Hacker News new | past | comments | ask | show | jobs | submit login
Ghash.io very close to 51% of bitcoin pool (bitcointalk.org)
102 points by randartie on Jan 9, 2014 | hide | past | favorite | 125 comments

I don't know much about the particulars of BitCoin mechanics, but the general spirit of this story seems like a natural evolvement of any unregulated organization. People who favor unregulated markets/societies dislike the concentration of power in the hands of a central authority, but the reality is that in any social system there will always be concentration of power in the hands of the few. I've read a hypothesis[1] that it was this dynamics that propelled the neolithic revolution (the transformation of humans from nomadic hunters-gatherers to settled farmers): most people suffered as consequence (hunger, disease, less leisure), but a few benefitted greatly.

The same thing happened in the American Gilded Age. In that period of unprecedented (and largely unregulated) growth, much of the US population became quickly enslaved by a few members of an elite group, later called the robber barons (Rockefeller, Frick, JP Morgan, Vanderbilt, Carnegie, Mellon et al.), and it took tremendous efforts by the American press and then by President Roosevelt (the first) to partially dismantle that semi-feudal structure and strengthen the central government, to free the populace from the stranglehold of the robber barons.

While a central power can be abusive, it is almost always better than feudal oligarchy, at least if it is governed more-or-less democratically.

So while BitCoin is an algorithm intended to avoid a single organizing entity, it is no replacement for a social pact, enforced politically by some fair means. Perhaps a better algorithm could somehow prevent any sort of concentrated power, but I doubt it. The desire for power (even with the best of intentions) is so essential to humans, that it probably cannot be circumvented by technology alone.

[1]: http://www.newyorker.com/reporting/2011/12/19/111219fa_fact_...

You might be interested in reading about The Iron Law of Oligarchy (an influential "social law" that was proposed in 1911 by Robert Michels)


It is a pretty dismal assessment of the likelihood that a democratic institution can avoid becoming oligarchic (spoiler: Michels believed it was inevitably impossible as the institution grew in size and complexity, years later he abandoned his anarchist beliefs and became a fascist in Italy)

There are a few historical counter-examples to the Iron Law of Oligarchy, but I don't follow the details of Bitcoin closely enough to know whether it is resistant to the factors Robert Michels described.

Thank you for that! I guess it's sort of a reversed second law of thermodynamics.

"In that period of unprecedented (and largely unregulated) growth, much of the US population became quickly enslaved by a few members of an elite group, later called the robber barons (Rockefeller, Frick, JP Morgan, Vanderbilt, Carnegie, Mellon et al.)"

You ought to rethink what you define as "enslavement". As far as I am aware, neither Rockefeller, nor JP Morgan, nor Carnegie "enslaved" the US population when they helped transform the by then agrarian nation into the industrial and economic powerhouse it later became. They didn't use force, as far as I am aware, in their dealings and the wealth of their achievements certainly wasn't created at the expense of those who didn't.

>They didn't use force, as far as I am aware

Then you're not very aware.

During the Gilded Age there were hundreds of strikes a large minority of which ended with the murder of the organizers and arrest of the leadership, an incomplete list thanks to wikipedia:


Did the robber barons kidnap people from Africa, ship them across the sea in chains and force them to work by whipping them if they didn't? No.

Still, have you ever heard the song "Sixteen Tons?"[1] You might recognize the lines "another day older and deeper in debt" and "I owe my soul to the company store." It's about the life of a coal miner in Kentucky. Those lines refer to a system where the company paid its workers in vouchers that they could use to buy food and clothing from the company store. Prices at the company store were higher than the workers could afford on the wages they received, but since they didn't get cash they didn't have the option to buy elsewhere. So they'd buy on credit and gradually build up a debt to the company that they had no way to pay off.

Is that slavery? Perhaps not technically, since the workers weren't owned by the company and couldn't be sold. But they didn't have many choices, either. They were basically stuck doing a fixed amount of work each day in exchange for food and lodging. Sounds an awful lot like slavery in practice.

[1] Obligator wikipedia link - https://en.wikipedia.org/wiki/Sixteen_Tons

Having to work to each day for food and lodging is like slavery in practice? That a preposterous notion.

Whether you live in a desert island, a small village with no water or electricty, or New York, you will still have to face the practical demands of your survival, of which food and lodging are the primary - in the sense that they are the most immediate,- but not your only, concerns. Whether by hunting and killing your own food, or buy buying it from the supermarket, the facts are the same: you have to work for your survival, it is not guaranteed by nature. And for myself,if I may, I take having to work so I can buy my favorite food and drink at the supermarket every day over having to savagely hunt and kill the food I eat.


It has been a while since I studied this era, but my understanding is that Rockefeller, Frick, JP Morgan, Vanderbilt, Carnegie, Mellon et al. were the "good guys" like in the instance of Carnegie steel which gave back tremendously to the community.

The named figures of this period, who still have visible fortunes today, were generally better than the grand morass that were known as the robber barons.

Some of them were great philanthropists who generously donated to causes of their choosing some of the fortune they had amassed by exploiting and disenfranchising vast populations. Those I named were chief among the robber barons, and some of their descendants, perhaps most notably the Rockefellers, tried to distance themselves from or atone for the means by which their forefathers had come by their wealth.

This cartoon[1] shows "infant" Roosevelt battling the Rockefeller and JP Morgan "serpents". No, they weren't the good guys by any means, despite their philanthropic deeds. They most certainly industrialized the US, but so did Stalin in the USSR (though most would agree that the American robber barons were better than Stalin :)).

