Topic: a 51% attack costs $20,000,000 and is devastating - page 2. (Read 4530 times)

What I mean is that one could silently accumulate more than 50% network power and no one would be able to notice it. It could be happening even now. If and when he will use it for something bad is entirely at his discretion.

And to all those who say it will not be economical to pull off these double spending attacks: I never talked about an individual trying to buy a Porsche with a double spend attack.

To the IMF it is very economical to destroy any competition at any price whatsoever as long as it's payable with their funny-money.

(I just thought I had a brilliant idea on how to solve the problem by not forgetting actual proof of work but unfortunately it works both ways.
The problem is that orphaned blocks are wasted proof of work, so people defending the block chain against an attacker would work for nothing unless they have more hashing power than the attacker. In such a scenario of fighting back an attacker, the bitcoin community would mobilize all sleeping miners to mine on some fight-back-day and see if the attacker can be overthrown but if that fails, all the proof of work would just be waste of energy.

My thought was that if I could lower my personal difficulty by 90% of the difficulty I have tackled before, I would not loose that prior proof of work. Imagine a miner who mined an orphaned block, may use this "I mined a block and can proof it" as a one time voucher or a proof of prior work taken into account at some percentage of the actual difficulty mastered back then. This way pools with many orphaned blocks would get higher and higher priority to mine the next block and an attacker would need more and more hashing power to keep these blocks from making it into the block chain.

Unfortunately some rule like that would work both ways. The attacker could now declare this new block and some of his other blocks orphaned and reclaim the hashing power of these now orphaned blocks to create a new main line.

I found this thought noteworthy nevertheless as it might solve other problems than the actual 51% security issue. We had the subject "mining on mars". With the suggested addition, miners on mars (or Tibet/Iran/Polynesia) could avoid wasting significant resources on orphans.)

So when you have this 51% and want to do a double spend attack, who do you actually send your coins that you will later be double spending to?

Remember, this attack cost you $5 million in ASICs or something like that so you need to recoup a lot of money.   Exchanges don't let you withdraw much unless you have your identity verified.  Additionally, even if you have many anonymous accounts there will be limits to how many coins the exchange has in their hot wallet thus your hopes to withdraw coins before unleashing the 51% double spend attack will give little value.

The reason there hasn't been a malicious 51% attack is because there's no economic incentive to do so.  But this ASIC blast certainly is a nail biter if you consider how so few wafers are needed to top the current hashing capacity.    Technically and financially it is definitely doable.  There's just no payoff from carrying it out.

By reading your post, I feel my IQ has dropped at least 10 points.

I would say the cost and scale required at this point to kill Bitcoin with a 51% would be quite an effort and is extremely unlikely.

Even if they did, well, we start a new blockchain, call it something else, and continue on. 51% may be a very unlikely but possible against a single coin, but no 51% attack will kill the idea. If it did happen, Bitcoin 2 would be built more robust to deny these attacks, or some other coin.

Overall, nothing to worry about I think. Government institutions are too busy trying to keep fiat currency alive anyway to worry about the pithy $1 Billion market of Bitcoin.

It´s when you start reversing the transactions which you can do when you control over 50% of the network, right?
OP is right that you can buy a couple of hundreds of ASICs and then you could start reversing transactions and thous creating panic, for example I could buy
1000 Jupiters from KNCminer to get 350 tH/s (over 350 % of the total current network) for 7 million USD.

This is a real risk, and it have to be taken seriously. Although I doubt that any institution will try this.

My strategy is to hold LTC at least until SHA2 rate is in the 2+ PetaHash/s range.

A 2 billion market cap can't be secured by ~5m$ in hardware.

If you use pools then pools admin create the blocks, not you.
Or do you mean the attacker would create 10 new pools?

Well ASICs are "brand new" for miners so expect hashing power to increase by a factor of 10x or more over next year or so.  The efficiencies of ASIC all but ensure that it is only a question of how long.  Suddenly $200M (if realistic which I doubt because $200M operation has a lot of overhead) is more of hit to a bank's annual profits.  

