Topic: Almost no one understands the 51% Attack - page 2. (Read 794 times)

you keep skipping over alot of stuff avoiding details you dont want to see

anyways
to get an official patch(like in 2013) took 13 hours.. but nodes didnt need to wait that long. they can and did self ban certain nodes propagating dodgy blocks and then only accept blocks from the chain that was not funky..
..and guess what.. 11 years later bitcoin is still running. so your fear of bitcoin will die in a 13 hour event are proven wrong...

also (separate example of different event) it did not require every node to upgrade in summer 2017 for the network to change path. economic nodes only accepted certain blocks it mandated that they would accept and the rest of the network just received blocks which the economic nodes accepted and passed on.

i think you need to spend alot more time learning about bitcoin. as it seems you are becoming less interested in wanting to get answers and instead just wanting to throw out questions get responses and ignore things that dont fit your narrative you want to pursue.. so now me and others seem to be getting annoyed by your requesting to be spoonfed and then spitting out and not liking whats been fed to you.. so if you really want to learn, please take some time out from the forum which you endlessly post questions you dont want real answers to.. and instead spend those same wasted days on actually learning about bitcoin from the many sources available
i have only mentioned a few mitigating factors and you keep stepping over them, causing the discussion to keep circling around the same basics and not evolving the conversation further... so now its probably best you learn more about bitcoin for your own self education and then come back when more informed to realise where your theories get debunked

if you researched about what happened in 2013 and in 2017 you would not be responding in the way you were responding
so if you really want to know things, go research it in full

Okay. So today, Bitcoin is typically doing about 500k transactions per day. In 13 hours there would be roughly 250k transactions that would all be... either good or evil, nobody would know. In those 250k transactions, hundreds of billions of dollars could be transacted. In other words, that be game over for Bitcoin since the entire blockchain would have zero integrity.

And again, your mitigations all assume we "just know" who the bad guys are, and who the good guys are. How do we know? Obviously the bad guys are going to say they are the good guys. Obviously the bad guys are going to call their transactions the good ones, and say the other ones are the bad ones. How are we supposed to know the difference? Every transaction is performed by an anonymous entity.

well in 2013 there was a leveldb bug which was fixed in 13 hours

in 2017 it was decided they would at a certain date start ignoring certain blocks with a specific version bit. and at that exact mandated time, the blocks with the disliked version bit were ignored

economic nodes dont need to wait for the network to adapt, they can ban nodes propagating blocks it doesnt like, meaning they keep the blocks pre re-org and thus throw the malicious pool off their view of the network leaving it creating its own altcoin (again research events of 2017)
the economic nodes communicate with each other for many reasons of chain analysis. not just looking for funky blocks but also looking for tainted coin and blacklisted coin(AML/KYC stuff) so they are always on the lookout.

again as said already..
when CEX(economic nodes) get deposits and then a malicious pool does a re-org to then double spend a coin. if the CEX see's another deposit using a utxo it already seen used. the cex can firstly freeze the user account from doing any trading on its cex platform. and then send a redflag message to the core devs that a re-org occurred.. although the core devs would also already see that a re-org happened as even some core devs do block analysis and can create a patch to update to, to officially ban that re-org.. however economic nodes can manually ban certain things without needing official update patches
other mining pools can also reject blocks and just continue with their pre-org chain.
theres lots of mitigating factors

its not like the blockchain is not transparent.. as soon as a re-org happens everyone can see it and as said things like CEX's have things in place to protect their trades and deposits from double spends

there are already other mitigations such as block creators cant spend their rewards for 100confirms. so thats 16 hours before a malicious pool can even attempt to spend rewards so they wont benefit from reward profits unless their attack continued for atleast 16 hours (plenty of time inbetween to react)

So... some people see some strange things. Okay. What exactly do they do to the worldwide Bitcoin network in order to.. do something about what they see? Be very specific. Lets us know how much actual wall time is required for them to discover the problem, verify it, and then make the changes to the network to mitigate the problem. No handwaving allowed. Tell us what some individual could do if they found an anomaly on the network.