[1]: http://newsjournalist.files.wordpress.com/2010/01/the-infant...

A little bit of both. No one can deny the fact that Carnegie created the Steel Emmpire, etc. etc. that provided a baseline for American Manufacturing through the middle of the 1900s. Furthermore, many of these "Barons" became philanthropists and gave away huge portions of their fortune.

However, they also had no morals with regards to child labor, unions, worker rights, and so forth.

Proof-of-stake attempts better enforcement of decentralisation, but I think the various implementations are pretty immature.

I encourage people to look at the paper Transactions as Proof-of-Stake & The End of Mining[0] defining a form of the idea. BitShares[1] (due out in Q2 2014) will implement this.

[0] https://bitsharestalk.org/index.php?topic=1138.0

[1] https://www.youtube.com/watch?v=5BV55IrZi7g

> in any social system there will always be concentration of power in the hands of the few

By default, subsystems can be put in place to diffuse power back into the realm (or at least attempt to)

...except you're wrong. Bitcoin participants have developed a solution to the 51% problem, without any regulation, without any government stepping in and telling anyone to do anything.


Your post is a poorly argued attempt to inject politics into a technical discussion. It reads like the top comment at /r/politics, not HN.

The invention of a new currency is a highly political act; claiming it isn't is a political statement in itself. The discussion of any disruptive technology should quickly focus on politics and ethics, or risk being abused. You can't both claim to invent technology that seriously affects society, and at the same time dismiss talk of politics as irrelevant. A technology can either be irrelevant or be political (if you ever wish to understand technology, I suggest you read some of the many discussions of the politics of the washing machine; or the fork).

What I find most fascinating about some of the less ideological BTC discussions is the belief that a neutral technology (a cryptographic algorithm) can replace social contracts. I'm not claiming it necessarily can't, I'm just saying that this belief shows not only disdain for government, but an Aspergerish rejection of social structures. It's like saying, I don't want to put people in charge because I don't trust them, and I don't want even to talk to others in order to resolve disagreement; instead, I choose to take all decision-making agency out the hands of humans and place it in the hands of an algorithm that can provably never be swayed, because that is the only thing I can trust.

Regardless, there is nothing technical about a story of a small group attaining concentrated power over a decentralized currency.

You are wrong, I totally trust the government, I'm one of the few that still trust the NSA (and I'm not even a US citizen).

It's not a question of trust, it's a question of choice. With a simple and universal way to transfer money, we no longer have to care about the currency we use, if we can easily do an international transfer with our bank, if our Paypal account is still fine, etc...

The only politic is how governments will be able to tax Bitcoin transaction and I believe it's a big issue but I believe we will be able to fix that when it will become a problem.

I don't really understands what's wrong with: "It's like saying, I don't want to put people in charge because I don't trust them, and I don't want even to talk to others in order to resolve disagreement; instead, I choose to take all decision-making agency out the hands of humans and place it in the hands of an algorithm that can provably never be swayed, because that is the only thing I can trust."

There's absolutely nothing wrong with that, but it certainly says a lot about our society, or at least about how some people view it or think it should govern itself. I find it interesting.

> Regardless, there is nothing technical about a story of a small group attaining concentrated power over a decentralized currency.

It is completely technical. The incentives and disincentives to centralization are encoded in the protocol.

> The incentives and disincentives to centralization are encoded in the protocol.

I am not sure I catch your meaning (about incentives being encoded etc.), but suppose they are. Isn't that a very political statement to design a system that entrusts "the last word" with an abstract algorithm rather than humans? Why is it that way?

And again, whenever engineers build something that they want people to use to change the world, they can no longer hide behind "technical". This isn't a discussion about using one hash function over another. It's a discussion about how quickly concentrated power arose in what was meant to be a system free of concentrated power.

It is both very technical and very political.

Encryption itself is a highly political technology - the right for two parties to communicate securely and covertly is controversial in many parts of the world, even today.

The economics of centralization are a dependent on the technical choices of the protocol -- PPCoin and scrypt-based crypto-currencies are specifically designed to avoid the scenario that is happening right now, by not relying solely on sha256^2 hashing power. Of course they are not perfect and have their own issues.

Politics is about taking things from people without actually shooting at them. I think your definition of politics so broad that in encompasses apolitical things.

Politics (New Oxford American Dictionary): "the assumptions or principles relating to or inherent in a sphere, theory, or thing, esp. when concerned with power and status in a society".

So politics is everything concerning the managing of power in a society.

"People often re-invent cigarettes as a currency in prison." <-- oops, political statement

Bitcoin is more of a technology than a currency, as such it does not have to have been a political act to create it.

That's an interesting variant on, "The personal is political" - "The technical isn't political".

Some technologies are by their nature effectively neutral - the knife can be used to cut food, shave your face, kill your enemy.

In a more recent example, the microprocessor is a neutral technology.

But many technologies are inherently political - the Pill, for example, or ICBMs.

I would argue that Bitcoin may be more of a technology than a currency, but it is an inherently political technology, designed as it is to provide an abstract, somewhat anonymized general ledger technology.

Every technology is political. The only time it stops being political in an overt sense is when it no longer provides an advantage over other technologies which can do its job.

Taking the knife. It's invention was somewhere around the dawn of time for our species so the distinction between political and evolutionary event is blurry. But it's impossible to deny that it empowered the group of our ancestors who could build knifes, their advantage was so overwhelming over those who couldn't that today there isn't any human who isn't a tool user of some sort.

