I figured it out. I call it "Pod Mining" -- because a bunch of whales is called a "Pod", not a "herd" or a "flock".
If it is true, then how would these groups of whales keep their pool a secret? They would have to find the pools somehow. I don't see how such a thing could remain hidden for long.
People who've blown a hundred grand or more at an ASIC supplier probably have maintenance or customer service or something provided by the same guys, or get on a mailing list for customer support -- not saying the hardware companies are necessarily in on it, but as a result of normal business practices on the hardware companies' part, their biggest customers will know who each other are. So they never had to put up a webpage or promote the pool or try to get random people to join up - they just had to exchange a few private messages and set up their own mail list.
Secondly, if it is true, what is the best solution for a coin to divert these "pod mining" brief attacks? We could implement KGW (and to those who mistakenly thought we did: we did not). I am not sure even KGW would prevent this type of attack?
But a good test would be other coins with KGW. Are they effectively blocking these "pod mining" rushes or not?
I think the only possible defense would be to use a hashing algorithm that the pod doesn't have easy access to switch to, with very different hardware requirements from other hashes. Or go straight to proof-of-stake or something like that where hashing power doesn't matter.
First, the only thing the adjustment rate really affects is how many blocks
in a row the pod can get. Think about it. Moving in synchrony, the pod jumps on something for just a few seconds, maybe gets one or two or three blocks, jumps on something else. Three blocks later, there's effectively no difference in the difficulty, and the pod can jump back on again. And during those three blocks the pod can jump on a hundred other altchains for about three to five seconds each. Normal miners are only getting about 2/3 of the blocks they think they ought to be getting, but don't know why. RPC has a slower adjustment, so they can stay on for ten or twenty blocks before they get off again. But as there are lots of altchains out there using similar hash parameters, it does not matter.
Second, I would not advise switching to KGW, because KGW is now getting reamed in a new and different way. It turns out that if you creatively adjust your timestamps, you can attack a KGW chain. With something like 20% of the hashing power of the pool, you can produce an alternate chain with more blocks, and force a chain reorg when the main chain catches up to your ending timestamp. You make five blocks with timestamps far apart to force the difficulty down the 20% maximum each time, then jump backward in time (to the average time of the last 11 blocks) getting the diff rate raised by the 20% maximum just once - wash and repeat, and you wind up getting more ridiculously easy blocks than the chain at large gets hard ones, while simultaneously advancing the total time on your blockchain no further than the main chain gets advanced. Once the chain reorg happens, you pocket all the coins for the last umpty-ump blocks and walk away whistling. The attack got demonstrated for the first time yesterday -- and the devs who have KGW coins and actually noticed it, are either scrambling to try to fix it, or just sitting there pinching out brown bricks.
