Blockchain's Once-Feared 51% Attack Is Now Becoming Regular
Monacoin, bitcoin gold, zencash, verge and now, litecoin cash.
At least five cryptocurrencies have recently been hit with an attack that used to be more theoretical than actual, all in the last month. In each case, attackers have been able to amass enough computing power to compromise these smaller networks, rearrange their transactions and abscond with millions of dollars in an effort that's perhaps the crypto equivalent of a bank heist.
More surprising, though, may be that so-called 51% attacks are a well-known and dangerous cryptocurrency attack vector.
While there have been some instances of such attacks working successfully in the past, they haven't exactly been all that common. They've been so rare, some technologists have gone as far as to argue miners on certain larger blockchains would never fall victim to one. The age-old (in crypto time) argument? It's too costly and they wouldn't get all that much money out of it.
But that doesn't seem to be the case anymore.
NYU computer science researcher Joseph Bonneau released research last year featuring estimates of how much money it would cost to execute these attacks on top blockchains by simply renting power, rather than buying all the equipment.
One conclusion he drew? These attacks were likely to increase. And, it turns out he was right.
"Generally, the community thought this was a distant threat. I thought it was much less distant and have been trying to warn of the risk," he told CoinDesk, adding:
"Even I didn't think it would start happening this soon."
Inside the attacks
Stepping back, cryptocurrencies aim to solve a long-standing computer science issue called the "double spend problem."
Essentially, without creating an incentive for computers to monitor and prevent bad behavior, messaging networks were unable to act as money systems. In short, they couldn't prevent someone from spending the same piece of data five or even 1,000 times at once (without trusting a third party to do all the dirty work).
That's the entire reason they work as they do, with miners (a term that denotes the machines necessary to run blockchain software) consuming electricity and making sure no one's money is getting stolen.
To make money using this attack vector, hackers need a few pieces to be in place. For one, an attacker can't do anything they want when they've racked up a majority of the hashing power. But they are able to double spend transactions under certain conditions.
It wouldn't make sense to amass all this expensive hashing power to double spend a $3 transaction on a cup of coffee. An attacker will only benefit from this investment if they're able to steal thousands or even millions of dollars.
As such, hackers have found various clever ways of making sure the conditions are just right to make them extra money. That's why attackers of monacoin, bitcoin gold, zencash and litecoin cash have all targeted exchanges holding millions in cryptocurrency.
By amassing more than half of the network's hashing power, the bitcoin gold attacker was able to double spend two very expensive transactions sent to an exchange.
Through three successful attacks of zencash (a lesser-known cryptocurrency that's a fork of a fork of privacy-minded Zcash), the attacker was able to run off with about more than 21,000 zen (the zencash token) worth well over $500,000 at the time of writing.
Though, the attack on verge was a bit different since the attacker exploited insecure rules to confuse the network into giving him or her money. Though, it's clear the attacks targeted verge's lower protocol layer, researchers are debating whether they technically constitute 51% attacks.
Small coins at risk
But, if these attacks were uncommon for such a long time, why are we suddenly seeing a burst of them?
In conversation with CoinDesk, researchers argued there isn't a single, clear reason. Rather, there a number of factors that likely contributed. For example, it's no coincidence smaller coins are the ones being attacked. Since they have attracted fewer miners, it's easier to buy (or rent) the computing power necessary needed to build up a majority share of the network.
Estimated Profitability of 51% Attacks
Further, zencash co-creator Rob Viglione argued the rise of mining marketplaces, where users can effectively rent mining hardware without buying it, setting it up and running it, has made it easier, since attackers can use it to easily buy up a ton of mining power all at once, without having to spend the time or money to set up their own miners.
Meanwhile, it's grown easier to execute attacks as these marketplaces have amassed more hashing power.
"Hackers are now realizing it can be used to attack networks," he said.
As a data point for this, someone even erected a website Crypto51 showing how expensive it is to 51% attack various blockchains using a mining marketplace (in this instance, one called NiceHash). Attacking bytecoin, for example, might cost as little as $719 to attack using rented computing power.
"If your savings are in a coin, or anything else, that costs less than $1 million a day to attack, you should reconsider what you are doing," tweeted Cornell professor Emin Gün Sirer.
On the other hand, larger cryptocurrencies such as bitcoin and ethereum are harder to 51% attack because they're much larger, requiring more hashing power than NiceHash has available.
"Bitcoin is too big and there isn't enough spare bitcoin mining capacity sitting around to pull off the attack," Bonneau told CoinDesk.
But, while Crypto51 gives a rough estimate, ETH Zurich research Arthur Gervais argued to take the results with a grain of salt, since it "ignores" the initial costs of buying hard and software. "Thus, the calculations are oversimplified in my mind," he added.
The solution: a longer wait
Gervais further argues it's worth putting these attacks into context. Though a 51% attack is perhaps the most famous cryptocurrency attack, it's not necessarily the worst in his mind.
He pointed to other malicious bugs, such as one found in zcoin, where, if exploited, a user would have been able to print as many zcoin as they would like. But 51% attacks are still troubling since they can still be worthwhile sometimes, impacting exchanges or whoever happens to be in the crosshairs of the attacker.
"As an industry, we have to put an end to this risk," Viglione said, pointing to efforts on zencash to stop this from happening again.
Either way, one way for users or exchanges to make sure they aren't defrauded is to only accept money that's older, or has been buried by more blocks of transactions, called "confirmations." The more confirmations there have been, the harder the funds are to steal in a 51% attack.
Initially, exchanges where bitcoin gold was stolen required only five confirmations, and the attacker was able to reverse all of them with their hashing power. In response to the attacks, they have upped the number of confirmations to 50, which has successfully plugged up the attacks, at least for now.
Because of this, developers and researchers contend bigger blockchains with more hashing power behind them are more secure since they require fewer confirmations.
As bitcoin entrepreneur John Light put it:
"Remember this next time someone tells you they use altcoins because they're 'cheaper' to use."
Alyssa Hertig Jun 8, 2018 at 04:00 UTC
David