The micro-chip is very much more recent and still clearly political. The societies which can produce them control those who can't utterly. The NSA spying is only the latest in a long string of such events, the use of microchips to cripple weapons used against their creators is another. This technology favors very complex societies that can spend billions of dollars on building fabs, designing chips, training engineers etc.

Now for a thought experiment why a complex society like ours isn't predestined to be the state of humanity. Imagine that tomorrow some scientist somewhere finds out you can create a small stable anti-matter bomb by shaking a tomato on a stick at the sky during a storm. All of the advantages of all weapons since the bronze age are annihilated in a second. Large cities just mean a whole society can be destroyed quicker. Everyone from Amazonian Indians to San Fransisco's tech elite have exactly the same destructive ability, to a very good approximation. In a world like that you'd very quickly end up with a population that lives no closer to each other than the maximum blast radius of said tomato. The majority of technology will more than likely disappear since it gives no immediate advantage to those who posses it and population would plummet since one person can now take on a whole army.

For a further exploration of the impact of technology on the politics of a society see: http://en.wikipedia.org/wiki/The_Road_Not_Taken_%28short_sto...

Robert Moses's Bridges are a technology as well.

But his bridges were a political tool to segregate New York City. Since his bridges and tunnels were shorter than certain busses, he made it impossible for African Americans to commute to certain areas of NYC in the early 20th Century.

Politicians can use anything they want as a weapon for their viewpoints.

You have made the fallacy of presuming that technology is neutral.

Correct me if I'm wrong but this only solves the problem if the miners aren't purposefully coordinating the take over of the system. It is merely that a pool of otherwise benign miners can't be used by the pool operator to rewrite the transaction history.

This doesn't stop an organized attack of someone who has rented lets say half of amazon's cloud infrastructure for a 10 minute attack to take over the transaction history. Something that becomes more and more profitable with the reduction of bitcoin income from mining and increase of the total number and price of bitcoins.

> but the reality is that in any social system there will always be concentration of power in the hands of the few.

Actually in this particular case, it's not in the hands of the few, it's in the hands of the majority.

No, it's in the hand of the pool operator not in the hand of the pool's miners.

The scenario of a pool having 51% of the network power has always been known, and it actually already happened with other pools and the result is just people leaving as soon as it's getting closer to 45%.

As of writing, Ghash.io (which is operated by cex.io) is already down from 45% to 38%.

Watch how fast the miners leave the operator if they disagree with his actions.

It's the hands of the miners.

> Watch how fast the miners leave the operator if they disagree with his actions.

1. They'd have to be aware of the actions of an anonymous pool owner

2. The amount of damage the pool owner can do before people even have the time to start leaving is staggering

> It's the hands of the miners.

You're in denial.

The fact remains that the "power" of the pool operator depends on the miners, who can change pools in a matter of minutes.

The instant it's known they're abusing their power, it starts to vanish. It's not a long, drawn-out process.

It literally starts within minutes.

And control of the block chain can be taken over in minutes too. As far as I am aware the network updates itself every 10 minutes. So unless the operator never has a period of more than 10 minutes of 51% control or more the network is vulnerable.

This started out as discussion of power, in particular regarding the robber barons who "enslaved" large numbers of people.

That's not possible with the mining pools. The pool operators simply do not have that kind of power, and they will never have it.

Their power derives from people who can leave them by literally clicking a button. Not much room for power to be abused in that situation.

Yes, there could be a window of maybe 20-30 minutes when a pool operator could do something wrong. But that window would come to a swift end.

And that's not what this thread is about anyway.

In 2011, Jed McCaleb pointed out that bitcoin mining pools can collude. So in fact, Bitcoin is based on trust... it is based on trust that mining pools are not colluding against you.

His idea was to make this trust explicit. And that's the birth of Ripple. Ripple's consensus process is predicated on trust that other entities are not colluding against you.

The Ripple protocol is not subject to the 51% attack that Bitcoin is subject to. Making entries in the ledger has nothing to do with computational power.


Link to the 2011 discussion that spawned Ripple: https://bitcointalk.org/index.php?topic=10193.msg146250#msg1...

EDIT: Adding a link explaining Ripple's consensus process for making changes to a shared ledger: https://ripple.com/wiki/Consensus

Nice try Phil. Please get your Ripple propaganda off of HN. Ripple currency, XRP, is magicked up by Ripple Corp which owns nearly all of it and is the purest form of a pyramid scheme.

My post is not advocating that anyone invest money in XRP. My comment is about the Bitcoin protocol vs. the Ripple protocol's methods of reaching consensus.

The primary purpose of mining is to allow Bitcoin nodes to reach consensus about the blockchain. It is intentionally resource intensive. It takes 8-10 minutes. And it is subject to a 51% attack.

I believe that the Ripple protocol's method for reaching consensus is superior to Bitcoin's. It is orders of magnitude faster (2-5 seconds vs. 8-10 minutes). It is not subject to the 51% attack. It is not computationally expensive or resource intensive. It seems like a better design to me.

Ripple protocol =! XRP. If you don't like XRP, then don't buy it. Easy solution. Ripple is still valuable as a protocol, since it's currency agnostic.

@Goldenkey - While we're making demands of each other, please take your logic-free and malinformed vitriol off HN.

Just to play devil's advocate here, is there any proof to that claim?

