Hacker News new | past | comments | ask | show | jobs | submit login
Bitcoin Gold Hit by Double Spend Attack, Exchanges Lose Millions (ccn.com)
973 points by drexlspivey on May 23, 2018 | hide | past | favorite | 531 comments

When Bitcoin was running up to $20,000, I tried to analyze the system and come to a personal conclusion about its equilibrium value, because I didn't want to miss out if it really was the currency of the future.

I ended up not investing, because of the possibility of a double-spend attack. I think that cryptocurrency enthusiasts are seriously underestimating the importance of double-spending attacks to the economics of bitcoin and other cryptocurrencies.

A few points that convinced me not to put my money into this system:

If hash capacity were traded on a perfectly competitive market, then it would always make sense to rent 51% of the capacity at market rates, earn the transaction fees, and also perform a double-spending attack. There is no equilibrium point for transaction fees where this attack becomes uneconomical. The only defense is that the market for hash capacity is imperfect.

The market for hash capacity is going to become more efficient over time. ASIC miners will be commoditized, so that hardware investment becomes a much smaller factor in hash cost versus energy. This might be even worse during a bitcoin downturn, because there could be a glut of ASIC miners.

Miners will coordinate with market prices, turning off capacity when the price dips (for example, because someone is underbidding to create a 51% attack). If mining becomes more decentralized, it will be harder for miners to act in their common interest (fending off 51% attacks) and against their immediate interest (selling their hashrate to the highest bidder, or taking it off the market during an underbidding attack).

High transaction volume is not necessarily any help - the more transaction volume, the higher the cost of the attack, but the greater the rewards. The semi-anonymous nature of bitcoin means that one could easily flood the network with double-spend transactions. Attacking a huge network like bitcoin would be an audacious and expensive act, but there are certainly organizations with the resources to do it, e.g. intelligence agencies, organized crime. The massive rewards to such an attack also offset fixed costs such as writing and testing the software to carry out the attack.

I think the argument is that by doing a 51% attack you undermine the market value so you never get the rewards. This makes sense, but only for the leading crypto coin. As we see here today, you can 51% attack smaller coins, which should imply an increase in the value of Bitcoin from consolidation.

The spooky thing that this made me realize, is that if anyone did find a vulnerability in bitcoin (or any cryptocurrency) is that they would have a greater incentive to only slowly leech off the system, because they will be able to siphon out much more over time than if everyone panics over security. The weapon is no good unless it's secret.

My assessment is that the greatest vulnerability in Bitcoin is its breathless supporters, who will look past the dynamics of Bitcoin in adoration of the mechanics of Bitcoin. To that end, larger, more sophisticated enterprises (banks, hedge funds, etc) are likely leeching slowly off the system, propping the price up and inflating it when they can, so they can extract as much value as possible out of its correction to a value commensurate to its utility. Every other technical vulnerability, notional or demonstrated, is at least an order of magnitude harder to exploit.

I think the split you draw between people looking at Bitcoin-the-real-thing and people adoring the machinery is an excellent one.

If you look at the original paper, it's pretty clear that Bitcoin was meant to be peer-to-peer electronic cash: https://bitcoin.org/bitcoin.pdf

In practice, it has failed at this aim. I don't think that was necessarily so; plenty of things start out rough and become more useful over time. But the mechanics-adorers I've talked with seemed willfully blind to all the practical issues. We can't fix problems we refuse to see, so Bitcoin has preserved its machinery at the expense of fulfilling its vision.

In practice, Airbnb has failed at its aim of providing airbed style accommodations for conference goers.

They have succeeded wildly in providing accommodation for conference-goers. The last conference I went to many people were staying in AirBnBs and even coordinating to share them.

They succeeded by expanding the mechanism to support actual discovered user needs. Which is what Bitcoin signally failed to do.

Is bitcoin becoming a store of value really as obviously better for it than AirBnb becoming a more general accommodation provider? If not, it's not really a fair comparison.

Besides, AirBnb didnt even fail in providing accommodation for conference goers with included breakfast. It still works perfectly in its original intended use.

Airbnb is a business. It's "aim" is to grow and make money.

Bitcoin was a political experiment before it was a technological one. You don't pivot political beliefs the way you pivot a business. The technological experiment is still ongoing, but the political experiment has failed its goals.

Airbnb is a service, where bitcoin is a commodity. I don't mean to imply you are wrong. I simply mean that there may be an even more interesting parallel out there where a commodity is no longer being used in its originally intended way which may support bitcoin's evolution of purpose.

How is bitcoin a commodity? I think you give it too much credit to elevate it to that status.

It's structure and behaviour much more resembles a commodity than it does any other asset class; it is basically digital gold. The CFTC agrees and considers itself the responsible regulator.

With the important distinction that it's not an economically useful commodity. Sure, the CFTC regulated it, because their remit is one of the broadest. So you could call it a commodity by default. But it's not like you could make jewelry or breakfast cereal from Bitcoins in the same way you could use commodities like gold or wheat. So it's arguably more like a gambling instrument than any real commodity.

Really, though, I think the closest financial match is a private currency: https://en.wikipedia.org/wiki/Private_currency

These are illegal in most places because they historically have caused a lot of problems without much in the way of redeeming value: https://en.wikipedia.org/wiki/Banking_in_the_United_States#1...

Gold has a value beyond what it is worth (and which aids to its value): you can use it as a jewellery.

Digital currencies can be used via computers and networks while physical currencies such as banknotes and gold requires sneakernet.

Airbnb is a service. Bitcoin is a commodity in the same way online poker chips are a commodity

How would you change the machinery?

Personally, I wouldn't. Most people don't want digital cash for the same reasons they don't use real cash: your risk of theft is higher, it's not as convenient to use, transactions can't be reversed, and you lose a lot of buyer protections.

I use technology to solve problems for people. The few niches Bitcoin has found (e.g., speculation, money laundering, ransoms, light drug crime) are not really what I would call solving problems for people.

Your personal opinion on cash is irrelevant to the subject. Cash has property you say you don't want. Some people might and do want them. Just have a look at what the relationship between Germans and cash.

Bitcoin has property similar to cash to many extend. It was not technically possible before its invention and as such as it is a real intrinsect value (dont ask me to quantify it)

It wasn't my personal opinion. In the US, the use of cash is below half of personal transactions and has been declining for years; most countries are similar. I personally am more like the Germans here, but I recognize that I'm an outlier.

Regardless, your point doesn't make a lot of sense, because many Germans surveyed on this say they use cash because it gives them better control over spending and more clarity as to where their money goes. Bitcoin is in no way superior to a debit card in that regard.

The value of new possibility isn't really intrinsic; you measure it through seeing if people actually use it. With Bitcoin they mostly don't, which suggests that it is at best more useful to a small slice of people.

I see so many red flags with Bitcoin that is amazes me that it still has its backers.

There would seem to be organizations (states?) that can wield tremendous resources to mine Bitcoins. I would think this would devalue the currency and, as is so often the case in life, fuck over the little people.

Never mind the insane amount of actual energy resources needed for this virtual currency. It almost seems immoral.

And with exploits like the one in this article, how can anyone continue to have confidence in it? It feels more akin to Confederate money printed during the U.S. Civil War.

What’s the difference between dynamics and mechanics?

The mechanics would be the internal workings, a tamper-proof shared ledger. It's so amazing! Think of all the possibilities!

Then it hits the real world, and suddenly what people actually do with it and its valuation is dependent on how the exchanges operate (are exchanges even mentioned in the original paper?), energy prices in China, media coverage, interactions with alt-coins, etc.

You seem to assume that the greatest feat of Bitcoin is it's price. Yes, sure the price might be affected (somewhat) by how exchanges operate and media covers. However, many people don't care too much about the monetary price, and play the long game. In the long run, the market always adjusts. In in the end, it is the same with any other commodity or currency.

Mr. Bachman, with all due respect, I would argue that the majority of people proclaiming they don't care about the price are bluffing. Perhaps even bluffing themselves. Bitcoin's price increase has far outpaced its adoption or disruption of the financial system.

