In theory yes, but in practice it's rather infeasible to do 51% attacks IRL --- the main constraint is the people not the math.
A 51% attack mainly lets you double spend, so you have to:
(1) get a lot of coins and spend them on something
(2) start mining a fork where that spending didn't happen (but other real transactions continue to happen) --- your hash power will now need to be dedicated to this new fork at the exclusion of the old "real" fork since all future hashes will diverge
(3) wait until the thing you paid for with coins can no longer be "taken back", all while continuing efforts on the alternate fork
(4) do the 51% attack to swap out the old "real" fork with your new fork where you never bought the thing, thus keeping the thing _and_ the coins you spent on them
(5) all this needs to be balanced with the opportunity cost had you just continued mining on the real chain...
Such an attack would trigger immediate attention since at (2) the main chain would suddenly see a drop in contributions. Also realistically most things you can purchase with coins (like fiat or other goods/services) can be relatively easily "taken back" unless a considerable amount of time is spent to launder them --- say if you "buy" a car with crypto and reverse the transaction, what you've really done is just stolen a car with a lot of extra steps... Which means your only real viable path is to redeem for some other cryptocurrency... Now given that a big attack just happened on the largest market cap crypto, there's a pretty good chance the other coins are going to take a hit and exchanges might even temporarily limit activities while this situation is "investigated", greatly reducing what you can actually do at the end of the day.
This kind of thing is more reasonable on the smaller market cap "meme" coins where you can just exchange them for for a mass-market crypto.
You're thinking too small on the impact--China doesn't need to double spend bitcoins. What they could do is cause a loss of confidence in Bitcoin overnight and collapse the price.
How is that even remotely strategically good for China......?
These miners are probably making USD or some other foreign fiat at the end of the day which adds to the supply of foreign reserves without needing to use trade... And if they're siphoning power to get around currency exchange limits moving wealth abroad then a traditional crackdown to confiscate their equipment would be much more effective (you can't exactly "hide" a mining operation).
Frankly China, with so much mining output, benefits more from seeing crypto moon than crash...
(Also "collapsing the price" is something that can be done (and may have actually even already been done in the past) with far far less effort than an attack...
(As one example, articles pointing out that "China can do 51% attacks" are much more effective in crashing crypto prices... maybe keep an eye out for those
The minors are not making USD for foreign reserves to be honest, they are mostly a way to transfer wealth out of the country (buying equipments and electricity and sell bitcoins abroad or not selling it at all). That's why China has banned its bank to do crypto related transactions and exchanges mostly. However, it is hard to enforce. You can find many exchange use Bank Transfer, AliPay and WeChat pay.
Owning Bitcoins are legal in China. Who knows once the digital RMB is out.
Every time a miner exchanges crypto for RMB (like with Alipay or WeChat), China overall benefits a bit. Because Chinese banks (as you correctly stated) are not allowed to hold crypto and exchanges are illegal, what really happens is the crypto gets exchanged for foreign fiat (like USD) where exchanges are legal, which then gets exchanged for RMB, building up foreign reserves.
In the past, a lot of miners were "foreign investors" (likely other Chinese "nationals" rather than citizens) who lived abroad and would keep the exchanged fiat in foreign bank accounts, which _is_ harmful as they pay for electricity with RMB but get to keep USD. In recent years, a lot of local mining outfits are appearing, and because they ultimately need to spend RMB, the government has no problem with turning a blind eye to them.
What you are saying in second paragraph is not true. Mainly because if you mine BTC in China, you buy equipments and energy using RMB. After mining, you have BTC. If you sell BTC for USD, most likely those USD will not come into China. Bring USDs to China is not as easy as you think, there is also a quota for it (50k per year). If you sell BTC for RMB, there is no transaction to USD at all.
Yes, it is illegal for Chinese banks to do transaction for cryptos, but it is still legal to transfer money to others in exchange for crypto (p2p). WeChat, Bank Transfer and AliPay all being available in exchange. Holding crypto is not illegal in China, also mining is not illegal.
I believe there are still a lot shady business going on for those buying cryptos with RMB. It is quite easy for Chinese to buy/sell crypto at the moment.
Actually the same happens in stock market. When Chinese companies go for IPO in the US, they will typically keep the fund in US, rather than bring them back to China to make it easier to do business in dollars without restriction of Chinese financial system.