I don't have a dog in this fight, but Ripple Labs did set things up so they would start off with all the network currency, and still own the majority of it: http://en.wikipedia.org/wiki/Ripple_(payment_protocol)#XRP .

That's correct. From Ripplelabs.com:

"Because Ripple’s new architecture does not require mining [to reach consensus], the creators of Ripple faced a choice: exclusively distribute XRP via mining or diversify distribution methods to include useful mining, business development, funding third-party developers, and hiring talent at Ripple Labs, the company responsible for improving upon and promoting the Ripple protocol."

XRP is currently distributed via the "Computing for Good" program:

"We’re giving away XRP in exchange for donating computing power to scientific research via World Community Grid. Anyone with an Internet-connected computer or Android device can participate."

link: https://www.computingforgood.org/

If a pool has control of >50% of the hashing power, it means that they could do damaging things to the Bitcoin network as far as I understand.

People will explain that it's not in the pools interest to do this, but it's missing the point. The pool is now a potential weapon, with a very small number of people in control. This means they are now a potential weapon against Bitcoin, and if someone external wanted to hurt Bitcoin GHash.io might be a good starting point to do this of which there are many ways to potentially realise this goal (blackmail, hacking, bribery, covert seizing of control etc)

The more pools there are, and the more evenly the hashing power is ditributed amongst these pools the safer it is for everyone who has interests in Bitcoin.

Peer-to-peer decentralised pools to me sound like an excellent way to mitigate this sort of risk, and I think it's important. Consolodation of pool hashing power I beleive is a natural inevitable market force. One pool has to be objectively the best and will attract the most miners. From what I gather, p2p pools are a fairly large technical challenge and the question still remains as if they can still compete with centralised pools with regards to efficiency and reliability (profitability).

With Bitcoin as popular as it is, it would be an increasingly lucrative strategy to short BTC, damage the network, re-buy low, and undo the damage. Sure, this is sort of a one-time use weapon, but there's no reason to believe that GHash.io's operators are in this for the long haul - perhaps, in the words of that amazingly catchy television commercial, they "need cash now."

It is currently pretty much impossible to short large quantities of bitcoins. Besides, such an attack would probably crash the whole system which could render the potential shorts useless. Too much uncertainty for anything that big.

I really can't see the way for anybody to benefit from a 51 attack. However, a potential attack will probably be a black swan, which will make it "impossible" to foresee for 99% of us, so the fact that there isn't any clear way to benefit from it, doesn't actually mean that there isn't a way.

Malicious attackers or disgruntled employees could also gain access to the pool and do nasty things.

Folks are missing an important point here about the incentives of a pool majority (that I recall Satoshi mentions in the original whitepaper[0]): even if a particular agent has a majority in the mining network, it isn't in their interest to upset trust in a system that they have such a large investment in.

Where would the sense be in taking the risk to undermine public trust in BTC for a short-term gain like modifying a few transactions when you have such a large stake in the system?

[0]: http://bitcoin.org/bitcoin.pdf

Here is a thought experiment :

Say the pool operator is also the owner of Bank A (which has nothing to do with BTC). Now, a competitor of Bank A, Bank B, just announced that they will support BTC. The pool operator can now decide to "destroy" bitcoin and therefore cause severe financial loss for Bank B, leading to bankruptcy. If putting Bank B out of business results in gains (in USD), for the pool operator, that are greater than what he just lost in bitcoins, then it might be worth it.

Of course, this is very hypothetical, but it's not hard to come up with similar situations where Bank A is "State A" and Bank B is "State B".

Thanks for the concrete counterexample. I still find it dubious that the owner of Bank A would be willing to destroy a stream of income as considerable as a 51% stake in BTC just to preempt a competitor in another market. That seems too self-sacrificial to be practical.

Also, you're missing the point that Bank B's successful adoption of BTC would also benefit Bank A's owner, since that adoption would be a boon for BTC, which Bank A owner has a very large stake in.

It's all a matter of the right price. Bank A doesn't own 51% of bitcoin, it has control over 51% of the mining pool. As a rational agent in the bitcoin-only world that's worth SOMETHING but not billions. As a rational agent in the total world it might be worth sacrificing $100mm on the pool if it can cost your competitor $10b.

Good points. What I wanted to point out is that the typical arguments about an agent's incentives to not destroy BTC usually fail to take into account gains outside of the BTC world.

This is like asking why a counterfeiter would undermine trust in the U.S. $100 dollar bill in order to get a big short-term gain.

I know there is a big spirit of brotherhood about doing what's best for BTC, but if your prototcol is to survive the real world, you have to anticipate people more interested in their short-term gains than global harmony. Particularly if the protocol will involve money. Particularly if the protocol is trying to be money.

A counterfeiter sees far less benefit from the continuation of the USD than does someone who owns 51% of the BTC mining infrastructure.


I dunno, maybe to double-spend their coins? GHash.IO has been accused of double-spending in the past. Reaching 51% will enable them to double-spend their coins.

If GHash.IO really cared about BTC, they would stop before they reached majority stake in the Hashrate. All other pools in the past have purposefully gimped their hashrate in these situations.

A pool reaching 51% is undermining the trust of the BTC system. Period. GHash.IO apparently doesn't care however.


Furthermore, as the thread I linked to suggests, GHash.IO attempted to double-spend against BetCoin back when they only had 24%. This isn't a theoretical problem, these guys actually are trying to double-spend bitcoins.

