
Bitcoin Gold hit by 51% attacks, $72K in cryptocurrency double-spent - scalableUnicon
https://thenextweb.com/hardfork/2020/01/27/bitcoin-gold-51-percent-attack-blockchain-reorg-cryptocurrency-binance-exchange/
======
dang
A current thread about 51% attacks is here:
[https://news.ycombinator.com/item?id=22160523](https://news.ycombinator.com/item?id=22160523)

~~~
jackalo
That is a thread about the cost for a 51% attack against various crypto
currencies, not about Bitcoin Gold actually being hit.

~~~
dang
Yes, that's why we didn't merge the two threads.

------
drcode
ELI5:

Lots of cyptocurrencies use the same mining algorithm, i.e. they require the
same type of puzzle to be solved to make money creating blocks. In recent
years, lots of online services have sprung up to offer cloud mining, which
people usually use to mine blocks on the bigger cryptocurrencies, like Bitcoin
Core or Bitcoin Cash.

However, since the smaller cryptocurrencies, like Bitcoin Gold, have less
users/miners, they also require easier "puzzles" to be solved, which opens an
opportunity for any random person to pay some $$$ to hire a bunch of these
cloud servers for a limited time and point them at these easier puzzles, which
can cause such a smaller blockchain to get confused about account balances.
The attacker can then re-spend the same currency multiple times to make a
profit.

AFAIK there aren't really any good solutions to prevent this problem- For
complex game-theoretic reasons, simply changing the mining algorithm to
something different doesn't really offer much protection. (Some folks believe
if these smaller currencies were to move to "proof of stake" it could help
solve this problem, but this is an extremely contentious topic.)

~~~
zionic
IMO proof of stake is a lot less contentious than you imply. ETH2's slashing
algo should make these types of attacks very hard.

For the curious a simple breakdown Ethereum 2.0's Proof of Stake (PoS) plan
is:

-Minimum 32 ETH to stake

-Staking locks the currency in the staking pool

-Your node votes on the validity of the transactions (this is super light weight and fast, can run on a rPi instead of huge mining nodes).

-If the network agrees you was acting maliciously your locked stake begins to be slashed/burnt.

-Voting with the majority gives you a % of the block reward.

This means a 51% attack on the chain requires 51% of the currency staked which
would be extremely hard to get without skyrocking the price (making 51%
exponentially harder to achieve). They've also done some spooky proofs I don't
understand that make the actual number to take over the network >51% (70% or
so IIRC).

So it's green, fast, and harder to attack successfully. And unlike PoW, if you
fail your "attack money" gets nuked.

~~~
WorldMaker
Some of the contention is directly in your choice of words: "should" and
"plan". So far no Proof of Stake system has made it into the wild. There's a
lot of talk about Proof of Stake, a lot of planning, a number of "almost
attempts", but still no one running it at a big scale. It's trapped in "Soon™"
the way Ethereum has talked about it, for years now. That's certainly an easy
form of contention when even the biggest group talking about Proof of Stake
have remained slow to pull the trigger.

~~~
mythrwy
Tezos isn't in the wild nor at scale?

~~~
WorldMaker
First I've heard of it, so equating "wild/at scale" to include general
mainstream acceptance/word of mouth (or at least the impression of such to the
average HN reader such as myself), the short answer right now is, based on my
personal barometer: no.

I will look into it later, and decide on the longer answer if it would meet
characteristics that I would ascribe to "in the wild" or "at scale" given a
deeper understanding of what it has accomplished to date.

------
tgsovlerkhgsel
Since the other post got buried in a subthread: This is about Bitcoin Gold,
not Bitcoin itself.

Bitcoin Gold is the least relevant of the forks (worth ~$12 per coin while the
main chain BTC is worth ~8750 and the two major forks BCH/BSV are worth around
300, and only 7 of the 20 largest exchanges (by liquidity, according to
coinmarketcap) list it - even though most of them list plenty of
altcoins/shitcoins. For comparison, Bitcoin Cash is listed on all of them,
Bitcoin SV on 14 of them. Additional stats here:
[https://news.ycombinator.com/item?id=22160458](https://news.ycombinator.com/item?id=22160458)

~~~
brokensegue
clearly you've never heard of Bitcoin Diamond

~~~
Relys
I prefer Bitcoin Platinum.

~~~
brokensegue
Is that real?

