Its scary how little the founder understands about proof of work, golang, or Ethereum. The geth issue that was patched 4 months ago had nothing to do with being 51% attacked.
There's no hashing power dedicated to the altcoin so it got attacked, and this is something that's been happing to POW altcoins for 6 years now. Its not clear how she ever expected the POW consensus to survive a 51% attack, and has not described how the Ethereum protocol has anything to do with the failure of her consensus algorithm. If she was on a bitcoin-based POW chain she would have had the same issues.
The author seems confused about the nature of this attack. It has nothing to do with using the go language or any other, it's purely about the choice of consensus algorithm and the vulnerabilities of a small ecosystem. In a small blockchain, it's much easier for bad actors to gain enough hashing power to control proof of work. I do see they are moving to a proof of stake algorithm, I hope that works out.
Still unclear to me why some of these smaller coins exist, except perhaps for rampant speculation. From the krypton site: "$KR is my vision for an ultra-fast blockchain that can realize all of the features of Ethereum with fewer initial coins, faster speed and lower inflation." That sounds ok, but right now none of those things are the primary problem with Eth.
Still unclear to me why some of these smaller coins exist, except perhaps for rampant speculation.
I don't play in this space, but I bet it is because some traders have methods of using differential exchange rates between exchanges to make money. The values may be large(ish), but they are probably hedged by bets the other way on other alt-coins.
There is a strategy in betting called Dutching[1], and I suspect that people are doing similar things trading between alt-coins.
Of course, there are also fools who put their life savings into some random coin. Good luck to them.
its clear to me that they exist because the founders benefit from their existence. its a repeatable revenue stream.
"I am not the only person with a sizeable investment in KR and I am now nowhere near the top holder, having solely repaid the theft from Bittrex, valued at $2,900."
> Know this: Krypton is more than just a blockchain or another cryptocurrency. We will survive these attacks, even if it means staying on the POS chain, in order to protect KR investments, until we do the complete rewrite of our client platform in a more secure language, like C.
It has nothing to do with Ethereum. This Krypton chain has a very minuscule hashpower so it's susceptible to attacks. It would happen with any Proof of Work chain. She is moving to a Proof of Stake which requires +- 51% of the ownership total coins to execute an attack like this.
Postgres isn't written in standard C. It's written in a derivative of C where signed integer overflow is defined as two's-complement and the strict aliasing rule is removed. Most standard C compilers also support this variant language with the compile options -fwrapv -fno-strict-aliasing.
If you're going to use Postgres as an example of writing secure code in a language, that's fine, but make sure you're advocating for this C variant and not for standard C. Standard C, where signed integer overflow is undefined and the strict aliasing rule exists, is extremely hard to write secure code in.
(There's also the separate issue that most of the input paths into Postgres are trusted in some way: you don't expect malformed database files, and you often don't expect hostile queries. It's primarily the auth code that needs to be rock-solid, which is a relatively small piece of the software.)
Yea, postgres certainly assumes a lot more than the standard guarantees. Besides the above, if you look at it formally, it's pretty much impossible to have a multi-process program, connected over shared memory, that's actually fully standard compliant. Especially not when using a pre C11 environment (postgres requires C89).
I think we really should have "official" variants of C that are a bit more predictable. But I guess that's not happening.
Oh, and whoever designed the strict aliasing specs: To me they seem widely impractical. The fact that there's essentially no way to explicitly alias, without memcpy'ing, is just absurd. The standard's language is also so cryptic, that well versed people (like Regehr you linked to) can't agree with each other what the exact requirements are. The union aliasing trick isn't, to my knowledge, actually precisely standards conforming.
I had never heard of Krypton before, but the decisions and the message in that article make it abundantly clear that I won't need to bother. Moving from golang to C and switching to a completely different blockchain in 'a single sleepless night', and then asking the community to bail you out? Zero confidence.
> My lead developer, Krypton-Dev, remains anonymous. I have known him and yet not known him for over two years now. Ironically, he is one of my best friends and the person whom I trust the most, by often placing the entire success or failure of Krypton in his very capable hands.