But it is individuals, not governments, who mine Bitcoin. In fact, the people who mine Bitcoin don’t like governments very much, and wouldn’t cooperate with a government-imposed Sybil attack that would devalue their state-independent store of wealth, any more than they would cooperate with said government going to war with a country they’ve exported all their investments to. Such people would actively seek to use their wealth to oppose such a government.
If a government moved to confiscate all mining operations and run them itself to perform such an attack, the fight such people put up against that would be so obvious that it would be incredibly easy for parties external to the situation (Bitcoin devs + Node operators outside of China) to stop any ensuing Sybil attack. They’d just blacklist Chinese IPs from the network statically in the client code—effectively hard-forking the other 49% of the network in advance so it doesn’t later become confused.
> But it is individuals, not governments, who mine Bitcoin.
Bitcoin mining has outgrown this stage. It's more like companies, now.
> the people who mine Bitcoin don’t like governments very much, and wouldn’t cooperate with a government-imposed Sybil attack...
Early Bitcoin proponents don't like governments much. Chinese miners are another story. They see a business opportunity and have no interest in losing social credit points or, worse, going to a labor camp.
Because the government cannot afford the resources to untangle it all, and the rich can afford the lawyers to exploit all the loopholes, and cover the tracks after little white-collar crime "indiscretions". Who funds the lawmakers who make the tax laws? Ah...
Cryptocurrencies are absolutely taxable — at least in the USA. It’s a gigantic pain in the ass that I feel every April. I don’t know why the USA makes taxes so painfully difficult and complex but that’s another topic and something they can improve on.
A crash would save energy for China and everyone else. Miner revenue from block rewards is proportional to market price. The cost of electricity can’t exceed that or it will be unprofitable for miners.
How is it good for China to destroy Bitcoin?
This question does not recognize China has over a billion people.
The Chinese government has shut down Bitcoin transactions in China before because it goes counter to their centralized economic control. If uppity insurgents or billionaires who they wish to punish (e.g. Jack Ma) are heavily invested in Bitcoin, they may want to crash it. Alternatively, it may be seen as a way of people to launder money outside of China and their control. Maybe just want to throw other financial markets into chaos.
Why would the miners cooperate? I can think of 7.62 reasons why.
China stands to gain the most from bitcoin mooning at the expense of other countries' currencies. Every yuan exchanged for bitcoin siphons value out of the chinese monetary network and into the global cryptocurrency network. Ideally, if china secured a large portion of bitcoin and then ceased all bitcoin trading within their borders, they could allow other countries to foot the bill of economic instability while the net value of their assets increase.
Bitcoin is an economic weapons created by the chinese government.
Yep. And China has done exactly that in the past when people were using crypto to launder RMB into USD.
The fact that mining operations still exist today at large scales in China means that at least the government has found a way to profit off of crypto (strategically or economically).
> The fact that mining operations still exist today at large scales in China means that at least the government has found a way to profit off of crypto (strategically or economically).
Or government do not really care. If it is officially discouraged/illegal: it also means that officials are happy to take bribes.
Yeah. It's also very likely that in some cases only the local government benefits (bribes etc.) rather than necessarily the central/federal government.
I was just using the terminology of the person I replied too but your comment made me look into this topic further and I agree country would be a better word.
What is the legal mechanism for a unilateral world ban on use of a technology?
Closest thing to that I can think of is nuclear proliferation but you’d have to get countries to agree and play strong arm tactics. Possible I guess but not “easily”
> What is the legal mechanism for a unilateral world ban on use of a technology
Might makes right, aka USA foreign policy since its inception. US sanctions are applied for everyone - e.g. if the US sanctions Iran, a French company does business in Iran, the US fines them heavily. And considering the US market is more lucrative than the Iranian one, most companies would prefer to have the US one. For a recent-ish example, check BNP Paribas. The US has no legal right to forbid a French company with a US branch to not do business with another country from another branch besides when they say so. The same way they say so for crimes against humanity, or invading other countries.
So the US can absolutely ban cryptocurrencies on a global-ish scale.
I assume the idea is that a technology that, by definition, can only be used publicly faces a far different threat surface than nuclear proliferation.
