When talking about attacks on Bitcoin and other cryptocurrencies, the term 51 percent attack quickly falls. Surely, this is particularly bad because it allows, among other things, double-spending attacks. But even without rewriting blocks you can harm Bitcoin.
A unique selling proposition, which is emphasized not only in terms of Bitcoin but more generally in terms of proof-of-work cryptocurrencies, is that of immutability. “What’s once in the blockchain, remains there,” some DLT evangelists like to summarize the strengths of a blockchain together. However, if the interested digger digs deeper, he quickly realizes that it is not so easy: the likelihood of a block change, that is, a chain reorganization, becomes less and less likely as the blockchain grows, the overall hash rate and the decentralization of the mining network grows , This decreasing probability is the reason for the rule of thumb that Bitcoin users should wait 6 blocks in a transaction to be sure that this transaction is irreversibly stored in the blockchain.
It turns out, however, that the bill is sometimes too simple. Over a year ago, we discussed the investment case 51 percent attacks . Sites like 51crypto make it easy for attackers to see the cost and available hash rate available. They can estimate whether a 51 percent attack is worthwhile. For Bitcoin an attacker via Nicehash could currently acquire 106 PH / s. The global hash rate of Bitcoin is currently almost 78,000 PH / s. With what can be acquired via Nicehash, an attacker does not get very far. This may look different with other cryptocurrencies, but with large proof-of-work cryptocurrencies like Bitcoin or Ethereum, everything looks safe.
Front running, gold finger, censorship – attacks before a block formation
However, it looks significantly more uncertain when forming the blocks. Recently, Judmayer et al. presented in a paper various attack vectors that do not require rewriting the blockchain. They are correspondingly much cheaper: You only need to find miners who are bribable. As Binance’s thoughts of bribing miners after the recent hack show, this is not an irrational thought.
In particular, the above-referenced paper identifies various attack vectors that do not require chain reorganization. The attacker also needs significantly less than 51 percent of the total hash rate, so the attack on a blockchain network is significantly cheaper. The paper was quoted as alarmist in the social media. Are proof-of-work cryptocurrencies like Bitcoin safe at all?
To get to the bottom of it, let’s take a closer look at these “cheap” attacks. In this article we would like to briefly consider how dangerous these are and how to detect such attacks. We focus on attacks that apply to all proof-of-work blockchains.
Front running is described in the paper as a form of attack. Ultimately, however, it is simply a consequence of the toll market in a proof-of-work consensus. In frontrunning, the attacker has an incentive to accommodate his own transaction in a block as early as possible. He does that by a high fee. Strictly speaking, Christian Decker explained in an interview, such as the Lightning network on-chain transactions. These are sent with a significantly higher fee particularly lucrative in the network of Bitcoin. The Paper introduces pay-to-win attacks as particular examples of such front-run attacks. These are ultimately frontrunning attacks, which are controlled by a smart contract. In part, this happens across different block chains. In all those cases, front-run attacks are recognizable by the emergence of particularly high transaction fees.
One of those attacks is the Goldfinger attack. This attack aims to question the use case of a cryptocurrency. For this purpose, miners are bribed to mine only empty blocks, so that no more transactions leave the Mempool. Gold finger attacks may be evil, but are easily recognizable: You just have to analyze whether a mining pool currently finds only empty blocks. Empty blocks were actually a problem at Bitcoin a few years ago .
However, some attackers are not just talking about empty blocks, but about controlling the block contents. This should happen via a censorship attack. A mining pool with less than 51 percent of the hash rate, therefore, captivates other mining pools and asks them to withhold their blocks. So the first mining pool can determine what’s coming into the blockchain and what’s not (yet). In the ethereum network, by exploiting the stimulus of so-called unclesthis attack will be significantly cheaper than a 51 percent attack. The attacker exploits that Uncles – valid, but a bit too late found blocks – also get a, albeit smaller, Mining Reward. Also this attack is easily recognizable: One will see, which miner constantly generates blocks. In the Ethereum network you can also track the Uncles.
Bitcoin and Ethereum – vulnerable, but still safe
As described above, several people have received the paper quite alarmist. It turns out, however, that the attacks pose no real danger. The transparency of the blockchains of, for example, Bitcoin and Ethereum help to quickly detect such attacks. They only point out that the acronym DYOR still applies: It is worthwhile to observe with alert eye what actually happens on the blockchain used.
Image via Shutterstock