Category Archives: 51% attack

Auto Added by WPeMatico

What Is a Timewarp Attack?

When most people think of possible attacks on Bitcoin or crypto, they think of a 51% attack where a miner amasses a majority of the network hash power and forks the blockchain, in order to double spend crypto or to implement code changes. However, another lesser known hack is the timewarp attack, which is what this article explores.

In a nutshell, a timewarp attack occurs when a miner reports incorrect timestamps on the blocks they mine, in order to bring about a lower difficulty. Many cryptocurrencies like Bitcoin periodically adjust difficulty according to the rate of block generation, so that block generation stays at the set amount in the code, which is 10 minutes per block for Bitcoin. By reporting incorrect timestamps a miner can trick the difficulty algorithm and cause difficulty to be lowered, allowing them to mine blocks faster and make more money. This has negative effects for a crypto’s economy, since a timewarp attack increases the inflation rate of a crypto, causing a surge in supply that can lead to a lower market price.

In Bitcoin’s code, a block can be timestamped up to 2 hours in the future, past which point it is rejected. This leeway was designed to account for errors in computer clocks, so miners would not have blocks rejected if their computer clock is slightly off. There have been numerous instances in Bitcoin’s history where a previous block has a timestamp that is after the timestamp of the next block, and this seems to have been a problem especially when new technology is introduced, like when Bitcoin mining pools first launched in 2012.

The 2-hour leeway for block timestamps is what opens the door for timewarp attacks. For Bitcoin, it would be very difficult to conduct a significant timewarp attack, since it would be publicly obvious on the blockchain, and a successful attack would need a majority of mining power. However, it is still possible, and if a large majority of miners work together they could theoretically drop the difficulty with continued timewarp attacks until it only takes 1 second to mine a block, which is the minimum possible block time. At this worst-case scenario of a timewarp attack, instead of taking 2 weeks to mine 2,016 blocks, it would take just over half an hour. This would lead to rapid inflation of the Bitcoin supply, which could be quite damaging for the market.

It is very unlikely Bitcoin miners would collude and perform such a timewarp attack, since miners have invested billions of USD into mining infrastructure, and the damage to the Bitcoin ecosystem from such an extreme timewarp attack would wipe out their investment. Not to mention it would be glaringly obvious to the community, and there would be a tremendous public outcry.

However, with some cryptocurrencies, it is much easier to perform a timewarp attack. For example, the Verge cryptocurrency continuously re-adjusts difficulty, unlike Bitcoin which adjusts difficulty once every 2 weeks. Therefore, if someone gains a majority of hash power on the Verge they can rapidly implement an extreme timewarp attack. Further, Verge uses multiple mining algorithms, allowing for multiple points of attack. This is exactly what happened, someone timewarp attacked Verge and brought Scrypt difficulty to minimum levels, and they netted millions of USD of Verge in the process.

There are discussions in the Bitcoin community to change the code to prevent timewarp attacks, and obviously other cryptocurrencies need to follow that ideology to prevent catastrophic timewarp attacks like what happened with Verge. However, there is a new idea called Forward Blocks that would apparently be inhibited if Bitcoin’s timewarp attack exploit is fixed, so there is a stalemate on implementing the fix for timewarp attacks in Bitcoin’s code. That being said, the fix is ready for deployment if a timewarp attack ever becomes an issue for Bitcoin.

Follow BitcoinNews.com on Twitter: @BitcoinNewsCom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post What Is a Timewarp Attack? appeared first on BitcoinNews.com.

Live Stream of 51% Attack Shows Fragile Nature of Many Altcoins

A hacker that operates under the pseudonym Geocold promised to conduct a live stream of a 51% attack on an altcoin, and on 13 October 2018, he made an attempt to 51% attack Bitcoin Private. He was successful at gaining a majority of hashing power, and the only reason he didn’t complete the attack was the live stream platforms he was using, Twitch and stream.me, both shutdown his stream.

A 51% attack is one of the greatest weaknesses of cryptocurrency, and it arises out of the inherently decentralized nature of proof of work (PoW) cryptocurrencies. If a miner has greater than 50% of the network hash rate they can mine blocks faster than the rest of the network combined, giving them the ability to fork the blockchain. This can be used to perform a double spend attack, where a hacker sends a transaction to someone on the original chain, and then creates a longer chain where the transaction doesn’t exist, making the transaction disappear.