> Just two days ago, I did this very thing, trust this anonymous friend with not only my business and entire life savings (don’t get me started about using personal funds to found a startup!) but, also with the investments of everyone holding Krypton’s blockchain coin, KR.
> In a single sleepless night, Krypton-Dev coded this POS blockchain and Windows and Mac wallets for KR to be moved to. Can you understand why I trust this man with my business and KR holder’s investments? My admiration for his tireless dedication to Krypton knows no bounds.
Holy shit this is hilarious. My understanding from this article is that the founder is not a programmer, barely understands the technology, gave her life savings to someone she knows only as an online alias, who then used it to develop their own crypto currency, and thinks that a client rewrite in C will solve all of their problems. This is truly amazing.
Also, she considers this online persona her best friend. The founder is so far out of her depth, so naive, it hurts me to even consider that someone like this exists. The blog post is painful.
> Also, she considers this online persona her best friend.
Assuming it's not just a story, it's not impossible that they are very good friends, but the information and trust asymmetry involved makes it hard to believe that Krypton-Dev views her in quite the same light as she views him. My quack-pseudo-psychology take would be that she's justifying choices she has made by changing her perception of reality until they make sense. If Krypton-Dev isn't her best friend and the person she trusts the most, then she's made some very risky choices, so he must be, right? That said, this is a very small amount of information to go on, and it's entirely possible that their relationship is far more complicated than that.
She's crazy, but like a fox. What is the reason for any of these smaller coins to exist? To get on the ground floor and let speculation drive your investment up massively. Imagine if you had 10,000 bitcoins during the early days, you'd be sitting on $6m right now. In fact, there are early miners and investors who had that many coins and are quietly cashing out. So she followed their lead, and used the cheapest darknet-sourced coder out there.
She just wanted some of the action. She probably paid next to nothing for some kid in Ukraine to whip up a garbage blockchain and client and knows full well this thing would come crashing down. The question that matters is did it crash before she cashed out or not? Also, the Ukranian kid isn't stupid either. He's probably sitting on a treasure chest of these coins and is double-dipping by recommending a lengthy C re-write.
The problem with cryptocurrency is that it attracts a lot of shitty people. Its pretty easy to read between the lines here. It no different than the early days of the App store where regular Joes would spend their entire life savings for a "genius" app idea and there would be no shortage of shady devs ready to milk them dry. Oh, they'd deliver the work, but it would be shoddy and the devs would know going in that the idea was garbage and how to drag out development to drain every penny.
> The problem with cryptocurrency is that it attracts a lot of shitty people.
I think it's fairly well accepted that that's a problem with currency in general. There's a reason we have the perception that wall street is populated entirely by douche bags, and that's because while even though not all of them are, a sizable portion are.
Yet modern finance has hundreds of years of regulations on its back. Obviously, with differing outcomes/quality, but it is there.
Cryptocurrency is still wholly unregulated for the most part and any person can start a currency. I suspect this draws in a certain type of person. See the various 'hacked bitcoin exchanges' that were just founders running away with the money, for example. There's no FDIC here or even any law enforcement options, especially if the hosting was off-shore.
Sure. I just see cryptocurrency more as an esoteric investment vehicle than a currency, because I don't use it so I often forget it's capabilities as an actual currency. In that respect, it's not all that different to my eyes than complex derivatives in the early 2000s. In both cases we have overly complex systems that very few people truly understand, backed by real money through people investing.
I think people that are interested in just making money, over most/all other considerations (such as having a fulfilling career, or serving some need), gravitate towards industries where they are closer to direct money. Finance is one of those areas, so we get more people in that area that aren't as adverse to breaking a few rules or screwing some people over.
I agree regulation would solve some of the problems of cryptocurrency, but the cost would be to lose a lot of the benefits of a cryptocurrency, to the point where I'm not sure the use case of it anymore. What does a regulated cryptocurrency get you that you can't achieve through a more traditional, centralized currency system? I think people just need more education on what to expect, which is something that's fundamentally a little different than centralized currency, and part of that education needs to be about risk.