A significantly powerful actor could exert sufficient force. Russia or the US threatening nuclear war over bitcoin would probably lead to a worldwide ban, although obviously the repercussions would be dramatic. More realistically, the US could state that any bank that does business with bitcoin isn't welcome to participate in the US economy. The US economy is big enough that such a threat might work. This is similar to how the embargoes against Iran worked, and why that Chinese executive is being extradited to the US from Canada.
In reality, if Bitcoin got the point of destabilization where the US felt the need to ban it, the effects would probably be widespread enough that the EU, Japan, the various Commonwealth countries would be convinced to take coordinated action.
Let's say I'm a bad actor in us. I hear about this event in China and I start to do the 2nd chain. You'll think that China region was doing that 25% but maybe they were only doing 1% and I did the other 24%.
They're is literally no way to know what really happen.
If you were running your own pool then people would likely be tracking your pool and know where you're located. But if you are keeping a low profile and participating in a variety of other pools, then you might go unnoticed. But still, the pool operators might track which IPs are submitting work, and geolocate them, and see which countries are dropping in their work submissions. If you had ran all your stuff through a Chinese VPN historically, then it would make sense. Although usually you want the lowest latency possible when mining to avoid losses due to submitting stale work. A VPN would probably hurt your profits a little.
Do you really think that 1s delay will influence any income... I really doubt it.
But considering that there is so much money at stake, an elaborate plan like this... It's possible. Actually it's not even that elaborate. You just need a vpn, and do the split based on news.
Yes latency does matter. It matters more the faster the block speed is, so for bitcoin it doesn't matter as much as for cryptocurrencies with a faster block speed. But here are some people talking about it:
Uhh, not for the coins themselves but certainly for the goods that were exchanged with them?
I mean if you did this IRL, the party providing the goods would just report them as stolen and the traditional legal system can be used to retrieve them. Have fun arguing in court that a 51% attack somehow means you get to keep the thing. This is no different from paying for the thing and stealing the money back IRL. The only thing crypto allows you to do is to distance yourself _physically_ (i.e. you don't actually have to break in and steal money), it means f*ck all _legally_. A similar existing situation analogous for 51% attacks is "paying for something with a personal check and later having it bounce".
In fact all major breaches of crypto today involve stealing the coins themselves, which as commenters below have mentioned, cannot be done with a 51% attack---you still don't have the private keys.
Yes it does. And if/when a large enough player finds it in their interest to mount such an attack, they might very well do it. See https://www.crypto51.app/ for a (somewhat outdated) price chart.
Remember the first law of cryptocurrency though: "in case of emergency, betray your core principles."
In the event of such an attack, the rest of the system (miners, developers) may be able to simply declare the "evil" side of the fork "untrue" and hardcode the other fork as true. The fact that this is exactly opposite to Bitcoin's stated goals is no problem at all. See e.g. Ethereum's response to the "DOA Attack" as an example.
No, it means that theoretically a 51% is possible but the levels of coordination required to do that and the ability of the bitcoin network to figure it out and ignore it are means that it is unlikely to be effective.
Plus, the model of BTC as “digital gold” is pretty resilient to 51% attacks: if you don’t touch your coins, no one can take them away from you. (A 51% attack can’t reassign coins.)
Of course, the price of BTC might tank in response to the news of a successful 51% attack, but it’ll probably bounce back just like every other event in BTC history.
> if you don’t touch your coins, no one can take them away from you. (A 51% attack can’t reassign coins.)
it can't generate new unsigned transactions but it can roll back the network to a state when someone else owned those coins. from a practical perspective there is no difference, you no longer have those coins.
"Rolling back" the network means successfully creating a new longest chain that forks off of an arbitrary old block.
The further back in time you to "rollback" to, the less probable it is for the 51% to successfully mine all those needed blocks to get up to par with the existing longest chain.
Realistically speaking, this sort of attack is highly improbable.
> The network nodes only accept the first version of a transaction they receive to incorporate into the block they're trying to generate. When you broadcast a transaction, if someone else broadcasts a double-spend at the same time, it's a race to propagate to the most nodes first. If one has a slight head start, it'll geometrically spread through the network faster and get most of the nodes.
> A rough back-of-the-envelope example:
1 0
4 1
16 4
64 16
80% 20%
> So if a double-spend has to wait even a second, it has a huge disadvantage.