>All other pools in the past have purposefully gimped their hashrate in these situations.

This has even occurred with altcoins (which are often widely believed to be pump-and-dump schemes) where a pool gets too close to 51% and voluntarily makes an effort to reduce their hashrate (either by blocking new signups, issuing fewer work units, etc.)

I think they've all but admitted that they were behind the double spending actually, they just blamed it on a rogue insider: https://bitcointalk.org/index.php?topic=318010.msg3590355#ms...

What if somebody incentives the pool operator with a rubber hose?

There's no safety even if GHash.io is below 50%. How can we tell that GHash.io and BTCGuild aren't already colluding? They have 61% between them.

Even without that collusion, if you control 40% you still have a high probability of pulling off a double-spend attack. My recollection (sorry, I don't have a link, so I might be wrong) is that someone somehow associated with GHash.io already pulled something like this off when they were still below 30%

For a very good (if long) explanation about Bitcoin in general and why this information is potentially relevant to the progress of Bitcoin - http://www.michaelnielsen.org/ddi/how-the-bitcoin-protocol-a...

Could someone with knowledge of Bitcoin explain what happens when a share of the pool hits 51%? Is this dangerous in some way?

Edit: Thanks to those who took the time to explain. Very interesting.

The pool operators could launch 'double spend' attacks. Essentially with > 50% of the hashing power, a bad operator is able to generate a chain faster than the rest of the network. They can hold back this longer chain in secret, execute some transactions on the honest chain, then broadcast their chain (which doesn't have those transactions included) to the network. The network will use the evil chain since it is the longest, and since those transactions are not included, whoever accepted them beforehand has been ripped off.

It worries me that it's this hard to convince miners to leave a pool. If I wanted to kill Bitcoin and had a few million to spare, I'd open a pool with no fees PLUS a bonus of 1 or 2% from my own pocket. Good luck getting people to leave that pool.

There are rumours that that double-spend attacks have already been tried or experimented with by someone linked to the Ghash.io pool: https://bitcointalk.org/index.php?topic=327767.0

There is even some evidence that double-spending attacks have already happened. You don't strictly speaking need 51%, that majority just ensures that your chain will win out over time. The original bitcoin paper[1] details the probabilities involved for nodes controlling < 51%, if anyone is interested it is a short and good read.

It could be even worse than that however. Another post on BCT[2] talks about a "time warp attack", where at 51% node could effectively mine all remaining bitcoins in one fell swoop.

[1] http://bitcoin.org/bitcoin.pdf

[2] https://bitcointalk.org/index.php?topic=114751.0

Despite the good responses, there are two points that I believe are important that haven't been pointed out yet.

1. While a 51% pool operator could double spend, none of the participants can do that. The social incentives against a pool operator exploiting this power are very strong, however, because double spends are basically impossible to hide and would destroy the value Bitcoin - which is pretty much against the operator of a mining pool who is likely to hold significant amounts of Bitcoin herself.

2. There is a second possible exploit that is not so well known, which is that a >50% pool can capture all mining rewards. They can do so by never accepting a block mined by somebody else, and instead always mining on their private chain. This pool-specific chain will always ultimately become longer.

The loss of confidence associated with such an attack is probably smaller. So I would bet that if the pool operator has evil intentions, that would be the way to go for them.

Can #2 be turned on and off in a controllable manner, such that it grants only a modest statistical advantage (sufficient, say, to keep the pool above 50%) ?

I hadn't heard of the second possible attack that you mention until now. Could you please point me to an article or somewhere that develops the idea. I'm intrigued about what people predict that the miners of such pool would do in that scenario.

The interesting point about the second possible attack is that a weaker form is possible even with less than 50% of the hashing power. The term to search for in a search engine is "selfish mining", e.g. here: http://bitcoinmagazine.com/7953/selfish-mining-a-25-attack-a...

Essentially, Ghash.io would be in control of the Bitcoin blockchain, allowing double spending of BTC and other nefarious deeds.

See https://en.bitcoin.it/wiki/Weaknesses#Attacker_has_a_lot_of_...

Edit: According to the Wiki linked, these attacks are also possible with <50% mining rate, although with lower probability of success. So this is a problem even if Ghash.io does not crack the 51%.

My understanding is that if one entity controls 51% of the network, they can push arbitrary modifications into the block chain. In effect, they can do whatever they want.

That is not correct, the consequences are still very bad.

What can you do with 51%? You can (theoretically) revert a transaction that has been confirmed, by mining blocks attached to a prior point in the blockchain and getting a longer chain than the rest of the network.

What can't you do? You can't spend someone's coins when you never had their private key to begin with. Making a transaction is an act of "signing" and public-private key cryptography is not dependent on the block chain style technique for sending messages, only for making sure that they got through and maintaining them as a ledger.

You can probably single out arbitrary transactions and make sure that those are the ones that are reversed -- your transactions, so the evidence would point back to you, and whomever accepted your bitcoins as payment for something, would potentially know it was you who wronged them.

You could also decline to single out a transaction, just reversing all transactions after a given block and starting a "new life" for all the people who spent their coins after that. When you refused to re-sign the transactions that you made, you would then out yourself.

All of this is fairly academic since the person in charge of 51% of the hash power (GHash.io owner/operator) is a known actor, the hordes have not trusted him/them anonymously, and it turns out that miners have the least incentive to perform this kind of attack, since you lose an amount of revenue equal to the contents of the number of (your) solved blocks that you reversed. They would be more likely in my opinion to accept hashes and proof of work, but then renege and refuse payment to their miners, since this is really a less sophisticated attack and either way you should lose all of your credibility as a pool operator when you are discovered.