What game are you playing if you don't care about the price?

Do you care about the price of 1 dollar? "In what?" you will ask. "Exactly. In what?" I will respond.

Everyone who decides whether to keep their dollars instead of spending/investing them (or even to borrow and be short dollars), do care about the future value of one dollar.

In loaves of bread, in liters of milk, in months of rent, gigabytes of internet, square feet of land, kilowatts of electricity; in i7s and shitty steam games and iPhones. I care about the price of 1 dollar in the labor I put in, and the goods I get out.

Exactly. This is what I wish for bitcoin. I dont know if it will ever be true though.

That's not an answer. The poster claimed not to care about price, but to be playing the long game.

I'm asking what the long game is? You haven't helped.

This is basically the plot of F. Scott Fitzgerald's The Diamond as Big as the Ritz, which takes it to its logical conclusion (but I won't spoil it, it's a fun short read.)


Nah, you could short-sell Bitcoin. Take out a sell option, crash the value, buy cheap, then exercise the option. Information is valuable, no matter which direction it predicts the market to go.

An interesting thought, but in practice, trading derivatives affects the value of the underlying pretty strongly. Whoever is selling you those puts is selling bitcoin (or futures) to hedge, which would drive the price down as you try to put on your position.

With options, buying deep OTM puts won't result in an immediate impact on the underlying market because they have such low delta and market makers aren't going to move a lot of spot to hedge it.

The problem is that if you successfully rook put sellers in this way for some ungodly amount of money, they will never be able to pay out on your claim. Kinda like when all the big Wall Street Banks were caught out because AIG was threatening to go bankrupt and default on their CDS.

You might never exercise the option, but you could probably resell the option at a far higher price

It wouldn't be immediate, but the second you put on a trade with any kind of size that far out of the money, the market makers will wise up.

That sounds like a perfect trade. But doing something like that will paint a target on hacker/s back. So, slowly leaching is a much better idea than getting it in one shot.

I would think a slow-play is significantly easier. For one, it doesn’t require much capital, unlike shorting.

Where would you buy a put (sell) option on Bitcoin (without substantial counterparty or settlement risk)? I genuinely want to know. I would have bought one in November if I could have.

I’ve read about plans to introduce crypto currency ETFs, but I’m not aware of any that are publicly traded yet.

Even then it's not clear you'll be able to buy options on them...

interactive investors offer this i believe


Assuming you want to make money directly, sure. If you want to harm a community in which the currency is widely used, the incentives are different.

What kind of incentive does the attacker have to just harm a community of a distributed system?

Association with or interest in a different (crypto or not) currency, leading to wanting to shake faith in the target currency.

Hostility toward a community in which the target currency is particularly popular.

“Some men just want to watch the world burn.”

Concern over the impact Bitcoin has on global energy use?

If you had a strong interest in Ethereum (for example), then I think you’d want to avoid the wholesale destruction of Bitcoin. If the biggest crypto currency fails, it’ll probably send shockwaves through out the entire crypto currency market.

Mind you, I say this as a crypto currency outsider.

> If you had a strong interest in Ethereum (for example), then I think you’d want to avoid the wholesale destruction of Bitcoin. If the biggest crypto currency fails, it’ll probably send shockwaves through out the entire crypto currency market.

That's true as long as cryptocurrency itself is seen as fringe; it's less true if cryptocurrency becomes generally accepted.

Of course, a nation-state or other actor interested in preserving the role of fiat and keeping cryptocurrency on the fringes is also a possibility.

How about environmentalism?

Pure carnage? Blackhats are real.

An interest in a competing financial system.

Just to say they did it.

Money? Tax is a pretty good motivator for governments.

Making GPU prices great again

Trolling, because the internetz.

But what if someone else also finds the vulnerability? You can't be sure they'll also act slowly. It's like a game theory dilemma.

"Don't bite the hand that feeds you"

Even finding a single double spend attack that only double-spends 1 satoshi would be enough to destroy bitcoin.

No it would not. Finding a BTC double spend attack vector would be like finding a 0-day: good and maybe even profitable up until fixed, which would take hours, days at most. Have 0-days destroyed Microsoft, Android, Firefox, Electron or Chrome?

Microsoft, Android, Firefox, Electron and Chrome aren't currencies.

They have an underlying value/utility. People have a real, tangible need _outside of the use of those products_ to get them fixed. Can you say the same for a cryptocurrency?


What is the value of currency you can legally print on any printer?


Edit: any crypto-currency you can exploit gives you option to print yourself money.

Double spend isn’t like printing money on a printer.

It’s more like being able to write two checks for your whole bank balance and having them both clear.

So very relevant are:

- whatever goods you bought with the checks need to be impossible to recall. So, like you need to find (two) someone’s who will effectively cash your check. You can’t buy a house because the police will come take the house back.

- you need to do it fast. The second you make are the first transaction you need fork and start mining hard. 51% gives you a speed advantage, but it’s very small. It still takes time to get the network to follow you.

Double spend is a very specific heist. Even if someone did it, it wouldn’t mean Bitcoin is valueless, it would just mean a certain class of heist is somewhat more probably and people need to adjust their security practices accordingly.

Tricks like waiting for extra confirmations, requiring identification before accepting payment, etc, are easy remediations.

You're over reducing things to the point where they don't make sense anymore lol

First of all, the value of a currency that could be printer on any printer might not actually be even 0.

Secondly, cryptocurrencies do not operate in vacuum. Its not as simple as "printing yourself money".

Right, it could possibly be negative.

Second, if I went to a store spent 199 dollars and those 199 dollars magically reappeared in my hand, didn't I create money out of nothing and reduce dollar value? Yes I did. Even if I never cloned any money I reduce the expectations of future stores that their money won't magically disappear.

And yes, I am aware banks do this, but they are regulated and when they abuse it, you get a financial crisis.

So it's ok if your currency becomes unreliable for many hours? It would immediately negate the trust of what happened during that period of time, affecting the trust of any balance in participating addresses.

Bitcoin hasn't been useful as a currency for a long time. I don't think that's a good measure for determining how an event might affect bitcoin price.

Bitcoin averages something on the order of 200,000 transactions per day. It's useful to someone.

That's definitely not proof of real economic utility. How many bets happen in Las Vegas every day? But economically, they're negative-sum events exploiting cognitive weaknesses.

They are not negative sum, because they provide entertainment.

Also, all systems that pay taxes are negative sum as well! Utility is not measured in money.

Entertainment can also have negative value. That's what the parent meant: your entertainment is provided by someone exploiting your gambling-addicted (and gambling may cause an actual addiction afaik, no less so than opioid addiction although based on different biochemistry) dopamine circuitry in order to extract actual (social) value.

All entertainment is someone exploiting your chemistry. Thats the whole point.

They mainly provide addiction. Go to a casino sometime and look around. Do those people look like they're entertained? The slot machine zombies barely look human anymore.

You're also wrong about taxes. Consider my local taqueria. They buy raw materials and create value by making ready-to-eat food just when people are hungry. They receive cash in exchange, a portion of which they pay in taxes to fund the infrastructure their business depends upon.

That is positive sum for all participants. It has to be. If taxes tipped it into the negative sum category, they'd eventually close down.

I dont think you've followed through on that model of yours.

If you buy 50 dollars of taco materials, then taco materials seller makes likes than 50 dollars ,because the state will charge a tax on him. If he didnt sell 50 dollars worth of raw materials, he would have 50 dollars of raw materials to consume, instead of less than 50 dollars.

On the other side, making the taco, you have the same issue: if you sell 100 dollars of tacos, and someone pays you 100 dollars for them, you then pay taxes.

You earn less than 100 dollars, and someone else lost 100 dollars. Repeat the proces ad-infinitum and your holdings go to 0. (assuming for simplification, any rate of positive taxation on income).

This makes no sense at all, and is not how business works.

Most economic activity is positive sum. When I'm hungry and on the go, a taco is more valuable to me than raw taco materials, so I pay more for it. Value has been created. The taqueria owner takes money in, pays their expenses, and is left with a profit. Taxes are paid out of that profit, and you could just as well model it as another kind of expense, a societal infrastructure fee.