I'm not sure anyone has put the infrastructure into place, though.
Oh, you're probably right. It seemed related because the further back an adversary wanted to roll back to, the more hash power they'd need to get ahead. But it's a different category.
I wonder if there has been an analysis of how much hash power you'd need relative to how many blocks in the past you'd want to roll back.
If you have 51% of the power, you can roll back everything if you spend enough time on it. If you have 30%, you have a 4% chance of being able to catch up from 10 blocks behind, even if you spend infinite time on that specific fork.
I'm curious, has anyone done any back of the envelope calculations on this?
Let's say the US Government started a side-chain starting at the very first transaction and has kept it within it's own firewall, and has been mining for years at optimal difficulty levels so that they have to put in the least amount of work. Which now that I think about it, would just be difficulty 1, and the only reason to go above difficulty 1 would be because you started after the original chain, and you would only up the difficulty right before you were going to release it to the public.
Could they at any moment open it up and everyone would move over to their chain since it is the longest, where suddenly the US Gov owns every single coin and there's never been a single transaction?
You'll need way more hash power for that. Remember if you have 51% hash power, you'll be able to do the 51% attack roughly half of the time.
To rollback the Bitcoin chain, you'll probably need 90-95% of the hashing rate to eclipse all other miners. That requires that the other 50% becomes 5%; or in other words you multiply your hash rate by 10. Which is not even remotely possible.
Couldn’t you retransmit the transaction to the nodes (assuming you had a copy of the old
blockchain) and assuming let’s say Kraken/Coinbase etc isn’t wanting to profit from the attack and already spent it to another address,
you can receive the funds “again”
> doesn't this effectively mean China can force a 51% attack by just strongarming the pools that operate there?
Yes, in theory. There's a coordination problem to get all the pools to do what you want, but if they (or anyone) could pull that off, then yes.
So then what happens?
If a single entity controls >50% of the hash power of the network, they could start finding blocks with arbitrary (invalid) transactions and adding them to the chain. The transactions they'd be able to insert are called 'double-spends', which is that wallet A sends its balance to wallet B, and then in the next block sends the same balance (magicked into existence) to some third wallet C.
All this can happen. The way the network is supposed to work though, miners don't just commit new blocks and call it a day, the 'full nodes' have to accept the blocks. The miners are more or less offering up solved blocks to the full nodes for their acceptance.
As a full node it's trivial to take a look at this double-spend from A->C and say 'nope this doesn't look like a valid block to me, try again'. At this point if enough full nodes do this, the 51% of 'bad' miners are just wasting their time, the true hashrate of the network is now 49% of what it was a moment ago, and the remaining 'good' miners will continue to find blocks. Business as usual.
It's a much harder problem to control >51% full nodes, mostly because they're more geographically distributed. This is because they're pretty simple to set up at home and run, without worrying about up front cost of miners, electricity and noise and so on. A bitcoin full node can run on a raspi with a 1tb external hard drive, and a normal consumer internet connection.
Another interesting tidbit is that with control of 51% of the miners, this still only means a malicious actor finds a block first 51% of the time... to get the 6 blocks usually required for confirmation (in a row) is a ~3% chance. Not a perfect safeguard, but just some perspective on how hard it is to execute an attack like this.
The idea is that the miners are beholden to the full nodes, who are the actual actors in the distributed consensus system.
There's some other game theory around why one would want to do obvious double spends after having that much control (why not just sell the bitcoin and take profits?). But there are definitely reasons a state actor would want to try to destroy the network.
inserting invalid transactions is not the double spend issue.
If their hash rate is over 50% they can "unconfirm" a confirmed transaction by making a chain with more work on it. This is how the attack plays out in simplified form:
Bitcoin is sent to an exchange by the attacker, confirmed, sold and withdrawn for cash. Attacker then makes a chain with more work on it than the chain where the Bitcoin was sent to the exchange. Now as far as Bitcoin network is concerned, the coins were never sent to the exchange, but the exchange already let the user sell the Bitcoin and cash out. So now the exchange has neither the cash or the Bitcoin. The attacker has both.
> Yes, in theory. There's a coordination problem to get all the pools to do what you want, but if they (or anyone) could pull that off, then yes.
