But it isn't stealing, because those wallets never exist in the new chain. It is simply following the protocol. Now if he sells those coins (if possible but apparently not likely), the new owners are not going to agree to rollback of the block chain.
I assume this is common knowledge right? That is what TW attacks do correct?
That's one way it works. ArtForz introduced it as "A very profitable 51% attack".
Though I don't know if it has been actually done in its full glory. Seems to me that
it would be more common if it were that easy.
Why not more common? TW takes significant resources to execute against a live chain or it will be simply discarded as insufficient difficulty.
Most folks are less keen to exhaust resources in an attempt to destroy things than they are to create them, but it takes all kinds.
This is especially true with the additional resilience added over the years to modern crypto code.
There are a variety of potential effects depending on the peculiarities of the code and network:
Difficulty adjustment manipulation
Network congestion
Coinbase wins and fostering 51% type effects are among these effects, and there may be others.
Forking during such an event compounds the problems, as it reduces the effective mining until they are unified on a good chain, and done spinning resources on verifying that effort.
This is all conceptual in my head. I haven't studied past attacks. Just thinking while I was eating.
Absent forking to divide and DDoS to lower the legitimate network hashrate and assuming the longest chain rule metric is the lowest cumulative hash sum (i.e. highest cumulative difficulty), I am positing it would be impossible to unwind past blocks if the attacker doesn't have > 50% of the network hashrate. Is this correct?
The attacker can induce forking and wasted legitimate network hashrate by withholding his block solutions until another is found. This causes the entire network to work on block that will be one of the forks, while the hacker has moved forward calculating the next block for his fork which increases the probability his fork will win. Isn't this the selfish mining attack, not the time warp?
The time warp may come into play in complex ways. For example if the attacker can mess with the timestamps to drive the difficulty higher for the legitimate fork while mining on his fork in such a way that the network doesn't converge on one fork, then effectively he has a much higher hashrate because part of the legitimate network is mining his fork. I can intuitively think discarding outliers in CN may open up possibilities. Fast adjusting difficulty algorithms such as KGW enable the attacker to bump up the difficulty on the legitimate chain then pull hashrate away to his chain slowly enough to avoid a difficulty retarget.