And by the way, if it's just up to some "core devs", then that would imply that the entire network is at the (very centralized) mercy of a few "core devs", right? So Russia could infiltrate those people and take over the network? I'm oversimplifying here, but the point is to illustrate the possibilities...

there is a they.. there are actual people that like to view the block data and find strange things. we see it alot when people shout out that early adopter coins have moved or there is a pattern of a few blocks that are "empty blocking". even times where blocks are just full of junk meme data

there are people monitoring and announcing issues, and there are some devs that discuss and have core privilege to change the protocol and create a release candidate to change the ruleset to ban nodes for certain reasons. we have seen it happen in the past. where certain things occur and the protocol changes to compensate for the change

you trying to pretend that the algo is just the algo and no one governs it is the ignorance of not realising core devs have control and its them that have political governance of the ruleset and yes this governnance in many ways is a bad thing also (to have one single group of ~ a dozen core devs in ultimate power..) but to then assume they dont exist is a double layer of ignorance to then not see the attack vector which the centralisation of core can present

i know you think a mining 51% attack is a mega threat.. however its actually the core centralised governance of the protocol thats more of the real threat to bitcoin long term

research what happened in july-aug 2017 where a group of devs and economic nodes(services) decided to ignore certain versions of blocks to falsify a 100% consensus(its unnatural/unrealistic to actually get the 100%) to cause a move of the protocol to a new version.. so yes devs a economic nodes can react to things they see in blocks they dont like, such as needing over 80% vote for a feature the devs wanted activating but the pools only gave 45% vote towards segwit, pre july 2017. so they ignored blocks to falsely get 100%

It's not AI, it's an algorithm. It's software. There is nothing in the network that discerns between "good" and "evil", only a valid response to a wallet and an invalid one. All you need to do to be a valid node is return a correctly formatted response--even if it's based on falsified data.

Everybody here keeps saying that "they" will route around the evil nodes, as if there's some overarching intelligence governing the network. That's not how it works. A node is a node. A miner is a miner. They do not wear black hats and white hats so you can tell which are the bad guys.

Some people could sit on the sidelines and say in essence, "this miner I trust is says there is a problem and I believe them because they are my personal friend", but we have no way of knowing if that post was sent by a black hat or a white hat. This is how the Internet works. This was the entire point of Bitcoin and the blockchain architecture (the original Bitcoin version, not the fake PoS networks): you don't trust people, you trust the algorithm.

With Bitcoin, there is no "they".

Now, if somebody can explain what the algorithm will automatically do in the event of attack, then that would be a mitigation. But the minute you bring people into the mix, the argument is lost.

(And even there were people, no human could react in a number of milliseconds before thousands of transactions have been committed).

If everyone understands 51% attack from hair to the toe, it will not be difficult then to execute. It is the complexity and the uncertainty that surrounds the 51% attack that makes people not to emback on the purported futile journey. Preventing attacks from remembering to breakthrough, is the best form of security.

although several posts ago.. im still laughing at this statement
legiteum thinks bitcoin is AI.. and doesnt understand the concept that core is wrote by humans(devs) and those same devs decide the changes of protocol/policy/rules of bitcoin.. and node users also have their own algo's to monitor and alert people to certain events

EG people panic when they see coins from 2009-2010 move, if the mtgox/bitfinex hack/government seized coins move, and CEX services use analysis services which they then use to make decisions over. there have been times where major exchanges lock withdrawals based on events or change batching,timing, fee configurations of withdrawals based on events.. its not all AI

There is no Mining servers with Bitcoin mining to be exact.

Bitcoin miners can run their own Bitcoin full nodes if they are solo miners but time for solo miners gone a long time ago. Nowadays if you are small solo miner, you are only wasting your resources without bitcoin rewards from mining.

With big Bitcoin miners, they can run their own full nodes if they want to set up their own big mining farms or they can configure their ASICs to join available Bitcoin mining pools that have their own Bitcoin full nodes.

Fortunately Bitcoin network is decentralized and Bitcoin miners can easily config, re-config their ASICs to any mining pools.

Servers? No, they don't care.

Who is going to take them offline? Satoshi? The FBI? The secret union of people who control Bitcoin? And how would they know who "they" are? How would we know who to trust and who not to?

You simply don't understand that there is no central authority controlling Bitcoin. It's an algorithm and nothing else. There is no "community that protects Bitcoin". The code does whatever it does, and when there is a dispute, it takes a vote among nodes and hashrate.

And as for profitability, do I need to spell it out? Bitcoin's market cap is $1 trillion now. You could easily make tens of billions by simply short-selling it after an attack--for instance. You are saying we should ignore the reputational cost, which is directly financial, and then at the same time bringing up profitability of an attack: these are at odds with each other.

Don't get me wrong, I know I'm being lazy here (I've got a million things to do these days): I haven't taken the time to carefully construct a complicated attack scenario that could profit billions of dollars. In lieu of that, it's fair to call that out.

But I'm pretty sure there is one...

Repeat: stop repeating this hypothesis like everyone else, and go make it at least a theory.

Repeat: people are ignoring the fact that it's not an issue about whether an attack is possible, but whether a PROFITABLE one is.

Repeat: ignore the reputational cost (you guys focus on financial only all the time).

You literally reply and ignored these points.