The thing you're not taking into account is that, even if GHash.io are trustworthy, this still makes them a single point of failure - any attacker who compromises their systems can carry out double spends, or they can even do it themselves and then blame it on an outsider. What's more, this has already happened with GHash.io and it hasn't damaged their reputation in the slightest. (Back when they were a smaller portion of the network, someone spotted malicious double spends of coins obviously linked to GHash.io that were equally obviously done using the miners they controlled. They blamed it on rogue insiders and everyone carried on using them.)

I mine with slush, at mining.bitcoin.cz

I am not at all disputing that 51% attack is one of the known attacks and that 51% of hash power concentrated in the hands of any one actor is something to be prevented.

I also dabble in alt-chains, and the Terracoin chain has often had 51-60% of the hash power in the Coinotron pool.

It happened to GHash.io before, yes. I think they made it right. It's up to the rest of us to take our miners somewhere else to minimize the possibility of a rogue actor at GHash.io causing problems.

As Coinotron once told me, a pool operator just runs a pool, can't control the users. There is no fair way to turn away hash power or "self-police" as a pool operator. I think if I read the graph correctly, the CDF provides a logarithmic probabilistic dis-incentive to be >50% of the hash power and also act fairly (in other words, to work on any broadcasted solved blocks that don't contain rewards belonging to you), so it will be interesting to see what happens next.

> ...they can push arbitrary modifications into the block chain. In effect, they can do whatever they want.

No, since who holds what coin is defined by consensus, which has to stretch out of the mining pool. If they arbitrarily gave themselves coin, for example, then no other client would accept that they hold that.

See smtddr's reply for details of what they can and cannot do.

"If they arbitrarily gave themselves coin, for example, then no other client would accept that they hold that."

Would this be detectable in practice?

yes, ever other Bitcoin client would refuse the blocks because they don't follow the transaction spec

The purpose of Bitcoin mining is to establish an ordered sequence of transactions

This will cause block chain to split into two (we've already observed that a year ago due to sqlite glitch between versions) and the offender (ghash, 51%) will get exactly 0% in the block chain that every other client will be using.

If you check https://blockchain.info/pools Ghash.io is back down to 39% of blocks created, which is still big, but not as scary.

A good explanation is due to the random variation in the who the block is a awarded to.

The chart you link is over the past 4 days.

In the past 24 hours, they are still at 41%.

Although I agree there's bound to be a bit of random fluctuation.

It's dropping nicely, down to 39% over last 24 hours.

Can someone please explain what Ghash.io and BTCGuild are? I have checked both homepages and subpages, but still don't understand what it is. Ghash.io wants me to download a binary, the other one talks about a "mining pool". Can't figure what that even means..

Disclaimer: Bitcoin noob here

You can mine Bitcoin on your computer. The chance of discovering a 'block' and receiving the 25 BTC reward are however very low as it's very competitive. Mining solo, you're playing an 'all or nothing' game and you could run for months, even years without earning any reward.

Pools are collections of people who mine Bitcoin. When a block is discovered by someone in the pool, the reward is shared amongst everyone who is in the pool relative to their contributed hashing power (often minus a small fee for the pool operator).

Ghash.io is the largest pool, and the member of the pool control a good 35-45% of total hashing power on the Bitcoin network. A pool with >50% the total hashing power is bad, because the operators in charge of the pool could carry out malicious acts on the Bitcoin network without any members of the pool being aware they are contributing to these acts.

To be more explicit: if you have > 50% of the hashing power for a sustained period of time, you can with 100% probability dictate which transactions are accepted, which allows you to perform double-spend attacks essentially at will. [+]

If you control a significant percentage which is less than 50%, you can attempt to do this but it is both uncertain to work (on any given attempt) and costly if it fails. Note that you can take many bites at the apple if you're willing to suffer the opportunity cost, so if you have a sufficiently profitable transaction to cheat on, you'll come out ahead.

The most vulnerable players in the Bitcoin system currently are gambling sites, but in principle with sufficient hash power you can do this to anybody using Bitcoin. Gambling sites are particularly at risk because their intended behavior is swapping bitcoins for bitcoins very quickly, and if you can doublespend, you can swap bitcoins for bitcoins but then say "You know those bitcoins I sent you? Psych, I didn't have them, even though you thought I did." after you've been told that you lost a bet. If you win the bet, you simply don't rewrite history to invalidate your bet. Repeat as desired.

This is the planned and anticipated vulnerability in Bitcoin. Great news: it's rarely the planned and anticipated vulnerability that kills a system.

+ Double spend attacks are not the only attacks you can envision. For example, if you control 51% of hashing power for a month, you're capable of essentially invalidating all transactions globally in the past month, at a time of your choosing. Like, if an unrelated party Bob had been paid in bitcoin by his employer two weeks earlier, and Bob then attempted to transfer bitcoins to Mt. Gox to change into dollars, Bob's bitcoin client would suddenly tell him "Dude, you might remember that salary payment, but it never actually happened." and Mt. Gox would say "Umm, you don't have bitcoin to transfer in, what are you talking about?"

So even gambling sites use Bitcoin! That double-spend attack sounds so weird, I wonder why it's even possible. Why does Bitcoin trust the owner of larger amount of BTC (51%) more than those with less? I thought that trusting every client equally (less) would be a greater advantage, than trusting the largest group of clients. That part is hard to understand.

