
Bitcoin Is Less Secure Than Most People Think - jeffreyrogers
https://marginalrevolution.com/marginalrevolution/2019/01/bitcoin-much-less-secure-people-think.html
======
dragontamer
The title is clickbait trash, but the actual point in the blogpost is actually
really good. So I feel like this deserves at least some discussion.

Proposed Alternative Title: "Proof of Work 51% attacks are far cheaper than
most people think"

General point: When a BTC Miner creates a 51% attack, they get rewarded the
block. Which means they get the 12.5 BTC (or whatever coin) associated with
the blockchain.

In effect, the rewards of the 51% attack are not only the double-spends, but
also every coin that is associated in the blockchain. Mining rewards are
therefore, granted to the double-spend attacker.

To but it into more concrete terms. If a 51% attacker were to attack Bitcoin
after 1-week (1008 blocks), then the 51% attacker not only gets to double-
spend everything over the week... but the attacker ALSO gains at least 1009
blocks worth of reward from the blockchain (At $3500 / BTC, that's
$3,531,500).

\----------

Once you account for the BTC that is mined by the 51% attacker, the effective
profit margin of a 51% attack is far easier than what people seem to expect.

~~~
bsdpqwz
The mining reward is a special transaction in the newly mined block called the
coinbase transaction. It's a transaction with no inputs, only one output
pointing to an address of the miner.

Bitcoin does not allow these kind of transactions to be used as input for
another transaction unless a certain number of confirmations has passed.

Currently this is set to 100
([https://github.com/bitcoin/bitcoin/blob/1d9d314573ee48f6f511...](https://github.com/bitcoin/bitcoin/blob/1d9d314573ee48f6f51107265f1cf1fa9e36c998/src/consensus/consensus.h#L14))

So roughly 1000 minutes need to have passed before the network will accept a
transaction with a mining reward as input.

~~~
dragontamer
Thanks for the additional technical details. But I don't think it changes
anything.

> Bitcoin does not allow these kind of transactions to be used as input for
> another transaction unless a certain number of confirmations has passed.

This means that in the hypothetical attack case, where 1008 blocks are
replaced by 1009 blocks by the 51% attacker... then 909 x 12.5 BTC are
immediately usable. While the last 100 x 12.5 BTC will be usable in 1000
minutes later.

In either case, the 51% attacker mines blocks faster than literally everyone
else combined. So there's no period where of waiting that is safe against a
51% attacker.

The 51% attack is the end-all-be-all of a coin. If it happens, the coin is
hopelessly lost. The entire cryptographical nature of the coin depends on the
51% attack remaining infeasible.

\----------

In any case, the 51% attacker's 1009 blocks is longer than the 1008 "honest
blockchain". So the honest miners (by default) will mine the 1009-long
blockchain after the 51% attack.

So the 51% attacker's coins are safe and will be spendable in short order.
Perhaps the 49% honest miners can "blacklist" his coins, but with 51% of the
hashrate, the 51% attacker can always legitimize his own coins by using his
own 51% hardware (since he can build blocks faster than everyone else).

------
DerekRobot
Isn't Nano far better in terms of "One CPU- One vote"? The transactions are
voted on by nodes, which are free/cheap to run.

~~~
moosingin3space
That's also a problem, though, because an attacker just needs a large number
of nodes to effectively control the currency, which is not challenging or
necessarily costly (see: Mirai). Doesn't stop the hardware race that leads to
centralization.

If the incentives promoted by cryptocurrencies inevitably lead to
centralization, what's their benefit over the existing financial system?

------
anm89
I can't debate any specific point in this article. It seems well written and
researched to me.

Here's what doesn't add up to me. If it's actually possible why hasn't it
happened? It seems like there is all the monetary incentive in the world to
get it done. It feels to me like the fact that it hasn't happened supports the
idea that it isn't economically viable under the current conditions