~~~
tirpen
I'm fairly sure it's a Pokémon joke.

~~~
mrosett
Doesn't mean it's not also a cryptocurrency :)

------
est31
> He then provided a screenshot showing that Binance had since increased their
> BTG withdrawal requirement to 20 confirmations.

The journalist has missed an important part of the github gist that their
story bases on:

> Based on Nicehash market price data for Zhash we estimate the cost of
> generating each reorg at around 0.2 BTC (~$1,700) and the attacker would
> have recouped around the same value in block rewards. Therefore, it is
> possible that the attacks were profitable if the double-spends succeeded at
> defrauding the attacker's counterparty, or break-even if the double-spends
> were unsuccessful. This suggests that a confirmation requirement on the
> order of tens of blocks for BTG is still far too few to make the budget
> constraint to launch an attack significant.

~~~
Misdicorl
Double spends are an inefficient way to profit from an attack, they're merely
the advertising/marketing angle.

The real profit will come from shorting the currency and capitalizing on the
subsequent crash due to the crisis in confidence.

~~~
wmf
_If_ you can short such an obscure coin and _if_ there's a crash. Sometimes
these attacks are already priced in.

~~~
snarf21
I think the point they were making is that you keep double spending until it
does. You profit or you profit very very big. It doesn't seem like news of a
double spend would ever cause a pop.

~~~
johnbrodie
But how do you go about shorting these coins? There's not an obvious way to
short them, like traditional stocks.

~~~
totony
Cryptocurrency exchanges are pretty involved nowadays, iirc they offer short
on most

------
propter_hoc
Second time this has happened to BTG. Boggles the mind that people continued
to use this coin. [https://fortune.com/2018/05/29/bitcoin-gold-
hack/](https://fortune.com/2018/05/29/bitcoin-gold-hack/)

~~~
aeyes
Do other coins have any countermeasures against this? Other than it being
expensive to control 51% of the networks hash rate?

I guess raising the amount of required confirmations helps but even then it's
just a matter of time.

~~~
spir
Yes, Ethereum is transitioning to proof of stake.

Proof of stake is more secure than proof of work because an attacker must
acquire a large amount of ETH each time they attempt an attack. Attacks
against proof of stake are incredibly capital-inefficient.

~~~
nullc
Ethereum has been announcing "proof of stake" since before their original
launch. Yet, years after their deadline and their second deadline and their
third deadline... it still isn't there. Multiple hardforks to push back the
logic bomb in their consensus rules that was originally supposed to guarantee
its successful deployment... Now their target has been to create a new
parallel cryptocurrency (eth2) and let you buy into it with your eth.

If your goal is a decentralized system POS is just a fundamentally broken
idea, as was known years ago (and long before ethereum existed
[https://download.wpsoftware.net/bitcoin/pos.pdf](https://download.wpsoftware.net/bitcoin/pos.pdf)
). Ethereum isn't a decentralized system-- as demonstrated by them editing
balances to recover coins the ETH administrators personally lost by gambling
on an ill-advised contract-- but they have to keep up the pretext.

~~~
Acrobatic_Road
>Ethereum isn't a decentralized system-- as demonstrated by them editing
balances to recover coins the ETH administrators personally lost by gambling
on an ill-advised contract

Uh, I'm fairly sure this never happened but you're welcome to provide a
source.

~~~
tromp
[https://en.wikipedia.org/wiki/The_DAO_(organization)](https://en.wikipedia.org/wiki/The_DAO_\(organization\))

~~~
Acrobatic_Road
Not what he is referring to, the DAO was not a gambling contract and the funds
lost accounted for ~14% of all ETH, not some administrators' personal losses.
Those who disagreed with the proposed hard fork stayed on what became Ethereum
Classic and everyone else jumped ship to what is now Ethereum.

~~~
nullc
That is exactly what I was referring to. DAO was an "investment" with an
unspecified way to make money, it was essentially a gamble. The funds in it
were a majority coming from ethereum foundation members. The reason that they
were 14% of all ethereum at the time was that at the time something like 85%
of ethereum in existance had been premined by the ethereum foundation (at the
moment it's 75%).

Most people who opposed the fork also stayed with ethereum because the
ethereum foundation, which they'd collectively invested millions in, announced
it would not support the fork. (in fact, it announced that the fork wouldn't
even exist-- which caused companies like coinbase hundreds of thousands in
losses from replays due to not being prepared for it)

~~~
Acrobatic_Road
>That is exactly what I was referring to. DAO was an "investment" with an
unspecified way to make money, it was essentially a gamble.

The DAO was supposed to be a VC firm. If you want to say that the DAO was
gambling then so is all Venture Capital.

> The funds in it were a majority coming from ethereum foundation members. The
> reason that they were 14% of all ethereum at the time was that at the time
> something like 85% of ethereum in existance had been premined by the
> ethereum foundation (at the moment it's 75%).

What a laughably stupid thing to say. Ethereum did an ICO before that term was
a thing, mined a shit ton of ETH and sold almost all of it for Bitcoin. By the
time the DAO was a thing the Ethereum foundation controlled ~12M ETH, which
did not overlap with the ~11.5M ETH in the DAO (The funds were for the
development of Ethereum, not speculative purposes). There was an additional
some 60M ETH from the initial sale + ETH from newly mined blocks, not in the
DAO and not part of the ETH foundation.

>Most people who opposed the fork also stayed with ethereum because the
ethereum foundation, which they'd collectively invested millions in, announced
it would not support the fork.

The Ethereum foundation announced it would not support what exactly? If you
mean Ethereum Classic well that is not a fork of anything - but a continuation
of the original DAO chain. 11% of people voted against the Ethereum fork and
presumably did not migrate (or likely just used both).

>in fact, it announced that the fork wouldn't even exist-- which caused
companies like coinbase hundreds of thousands in losses from replays due to
not being prepared for it

Er, what? Assuming you are referring to ETC, which again is the original
chain, the Ethereum Foundation does not have the power to determine its
existence or non-existence. The original chained continued to be mined and
supported by nodes.

------
piker
Note this is "Bitcoin Gold", not Bitcoin.

~~~
astrodust
This is just a warm-up for taking on Bitcoin.

~~~
s_dev
There isn't a state actor or company that overturn Bitcoin with computing
power.

~~~
astrodust
You can't be serious.

Bitmain does.

~~~
JackRabbitSlim
Source?

I mean, real technical capabilities not just mention of facilities in Texas or
whatever.

~~~
astrodust
They manufacture the bulk of Bitcoin mining gear. They hold all the IP. They
have all the manufacturing contracts. They have heaps of their own hardware
and the capability of manufacturing more at cost.

They are the prime mover in the Bitcoin space, and have an outsized impact in
other crypto mining spaces. They are the undisputed ASIC leaders.

~~~
Priem19
What's your point? If Bitmain decided to 'overturn' Bitcoin all their gear
would become worthless.

~~~
astrodust
What if crashing Bitcoin helped them in some way, like pushing people to
Ethereum where they also sell metric tons of mining equipment?

You're saying it's impossible, and now you're saying nobody would bother.
Don't move the goalposts.

------
gruez
Note there are plenty of other cryptocurrencies that are susceptible.

[https://www.crypto51.app/](https://www.crypto51.app/)

~~~
dang
Current discussion at
[https://news.ycombinator.com/item?id=22160523](https://news.ycombinator.com/item?id=22160523)

Also in 2018:
[https://news.ycombinator.com/item?id=17173051](https://news.ycombinator.com/item?id=17173051)

------
bdcravens
Meta: I spend a lot of time in crypto(currency) subreddits, and of course
approach those conversations differently than I do when I see the same topics
pop up on HN. That said, I see a lot of the Reddit-style comments and
terminology ("altcoins", "shitcoins", derisive names, etc) show up where when
there's a crypto discussion. Does this happen in other subjects and I'm just
unaware of those topic's subcultures? Or am I correct that the level of
discourse for crypto is that much lower?

~~~
aprao
I wouldn't necessarily call the discussion "lower" but you can see similar
colorful language in forums dedicated to trading equities/options.

~~~
bdcravens
I imagine so. I think my question (maybe I missed the mark) was is that does
as much as that leak into HN (where I consider the level of discourse far
higher than the Internet as a whole) as much for other topics?

~~~
aprao
Oh, I guess I misunderstood. Not sure about that but that is an interesting
question.

------
granaldo
How disconnect the market is from facts. Price of Bitcoin Gold is not even
affected by this news at all

[https://www.coingecko.com/en/coins/bitcoin-
gold](https://www.coingecko.com/en/coins/bitcoin-gold)

The market may not even understand what 51% is about

~~~
runeks
Or maybe all buy orders have disappeared. Looking at the last exchange price
does not measure the value of a cryptocurrency, you need to look inside order
books to see if anyone is even interested in buying your cryptocurrency. It’s
not relevant to the value of your cryptocurrency that someone was once willing
to buy it.

------
AdrianB1
Just an observation: 51% attacks are happening there days in some countries in
governments. When 51% gives you the absolute power in a bitcoin, it gives you
enough to rule a country and push it to 100% (there are a few real life
examples). Maybe 51% is a threshold too low for some things.

~~~
Synaesthesia
That’s never really true, because even in a dictatorship the government
doesn’t have total control of everything. And a 51% govt in a democratic
country is constrained not only by rival political parties but also the
business sector and public outrage.

~~~
AdrianB1
Just 2 words: North Korea.

------
H8crilA
And all of that costed just about $1.2k, what a joke currency.