What would happen, if due to a war many of the datacenters on earth were destroyed and we would only have 1/4 of the computing capacity left. Would sending BTC become impossible, or is mining not possible then?

You should know that you don't understand enough about Bitcoin to reason about it [+], and before trusting my representations about it, you should know that I am approximately the most skeptical person about it in the entire tech community.

+ This phrasing is rather more robust than I'd prefer, but you're dangerously mistaken about something which many people will attempt to get you to equate with money.

The Bitcoin protocol does not trust owners of large amounts of bitcoins. An emergent behavior of the protocol is that it trusts people with large amounts of hash power over given periods of time. Why not trust every client equally? Because Satoshi believed that IP addresses were really easy to conjure up, and compute farms were really hard to conjure up, so a malicious actor could easily get a majority of the network if you were counting via IP addresses but it would be hard if you required computational proof of work.

This is one of the core engineering decisions in Bitcoin. One of the other ones is, to incentivize people to spend computational power on computations which have no utility the overwhelming majority of the time, periodically they're allowed by the protocol to claim bitcoins which are created from nothing. Every bitcoin in circulation first came into possession by someone who won a lottery with tickets basically bought by the expenditure of hash power.

Response to edit: In a war during which 75% of the world's datacenters are destroyed, the Internet collapses, Bitcoin dies along with many hundreds of millions of people, and cryptocurrency enthusiasts join Beanie Baby collectors in the long line of people who will not find their favorite hobbies treated well in a nuclear winter.

If you're answering purely as a math abstraction, though, the protocol will eventually self-correct by picking a new, lower block difficulty, with the goal being creating a new block approximately every ten minutes. The approximate upper bound on how long it would take to recalibrate if you lost 3/4th of the hashing power is plus or minus eight weeks. (I originally said "an hour", which is clearly in error.) During the interim, Bitcoin would be possible to transact in and mine but it would be slower than previously -- instead of it requiring about an hour to know that a given transaction was safe to rely on, it would require about four hours.

But again: Bitcoin is very much not robust against "the end of the world."

Thanks for the great and detailed answer patio11! Hope you have a great weekend =)

See the other posts in this thread for more technical details, it isn't the owner of the largest amount of bitcoins, it is the miners with the most amount of hashing power. See, miners are supposed to be decentralized to prevent double spending. When you mine in a pool, you are giving up your hashing power to a pool operator in exchange for a payout that is more regular. When that operator controls over half the bitcoin network, they become bitcoin God.

In theory everyone mines alone to prevent this, in practice, this isn't very feasible.

Oh that's completely new to me. I thought that mining means that I need to let the PC run for hours to get some BTC someone send to me. Is the mining you're mentioning unrelated to another one sending your BTC?

Can anyone "lucky" enough receive 25 BTC from nowhere, is that what you mean by `25 BTC reward`?

How can people share a "computer cluster"/minin pool (that is what you mean right?). Do you mean that one person or company owns such a huge cluster and let's all members share 'virtually' a single 'Bitcoin wallet'?

I'm not really that familiar with it, sorry for the nooby questions.

"Mining" is basically brute-forcing a value (the proof of work). Whoever stumbles on that value gets a previously agreed-upon bounty awarded, currently 25 BTC.

A lone miner has a very low chance of finding the value, but will get the full 25 BTC. In a pool, a number of miners combine their computational power, and if the pool finds the value they get awarded a fraction of the bounty corresponding to the amount of work they did (the number of possible values they checked). E.g. if A, B and C are in a pool, A verified 140 values, B verified 100, C verified 10 and one of them (who it was isn't supposed to matter) they'll get respectively 14, 10 and 1 BTC. If they had not been in a pool, one of them would have gotten 25 and the others 0. So being in a pool reduces your payout, but increases the chances that you get a regular payout.

> Oh that's completely new to me. I thought that mining means that I need to let the PC run for hours to get some BTC someone send to me. Is the mining you're mentioning unrelated to another one sending your BTC?

I'm handwaving here, and this is how I understand it.

Yes. It is verifying transactions. Making sure that transactions are valid and people aren't double spending or spending money they don't have. As a reward for doing this miners who find blocks generate bitcoins from nowhere, the reward is currently 25 bitcoins for finding a block. It is luck based, you have to find the right hash. You just keep hashing away until you find the right one, I believe.

It's called "mining" because it's a reference to say mining for gold or other items of value. You can look in the right spot, but there's a bit of luck involved.

>How can people share a "computer cluster"/minin pool (that is what you mean right?). Do you mean that one person or company owns such a huge cluster and let's all members share 'virtually' a single 'Bitcoin wallet'?

More or less. They rewards are divided based on how much computing power you put toward finding that block (shares). Once it is found the rewards is divided up proportionally. In reality some pools have slightly different reward schemes, but I'll make it simple here. So, if the reward is 25 bitcoins and I put in 10% of the "effort" to get that 25 bitcoins, I would get 2.5 bitcoins even though I am not the one who found that block, someone else in the pool did. That lives on the pool's wallet. I then go and log into the pool's website and transfer those bitcoins from the pool to my wallet. Some pools have an auto transfer so that when you get to a certain amount it automatically goes to your own wallet. Those coins do me no good at all in the pool's wallet, until they are transferred to my own wallet.

Pools aren't run by companies, not that I've seen. They are mostly run by anonymous operators.