I think their point still stands - sure there's regulations, but that's just added bureaucracy and history on top of an arbitrary system. I won't pretend like it doesn't work - clearly it does - but something like the USD is extremely vulnerable as well if "the system" goes down - hyper inflation, hyper deflation, currency rejection (people want chickens not dollars), etc.
I've been working in the permissioned blockchain space for a couple years now, even OSed a POC of a raft based system we tested out at JPM in march. It is truly scary how little most people focused on blockchain understand about consensus. Some get it, but most don't.
When I was doing vendor vetting the talk usually revolved around the "blockchain revolution" but glossed over over the consensus issues. In the permissioned blockchain space, mining is really not an option (how do the incentives for mining work when there are no coins involved?). Luckily, we have a lot more flexibility in the consensus system we can pick.
Moreover, the term "blockchain" itself is ill-defined/overloaded. If all blockchains use mining then the 51% issue is ever present (though if I remember correctly problems arise at 30-ish%). If the broader "BFT consensus" definition is used then no, you can use PBFT/SmartBFT and a host of others to come to consensus without ever needing to touch crypto let alone mining. The issue, of course, is that Mining-based consensus is the only system that works for truly public blockchains, as it allows for anonymous participation at all levels and can also scale flat.
If anyone else is a consensus nerd, I wrote a technical-biz-persone level white paper on permissioned blockchains that goes into more depth and covers the issues associated with using TLS vs PPK sigs [1].
The thing that's always bugged me about proof of work systems is that there's no reason to assume mining power won't become concentrated into the hands of a few actors. In fact, if (1) there are economies of scale in mining and (2) miners are rational and only work when they expect a positive return from mining, it seems like you'd expect mining power to become concentrated. (Of course today most miners operate at a loss, but I see no reason to depend on that.)
I'm kind of a Bitcoin skeptic because I don't think you can build a trusted currency on top of a system with flawed economics like this.
All the more reason not to trust cryptocurrencies as a store of value.
The 51% flaw is a glaring, fundamental problem with all current cryptocurrencies. We once thought "oh, the risks are low and it would be obvious if anyone did it". It's still obvious, but the risks are not low (and in fact, seem to be pretty easily exploited with cloud computing).
Not that they won't get there, but I don't think that blockchain solutions work in the absence of legal contracts between the parties involved. Blockchain has a lot of potential as a public, secure, distributed ledger system between competitors who can be trusted to play fair, but as the backing of an anonymous cryptocurrency the risks of a malicious actor are too great. As with anything, you need real-world penalties for breaking the rules -- and a key limitation of blockchains is that it's impossible to prevent out-of-band coordination between 'anonymous' actors without them.
The 51% attack is a big flaw with blockchains, but it goes away when the network becomes sufficiently large, with enough hash power distributed to different actors. If you can trust that it would be near impossible for a single actor (or group) to gain 51%, then there is no need to trust any individual actor.
The issue, as demonstrated by this event, is that it is difficult for a new coin to get enough momentum going at the beginning. There is a lot of research going into figuring out the best way to bootstrap new blockchains. Personally, I think this problem will be solved sooner or later.
Bitcoin is coming close to having a 51% problem (3 mining groups could join together to get 51%). At recent points in the past 2 groups have been able to hit 51%. If bitcoin isn't big enough for 51% to be a serious possibility, who is?
Right, mining pools are an issue. If the hash power isn't sufficiently distributed then your guarantees go away. That is why some people are doing research in that area to discourage or eliminate mining pools. I read about most of this from the following draft textbook from Princeton
Ah; but the way that mining is incentivized makes mining pools almost required to spread out the risk sufficiently as the amount of discoverable blocks shrink over time.
IMO this is the critical flaw in any cryptocurrency. Hell, it's the entire reason we don't elect our politicians directly: sometimes a thin majority has intentions that directly endanger the whole. You need some out-of-band checks and balances to protect against bad actors and moral hazard or else people will never adopt the system in large numbers.
...it goes away as momentum builds and everyone gets interested...and then it comes roaring right back as the economics of mining favour concentration.