------
bobmaxup
[https://en.wikipedia.org/wiki/Sybil_attack](https://en.wikipedia.org/wiki/Sybil_attack)

------
TazeTSchnitzel
> Binance had since increased their BTG withdrawal requirement to 20
> confirmations.

Perhaps they should require some multiple of (amount of the transfer / cost of
the hashpower needed to mine one block)?

------
latchkey
One point nobody is hitting on is that the price of BTG pumped a few weeks ago
for no apparent reason. I guess we know why now. Pump the price and then
attack it for even more profit.

------
milansuk
The block which includes double-spent is invalid. When an honest node chooses
the "strongest" chain it should check block If it's valid, not just look at a
number of confirmations.

This is also true for blockchain browsers(and their api), which apps use to
confirm the transaction(most of users don't run full node). The only way how
51% attack can be successful in the long term is that honest nodes(and
blockchain browsers api) are re-configure to ignore double-spent(at least for
a particular time period).

~~~
wcoenen
How do you know which side of a blockchain fork is the double spent, and which
is the original?

~~~
milansuk
This is a valid point. Sorry for my post. Blockchain has few moving parts, but
the whole game theory around it is very complex.

------
s_gourichon
BTG might collapse as a result.

This might help general awareness that minor coins without a differentiating
technology are simply highly vulnerable uninteresting clones, not worth any
attention and thus, value. Perhaps some would just disappear, in a spiral of
lower value, lower hash rate, more vulnerability, till all miners leave
towards other, stronger coins?

This might sanitize the whole cryptocurrency domain a little.

Or not?

~~~
kybernetikos
It's been known for some time that anything out of the top 10 that uses a pow
algorithm for which you can buy hashpower in the market is pretty easy to run
a doublespend on. It doesn't seem to have had a huge effect on adoption of
those coins though.

------
rootsudo
The question now is: was hiring the cloud mining services cheaper than the
reward of $72,000?

------
m3kw9
Looks like they took a loss doing that attCk

~~~
bdcravens
There are a lot of Bitcoin advocates that would attack out of motivations
other than (short-term) profit.

------
redis_mlc
Oh. Again.

------
dajohnson89
i wonder if this will cause a fork.

~~~
sp332
No, this won't cause a fork. To be specific, little forks happen all the time
as different clients get information about new blocks at different times. So
blockchains are very resilient to that kind of thing. Clients only continue
from the longest legit chain they have seen, so whichever side of the fork has
more hashpower on it will win in a way that's pretty transparent. So the
attacker did cause a fork, so that they could spend coins once on each side,
but all clients other than the attackers' would agree on which side was
legitimate. So once the attack is over, it settles down immediately.

~~~
joosters
It _was_ a fork! That's how the double spends work. The attackers generated a
new chain of blocks from just before their transaction, and produced their
chain so fast that it became longer than the 'real' chain, causing miners to
accept it as the legitimate record of all transactions.

As for 'resilient', try telling that to the people who were robbed of their
coins because of this attack!

------
pwinnski
This is good for Bitcoin. /s

~~~
fabianfabian
Well it is, any copy cat coin sharing the same hashing algorithm as Bitcoin
has this risk. So stay away from shitcoins.

Edit: I was wrong about BTG sharing the same algorithm.

~~~
abstractbarista
I think it's more complicated than that. You'd need enough computing resources
to "beat" half of the Bitcoin network's current hashrate, which is absolutely
massive compared to BTG's.

Oops: I see what you mean though. Because there's so many BTC miners, they can
easily swap over to BTG to overwhelm the much smaller network.

~~~
martindale
This is part of the reason why it's most likely everything will converge on a
single money. Currencies will be issued on top, rather than dividing the
global effort.

------
maitredusoi
who on earth has got Bitcoin Gold in his pocket ??? ;)

------
jb775
1 for 1 so far on my 2020 decade predictions

[https://news.ycombinator.com/item?id=21943830](https://news.ycombinator.com/item?id=21943830)

~~~
Traster
Sorry, but this doesn't seem related to quantum - I don't think you get credit
yet.

------
knocte
I wonder why this ended up in the front page of HackerNews? It's not news that
altcoins are much much easier to attack than the top coin(s). Lesson to learn
here: top coins are not only better due to the network effects (users and
developers), they are also better in terms of security (it's much more
expensive to carry out an attack in BTC or ETH, for example).

~~~
xyst
Would it be fair to say altcoins are the “penny stocks” of the cryptocurrency
world? Easily subjected to price manipulation and typically the perpetrator
doesn’t have to spend too much.

~~~
knocte
I think altcoins are not even penny stocks, they will die soon in the same way
there are no other networks these days that try to be the internet. The penny
stocks are the Ethereum tokens.