It is long, but I strongly recommend reading


See here for a more technical explanation:


The way Bitcoin (and others) mining works is this:

Nobody mines on their own, unless they are running a server farm of mining gear. It would take too long to make a profit, and you might not ever find a block by yourself, depending on your hashing power and luck. Finding blocks are what generate coins. People combine their hashing power and mine in pools, that's what Ghash.io and BTCGuild are. These pools take all the profits and divide it up to all its members based on how many shares they submitted to find that block (basically, their mining power). Pools allow a more or less consistent payout for their miners instead of mining forever and getting nothing then once in a while getting a big windfall. These pools are run by an operator usually anonymous. These pools sometimes (usually) take a small fee, and some people donate as well to keep the pool running.

Pools are subject to DDoS and other attacks as well often.

Why ghash.io is so popular? Is their some specific reason for mining in GHash pool instead of some other?

EDIT: I'm talking in general. I mine litecoins (and sometimes other alt coins), not bitcoins, so that's what I'm most familiar with.

Big pools are popular for a number of reasons:

1) Lots of hashing power means lots of blocks found means more payment more often, even if it is less coins. People get impatient and leave smaller pools if they aren't getting paid right away.

2) Network effect. It's the first Google search result. This might be the biggest factor.

3) Probably more reputable, so I'll probably get paid too, most pools have honest operators but some can shut down shop and take coins people haven't cashed out yet and run or do other shady things.

4) Probably less downtime, beefier hardware.

I don't know the specifics of GHash in particular if there's anything that makes it more appealing.

They are backed by cex.io which is an exchange that trades GH/s for BTC.

They are able to run a pool for 0% fee, along with mining a couple of other altcoins makes them a more profitable pool than others.

Ghash.io is "just" a pool. For them to do anything scary, all the members would need to collude, right? Or can the pool "direct" the mining in such a way that eg. double-spending can happen without the consent of individual miners?

Obviously, the second there's evidence of double spending or similar, any value of Bitcoin will disappear as dew on a summer morning and the value of all the ASIC gear with it - so there is a very strong incentive for each individual miner to refuse to participate.

None of their miners have to collude in any way; scary stuff is entirely up to the pool operator to execute and the miners won't even know that they're helping until it has happened.

At this point it's tempting to consider just mining for this pool as collusion, however. GHash.io have been known to abuse their mining power to double-spend already. Miners are not showing much will to leave for other pools, however. It's a dire situation.

> It's a dire situation.

Hoards of people dump insane amounts of money into a new, unproven and unstable currency technology. What could go wrong?

Mining power can centralize -- there are some solutions to this. One of them is https://en.bitcoin.it/wiki/P2Pool

When you mine on a pool you are giving that pool complete control over your hashing power. For example there's pools that completely switch which coins you are mining every once in a while (every few minutes to hours) up to the pool operator.

It might already be considering that there is a substantial proportion that is "unknown" mining power: https://blockchain.info/pools

On the other hand, the heuristics of blockchain.info do determine block ownership are not perfect either: https://bitcointalk.org/index.php?topic=123726.0;all

Can you explain what the threat is please?


---The attacker can----:

Reverse transactions that he sends while he’s in control

Prevent some or all transactions from gaining any confirmations

Prevent some or all other generators from getting any generations

Double spend Bitcoins

---The attacker cannot---:

Reverse other people’s transactions

Prevent transactions from being sent at all (they’ll show as 0/unconfirmed)

Change the number of coins generated per block

Create coins out of thin air

Send coins that never belonged to him

Is there really a practical difference between double spending and generating coins out of thin air? I can just duplicate coins by sending to two wallets I control. Or is there something that would prevent me from later spending some of those coins?

I think that they would not be able to do that: only one of the two transactions could be in the longest correct block-chain. That's because it is easy for the clients to detect and reject a block-chain that contains double spending. What they can do is pay for goods or services and revert the transaction after the goods or services have been delivered.

Given 1 BTC sent to two different addresses, there is maximum only one of them that is valid at one point in time.

However after some time, the other coin could be valid and the first coin could be invalid.

The timing attack gets harder the longer time has gone since the coin was sent.

You can spend the same coins twice, but you do not end up with 2x as many if you don't spend them at all. So you can end up with 1x worth of goods and 1x in your wallet like you never spent them but you can't end up with 2x in your wallet.


With all the concern over double spending, I'm wondering doesn't double spending happen frequently?

It seems like all you'd have to do is make two transactions within a short time period like < 1 second. Doesn't this happen from time to time?

That's why nobody should be accepting transactions with no confirmations.

Right, but surely it happens, no?

Yes, but it's really at the parties risk.

1. Buy millions of alt crypto coins (e.g., PPC which is less vulnerable to 51 attack), 2. destroy BTC by getting 51% control of hash pool, 3. profit.

Altcoin value is very closely linked to BTC value. Most (all?) altcoins are vulnerable to 51% attacks, so killing bitcoin would leave little hope of leaving value left in the altcoins.


i think what is implied there is a potential plan to make tons of money by destroying bitcoin in favor of an alternative coin you've heavily invested in.

I'm doing my part by moving my altcoin mining capacity over to Bitcoin pools. Not much, but every little bit reduces ghash.io's share.

I don't understand the forum thread. Can someone please explain it in layman terms?

OMG it is NSA trying to eradicate Bitcoin!!! :-P

Wish I could filter out the bitcoin news.

I don't understand anything. What's going on?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact