
Krypton Abandons Ethereum-Based Blockchain After 51% Attack - EwanToo
http://krypton.rocks/2016/09/05/krypton-abandons-ethereum-based-blockchain-after-51-attack/
======
TwoFactor
Its scary how little the founder understands about proof of work, golang, or
Ethereum. The geth issue that was patched 4 months ago had nothing to do with
being 51% attacked.

There's no hashing power dedicated to the altcoin so it got attacked, and this
is something that's been happing to POW altcoins for 6 years now. Its not
clear how she ever expected the POW consensus to survive a 51% attack, and has
not described how the Ethereum protocol has anything to do with the failure of
her consensus algorithm. If she was on a bitcoin-based POW chain she would
have had the same issues.

~~~
homero
Language has nothing to do with it, bitcoin isn't pos, and she invested her
life savings, wtf..

------
keypusher
The author seems confused about the nature of this attack. It has nothing to
do with using the go language or any other, it's purely about the choice of
consensus algorithm and the vulnerabilities of a small ecosystem. In a small
blockchain, it's much easier for bad actors to gain enough hashing power to
control proof of work. I do see they are moving to a proof of stake algorithm,
I hope that works out.

Still unclear to me why some of these smaller coins exist, except perhaps for
rampant speculation. From the krypton site: "$KR is my vision for an ultra-
fast blockchain that can realize all of the features of Ethereum with fewer
initial coins, faster speed and lower inflation." That sounds ok, but right
now none of those things are the primary problem with Eth.

~~~
nl
_Still unclear to me why some of these smaller coins exist, except perhaps for
rampant speculation._

I don't play in this space, but I bet it is because some traders have methods
of using differential exchange rates between exchanges to make money. The
values may be large(ish), but they are probably hedged by bets the other way
on other alt-coins.

There is a strategy in betting called Dutching[1], and I suspect that people
are doing similar things trading between alt-coins.

Of course, there are also fools who put their life savings into some random
coin. Good luck to them.

[1]
[https://en.wikipedia.org/wiki/Dutching](https://en.wikipedia.org/wiki/Dutching)

------
gamache
> Know this: Krypton is more than just a blockchain or another cryptocurrency.
> We will survive these attacks, even if it means staying on the POS chain, in
> order to protect KR investments, _until we do the complete rewrite of our
> client platform in a more secure language, like C._

What could possibly go wrong?

~~~
smitherfield
C can be secure if you follow best practices (yes, big if). Are BSD, Linux and
Postgres secure?

~~~
geofft
Postgres isn't written in standard C. It's written in a derivative of C where
signed integer overflow is defined as two's-complement and the strict aliasing
rule is removed. Most standard C compilers also support this variant language
with the compile options -fwrapv -fno-strict-aliasing.

[https://www.postgresql.org/message-
id/1689.1134422394@sss.pg...](https://www.postgresql.org/message-
id/1689.1134422394@sss.pgh.pa.us)

If you're going to use Postgres as an example of writing secure code in a
language, that's fine, but make sure you're advocating for this C variant and
not for standard C. Standard C, where signed integer overflow is undefined and
the strict aliasing rule exists, is _extremely_ hard to write secure code in.

[http://blog.regehr.org/archives/1307](http://blog.regehr.org/archives/1307)

(There's also the separate issue that most of the input paths into Postgres
are trusted in some way: you don't expect malformed database files, and you
often don't expect hostile queries. It's primarily the auth code that needs to
be rock-solid, which is a relatively small piece of the software.)

~~~
anarazel
Yea, postgres certainly assumes a lot more than the standard guarantees.
Besides the above, if you look at it formally, it's pretty much impossible to
have a multi-process program, connected over shared memory, that's actually
fully standard compliant. Especially not when using a pre C11 environment
(postgres requires C89).

I think we really should have "official" variants of C that are a bit more
predictable. But I guess that's not happening.