In your scenario, Russia hacks and gains control of all the mining servers. WOW. How long before these hacked servers get taken offline? Are they going to allow Russia to use that power to mine even 1 block? I guess in your scenario yes, because these powerful companies with 100s of IT staff and security owning the servers will just sit back and prove your hypothesis. They will never think to just pull one OFF switch to the power lol man, you really need to go and gang up with all the 100s of people who talk about all these fantasy stories and please convince someone to attack Bitcoin. I would love to see you guys do that seriously.

Actually, go for easier first, try do it to Dogecoin or something first. Maybe you can ask Belarus to help you hack a few Dogecoin mining servers, and come back and tell us all you proved you successfully attacked, made money, and own the new chain, and nobody stopped you because there are no people involved.

That would not prevent the attacker from continuing its attack.


You are assuming that the goal of the attack is financial gain, but it doesn't have to be. Also, there would not necessarily be chaos and Bitcoin might maintain its value if most users are mostly unaffected.

not only that, the costs shown are just to do a blockchain annoyance of transaction inclusion/exclusion.. if he then wanted to mess with the multiple CEX markets he would need a separate budget(s) to then spend on CEX market(s) to try to crash the market(s). which the CEX(s) can then freeze the account instantly and seize the funds (or simply just deny the order, or ban access to the ordering feature)

Yeah, as you suggest, the actual cost would be so far beyond that $18.6 billion figure.

It would take a LOT of time and money to set up the infrastructure to run a series of Bitcoin mining operations equal to the size of the entire global mining industry. And like you said there aren't millions of unused asics just sitting around lol. The attacker would have to compete for supply with the entirety of the global mining industry. That would drive up prices of the asics, making that $18.6B figure just for the mining machines potentially much higher, and it would take years to acquire them and set up the infrastructure. And presumably by the time they got it all set up, after likely several years, the hash rate will have increased significantly, so the attacker would have to keep buying asics well beyond that initial amount needed for a 51% attack when they started their plan. All told it would take numerous years and dozens of billions of dollars to engage in a 51% attack.

And after all that, the Bitcoin community could easily simply sidestep the attacked chain and keep going, making the attack worthless (though of course the simple fact of an attack happening, even though it could easily be sidestepped and not cause any lasting harm, would certainly at least temporarily hurt the reputation and market for Bitcoin).

The thing is that if everyone knows a 51% attack is happening and if the attackers were able to maintain their atttack, everyone would simply abandon the longest chain because it would then be corrupted.

The longest chain is considered the Bitcoin chain for the purposes of maintaining a consistent history when dealing with orphaned blocks. That doesn't mean the global Bitcoin community will just be forced to blindly follow a corrupted chain if a 51% attack occurred lol. Human beings are involved in the operation and use of Bitcoin, it's not just blind machines following rules. Those 51% attackers would quickly find themselves in 100% control of a completely useless blockchain and Bitcoin would keep going as normal. As soon as the 100% of honest miners switched away from the corrupted chain, the attackers would lose the chance to get the mining rewards they were hoping to get because the blockchain history they are using would be different from the blockchain history everyone else is using and so even if they kept running their chain they wouldn't be able to spend the money with anyone but themselves.

Now sure, they could keep doing the attack again and again, causing chaos for a short time, but they'd keep losing and burning huge sums of money for no monetary reward. Eventually they'd have to give up and it'd be an enormous financial ruin for the attackers.

I personally would predict Bitcoin absolutely crashing to near-zero if the network was successfully attacked. Absolutely everybody would want out of their Bitcoin and into safe haven investments e.g. USD. If the network can be shown to accept double-spends (etc.), then trust in the network would be incinerated. Bitcoin has no tangible value: it's value is purely its reputation, and most people are taught that Bitcoin is absolutely safe. Once it's shown not to be, even temporarily, that would be absolutely devastating to its brand.

In the successful scenarios we're talking about, transactions are lost, which means that money is lost. It doesn't need to be a lot to trash the system's reputation because the absolute perfection of Bitcoin has been so widely touted.


Okay, that seems to be more like it.

So that comes out to what, $30 billion in hardware and infrastructure to execute ~500k transactions per day?  I'm digressing here but, yeah sure, let's put voting on blockchain, yeah right! 

True miners won't put the source of their bread and butter in to chaos.  This will affect them more than any other else.  One example is Ghash.io, there is one point in time in 2014 where the mining company almost reach the 51% mining hashrate and it alarms the community, to be able to avoid to amass 51% hashrate they voluntarily reduce their mining hashrate to pacify the outcry of the community.