Many countries use value creation as an explicit taxation model: https://en.wikipedia.org/wiki/Value-added_tax

Those are still positive-sum interactions in the economic sense: https://www.tutor2u.net/economics/blog/qa-what-is-a-positive...

> Value has been created

But not dollars, which is what you are using to classify gambling as negative-sum.

> Many countries use value creation as an explicit taxation model: https://en.wikipedia.org/wiki/Value-added_tax

If the gobernment collected that tax but didnt spend or issued money, even VAT ends up capturing all the money supply.

This is an unnecessary long argumentation. Gambling is not negative sum because they provider entertainment that has utility.

That is not in fact what I am using to classify gambling as negative-sum. It is also negative-sum in cash terms, but I'm speaking of value.

I understand you are claiming the entertainment value outweighs the harm of exploitation and addiction. I strongly disagree.

I dont think you've followed through on that model of yours.

If you buy 50 dollars of taco materials, then taco materials seller makes likes than 50 dollars ,because the state will charge a tax on him. If he didnt sell 50 dollars worth of raw materials, he would have 50 dollars of raw materials to consume, instead of less than 50 dollars.

On the other side, making the taco, you have the same issue: if you sell 100 dollars of tacos, and someone pays you 100 dollars for them, you then pay taxes.

You earn less than 100 dollars, and someone else lost 100 dollars. Repeat the proces ad-infinitum and your holdings go to 0.

Not (necessarily) true.

Expected value is not the only thing to consider. Higher moments matter.

Insurance typically has negative expected value but it’s rational to buy it (in conjunction with owning the insured object) to reduce one’s variance.

Gambling will increase the variance of one’s portfolio at the cost of expected value, which can be rational depending on one’s situation.

An awful lot of casino gambling involves series of small stakes bets on low payout options which don't even meaningfully increase upside portfolio variance over time after the house edge has been taken out. Might still be rational from a utilitarian perspective if one really, really enjoys card games of course, but not from a portfolio allocation perspective.

Apart from weird edge cases where an actor needs to double their money overnight to return to solvency in order to have a chance of benefiting from an income stream in future, there aren't many cases where it makes sense from a portfolio allocation basis given the existence of non-negative expectation bets in other markets with a wide range of possible variances. The insurance and investment management industries are built on the principle that economic rationality works in exactly the opposite way to gambling: that inherent value exists in reducing risk.

Exactly. Thank you.

Use as a currency was the point I was addressing. Bitcoin has been a working network for 9 years with 300,000,000 plus transactions.

It's a useful currency.

300 million transactions in 9 years is ridiculously low compared to any "fiat" currency. Googling around I find a post that gives a lower bound for number of debit card transactions in the USA alone as 47 billions for 2012 alone[1]. That's not counting the rest of the world and the other exchange media like cash or bank transfers. 300 million transactions is nothing. I mean thing about it, it's one single transaction for every person in the USA over the course of 9 years. Alternatively it's less one transaction per year for the entire population of Canada.

Amazon alone probably handles more transactions over the course of a couple of weeks.

[1] https://www.quora.com/How-many-credit-and-debit-card-transac...

Gambling has way more transactions. LIBOR options have more transactions. Any actively traded stock has more transactions. None of those things are currency.

Even prominent Bitcoin advocates agree it's not effective as a currency: http://avc.com/2017/08/store-of-value-vs-payment-system/

I wonder how many minutes it'd take for cash to manage 300 million transactions.

Visa does 2000 per second. 200k per day is almost laughable.

And Visa can do 7x that in a minute

speak for yourself, only thing I cant pay is my mortgage.

I have a shift card, bought tacobell with bitcoin.

That's not buying anything with Bitcoin. You are converting your Bitcoin to USD and then purchasing using the traditional, centrally controlled financial system.

And that's not even considering the transactions fees it costs to get the Bitcoin to your account.

Then there are the transaction fees for using the card, which coinbase says is free "for now".

That's like saying you can't buy anything with a VISA.

Sure, transactions are intermediated through some consensus denomination for exchange. So?

He still lost bitcoin and gained tacos. Just as someone else might lose a portion of a credit balance and gain tacos. You get just as full either way.

No. Someone is traveling to Europe, going to a restaurant and paying for the Euro nominated beer with his US based VISA and starting to claim that hey, cool, I paid for the beer with USD. You see, I lost a portion of my USD balance and gained a beer.

If you insist that the guy paid his beer with USD, it is going to be very difficult to discuss about anything as the meanings of the concepts are so twisted.

It is quite obvious that using a credit card that then accepts BTCfrom you does not mean that you use BTC to pay for anything but your credit card bill.

It's more like saying you can't buy anything with gold.

Credit and debit cards are just a way of shifting dollars around. Bitcoin is more a commodity than a currency. Yes, you can convert gold or oil to dollars and buy things, but you can't walk into a store and give them some gold flake or a quart of Texas crude in exchange for a candy bar.

> Credit and debit cards are just a way of shifting dollars around

A credit card is shifting a line of credit, an intangible promise to pay, a form of trust, that happens to be denominated in dollars.

We can pretend it's just a balance of dollars, even though it technically isn't, because it makes conversations easier, and in practical fact that's how it appears to work. But that's just a shorthand.

We can use the same shorthand to say someone bought something with bitcoin.

There's no reason to demand perfect technical precision with bitcoin and no similar pedantic precision with lines of credit.

> you can't walk into a store and give them some gold flake or a quart of Texas crude in exchange for a candy bar

I think this is the best test. Here the guy has done that. He walked in with bitcoin and walked out with tacos. When you say that's not really what happened, it feels like a no true scotsman response.

It did not. He gave them dollars, not a quart of crude. That he might have a side deal with somebody else to trade beanie babies for dollars does not make beanie babies a currency.

Bitcoin is not a currency. Plenty of other things are true currencies, so there's no fallacy here.

Was there an individual bitcoin transaction for each purchase? No, he just paid his credit card bill with bitcoin.

Whatever the receipt says is what you paid with; those receipts are definitely in USD.

Sure you could also pay your groceries with lead dispensed from a gun. But that's currently nowhere near broad addoption. It just doesn't meet the definition of "currency", though it will virtually always be current.

You didn't buy tacobell with bitcoin unless Taco Bell quoted you a price in BTC...

Shift isn't sustainable in it's current form. They are temporarily not charging for domestic transactions. Since there is a cost for those transactions, there will eventually be a fee per transaction.

This has already happened multiple times to BTC and it's still around. BTC is not a currency; that train left long ago.

I dont think it has?

You don't think what has? There have been double spend attacks against BTC.


Not exactly a double spend, but billions BTC being printed out of thin air: https://bitcointalk.org/index.php?topic=822.0

It has happened before but that was in 2010 when the codebase was < 2 years old.

It's happened quite a few times after that. Consider the merchants who have been known to use fewer than the standard # of confirmations and what it takes to reverse or reuse those charges. For example, here is a blog post on one way to do this: https://blog.acolyer.org/2015/10/01/misbehavior-in-bitcoin-a.... If you want to search you will find that there are scripts to automate this type of action by constructing bitcoin transactions.

Also, consider ghash.io or the odd OKPAY double spends.

If Visa or SEPA got hacked over 12 hours and then fixed the root cause, would you stop using credit cards or bank transfers altogether? I would not.

Credit Card companies and banks can reverse the transactions, so long as they keep track of things in batches, have strong backup system for their ledgers. So long as they're not SWIFT transactions that leave the country, and the country that's attacked as a strong/regulated inter-bank transfer system.

If a bank is critically hit so bad funds become impossible to correctly attribute to people (Fight Club type unrealistic scenario), at least in the US FDIC would probably come in to play. The bank might even have to be treated as a failed bank.

People wouldn't stop using banks, but they would stop using that bank.

> People wouldn't stop using banks, but they would stop using that bank.

I'd really like to live in a world where that's true, but I don't see Equifax going anywhere. PayPal does a form of this as well, except it's the central system and not a rogue actor that locks your money away. Well informed users avoid PayPal, but there appear to be many more uninformed users.

