Quote
I Broke Bitcoin
Alister Maclin can break Bitcoin on command. In an email, Maclin said he's been the one spamming the Bitcoin network over the last several days with enough force to compel a Bitcoin exchange to notify its customers that the attack was causing withdrawal issues. Of course, he added, "Alister Maclin" is an alias.
In retrospect, I should have been more specific when I asked Maclin if there was a way for me to verify his claims.
Normally, confirmation of this kind might come in the form of a cryptographic fingerprint, but when I contacted Maclin over email, he replied in broken English: “I will switch the stress-test on once again for a short period (~10 min) at 17:30 of your local time (there is 00:22 now in Moscow - I wanna sleep). You will see.”
Slightly taken aback, I asked if Maclin meant 5:30 PM tomorrow. “Today! Now! I've already started it ten minutes ago
” he replied. Sure enough, the number of transactions rejected by the Bitcoin network skyrocketed at 5:30 PM on Tuesday afternoon.
At 5:54 PM, Maclin emailed me again. “Switched off,” he wrote. “Now red lines on the third chart will return back to green.” And as it was written, so it was done. Things calmed down, the number of rejected transactions dropped back to normal levels, and the chart’s red spike settled back to green after an hour.
Maclin isn’t the first person to try and break the Bitcoin network. An exchange called Coinwallet.eu previously threw $48,000 USD in Bitcoin to the winds in an attempt to fill the network with tiny spam transactions and slow things down for everyone. By comparison, however, Maclin’s attack was extremely cheap, simple, and effective.
Maclin used what’s known as a “malleability attack,” which takes advantage of the time delay between when bitcoins are sent and when the transaction record is included in a block and uploaded to the blockchain for posterity. A script written by Maclin, running on a virtual machine, captures transactions and re-broadcasts them to the Bitcoin network with a slightly different ID, thus creating a duplicate transaction, only one of which can be added to a block. Everybody’s bitcoins still get where they need to go, but it could take hours for the transaction to be confirmed instead of the usual 10 minutes... (cont.'d)
Alister Maclin can break Bitcoin on command. In an email, Maclin said he's been the one spamming the Bitcoin network over the last several days with enough force to compel a Bitcoin exchange to notify its customers that the attack was causing withdrawal issues. Of course, he added, "Alister Maclin" is an alias.
In retrospect, I should have been more specific when I asked Maclin if there was a way for me to verify his claims.
Normally, confirmation of this kind might come in the form of a cryptographic fingerprint, but when I contacted Maclin over email, he replied in broken English: “I will switch the stress-test on once again for a short period (~10 min) at 17:30 of your local time (there is 00:22 now in Moscow - I wanna sleep). You will see.”
Slightly taken aback, I asked if Maclin meant 5:30 PM tomorrow. “Today! Now! I've already started it ten minutes ago
” he replied. Sure enough, the number of transactions rejected by the Bitcoin network skyrocketed at 5:30 PM on Tuesday afternoon. At 5:54 PM, Maclin emailed me again. “Switched off,” he wrote. “Now red lines on the third chart will return back to green.” And as it was written, so it was done. Things calmed down, the number of rejected transactions dropped back to normal levels, and the chart’s red spike settled back to green after an hour.
Maclin isn’t the first person to try and break the Bitcoin network. An exchange called Coinwallet.eu previously threw $48,000 USD in Bitcoin to the winds in an attempt to fill the network with tiny spam transactions and slow things down for everyone. By comparison, however, Maclin’s attack was extremely cheap, simple, and effective.
Maclin used what’s known as a “malleability attack,” which takes advantage of the time delay between when bitcoins are sent and when the transaction record is included in a block and uploaded to the blockchain for posterity. A script written by Maclin, running on a virtual machine, captures transactions and re-broadcasts them to the Bitcoin network with a slightly different ID, thus creating a duplicate transaction, only one of which can be added to a block. Everybody’s bitcoins still get where they need to go, but it could take hours for the transaction to be confirmed instead of the usual 10 minutes... (cont.'d)
More here: http://motherboard.vice.com/read/i-broke-bitcoin