~~~
anarazel
Oh, and whoever designed the strict aliasing specs: To me they seem widely
impractical. The fact that there's essentially no way to explicitly alias,
without memcpy'ing, is just absurd. The standard's language is also so
cryptic, that well versed people (like Regehr you linked to) can't agree with
each other what the exact requirements are. The union aliasing trick isn't, to
my knowledge, actually precisely standards conforming.

------
rheide
I had never heard of Krypton before, but the decisions and the message in that
article make it abundantly clear that I won't need to bother. Moving from
golang to C and switching to a completely different blockchain in 'a single
sleepless night', and then asking the community to bail you out? Zero
confidence.

------
seibelj
> _My lead developer, Krypton-Dev, remains anonymous. I have known him and yet
> not known him for over two years now. Ironically, he is one of my best
> friends and the person whom I trust the most, by often placing the entire
> success or failure of Krypton in his very capable hands._

> _Just two days ago, I did this very thing, trust this anonymous friend with
> not only my business and entire life savings (don’t get me started about
> using personal funds to found a startup!) but, also with the investments of
> everyone holding Krypton’s blockchain coin, KR._

> _In a single sleepless night, Krypton-Dev coded this POS blockchain and
> Windows and Mac wallets for KR to be moved to. Can you understand why I
> trust this man with my business and KR holder’s investments? My admiration
> for his tireless dedication to Krypton knows no bounds._

Holy shit this is hilarious. My understanding from this article is that the
founder is not a programmer, barely understands the technology, gave her life
savings to someone she knows only as an online alias, who then used it to
develop their own crypto currency, and thinks that a client rewrite in C will
solve all of their problems. This is truly amazing.

Also, she considers this online persona her best friend. The founder is so far
out of her depth, so naive, it hurts me to even consider that someone like
this exists. The blog post is painful.

~~~
drzaiusapelord
She's crazy, but like a fox. What is the reason for any of these smaller coins
to exist? To get on the ground floor and let speculation drive your investment
up massively. Imagine if you had 10,000 bitcoins during the early days, you'd
be sitting on $6m right now. In fact, there are early miners and investors who
had that many coins and are quietly cashing out. So she followed their lead,
and used the cheapest darknet-sourced coder out there.

She just wanted some of the action. She probably paid next to nothing for some
kid in Ukraine to whip up a garbage blockchain and client and knows full well
this thing would come crashing down. The question that matters is did it crash
before she cashed out or not? Also, the Ukranian kid isn't stupid either. He's
probably sitting on a treasure chest of these coins and is double-dipping by
recommending a lengthy C re-write.

The problem with cryptocurrency is that it attracts a lot of shitty people.
Its pretty easy to read between the lines here. It no different than the early
days of the App store where regular Joes would spend their entire life savings
for a "genius" app idea and there would be no shortage of shady devs ready to
milk them dry. Oh, they'd deliver the work, but it would be shoddy and the
devs would know going in that the idea was garbage and how to drag out
development to drain every penny.

My new cryptocurrency are the new 'my app idea.'

~~~
kbenson
> The problem with cryptocurrency is that it attracts a lot of shitty people.

I think it's fairly well accepted that that's a problem with _currency in
general_. There's a reason we have the perception that wall street is
populated entirely by douche bags, and that's because while even though not
all of them are, a sizable portion are.

~~~
drzaiusapelord
Yet modern finance has hundreds of years of regulations on its back.
Obviously, with differing outcomes/quality, but it is there.

Cryptocurrency is still wholly unregulated for the most part and any person
can start a currency. I suspect this draws in a certain type of person. See
the various 'hacked bitcoin exchanges' that were just founders running away
with the money, for example. There's no FDIC here or even any law enforcement
options, especially if the hosting was off-shore.

~~~
kbenson
Sure. I just see cryptocurrency more as an esoteric investment vehicle than a
currency, because I don't use it so I often forget it's capabilities as an
actual currency. In that respect, it's not all that different to my eyes than
complex derivatives in the early 2000s. In both cases we have overly complex
systems that very few people truly understand, backed by real money through
people investing.