Neither of those things "are money" and they're all highly reversible.

A major hack against Visa would absolutely tank the value of Visa the company however, and if people who believed they were paid weren't made whole somehow then it would also tank the acceptance of Visa.

And it would be an ongoing devaluation without Visa being able to show they'd fixed the underlying flaw - which you can't with a 51% attack.

My credit card gets stolen yearly. Sure, they can reverse the charges but changing the number everywhere is annoying..

Don't underestimate how long it takes to deploy a fix to such a vulnerability. Any change in consensus (which this would be) is a hard fork, and deploying it without carefully coordinating months in advance is certain to cause chaos.

Why do you think a double-spend attack would be easy to figure out? It could rely on start of the art crypto attacks which aren't known to the general public, or some very obscure bug which has slipped past thousands of eyeballs.

You won't really be able to process tx that low, you'll need to pay a tx fee proprtionate to the number of bytes. 1 satoshi per byte is a good rule of thumb for a very cheap tx. It takes more than 1 byte to describe one satoshi, so you can't get your tx to propagate.

Theoretically the attacker could also be picking up 0-fee transactions, but my intent was to really say this: it doesn't matter how small a double spend is - the ramifications for the network are the same.

Would even a single counterfeiter be enough to destroy a new fiat currency, or is your thesis specific to crypto?

What about state level actors, say the NSA, that consider bitcoin supplanting the US dollar as the standard medium of international currency exchange a huge threat to the world economy? (or at least their ability to control it)

I think people need to be concerned that Governments, at any point of time, with their incomprehensibly huge computation power, can use it to crush bitcoin. Not only that but they can pass laws that allow them to forcibly seize the fattest wallets. Which ultimately ensure's that the Government can, behind the scenes, kick the scaffolding out from beneath us. All I see right now is state level actors experimenting in this regard, because seriously who single handedly has the computation power to take control of these cryptocurrency's if its not the government or a company like Google?

> bitcoin supplanting the US dollar

To the extent there is a legitimate threat to dollar supremacy, it is in the Chinese renminbi. The U.S. dollar is ascendant because of the huge base of American consumers, who buy stuff with dollars others then need to find investment for. Plain and simple network effects.

The RMB is not even fully convertible, it is the opposite of liquid.

The US dollar is useful to countries like china is because the US government acts as a debtor of last resort, allowing them to park surpluses in treasuries.

> The US dollar is useful to countries like china is because the US government acts as a debtor of last resort

Which ultimately derives from our mammoth consumption. If Chinese consumption eclipses America's and their economy rebalances, they will have lots of Chinese consumers buying goods with renmimbi, leaving sellers offshore with boatloads of the currency to find investments for. (I consider this to be a moderate risk, and not one which would supplant the U.S. dollar but instead cause it to share the world stage.)

TL; DR Bitcoin is not a serious threat to the U.S. dollar. It promises huge profits to banks, which is why they're salivating over it.

Parking money in cash isn’t feasible, which is why much of the USD’s worth is in treasuries, the dollar is just incredibly liquid and easy to borrow/lend.

The Chinese government is not interested in filling this same role, even if now anemic Chinese consumption somehow picks up, they will probably still want to maintain absolute control over the exchange rate.

I agree that the renminbi is not presently a threat. Just that it has the potential of becoming one. That potential flows from the potential of China's consumers. A native base of consumers Bitcoin lacks. My point is that if the renminbi is a long shot for challenging the dollar's hegemony, Bitcoin is out past Pluto.

Our mammoth consumption helps, but the USD is also baked in as the unit used by the World Bank.


How is the government going to forcibly size a wallet? Are you suggesting they can break the crypto, or that they will compel people to divulge their keys?

"Today in an emergency bill, Congress made it an act of treason to move funds from bitcoin address 1BLABLABLAh555"

There are probably simpler methods, but if the United States really wanted to, they could probably buy/seize enough computers to pull a 51% attack.

That doesn't let them seize all the wallets.

You are not wrong to argue that state level actors are a serious threat.

But fortunately, these state actors seem to have no interest in attacking crypto.

It seems like the governments that matters IE the 1st world, are perfectly happy to allow people to have access to a censorship resistant method of financial transactions.

This makes a certain amount of sense. The governments of the 1st world claim to care a lot about freedom. And it seems that they are getting us have it.

Or you know, they love the idea of an immutable record that’s far from anonymous. Cash is hard to trace, a Bitcoin is easy to trace for something like the NSA. It’s a giant digital paper trail by design! Besides, Bitcoin is as likely to become a dominant currency as shells or promises. No one outside or BTC fanatics honestly entertain that idea, and only a few who do espouse it do so because they really think it’s likely. For obvious reasons hyping the currency translates directly into profit, so it’s hype all the way down.

Well, a couple of the cryptocirrencies out there have privacy baked in, such Monero.

I don't see any of these privacy coins being banned yet, so.....

But anyways that is besides the point.

The argument that the OP was making was that governments are areal threat to crypto. And MY point was that these governments are NOT actually attacking cryoptocurrencies so I guess things are going to work out fine for cryptocurrencies.

And MY point is that extrapolating too much from minimal data is unwise. If you’d like it put in historical terms, “...Let a hundred flowers bloom and a hundred schools of thought contend...”

1. Short bitcoin cash

2. Rent 51% and mine a fork in secret for a week

3. Wreak havoc

4. Collect money

> I think the argument is that by doing a 51% attack you undermine the market value so you never get the rewards.

Only if you make it public. A 51% attack works at a poker table too, but only if the marks don't know the game is rigged.

A successful double spend makes it public, as well as announcing your intentions to get to 51%. If you're quiet and can pull off a successful 51%, you can create the double spend before anyone knows.

To be in the position of being able to do a bitcoin 51% attack however you would have had to sunk enormous costs into buying ASIC miners. The minute everyone finds out that a 51% attack occurs you will have pressure to change the mining algorithm and suddenly all your miners are worthless.

What jhpriestley pointed out is that what's really saving bitcoin from a 51% attack is the inefficiency of obtaining computing power.

If renting asic miners becomes vogue (and it might because it makes the computing market more efficient) then it might be possible just to rent asic miners for nearly free, since you'd be acquiring bitcoins while you were amassing the 51% computing power.

You can profit from undermining the market. Futures volumes may currently be too low to find enough liquidity to use them for financing a major attack but this could change when BB’s start selling them in earnest to clients.

My conclusion is that since this is true, the real thing maintaining the system is mutual cooperation of sufficient mining interest. When you look at the theoretical division of hashpower in btc, it looks too stable over generations of hardware. Any non-colluding ecosystem should have centralized. I conclude btc is a collusion system.

So why the pow? Is this stabilizing the actors somehow? It seems like an explicitly managed network would be no less centralized, way more efficient, and way more user friendly.

It's important to understand that a "51% attack" isn't an attack at all. No algorithm or protocol has been compromised. The system is working exactly as it should. This is a fundamental aspect of all distributed systems: if the majority of the network elects that the state of A is X then that's the state of A. There is no mechanism by which one peer can disagree and override the majority -- unless the majority have also deigned to follow that peer and recognize it as a "leader."

> Any non-colluding ecosystem should have centralized.

Not exactly. There's real laws and borders and market realities that prevent the ultimate centralization of hashpower but what's clear is that centralization is works, centralization is extremely profitable, it's happening and it will continue [1]. Centralization, I would suggest, is the true goal of bitcoin and is the inevitable conclusion.

> So why the pow?

I see what you're getting at but it should be obvious. The miners are paid very, very handsomely not to collude. Bitcoin miners charge fees that are effectively far greater than any centralized authority. They reap billions in profit each year [2] for turning on a bunch of computers and plugging them in. A cynic might say the "proof of work" is a marketing tool to disguise what is really just the mass transfer of wealth to the miners. Certainly, bitcoin holders believe that miners have somehow "earned" these outrageous profits.