Still banks or government could destroy Bitcoin.  Then in about a day a developer could take the last block prior to the attack create a snapshot of current balances, encode that in a genesis block, change the hashing algorithm and launch a drop in replacement "Bitcoin2".

So banks spent $200M and developer spent what $1,000.  Kind of like trying to kill your enemies by using bombers to dumps mountains of cash on them.   So what is next spend $1B to makes some scrypt ASICs to kill Bitcoin2.  Ok drop in replacement Bitcoin3.

Note: this doesn't mean you as an individual can't lose money.  The system will recover, adapt, evolve but a 99%+ drop in the fiat exchange rates in a panic is certainly not impossible and so is selling at the bottom.  Killing the system by outspending it though?  It can't be done.

Either way, these figures are loose change, probably even pocket fluff, to the big banks.  If bitcoin ever went mainstream - and assuming controlling the network and raking in the tx fees would be sufficiently profitable, or protecting bank business sufficiently compelling - surely one or more big banks would step in.  They could buy the biggest miners outright and barely put a dent in their usual monthly profits.  Or am I missing something?  (I suspect I am. )

Then you will be working on 10 different chains, each with 5% of the network hashpower behind it?

I was unclear in the quoted post,  if you don't store'em blocks and suddenly flood the network with a longer branch, you can't attack the network, your blocks will be in the main chain the first time.

Given the current 'state of the union' in this case I think probably what would happen is that BTC users and owners would collectively decide on some organization to manage the block chain by, yes, FIAT.  This certainly would be more attractive than the alternatives.

Also someone who sought to monopolize mining wouldn't necessarily announce to the world that they've done it.  They would just start selling 'mining shares' and the like.  Then they are in a unique position.  They could for instance, rather than just shutting down BTC, could create disruptions and profit from them.  Short BTC(or sell), Create a bad block or a double spend, watch price plummet, PROFIT.  Keep doing this until the public no longer plays along.  All the while taking in the traditional gains associated with mining, etc.  More than likely people will exploit the enthusiasm of BTC for all it's worth.

Were in a phase right now of public enthusiasm, and there are plenty of people(even on this board) exploiting that to the hilt.

-bm

And what if attacker will extremely clever (;]) and won't reveal he controls 51% by splitting his power in 10 different pools?

The way to do this would be to attack miners' incentives, not just try to win with brute hashing power.

You'd make it known that you were willing and able to spend as much as it takes to raise the block difficulty to the point where other miners aren't making money any more.  If you pull off an attack it'll reduce the value of Bitcoin, but that works in your favour at this point, because you haven't spent any money yet - you're just trying to scare the competition out of the business.

The upshot is that you could spend considerably less than 20 million dollars (assuming that number is right) and the more damage the attack would do to the value of Bitcoin the less you'd have to spend.

The countermeasure would be existing Bitcoin holders and miners cooperating to defeat your attack by funding "honest" nodes or running them at a loss, rather than relying on the narrow economic incentives from block rewards and transaction fees.

You don't even know what a 51% attack is

The problem is, it will take me about two months to build 120TH, at that time, the next work power is already 240TH/s. I will have to double my investment.

Actually, with checkpointing, you only need to take extra precaution whenever you deal with large amount of bitcoins, make sure to wait long enough(much more than 6 confirmations but no more than 200).

OP's main point that a 51% attack is doable by a determined attacker is correct. It may not make sense to do so economically, but the attacker may not be economically motivated.

Bitcoin is the world's most powerful distributed computing project by an order of magnitude or two, but hashpower still needs to rise several orders of magnitude for bitcoin to be comfortably 51% attack resistant.

That said, hard fork is the solution if it ever did happen. It'd be quite disruptive, but it wouldn't be fatal.

And then the dev change hashing algorithm...