Or make a hardfork and return to the time stanp where the network is yet to suffer the 51% attack.  But obviously, this will dwindle down the trust in Bitcoin at least and at most there will be an instant 180 degree turn for most of the holders and believers and possibly Bitcoin will never be the same again.

bitcoin network of current honest miners is ~700EH
a malicious entity would need 714EH to become a new network hashrate of ~1.4ZH where the malicious entity has 51% of the hashrate and the honest miners have the rest

the cost of that 714EH would for 230THasic at $6k each, which would be 3104348 asics which is $18.6 BILLION.. billion with a B.. and thats just the hardware, let alone the electric costs that get added on and warehousing and manpower needed to set up the mega farm
(also asic manufacturers dont just distribute 3m of asics in one shot, so it takes time too)

however if we had the current 700EH honest network and a malicious entity was able to corrupt or collude half of the current 700EH to then make it a 353EH:347EH mal:hon ratio then it would require some kind of substantial bribe or promise to all those ~1.5m asics it attempts to corrupt, which may not last too long if the malicious act negatively affects those corrupted asic owners income flow.. they too can just jump to a honest pool and keep the bribe as a free lunch.. after all its not like the malicious entity will take its bribed asic owners to court for breach of contract..

Which nodes? If it's some random nodes over the Internet the legitimate nodes would simply ban them for misbehaving and not following the protocol. Even if it's 80%. Bitcoin is sybil attack resistant for a reason.

If they take over several major exchanges? This would maybe cause some confusion, because legitimate users would then have problems to transfer from and to these exchanges. But nevertheless, it will be detected in a few blocks at most. Exchanges (these are real people, by the way) would warn users via other channels. Okay, let's say the hackers also take over all major social media sites. Nevertheless, the confusion will only last a few hours at most.

The most important thing is that you can't trick a legit node into accept a non-protocol compliant chain. What is possible is a hack of mining pools (see below).

A real 51% attack, i.e. mining real protocol-compliant blocks with real hashrate, can of course cause damage. That's undisputed. But creating such an attack only via "hacking" (i.e. without wasting money in buying hashrate) would need:

1) You would need to hack the nodes of the pools first.
2) You would need to hack then also the nodes of major miners, because once miners detect that there's something wrong (see my last post: even if there's no major reorg, it is quite obvious when a single pool or even an address is censored), they will change the pool.

Both pool owners and miners (above all, major ones) do pay people to monitor their systems. They would very fastly see that something isn't right, e.g. when they lose access to their own user accounts on the system. And chain analysis firms are very likely to cooperate with miners and warn them about more subtle attacks like censoring, because they will fear their business model not to work anymore if Bitcoin is heavily hit by the attack. (I see @franky1 addressed that topic too).

You can also hack the software but as it's open source this would also be detected quite fastly. And you will always have lots of nodes which will not upgrade to the infected version.

There are so many actors that would have to be "taken over" that it should be the most complex hacking attack in history by far.

I believe this to be borderline impossible, perhaps 99,999999999%, to succeed for more than 1-2 hours. Of course a short "takeover" attack could cause a dip in price and some double spends, but I believe this would not result in major damage, much less in censorship.

So what if the same country took over 51% of the nodes? That's really what we're talking about here. I tend to simplify the conversation by using the words "miners" and "nodes" interchangeably even though that's not technically accurate, but for the purposes of a 51% attack, I just mean some entities that could be taken over.

And if some people detected the attack, what exactly would they do? Keep in mind that, unless the attackers were stupid, they would also be spreading their own disinformation about the 49% who are attempting an attack, and don't let them get to 51%, yadda yadda. How do we know who is the good guy and the bad guy in real time?

I think part of the problem in talking about this attack is that most of us (or all of us, hopefully ) are not criminal hackers and we don't think like one. But I know enough about hackers to know that they tend to figure out ways around problems and can be pretty elaborate and subtle about what they do, and they... think of things I never thought of.

Don't get me wrong, I feel like Bitcoin is as safe as getting on any airliner: I would bet my life on it being safe, and I do every time I fly. But airlines do go down occasionally: it's a different argument to call Bitcoin "theoretically 100% safe". By the same token, I hold my life savings in the same place most people do: in a financial institution. I would never call it "absolutely safe" in an academic sense, but the chances of my accounts at these places being hacked or erased or whatever is basically not a concern to me since it is so low.

There's a common talking point about Bitcoin that it's safer than a typical major financial institution, from the standpoint of losing your investment based on storage failure (e.g. hacking, crashing, etc.). That's simply not true, and there are remote risks involved with either.



So... $9 million or so? That's peanuts for a nation-state, and private hackers could easily make 10x that selling shorts on BTC while all of the turmoil was happening. I'm actually hoping you are wrong here .