[1] https://blockchain.info/pools

[2] http://fortune.com/2018/02/24/bitcoin-mining-bitmain-profits...

The value of bitcoin gold doesn't seem to have gone down in correlation with this attack.

On certain exchanges you can short USD to cryptocurrency pairing.

Be careful, you have to use Tether as a currency, which by their own terms of service is worthless.

In addition to this you have to do it on margin, and most exchanges have a history of dubious liquidation of margin positions.

So you’re saying this is good for Bitcoin?

In the bitcoin system, miners make literally billions of dollars a year protecting the network. Any successful attack on the bitcoin network is going to massively erode confidence, reduce the price, reduce the usage, and therefore reduce the value of all that single-purpose, bitcoin-only hardware.

Large miners don't want to see Bitcoin get attacked because it destroys their income and de-values their incredibly expensive hardware. This is also why miners won't just let you borrow their hashrate for a while - it's a big issue if you use that hashrate to undermine their cash cow.

Logical and sound arguments. However you underestimate human greed, human stupidity. Not everyone is operating on a Nash Equilibrium.

This will all be valid concerns the day we see a real 51% attack on real Bitcoin. So far Nash seems to be working.

Top miners can short twice as many BTC futures to create one last profitable destruction.

If a large miner comes to you asks for a multi billion dollar short position, you should be suspicious.

That's when you just split your short through a few thousand shell accounts.

Yep. totally safe, someone on the internet said we should.

All the while raking in boatloads from the double spending.

There is another--less talked about--way to double-spend: developers can cause forks and double-spend during the confusion.

In 2013, the network forked unexpectedly [0] and the Bitcoin network had 2 chains for about 4 hours. During those 4 hours, it is entirely possible that people sent BTC to exchanges they knew were going to be on the chain that ended up being orphaned.

A conniving team of centralized developers can take this a step further and discover or intentionally plant a consensus bug that causes such a fork and because developers ultimately tell everyone which chain contains the "fix" (in 2013, they commanded that the minority chain was the right one), the developers know which chain will be orphaned and thus which exchange they can exploit.

[0] https://freedom-to-tinker.com/2015/07/28/analyzing-the-2013-...

What a lot of people in the thread seem to be missing is that when you receive a huge payment you can require a higher amount of confirmations to accept it. High enough that it would make the 51% attack unprofitable.

Requiring more confirmations decreases the probability that a transaction will be reverted, under the assumption that an attacker has < 49% of the hashpower. If you attempt an attack with 49%, then you have a fair chance of mining, say, 6 blocks before the rest of the network. If you get unlucky then you sacrifice those rewards. But if you mine with 51% then your attack chain is (probabilistically) guaranteed to eventually become the longest chain, so there won't be any loss of revenue.

That ignores community consensus; such activity is easy to monitor and public sentiment about the illegitimacy of that fork can cause people to devalue it. This is essentially what happened with the DAO hack. This likely does create a situation where both forks have a non-zero value, but also dramatically lowers the rewards, and thus incentive, for such an attack.

Security in crypto is a very slippery concept, and many conclusions are non-obvious, if not outright counter-intuitive.

There's a question that you're missing or ignoring about how long the 51% attack is sustained. Sustaining a 51% attack for one day is very difficult, doing it for one week or one month is proportionally that much more expensive.

Why is mining an attack chain expensive? If you mine on the honest chain, you earn the block reward for each block you mine. If you mine an attack chain with 49% and your attack fails, then you sacrifice those rewards. Suppose you mine say 10+ blocks with 51%+, over the next three hours while the rest of the network only finds 8 blocks. Then your 10 blocks become the longest chain and you earn the block reward for all 10 of them.

you can split the payment to multiple small amounts.

Confused... I thought the claim was about receiving and not sending?

if multiple accounts send multiple small payments (controlled by the same guy), then the exchange wont wait as long for the confirmations.

The exchange can have thresholds for total volume per given time interval then. Once the total amount of pending transactions breaches a given volume, the transaction period for more transactions within the window goes up.

Great points. The thing is though that a double spend would harm both the attacker and all others on the network. It would weaken the trust. It is a double edged sword. You would have to do the double spend without anyone noticing and then liquidate your earnings as fast as possible. With more combined hashing power this would become very hard to do.

There are a lot of problems other than double spend with the Bitcoin. Transactions fees rise very quickly because of the block size limit of about 1MB. You can't really rely on 0-confirmation transactions. The saviour lightning network in my opinion is the wrong solution to the scaling problem. It changes fundamentally how bitcoins are exchanged and steers away from the original white paper by Satoshi. Not that this is wrong... it just becomes another project altogether.

It is often asserted (for example, in the Bitcoin white paper [22]) that a cartel can double-spend Bitcoins. In a strict sense, this is true: a cartel can spend a Bitcoin by paying it to a player Alice, receiving goods or services, and then shifting the consensus choice of history to a branch where that coin is instead paid to a different player Bob. However, we argue that double-spending by a cartel has a limited payoff. Bitcoins have value because people are willing to trade them for goods and services. If players were unwilling to accept Bitcoins for trade or unwilling to spend Bitcoins for fear of having their payments nullified, the value of Bitcoins would diminish significantly as players lost confidence in the system. Worse, because players are encouraged to generate a new identity for each transaction and because identities are not linked to any side information, players cannot easily determine whether a proffered payment is coming from the double-spending cartel or an honest user. Thus, a rational player should refuse to accept any payments when there is a significant threat of double-spending.

As a cartel must outmine the entire Bitcoin network and thus outspend the entire Bitcoin network for as long as it would remain a cartel, we believe it is very unlikely that a cartel could double-spend enough to recover the cost of the attack...

As described above, a 51% cartel attack is unlikely to generate enough reward within the Bitcoin economy to be worthwhile to the attacker. However, this does not rule out the possibility of a 51% attack that aims to destroy the Bitcoin economy in order to achieve utility outside the Bitcoin economy. We call this the Goldfinger attack after the character in film who tries to undermine U.S. currency by ruining its gold backing [15]...

In all of these cases, the attacker must achieve enough utility to justify the substantial cost of an attack. We agree with Becker et al. that it is unlikely that a protest movement could muster the resources to launch a successful attack. And at present it does not appear possible to acquire a short position on Bitcoins that is large enough to justify an attack. (2013)

The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries

Joshua A. Kroll, Ian C. Davey, and Edward W. Felten, Princeton University


This seems to miss the point that the mining pays for itself in collected transaction fees. Double spend is just icing on the cake.

Buying (or trying to buy) 50% of the total supply of mining equipment would substantially increase the price, to the point where the ROI is so long that it becomes unprofitable (especially if your long-term goal is a $0 bitcoin).

You have used technical analysis for making an investment decision. Scientific method, skeptical approach, great. And the assumption is "the tech is broken, the price will fall because of it, won't buy".

But, if we take on step further and continue our experiment, lets compare the actual facts with the assumption.

And what we see? Two cryptocurrencies (Bitcoin Gold and Verge) which were successfully attacked this week, didn't lose in market cap.

How comes? What conclusion should we take from this assumption/fact, if continue being scientific? Do we need a new assumption?

In the long term the market behaves rational. It might take some time, but - if he is right - odds are on his side.

A mid-term (3-7 years) of irrational behaviour in a market in not unusual. Some will benefit from it.

> In the long term the market behaves rational.

How do you know the current behavior is irrational? We probably just don't know what kind of rationality is behind this.

What if it is not drive by the technical merits of blockchain, but still based on some rationality, we reject to agree with?

This attacked occurred on BTG a clone of Bitcoin, appropriating the name “Bitcoin” Gold.

It has nothing to do with Bitcoin.


Someone should just fork Bitcoin and call it Splitcoin.

Can you please post something relevant to the topic under discussion? There’s enough noise on this thread as it is.

You needed a throwaway account just to tell someone off?

I did not make a throwaway account “just to tell someone off”, and you could’ve figured that out in 5 seconds by looking at my comment history.

> there are certainly organizations with the resources to do it, e.g. intelligence agencies, organized crime

Nation states. Don't forget the large number of sanctioned regimes who would (a) have the resources to execute such an attack and (b) find great profit in doing so.