A strongly worded memo from Xi should sort that out, unless of course they want to switch from mining coins to mining minerals. They're in the right region already.
I'm not sure about that. Most miner operations in the US run only a fraction of the day to take advantage of electrical savings that a lot of operations in China wouldn't be doing. So if miners started returning higher yields we would output a larger hash rate. If we actually needed to protect against a 51% attack we could ramp up accordingly.
The difficulty adjustment only happens every 2016 blocks (~2 weeks), so the higher yields wouldn't happen unless they're down for an extended period of time.
That statement was to show why there is room to increase hash rate and not how you'd defend against a 51% attack. Most of the miners in the US are not mining for a significant portion of the day.
It depends on how long ago the previous retarget is and the current hashrate. The retarget is based on blocks, so if the retarget was 1008 blocks ago, but hashrate dropped by 50%, then it'll take 2 weeks until the next retarget.
I've been wondering about possible subtle benefits hashrate dominance could bring other than double spending. I'd be surprised if there wasn't some way to benefit nicely from being able to load the dice of which transactions are committed and which have to wait for some minority miner to win the race? Certainly nothing on the scale that it would pay for the hashrate by itself, but that's already covered by regular fees and reward.
yeah, well more specifically they could force a preferred fork to assume the "Bitcoin" ticker (BTC) by denying power to chinese miners on the disfavored fork. exchanges and miners, rather than the developers, ultimately determine this, as there's no in-band way to control what ticker is used for trading what token.
That's not how it works. In the event of a hard-fork, when the two forks adopt different rules about what blocks are valid, the actual users of BTC still decide which rules to follow. If a miner produces blocks that are invalid according to the rules that are adopted, the blocks that it produces are just disregarded. Thus, the hash rate competition between miners is only within each fork.
If you are talking about denial-of-service by producing empty blocks or blocks that exclude certain addresses, that's another matter...
That was tried a few years ago with the segwit2x fork. A group of miners comprising 82% of the hashpower got together and agreed to activate the segwit2x fork. Despite having a overwhelming majority of the hashpower the fork was never happened due to lack of community consensus.
the consensus vote to activate sw2x on existing BTC network was an in-band mechanism, and set to some super impossible threshold like 95 or 99% to activate a protocol change.
this is a different situation, where an out of band entity can selectively shut off a significant fraction of hashpower, and unlike the weedy obscurity of an architectural spat between largely unknown (by the mainstream) such a move would (indeed, will) make major waves in mainstream Joe Pension Fund/ Number Go Up news, who will not be familiar with nor interested in the technical arguments for the fork that is being actively suppressed. there's no weeks-long debate window here.
the stakes are very different now than in the Jihan boogeyman days, you can't handwave away this critical risk to stability or spin it as technical trivia of no concern to non-specialists.
>the consensus vote to activate sw2x on existing BTC network was an in-band mechanism, and set to some super impossible threshold like 95 or 99% to activate a fork.
> such a move would (indeed, will) make major waves in mainstream Joe Pension Fund/ Number Go Up news, who will not be familiar with nor interested in the technical arguments for the fork that is being actively suppressed. there's no weeks-long debate window here.
Fair point, given how the markets reacted to this drop in hashrate.
> Fair point, given how the markets reacted to this drop in hashrate.
What makes you think the market reacted to the drop in hash rate? A 20% move is pretty typical in crypto. IMO this is more likely due to Bitcoin not having moved in price in almost 2 months (it's below its 2/18 price now, by a lot). People moved their get-rich-quick energy over to Doge. And once that sputtered out, they tried to cash out.
Tether by the way, had its two biggest outflow days ever on Thursday and Friday (200 and 300M respectively via the Kraken USDT:USD pair). If Tether is actually just backed by crypto and hope as we suspect, they'd have had to sell crypto to refill their depleted cash reserves. To be clear this is pure speculation.
Another possibility is the market is reacting to all the Coinbase executives dumping massive quantities of equity on retail bag holders, signaling a potential top.
Since all cryptos are dumping, primary and alt, it's probably a more systemic issue.
> Their SegWit code, defined by BIP141, activates if 95 percent of hash power within a single difficulty period of about two weeks signals readiness before November 15th.
I don't get it, doesn't this effectively mean China can force a 51% attack by just strongarming the pools that operate there?