I think people that are interested in just making money, over most/all other
considerations (such as having a fulfilling career, or serving some need),
gravitate towards industries where they are closer to direct money. Finance is
one of those areas, so we get more people in that area that aren't as adverse
to breaking a few rules or screwing some people over.

I agree regulation would solve some of the problems of cryptocurrency, but the
cost would be to lose a lot of the benefits of a cryptocurrency, to the point
where I'm not sure the use case of it anymore. What does a regulated
cryptocurrency get you that you can't achieve through a more traditional,
centralized currency system? I think people just need more education on what
to expect, which is something that's fundamentally a little different than
centralized currency, and part of that education needs to be about risk.

------
buckie
I've been working in the permissioned blockchain space for a couple years now,
even OSed a POC of a raft based system we tested out at JPM in march. It is
truly scary how little most people focused on blockchain understand about
consensus. Some get it, but most don't.

When I was doing vendor vetting the talk usually revolved around the
"blockchain revolution" but glossed over over the consensus issues. In the
permissioned blockchain space, mining is really not an option (how do the
incentives for mining work when there are no coins involved?). Luckily, we
have a lot more flexibility in the consensus system we can pick.

Moreover, the term "blockchain" itself is ill-defined/overloaded. If all
blockchains use mining then the 51% issue is ever present (though if I
remember correctly problems arise at 30-ish%). If the broader "BFT consensus"
definition is used then no, you can use PBFT/SmartBFT and a host of others to
come to consensus without ever needing to touch crypto let alone mining. The
issue, of course, is that Mining-based consensus is the only system that works
for truly public blockchains, as it allows for anonymous participation at all
levels and can also scale flat.

If anyone else is a consensus nerd, I wrote a technical-biz-persone level
white paper on permissioned blockchains that goes into more depth and covers
the issues associated with using TLS vs PPK sigs [1].

[0]: [http://github.com/kadena-io/juno](http://github.com/kadena-io/juno)

[1]: [http://kadena.io/docs/Kadena-ConsensusWhitePaper-
Aug2016.pdf](http://kadena.io/docs/Kadena-ConsensusWhitePaper-Aug2016.pdf)

------
tptacek
_until we do the complete rewrite of our client platform in a more secure
language, like C._

I love cryptocurrency so much.

------
danblick
The thing that's always bugged me about proof of work systems is that there's
no reason to assume mining power won't become concentrated into the hands of a
few actors. In fact, if (1) there are economies of scale in mining and (2)
miners are rational and only work when they expect a positive return from
mining, it seems like you'd _expect_ mining power to become concentrated. (Of
course today most miners operate at a loss, but I see no reason to depend on
that.)

I'm kind of a Bitcoin skeptic because I don't think you can build a trusted
currency on top of a system with flawed economics like this.

------
exelius
All the more reason not to trust cryptocurrencies as a store of value.

The 51% flaw is a glaring, fundamental problem with all current
cryptocurrencies. We once thought "oh, the risks are low and it would be
obvious if anyone did it". It's still obvious, but the risks are not low (and
in fact, seem to be pretty easily exploited with cloud computing).

Not that they won't get there, but I don't think that blockchain solutions
work in the absence of legal contracts between the parties involved.
Blockchain has a lot of potential as a public, secure, distributed ledger
system between competitors who can be trusted to play fair, but as the backing
of an anonymous cryptocurrency the risks of a malicious actor are too great.
As with anything, you need real-world penalties for breaking the rules -- and
a key limitation of blockchains is that it's impossible to prevent out-of-band
coordination between 'anonymous' actors without them.

~~~
CoryG89
The 51% attack is a big flaw with blockchains, but it goes away when the
network becomes sufficiently large, with enough hash power distributed to
different actors. If you can trust that it would be near impossible for a
single actor (or group) to gain 51%, then there is no need to trust any
individual actor.

The issue, as demonstrated by this event, is that it is difficult for a new
coin to get enough momentum going at the beginning. There is a lot of research
going into figuring out the best way to bootstrap new blockchains. Personally,
I think this problem will be solved sooner or later.

~~~
CJefferson
Bitcoin is coming close to having a 51% problem (3 mining groups could join
together to get 51%). At recent points in the past 2 groups have been able to
hit 51%. If bitcoin isn't big enough for 51% to be a serious possibility, who
is?

~~~
CoryG89
Right, mining pools are an issue. If the hash power isn't sufficiently
distributed then your guarantees go away. That is why some people are doing
research in that area to discourage or eliminate mining pools. I read about
most of this from the following draft textbook from Princeton

[https://freedom-to-tinker.com/2016/02/09/the-princeton-
bitco...](https://freedom-to-tinker.com/2016/02/09/the-princeton-bitcoin-
textbook-is-now-freely-available/)

~~~
exelius
Ah; but the way that mining is incentivized makes mining pools almost required
to spread out the risk sufficiently as the amount of discoverable blocks
shrink over time.

IMO this is the critical flaw in any cryptocurrency. Hell, it's the entire
reason we don't elect our politicians directly: sometimes a thin majority has
intentions that directly endanger the whole. You need some out-of-band checks
and balances to protect against bad actors and moral hazard or else people
will never adopt the system in large numbers.

------
CIPHERSTONE
>I expect every community member’s voluntary contribution to help amend this
theft and move forward.

------
0xmohit
Excerpts from the article:

    
    
      Just two days ago, I did this very thing, trust this anonymous
      friend with not only my business and entire life savings ..
    
      So, with a heavy heart, I ask the Krypton Community, to please,
      open your wallets and help us all to move forward from this
      attack. 21,465 KR were stolen. 1.5 BTC is required by Bittrex
      to execute the swap.
    
      Real lives. Real jobs. Real investments. The world of crypto
      has just become all too real.
    

Speechless.

------
bleuarff
With this "blockchain revolution" hype, I've been waiting for these 51%
attacks. Maybe people will realize that this is not a foolproof solution and
that it can "easily" (you only need computing power, a.k.a money) be beaten.

~~~
heliumcraft
good luck getting the computer power to do a 51% on Bitcoin or Ethereum. The
hashpower used in Bitcoin is mind-boggling.

~~~
tveita
You only need to spend as much as the miners already are doing. With proof of
work, if it is feasible to run, it is feasible to attack. And vice versa, if
it is not feasible to attack, it is probably not cost effective to run.

Bitcoin may be wasting enough electricity to put it out of reach of small-time
attackers, but a nation adversary could outspend it for as long as necessary.

~~~
smokeyj
But what does the attack get you? Sure you could mine empty blocks and double
spend, but that would hardly be worth the investment. Besides, if payment
processors detect the hashing rate doubling overnight they can simply require
more confirmations.

If a nation state invested in permanently disabling bitcoin that would require
a big investment in ASIC's, at which point I imagine a bitcoin fork would be
introduced with a slightly different PoW, but that's just speculation.

~~~
tveita
> a bitcoin fork would be introduced with a slightly different PoW

And then what? Either you're falling back to mining on CPUs or GPUs, which the
attacker would presumably have a large amount of, or you're manufacturing a
new batch of ASICs, which is just as expensive for you as for an attacker. The
point remains that an attacker can win by spending only slightly more money
than the defender.

Whether that's "worth the investment" is up to each individual actor,
apparently it hasn't been yet.

~~~
jerf
"The point remains that an attacker can win by spending only slightly more
money than the defender."

It's actually only slightly more than the _sum_ of the defenders (assuming as
we are for the sake of argument that everyone is buying efficiently). If what
you said was true BitCoin wouldn't even have gotten to where it is now.

------
gst
> 1.5 BTC is required by Bittrex to execute the swap.

Does this imply that the "operators" of those cryptocurrencies pay the
exchanges to list them?

------
mankash666
Looked through their website with a fine-toothed comb & wasn't able to tell
why I should use them v.s. plain vanilla ethtereum.

------
gosukiwi
This is why I don't implement crypto myself.