Bitcoin and Ethereum have far too much hashing power for any real possibility of a 51% attack, however, many smaller cryptos have small enough hash rates where 51% attacks are a real threat. Some cryptos, like Bitcoin Private, have such small hash rates that a 51% attack is very easy. A study found that less than USD 1,000 is needed to 51% attack many cryptos, just by renting hash power from a cloud mining service.

Bitcoin Gold and Verge have already experienced 51% attacks, and the results are crippling. Beyond the money stolen during a double spend, a 51% attack decimates any reputation and trustworthiness held by that crypto. If a crypto is 51% attacked it is usually removed from all exchanges and users dump all their coins.

In this case, Geocold originally said he was going to 51% attack Einsteinium, a crypto with a USD 20 million market cap. However, he gave a week of advanced warning and the Einsteinium community increased the network hash rate by 15 fold, making a 51% attack too costly. Geocold then began live streaming the first stages of a 51% attack on Bitcoin Private, a crypto with a USD 51 million market cap.

With only USD 200 of hash power rented from a cloud mining service, Geocold obtained 62.5% of the Bitcoin Private network hash rate and mined a single block. Other hackers found Geocold’s IP address and knocked him off the Bitcoin Private mining pool before he could fork, and by the time he got his hash power back online, his Twitch live streaming account was banned.

In the 2nd phase of the attack Geocold was successful in mining numerous blocks and was about to fork the blockchain which would have been devastating for Bitcoin Private, but his live streaming account on stream.me was banned. He decided to stop the attack, and plans to do a 51% attack in the future on an altcoin and simply post the video on YouTube once it’s already done.

This incident reveals that crypto users need to be very wary when playing around with altcoins since it takes just one bad actor to 51% attack an altcoin, which would collapse its price. Crypto users should stick to major cryptos like Bitcoin and Ethereum, which are secure. There may be over 2,000 cryptos listed on CoinMarketCap, but far less than that are actually secure in the face of a 51% attack.

Follow BitcoinNews.com on Twitter: @BitcoinNewsCom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post Live Stream of 51% Attack Shows Fragile Nature of Many Altcoins appeared first on BitcoinNews.com.

Less than $1k Needed to ‘51% Attack’ Most Cryptos

A new website has been created to calculate the cost of performing a ‘51% attack’ on various cryptocurrencies via renting mining power from mining company NiceHash. The results are surprising and shocking, with many cryptocurrencies requiring less than USD 1,000 for a successful one-hour 51% attack.

The website was created by Reddit user xur17 in response to an attack on Bitcoin Gold this past month which cost exchanges over USD 10 million. Verge has recently experienced a costly 51% attack as well. xur17 used network hash rate data from Mine The Coin, coin prices from CoinMarketCap, and mining rental prices from NiceHash for the calculations.

A 51% attack is one of the main vulnerabilities of a blockchain-based cryptocurrency. For this sort of attack to have a 100% success rate it requires the attacker to control more than half of the hash power on the network. The attacker will send cryptocurrency to a merchant or exchange, while secretly mining blocks that send the cryptocurrency somewhere else. The attacker, with superior hash power, should theoretically build blocks quicker than the rest of the network.

Once the cryptocurrency deposit from the attacker is confirmed, the attacker releases the blockchain secretly mined, replacing the original blockchain with a longer chain – this becomes the new recognized chain. The attacker’s funds remain on the new blockchain, while the exchange loses all the funds received, as they are not recognized on the new chain.

For more mature cryptocurrencies like Bitcoin, a 51% attack is financially and practically unfeasible. There is 35,849 PH/s of hashing power on the Bitcoin network, and according to the website a one-hour 51% attack would cost USD 648,000 if that power were rented. However, there is no cloud mining site where that much hash power can be rented; NiceHash has less than 1% of the required amount. The cost of buying the equipment and paying for the electricity for a Bitcoin 51% attack is astronomical.

However, smaller cryptocurrencies like Bitcoin Private, Einsteinium, Gulden, Feathercoin, and many more require less than USD 1,000 to perform a 51% attack using rented power on NiceHash. Some cryptocurrencies like Mooncoin, Catcoin, PinkCoin, DigitalPrice, MAZA, Zetacoin, and several more require less than USD 10 for a successful 51% attack.

Clearly, some smaller cryptocurrencies simply should not be considered secure since they have so little network hash power that they could easily be compromised by a 51% attack.

 

Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom

Telegram Alerts from BitcoinNews.com at https://t.me/bconews

The post Less than $1k Needed to ‘51% Attack’ Most Cryptos appeared first on BitcoinNews.com.