Just two days ago, I did this very thing, trust this anonymous
friend with not only my business and entire life savings ..
So, with a heavy heart, I ask the Krypton Community, to please,
open your wallets and help us all to move forward from this
attack. 21,465 KR were stolen. 1.5 BTC is required by Bittrex
to execute the swap.
Real lives. Real jobs. Real investments. The world of crypto
has just become all too real.
With this "blockchain revolution" hype, I've been waiting for these 51% attacks. Maybe people will realize that this is not a foolproof solution and that it can "easily" (you only need computing power, a.k.a money) be beaten.
You only need to spend as much as the miners already are doing. With proof of work, if it is feasible to run, it is feasible to attack. And vice versa, if it is not feasible to attack, it is probably not cost effective to run.
Bitcoin may be wasting enough electricity to put it out of reach of small-time attackers, but a nation adversary could outspend it for as long as necessary.
But what does the attack get you? Sure you could mine empty blocks and double spend, but that would hardly be worth the investment. Besides, if payment processors detect the hashing rate doubling overnight they can simply require more confirmations.
If a nation state invested in permanently disabling bitcoin that would require a big investment in ASIC's, at which point I imagine a bitcoin fork would be introduced with a slightly different PoW, but that's just speculation.
> a bitcoin fork would be introduced with a slightly different PoW
And then what? Either you're falling back to mining on CPUs or GPUs, which the attacker would presumably have a large amount of, or you're manufacturing a new batch of ASICs, which is just as expensive for you as for an attacker. The point remains that an attacker can win by spending only slightly more money than the defender.
Whether that's "worth the investment" is up to each individual actor, apparently it hasn't been yet.
"The point remains that an attacker can win by spending only slightly more money than the defender."
It's actually only slightly more than the sum of the defenders (assuming as we are for the sake of argument that everyone is buying efficiently). If what you said was true BitCoin wouldn't even have gotten to where it is now.
I agree the required power must have grown since 2014. But not knowing by which factor, one can only assume it's still feasible.
I can't find any source for it, but I remember reading not so long ago that 2 or 3 mining pools were responsible for 2/3 of the total bitcoin mining power. That's not something in favor of trusting the blockain as infallible.
The attack was in june, when it was ~ 100K TH/s rather than 10K. The factor becomes ~15x instead of 150x. But I must admit I don't know if that makes such an attack still feasible.
This is why Bitcoin is going to win - it is good enough for a lot of use cases and getting better. At the same time, it's the most widely accepted and the most secure. The network effect is too strong to overcome unless you offer something Bitcoin cannot.
This is not a real concern once the hashing power of the network reaches a sufficiently high level.
> Maybe people will realize that this is not a foolproof solution and that it can "easily" (you only need computing power, a.k.a money) be beaten.
This same argument can be leveled against just about any form of cryptography. With enough computing power you can decrypt anything. No cryptography is perfect, it can only be strong.
I agree that currently it may not be the same as brute forcing something like an AES-GCM, but that isn't my point.
My point is just that, if you have a blockchain with sufficiently high (and distributed) hash power (relative to the amount of computing power any individual actor/group can obtain), then in theory, you start being able to make strong guarantees about consensus.
I agree in principles, but there's a difference. A system able to break a strong encryption could cost more than the world GDP and is not reallistically feasible, while owning 51% of bitcoin power is possible - not cheap, but possible.
Right, I agree. The theory is sound though. Theoretically, there could be a quantum computing breakthrough (however unlikely) which would break some traditional crypto which was previously deemed impossible.
It is the same with blockchains. It is just that there isn't one that exists (yet) which has enough distributed hash power where it's infeasible for any actor/group to ever get 51%. Bitcoin is just the best example so far, some might argue it's still in its early stages, or that another blockchains will surpass it.
There's no hashing power dedicated to the altcoin so it got attacked, and this is something that's been happing to POW altcoins for 6 years now. Its not clear how she ever expected the POW consensus to survive a 51% attack, and has not described how the Ethereum protocol has anything to do with the failure of her consensus algorithm. If she was on a bitcoin-based POW chain she would have had the same issues.