Plenty of legit and rouge nations (or departments within them) who would find that tempting I think. Currency politics and all aside that is a tempting way to make money.

> If hash capacity were traded on a perfectly competitive market, then it would always make sense to rent 51% of the capacity at market rates

"Renting 51%" (of any global market) and "at market rates" are mutually exclusive.

> There is no equilibrium point for transaction fees where this attack becomes uneconomical.

The counterforce against doublespending is not transaction fee but cost of ownership of mining equipment.

Some other arguments against your conclusion:

- As mentioned nearby, for big transactions you want to wait longer than 6 confirmations.

- Also, as recipient you might want to distribute huge payments into smaller ones distributed over time.

- It's in the interest of mining capacity lenders to make sure you don't get 51% because it renders their equipment worthless in case you are successful.

- As you correctly stated, low prices will lead to lower hash rates (and higher prices to higher rates). This means actually that bitcoin will be more stable (it's harder to obtain 51%) if prices rise. There's an equilibrium on that side as well! That is, if double spending is what you're worried about.

> If hash capacity were traded on a perfectly competitive market, then it would always make sense to rent 51% of the capacity at market rates, earn the transaction fees, and also perform a double-spending attack. There is no equilibrium point for transaction fees where this attack becomes uneconomical. The only defense is that the market for hash capacity is imperfect.

At this point in time the current hashrate of the bitcoin network is 32.500 PH/s, up from 5.000 PH/s a year ago and 1.400 PH/s two years ago. If you rent 51% of the network it's going to be rather obvious that something is happening, that will however not prevent an attack. Let us assume that you can rent capacity because the miners are greedy, what price would you have to pay? Let's assume that you can buy from miners that want to exit the mining business, so they do not care about deprecating the value of their hardware nor the bitcoin value itself.

So the assumptions are that 51% of the available capacity don't care if bitcoin tank and burn as long as they profit enough, and you're able to buy that. A 0.43% difficulty increase daily (average over last 2 years), bitcoin price of 7.600$, a 4MW powerdraw, and electricity prices of $0.08/KWh

Miners controlling 51% would profit north of $ yearly, and if they just want to be compensated for that one year, you have to pay $ to rent 51%. That is a lot of money, and at $20.000 high it would be tripple that value.

However, why would 51% of the capacity suddenly exit? Rather they want to be compensated for multiple years of profit, lets say 5 years and it's not unreasonable to expect bitcoin to reach $70.000 in that time. So we're looking at a $ cost to coordinate the attack. That's expensive, and with that kind of money there are other ways to make them multiply. Who would pay that to ensure destruction of the thing we know as Bitcoin? After all, the success means it's likely that another *coin takes over, where you cannot 51% as easily.

It is far from clear that Bitcoin will likely ever reach $70,000. That implies an approx market cap of $1,200,000,000,000 or more. Would Bitcoin ever be useful enough or generate more value than Google or several Big Energy companies combined to justify and sustain that valuation?

People said the same thing about $1,000 when it reached $35. in about 6 months, bitcoin will be 10 years, so considering that it went from $0 to $20,000 in those 10 years, so as my statement say, it's not without reason to expect it to reach $70,000 in the next 5 years.

People like to compare bitcoin to gold, which has an estimated current market cap of $6,000,000,000,000. Will gold ever generate more value than Google or several Big Energy companies combined with more than a factor 10? Or does it hold value simply because it's rare?

Nearly 70% of gold is actually used as jewelry and in industrial applications (based on a diagram linked from an HN comment). So after 10,000+ years of trust building, the portion of gold used as a store of value is perhaps still less than $3 trillion. (Also, $20,000 Bitcoin was a tiny blip. The value was not sustained.)

Gold is also quite unique and "best" or close-to-best in its collection of properties. Bitcoin is not really rare and many other recent variants are "better" in a number of ways. Would the network effect be sufficient for its valuation to come close to physical gold? Warren Buffett, Robert Shiller, a well-known Nobel prize winner in economics, and several other respected economists say unlikely [1] [2] [3]. Basic logic says the same.

[1] ""It has no value at all unless there is some common consensus that it has value. Other things like gold would at least have some value if people didn't see it as an investment," Shiller told CNBC in an interview ahead of the World Economic Forum in Davos, Switzerland, where he will be speaking next week."


[2] https://www.project-syndicate.org/commentary/cryptocurrencie...

[3] https://www.project-syndicate.org/commentary/cryptocurrencie...

> Nearly 70% of gold is actually used as jewelry and in industrial applications (based on a diagram linked from an HN comment). So after 10,000+ years of trust building, the portion of gold used as a store of value is perhaps still less than $3 trillion. (Also, $20,000 Bitcoin was a tiny blip. The value was not sustained.)

I'd argue that jewelry is also a store of value. It doesn't serve a practical purpose, and was traditionally given as a gift for hard times. Industrial applications, fair enough. This also plainly written in your quote from [1]

> Bitcoin is not really rare and many other recent variants are "better" in a number of ways. Would the network effect be sufficient for its valuation to come close to physical gold? Warren Buffett, Robert Shiller, a well-known Nobel prize winner in economics, and several other respected economists say unlikely.

Bitcoin is exceedingly rare. Only 21 million will be created, and a non trivial portion of them is lost in wallets that no one controls. In [1] he states that "doesn't know what to make of bitcoin ultimately.". In [2] one of the main arguments seems to be "Practically no one, outside of computer science departments, can explain how cryptocurrencies work." which is true for the modern banking system too. Besides, it really isn't hard to explain the idea and workings, without going into the technical details.

One of the things that could super charge bitcoin is LN. The potential is enormous if adopted by companies.

The article in [3] shows a fundamental misunderstanding of bitcoin when it claims

> Bitcoin will be “mined” in diminishing quantities until it is exhausted in 2040, having delivered 21 million digital coins. In other words, there is no elasticity in the currency. This means that long before the mine is exhausted, the currency will run into the same problem as the gold standard: not providing enough money to support a growing economy and population.

Gold is limited by the smallest amount of gold you can reliably trade. Bitcoin have no such restriction. As the value of a whole bitcoin increases, you can trade a smaller and smaller fraction. At the current value 130 "Satoshi", which the name for the current smallest fraction possible to trade, is worth $0.01, so bitcoin can reach a value of $1,000,000 and still have the same monetary "resolution" as the current USD.

The last paragraph might on the face of it seems to contradict my statement about the rarity earlier. But there is a key difference. Because bitcoin is in limited supply, but possible to trade very small fractions of it, and ability to allow smaller fractions if needed, means that the currency is more likely to be deflationary, i.e. the money I save will not automatically be worth less because I do not use them.

It also went from 20000 to 7000 in months, why not choose this trend to extrapolate?

Then call it $0 to $7000 in 10 years, it doesn't make it any less incredible.

I do believe you are vastly underestimating how difficult an attack on the bitcoin network would be. I seriously doubt anyone other than a handful of state level actors could pull it off, and even then I am not sure. The amount of energy we are talking is tremendous, and gets orders of magnitude larger the more blocks you go backwards in time. The XVG hack only went back 22 blocks, that is mathematically, and most certainly financially and perhaps even physically impossible with bitcoin. The amount of energy and money spent would never, ever make it worth it.

Interesting points. A defense against this type of attack is to use at least the hybrid proof-of-stake design that Ethereum is rolling out in about three months; blocks are proposed by proof of work, but proof of stake periodically adds a layer of "economic finality." Here's a paper: https://arxiv.org/abs/1710.09437

Just a cautionary note - you are describing the future in the present tense.

"In three months"...there's a chance that a problem will be found by the people doing formal verification, but otherwise there don't seem to be any potential roadblocks. Client implementation is very simple, partly because most of the protocol is implemented by a smart contract, which is already done. Ethereum does a hard-fork upgrade a couple times a year.

51% attacks on the block proposal mechanism could prevent the PoS commitments from ever becoming finalized (i.e. violate liveness), though.

True, that's a risk it will still share with pure PoW. But at least you don't have to worry about doublespends after your transaction has finalized.

Full Casper may have stronger liveness guarantees eventually, I'm not sure. At a minimum it's easier to manually intervene to get the network going again. (You could also do that in PoW by changing the hash algorithm, but you can probably only pull it off once, migrating from ASIC to general purpose hardware.)

Those are some really great and interesting points. However, I think there is a resource you didn't mention that combats such attacks: time. If I'm a vendor, e.g. I pay cash for bitcoin, then I can tune the amount of time the transaction is held in limbo or escrow based on the vulnerability of the network.

For instance, I can decide not to finalize the transaction until I see a chain with 12 new blocks added after the transaction block. So an attacker has to control 51% for 2 hours to successfully scam me. Or I can make it 24 blocks (4 hours), or whatever.

Not sure this can mitigate the attacks and market forces you discuss, but it might. I see Bitcoin moving toward an intermediary system where you have a "Bitcoin balance" with a "Bitcoin bank" that allows you to make immediate transactions and takes on the risk and time delay of settling these transactions on the blockchain over the course of the next day or two.

> I see Bitcoin moving toward an intermediary system where you have a "Bitcoin balance" with a "Bitcoin bank" that allows you to make immediate transactions and takes on the risk and time delay of settling these transactions on the blockchain over the course of the next day or two.

How would this system differ from an ordinary bank in the system we have now?

In our current system, we have centralized, government bank run clearing houses that you cannot use (which Bitcoin could hypothetically replace). For a Bitcoin-based financial system, you can opt to pay higher fees and clear transactions on your own, or store your wealth in your own wallets and take on the management effort and fees in exchange for autonomy.

It's still trustless, decentralized, yadda yadda.

In what sense is a system where you hold all your bitcoins in a "bitcoin bank" decentralized or trustless?

The second layer solutions such as Lightning Network don't require you letting other people hold your Bitcoin. They're still decentralized and trustless.

But they also require observation for cheating because time matters in the execution of contract settlement when you have bad actors. It is still trustless though.

You've always had to protect against cheating though; what's changed? The standard advice from as far back as I can remember is to wait six confirmations on transactions, more for big transactions, and 120 for freshly minted coins.

The difference here is you can just wait long and you are good. In the case of lightning network there is a time limit. If you wait too long and don't notice what happened/ is happening you are cooked.

> In the case of lightning network there is a time limit. If you wait too long and don't notice what happened/ is happening you are cooked.

Could you expand a bit more on this?

Essentially, in the case we of somebody cheating you, they would broadcast a transaction co-signed by you that would close the channel in their favor. This wouldn’t be effective immediately but would have a time component associated from when the channel was opened. To prevent this state from closing out this way, you would be able to broadcast the proof of the actual offchain ledger balance (with the valid signatures for all transactions) and the co-signed transaction to close the channel. For all of this proof, you would also get to take the cheaters money, further disincentivisimg this behavior. However, if the time ran out before you noticed, none of you proof and signed offchain transactions would matter.

Right -- it would start looking like the traditional banking system, just sitting over Bitcoin rather than state-sponsored currency. (Not saying whether this is a desirable direction or not, just what I would expect to happen.)

I'm a bit ignorant about cryptocurrency, but doesn't "I pay cash for bitcoin" sort of prove the parent's point that it's not "the currency of the future?"

Sort of like how you pay USD for Euros when you’re on vacation?


One of these is not like the others

I think one of the other issues is that each transaction that they are double spending can be worth so much. If each transaction was maxed out at say $100, the incentive to double spend the transaction becomes smaller. Obviously that changes a lot about the costs of mining and transactions, just saying the bigger a single transaction or value in a single address, the larger the likelihood of an attack. We see the same things with cash, they only run the "counterfeit" pen on $20 or larger.

Just wondering if there is some kind of crypto currency where the transactions had a max of some kind. Would the difficulty be able to be much smaller and blocks every minute (since there would be so many more to transact)? This isn't well formed, just off the top.....

This would probably lead to a huge increase in transactions, and PoW mining as of now will not to be able to process tranactions fast enough and the coin ends up clogged and unusable.

When Bitcoin was hitting $20,000, which I never thought they'd do, I mostly concluded I'd missed any investment opportunity.

I plausibly could have invested a few hundred or thousand in Bitcoin was in the low hundreds, and if I hodl'd to the moon realized a hundredfold gain, which would have been nice.

But once you're at the moon, then what?

The new price predictions are things like "If Bitcoin replaces gold it could be worth $135,000/BTC.". Which is a lot, and a little far fetched, but also only 6x from the last peak.

I'm not interested in a risky investment which takes years to come to fruition and only yields 6x. It's too risk for a safe investment and too low-yield for a risky investment. Boat missed.

If the scenario you laid out actually pans out it would be very good for Bitcoin, because there is a lot of free energy in the world but it is highly distributed.

The dominant form of mining would be utility companies and individuals redirecting excess electricity generated from their renewable electric power generators, during off-peak hours and spikes in generation, to mining, and the constituents would be both numerous and globally distributed, owing to the wide geography areas across which renewable energy resources are found.

> If hash capacity were traded on a perfectly competitive market, then it would always make sense to rent 51% of the capacity at market rates, earn the transaction fees, and also perform a double-spending attack. There is no equilibrium point for transaction fees where this attack becomes uneconomical. The only defense is that the market for hash capacity is imperfect.

You're killing your goose with the golden eggs. That is, if a currencies remains in use.

>Attacking a huge network like bitcoin would be an audacious and expensive act, but there are certainly organizations with the resources to do it, e.g. intelligence agencies, organized

How do you propose they would go about doing this? Would they jam up the whole worlds chip production to source the ASICs at above market rates? How could this be profitable?

Perhaps by taking over existing mining operations, but then you’d need to somehow perform the attack before you’re detected.

If bitcoin becomes 'the currency of the future' then renting 51% of the capacity at market rates will be prohibitively expensive.

Your analysis isn't really a good one, since Proof of Work consensus through mining, isn't really used anymore by the new coins.

It seems you're too focused on a specific decentralized consensus solution, while there are already much better ones out there, e.g. Iota with a tangle, skycoin with a web of trust or Elastos that are immune to 51% attacks.

Wouldn't this level of energy consumption be noticeable and stand out? What about the sheer number of ASIC units?

Right now what would minimum amount of power would be necessary? How many homes/neighborhood worth? How many Amazon data centers?

Here's my reason for not "investing" (it's no investing, it's speculation):

* bitcoin is not mandated as the sole accepted currency for settling tax in any sovereign state, therefore it can go to zero

It will never go to absolute zero as long as there are still people who at the very least see it as a joke. "Remember when BTC was $20000? I just bought 50000 of them, I would have been a billionair! Haha!"

Also tell people in Venezuela how their Bolivar is not going to zero, because they have to pay their taxes with it.

What do you mean, “underbidding”, e.g. “underbidding attack”? I don’t understand this term in the context of your hypotheses which assumes a perfectly efficient market for hashpower

Suppose that it takes $50 of energy to find a hash at current difficulty. Transaction fees are at $50 (in BTC). I can offer miners $51 for their hash power, but they might be suspicious. So the other thing I can do is confirm transactions for $49 in fees, which I'm calling underbidding. This will drive miners out of the market.

Wouldn't this mean you ignore the transactions with the higher fees for the other miners to pick up, thereby making mining more profitable for them?

How bitcoin transacting work is not that the miners publish their price and someone accepts that price and thus sends the transaction to that miner. How it works is that you publish your transaction with the fee you're willing to pay and if your fee is high enough, it will get included in the next block.

blockchains are not immutable, the software that blockchain servers run can be updated to any chain with the most social consensus, if an attack was that bad it can be fixed with a few git pushes and pulls, the price might suffer but even that is not a guarantee, price movements have a greater influence than fundamental value in crypto

By the way doesn’t your argument also destroy anarcho capitalist utopia scenarios?

Someone could rent the local courts for a week, pillage everyone, and leave.

Or just come with a larger army.

can you explain this in better words: "then it would always make sense to rent 51% of the capacity at market rates, earn the transaction fees, and also perform a double-spending attack."

I think what jhpriestly is saying is: As the market gets efficient, the price of renting mining capacity will approach the profits earned from transaction fees. So renting mining capacity will almost pay for itself, i.e. is almost free. But then you might as well rent a lot of it, like 51%, because it's allowing you to attack the chain almost for free.

I think a good question is, is there a market for renting asic mining gear?

Yes, but only if mining the coins via renting is cheaper than buying them outright.

If you're a miner, it makes sense to rent out your gear, because you get a guaranteed payment higher than you could make via mining.

I've heard an opinion (but I'm not certain) that mined coins are considered less traceable than purchased coins.

For any purchase, there's a trail that leads to you through however you paid for it; for mining, the mined coins are totally disconnected from the hardware that mined the block and how you bought it.

Well then the buyer and seller would race to gain 51% of mining power (as its free) which will make it more expensive because of the constant biding war.

Not all cryptocurrencies are secured by hashpower or "mining", have you considered those?

Examples like Delegated Proof-of-Stake or "eusocial oligarchy like consensus" systems like Byteball?

One of the many practical vulnerabilities.

>If hash capacity were traded on a perfectly competitive market, then it would always make sense to rent 51% of the capacity at market rates, earn the transaction fees, and also perform a double-spending attack.

Lenin was right: "When it comes time to hang the capitalists, they will vie with each other for the rope contract."[0]

[0] https://quoteinvestigator.com/2018/02/22/rope/

2nd and 3rd gen blockchain tech is not vulnerable to double-spend attack, i believe. Only the legacy chains (Bitcoin, Litecoin etc) are

The numbers I've seen quoted for a double spend attach on Bitcoin Cash (assuming guaranteed block space) are that it would cost about 50K to double spend on a 0-conf transaction. So really, you can confidently accept 0-conf for <1K reasonably. More that that you can accept 1-conf or more which can take a minute or two. BTC rejects 0-conf transactions, but they are already in use around the world and are successful as far as I know.

Except you profit from mined blocks. In theory you should be able do do a 51% attack for a profit even without double spending as you capture high value transactions over a longer timespan than normal. Aka in 10 ten blocks you get the same number of high value transactions as would normally occur over 20 blocks. Where you would end up with the same 10 blocks without a 51% attack but someone else would also mine 10 blocks and capture some of those high value transaction fees.

It costs nothing to double-spend a 0-conf transaction.

> it would cost about 50K to double spend on a 0-conf transaction

That makes no sense. If there are no confirmations, there is no cost, because nothing happened. This comment is a 0-conf transaction on BTC...

If you wait long enough, say, for 144 confirmations (or 24 hours, whichever is greater) then a double spend may as well be the least of your worries, for bitcoin, or any of the top mined crypto-currencies.

These double-spend attacks are only successful if the receiving party doesn't wait long enough.

Also, could't find any sources from exchanges if they were actually successful? The article didn't mention which exchanges.


"Blockchain data indicates that the attacker successfully reversed transactions as far back as 22 blocks, leading developers to advise raising confirmation requirements to 50 blocks."

So as long as exchanges wait 50 blocks before crediting, they should be all right.

Oddly enough, one of the selling points of Bitcoin Gold (a hard fork of Bitcoin) was its use of Equihash instead of SHA-256. The idea was that a memory-hard proof-of-work function would inoculate Bitcoin Gold from miner centralization.

The problem with mining centralization is that sufficiently powerful miners can attack the network by rewriting blocks. This opens the door to double spending.

This was exactly the attack the article described.

It appears that Bitcoin Gold's decision to use Equihash led to this mess. The algorithm is used by several other coins. Hardware optimized for this algorithm can therefore be used with equal ease to mine on a network or attack it.

Bitcoin Cash may be headed for a similar fate. It retains SHA-256, but is a minority chain in terms of hash power. A powerful Bitcoin miner deciding to perform double spends on Bitcoin Cash would have everything needed to do repeat the Bitcoin Gold attack.

BTW, a similar attack recently occured on Verge:


It's possible that any altcoin that becomes sufficiently valuable will suffer similar attacks to the ones that have now taken place on Verge and Bitcoin Gold.

The problem I think is that there are 25 cryptocurrencies bigger than it. Particularly with its form of mining, it's trivially easy for say a big player in the 10th largest currency to shift their mining power to a smaller one like Bitcoin Gold, overpowering everything else.

Normally the non-51% attack argument is that anyone who invests enough in 51% of the infrastructure and has sufficient coins to profit from double-spending, is very unlikely to do so because it would render the coins and mining equipment worthless or at least worth less than the investment had cost.

That'd be true for bitcoin, but not for a GPU-mined 26th largest cryptocurrency. You can completely destroy it, cash out and use your equipment elsewhere on coins in which people still have faith.

You're forgetting that the lower you go with a cryptocurrency the less volume it has. This will have a major effect on your profits.

so how exactly do you cash out? by exchanging double spent coins for btc or usd? but then can't exchanges just stop that from happening?

I'm not even sure you would need to exchange it to another coin. You would never be exchanging it to USD because USD withdrawals will require you to identify yourself and a corresponding bank account. To withdraw crypto you just need an address.

So you can exchange it to BTC or ETH and withdraw. Or you can just deposit it and withdraw it after. Most exchanges just mix customer funds together, so as long as the exchange has enough BTG balance minus the double spent deposit, they will send you real BTG.

> It's possible that any altcoin that becomes sufficiently valuable will suffer similar attacks to the ones that have now taken place on Verge and Bitcoin Gold.

The trust in these systems seems to be based on proving a negative.

The lack of an attack is neither a proof of robustness nor proof that one or more zero days aren’t already known. We can only “know” it’s safe when the temptation to use an exploit is far too high to resist.

I think there are a lot of people who imagine “an attack” as a ready-aim-fire affair. There’s a juicy target, someone concocts a plan and then uses it.

But as you illustrate, maybe there is already a plan and someone is waiting for the target to get juicy enough. Aim, ready, fire.

I guess the conclusion is that if you're attempting to create a new PoW cryptocurrency you better make sure to tweak your PoW algorithm enough to make sure that existing miners cannot easily convert their special purpose mining rigs to sink you for fun and/or profit.

All those arguments do make sense, but only if the underlying cryptocurrency is actually big enough. That it has enough hashpower (in whatever algorithm) - to be secure. Bitcoin Gold simply was too small.

Sounds like it isn't very wise to come up with new cryptocurrencies as long as the mining network is unregulated and the double spending problem isn't solved...

the verge attack was different

All of the major Bitcoin miners are very pro Bitcoin cash. They basically created Bitcoin cash. They would be more likely to attack Bitcoin Core, if anything.

I would also point out that Bitcoin cash is the 4th largest crypto currency in the world, by market cap. If IT is in danger.... Well I fear for everyone else even more.

Bitcoin Cash is only protected by the benevolence of the large miners. It is otherwise wide open to a 51% attack.

So... Then I guess that means it is safe then right?

The whole point of crypto is that you are relying on the fact that 50% of the network is honest.

So yes, you are correct that it relies on half the network being "benevolent". That's how ALL cryptos work.

You are missing the point. Bitcoin and Bitcoin Cash use the same hash algorithm. Bitcoin Cash has about 15% of the total available SHA256 hashpower, and Bitcoin the other 85%. So it only take's a fraction of Bitcoin's miners to turn against Bitcoin Cash to attack it.

Yes, and the Bitcoin network ITSELF can be attacked with a faction of the total hashpower on the Bitcoin network.

Specifically, the fraction is 51/100, or 51 percent of the network. This is for the main Bitcoin network.

The fraction for Bitcoin cash would be around 15%, or 15/100, expressed as a fraction.

The Bitcoin cash network would require a smaller fraction, yes. But this still isn't a huge concern.

If it is 3 times easier to attack bitcoin cash, that is still extremely difficult.

Fractional hashpower attacks, (51% attacks) are all explained quite clearly in the white paper.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact