel processors don't offer those kinds of resources.

      On the other hand Zencash was recently 51%ed and the attackers made off with $550000. If they used rented equipment for an hour the attack cost them less than $6000. Bitcoin gold suffered a 51% that magically generated $18m worth of the currency. That attack would currently theoretically cost $4000/h. Litecoin has been attacked in the past too (though with their current hash rate that would now be quite difficult). It seems that the typical targets of attacks are currencies with the equihash algorithm (does it sound like someone has some specific hardware somewhere they aren't using?) And coins that have a market cap >$100m

      There's a lot to the equation. For instance you wouldn't attack Smartcoin despite you being able to rent the capacity to the tune of $1/h because it has such a pathetically small market cap that it is impossible to make off with any money. Remember this may be an attack against a currency, but in reality to make money you need to commit fraud against an exchange, otherwise how do you get good old American Dollars in the end.

  8. Comment removed by account_deleted · · Score: 2

    Comment removed based on user account deletion

  9. Re:$630K to be authoritative for bitcoin ? by jarkus4 · · Score: 2

    For exactly one hour. Also I suspect its theoretical - while this would be cost of computing power it would need to be actually available for rent. If you go down the list you find more practical targets eg Bytecoin with market cap of over 1B$ and cost of attack under 600$/h

  10. Re:Coming soon by sconeu · · Score: 3, Funny

    I'll wait for Objective-Blockchain

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  11. Re:It's a feature, not a bug by Aaden42 · · Score: 2

    Something nobody trying to sell "private blockchain" has ever adequately explained to me: If you have an entity or entities that you want to have full restricted control over the blockchain, why use blockchain? Have them store it in their nice plain old database, publish it on the web if they want, whatever. I can't see any way that burning a ton of coal to solve hashes improves any part of that scenario.

  12. Re:Coming soon by dlleigh · · Score: 2

    Best to wait for Functional-Blockchain.

  13. Bitcoin is the 10 cent deposit on the Coke bottle by goombah99 · · Score: 5, Insightful

    The goal of the 10 cent coke bottle deposit is NOT to make coke bottles into a hobo currency. The goal is to have distributed recycling (back when we reused bottles). To do that you needed an incentive.

    In a similar fashion, recycling (as opposed to re-use) in general was spawned as a PR move to solve a problem for the nascent alumumin can industry, and not because its somehow the ethical thing to do. Steel cans rust (or at least thy used to ) so they naturally biodegrade. Same with paper and cloth packaging. But rise of plastic in the 50s creates a non-biodegradable trash problem that people in the 60s really felt was a moral insult to mother earth. The aluminum can people saw the problem with introducing a product to replace steel cans that wasn't re-usable like glass and would not biodegrade like all other packaging and was even more resource intensive to manufacture. So they solved two problems at the same time: Promote recycling. By paying for aluminum cans they got people to see them as better for the earth. And they also got back their expensive materials to reprocess.

    So the point of paying for alumium was not to turn aluminum cans into Hobo currency either. It was to enable everything else. The fact that it induced the neccessary behaviours was the reason to pay pennies for cans.

    I perceive that people misunderstand the purpose of crytocurrency. The goal is not to have a currency. It's to have a distributed ledger but in order to have that a currency is neccessary for two reasonss.
    first, in order to vanquish the doule-spend problem it's essential to a crytpocurrency that it be very expensive to bless a ledger entry and because computing power grows the cost must increase with time.
    Second, since the whole point is that the block chain is a distributed ledger there has to be a way to pay the people who pick up the cans and bottles. Namely, you include a payment into the ledger too. So it has to be a currency.

    But the currency isn't the reason for it. it's the necessary glue to make it work

    SO the two problems with crytpo currencies that are intrinsic are not the currency part or the speculative bubble part. (afterall we could use cans and bottles as currncy if we really wanted to-- whether or not people accept something is a different matter than it's intrinsic value.)
    specifically: if the expansion rate of the cost isn't managed right it becomes an energy consuming nightmare. but if you undershoot the expansion rate then the double-spend problem isn't fixed.

    Getting that right is probably not yet solved by any existing crypto currency. But that doesn't mean it can't be gotten right. We just don't know either way right now.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  14. Re:Coming soon by F.Ultra · · Score: 2

    You are all so oldschool, myself I will rewrite the blockchain in Rust so that it will Webscale!!!

  15. Re:It's a feature, not a bug by F.Ultra · · Score: 2

    But then you are not Buzzword compliant!

  16. Re: Bitcoin is the 10 cent deposit on the Coke bot by sg_oneill · · Score: 2

    The problem with the distributed ledger is outside of crypto coins is a solution in search of a problem, and almost every single use I've seen the follow up question "but who asked for this? And what's the use case that can't be solved by good old fashion public key exchange signing or just putting the quicken backups in a safe like worked perfectly well for the past century or three

    --
    Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
  17. dry water out of biofuels by goombah99 · · Score: 2

    It would be nice if the hash calculation were also solving some other problem of lasting value. As an example, let people submit NP hard problems they actually need solved. Like say planning an airline's schedule of matching pilots and planes under varied weather scenarios. I think ethereium might have this in mind. You could also use the heat to heat something you were going to heat anyhow, like your house or for drying water out of biofuels. The latter is one of the big energy costs for ethanol based fuels.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  18. Re:Bitcoin is the 10 cent deposit on the Coke bott by green1 · · Score: 3, Insightful

    But we know what value mastercard provides. We don't know what value blockchain provides.

    Comparing the power use of the two is therefore somewhat irrelevant.

    Mastercard allows me to shop both in person and online with certainty. I present my card, and within a couple of seconds we have certainty that my transaction is approved and will go through. I know that even if the merchant finds a way to double bill me, mastercard will indemnify me for it, and I know what the transaction will cost me in relation to the amount of money I have, and in relation to every other transaction I make, because they all use the same currency.

    Blockchain transactions on the other hand have none of the certainty, none of the speed, and none of the security. They also aren't tied to the currency used for everything else, so the wild price swings can, and will, affect you. Also by your own admission, blockchain isn't even supposed to be for payment, just as a distributed ledger. Something that nobody has ever found a use for that isn't already better served by other existing tools.

    I'm not saying the technology is completely useless. But I can confidently say that nobody has found a practical use for it yet other than to try to find the "greater fool" willing to pay more for it than it cost the original person.