Mining reward "stealing" attack | Bitcointalksearch.org

einax_oliver

newbie

Activity: 19

Merit: 0

Quote from: tublo on September 04, 2018, 08:23:23 PM

As there are more than 1.8 million bitcoins that have not been moved since they were mined, isn't it possible that someone rebuilds the entire blockchain in order to claim those bitcoins? This attacker could even keep all transactions made till today, so people would not lose their balance.
It would take 200 days with the present hashrate to rebuild the entire blockchain. So, for instance, if someone invest in mining facilities equivalent to double the present hashrate (a lot of money, but not impossible), it would take 200 days to create a new blockchain with more work than the original one (100 days to have the same work as it has today and other 100 days as the blockchain would be bigger by then).
Comparing the alternatives, with that amount of hash rate:
1) If the attacker mined in the original blockchain, he would obtain 240,000 bitcoins in 200 days (1,800 btc/day * 200 days * 2/3 of total hash rate), probably at a loss.
2) If he performs the attack, he would obtain 1,800,000 bitcoins.
So, the incentives are pro-attack. Also, those incentives are expected to be greater in the future, as the block reward gets smaller.

What do you think about this? Is there something I am missing here?

I think that even though in theory such attack is possible, any attempt of its actual execution will wither nullify bitcoin price or reduce it's worth enough so the attacker will be at the loss either way.

onelineproof

member

Activity: 100

Merit: 16

Quote from: tublo on September 07, 2018, 01:37:04 PM

How a PoW system change would solve that?

Currently, the most proof-of-work chain for Bitcoin is the one that most SHA256 work. If a hard fork is done that allows for continuation with some other algo, then the most proof-of-work chain would be defined differently. Maybe the definition would consider SHA256, but not exculsively. Even if the attacker gets more proof of work for SHA256, they would have a hard time getting more than Bitcoin for some other algo I assume. It depends on how it's done, so not sure, but either way it would be an ugly situation, and something we want to avoid.

tublo

member

Activity: 103

Merit: 31

How a PoW system change would solve that?

onelineproof

member

Activity: 100

Merit: 16

The problem is

if

a) The attack is unsuccessful, the attacker loses a lot of resources

b) The attack is successful, the value of Bitcoin plummets (perhaps people switch to an altcoin or hard fork Bitcoin with a PoW change), and the attacker still loses a lot of resources.

It's more worth it for them to just mine honestly and get honest rewards, unless their only goal is to harm Bitcoin, in which case people will just switch to a more robust PoW system (like multi algo, merge mining), so don't see what they will gain.

odolvlobo

legendary

Activity: 4466

Merit: 3391

Quote from: tublo on September 06, 2018, 06:11:07 PM

Yes, it is a lot of risk now. But what I am trying to say is that, in general, 51% attacks are not incentivized because the eventual attacker earns more if he mines the original chain. But, in this case it is different. In 15 years, the yearly reward will be less than 100,000 bitcoins. The attack would be more profitable.

You have come up with an interesting scenario. Another aspect is that I don't think many people would care if only unspent coinbase transactions are stolen.

tublo

member

Activity: 103

Merit: 31

Quote from: philipma1957 on September 04, 2018, 11:30:47 PM

well thanks to the op bitmain will have something to do.

Realistically they are the only company that could stand a shot to do it.

but they would need a lot of s-9's

46,740,917,366 GH/s/14,000ghs = 3,338,636 s9's

so say 4 million s-9's power wise 5600 megawatts which would be all of Niagara Falls x 2

https://en.wikipedia.org/wiki/List_of_largest_hydroelectric_power_stations

at 5 cents a kwatt a mega watt is 50 bucks an hour x 5600 = 280,000 an hour or 6,720,000 a day x 730 = 4,905,600,000

so at least 5 billion in power

and 4,000,000 x 300 = 1,200,000,000 in gear so more then 6 billion more likely 7 or 8 billion to get 1,800,000 worth 7500 each or

13,500,000,000

a lot to risk 8 billion for 13.5 billion

Yes, it is a lot of risk now. But what I am trying to say is that, in general, 51% attacks are not incentivized because the eventual attacker earns more if he mines the original chain. But, in this case it is different. In 15 years, the yearly reward will be less than 100,000 bitcoins. The attack would be more profitable.

Thirdspace

hero member

Activity: 1232

Merit: 738

Mixing reinvented for your privacy | chipmixer.com

Quote from: S00rabh on September 06, 2018, 02:52:29 AM

Instead of investing so much in Hash power, just quarter of that $$$ to buy actual BTC and then you can control the market in much better way.

"quarter of that" = 1/4 * $8 bn = $2 bn @ $6,500/BTC = 300,000+ BTC
control the market? Undecided

maybe...
but wouldn't his buying frenzy willl pump the price? (eating up all sell orders)
then shortly afterwards price crash/correction/dump happens and gets him in a big loss Sad

S00rabh

jr. member

Activity: 44

Merit: 1

Instead of investing so much in Hash power, just quarter of that $$$ to buy actual BTC and then you can control the market in much better way.

morantis2015

jr. member

Activity: 30

Merit: 3

Yeah, a lot better ways to invest the computational power, if you have it. Best case scenario, besides taking a 51% hold, would be that the coins would appear in your wallet/wallets, but you're pretty much riding your own fork. All in all, it doesn't matter if you can fool some nodes or wallets out there, the key to dying or living is whether you and the exchanges are on the same ledger, because that's where the BTC becomes either fiat(for most people to spend) or becomes a tool for any real use, no one is going to just hand you cash for BTC, not many, and they will want the network to confirm first.

Thirdspace

hero member

Activity: 1232

Merit: 738

Mixing reinvented for your privacy | chipmixer.com

instead of "rebuild the entire blockchain", why not just brute force the private keys? Grin

do sequential just like LBC group, but start in the middle, they're doing ~25 tn keys/day
with that much hashrate I think brute forcing keys is somewhat doable (maybe??) but costly nonetheless
aim for those "unmoved mining rewards" and pick up others as well in the process Tongue

Zin-Zang

member

Activity: 364

Merit: 13

Killing Lightning Network with a 51% Ignore attack

Quote from: tublo on September 04, 2018, 08:23:23 PM

As there are more than 1.8 million bitcoins that have not been moved since they were mined, isn't it possible that someone rebuilds the entire blockchain in order to claim those bitcoins? This attacker could even keep all transactions made till today, so people would not lose their balance.
It would take 200 days with the present hashrate to rebuild the entire blockchain. So, for instance, if someone invest in mining facilities equivalent to double the present hashrate (a lot of money, but not impossible), it would take 200 days to create a new blockchain with more work than the original one (100 days to have the same work as it has today and other 100 days as the blockchain would be bigger by then).
Comparing the alternatives, with that amount of hash rate:
1) If the attacker mined in the original blockchain, he would obtain 240,000 bitcoins in 200 days (1,800 btc/day * 200 days * 2/3 of total hash rate), probably at a loss.
2) If he performs the attack, he would obtain 1,800,000 bitcoins.
So, the incentives are pro-attack. Also, those incentives are expected to be greater in the future, as the block reward gets smaller.

What do you think about this? Is there something I am missing here?

Won't work, you can't reorg before the last checkpoint.
https://bitcointalksearch.org/topic/what-are-checkpoints-in-bitcoin-code-194078

Most coins contain checkpoints in their source code to prevent tampering with historical data.

If you purchase double the modern day mining capacity, you could 51% attack the chain at will and kill it.
Or profit by selling all of the mined bitcoins until you crash the price.

RGBKey

hero member

Activity: 854

Merit: 658

rgbkey.github.io/pgp.txt

At this point when you have half the hashrate of the current network you might as well launch a 51% attack and go for everything, not just the untouched coins. It's equally as covert and you'd get more money. Which to be fair, is not covert at all.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Aside from reason above member mentioned, it's impossible since :
1. Some Bitcoin client/nodes have feature called Checkpoint (basically stored hash of block at certain height) which is used to prevent someone re-write Bitcoin history by re-mine/re-doing PoW all block with low hashrate and manipulate each timestamp.
2. You still need to find way to make existing nodes to accept your block with far lower block height or older timestamp. Even SPV/light nodes will reject (or confused) your block since block header they store and your block header is different.

Additionally, even if you could overcome the problem somehow, people surely will notice and panic which lead to Bitcoin price crashing and you just wasting your time, money and energy Roll Eyes

philipma1957

legendary

Activity: 4256

Merit: 8551

'The right to privacy matters'

well thanks to the op bitmain will have something to do.

Realistically they are the only company that could stand a shot to do it.

but they would need a lot of s-9's

46,740,917,366 GH/s/14,000ghs = 3,338,636 s9's

so say 4 million s-9's power wise 5600 megawatts which would be all of Niagara Falls x 2

https://en.wikipedia.org/wiki/List_of_largest_hydroelectric_power_stations

at 5 cents a kwatt a mega watt is 50 bucks an hour x 5600 = 280,000 an hour or 6,720,000 a day x 730 = 4,905,600,000

so at least 5 billion in power

and 4,000,000 x 300 = 1,200,000,000 in gear so more then 6 billion more likely 7 or 8 billion to get 1,800,000 worth 7500 each or

13,500,000,000

a lot to risk 8 billion for 13.5 billion

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

First of all, double the current hashrate would be nearly impossible for someone to get. They would have to acquire ALL of the mining equipment in the world, and then do it again, all without taking away the existing equipment. This would be exorbitantly expensive, both in resources and in time. Manufacturers can't just magically produce machines that they don't have. It takes time, money, and raw materials. Such an operation would be very obvious.

Second, people running nodes, and nodes themselves, are not stupid. They would definitely notice a 500,000+ block blockchain reorganization. That is extremely obvious and there would be warnings put up all over place. Such an attack would likely result in some form of human intervention which prevents people's nodes from switching to using the attacker's blockchain.

odolvlobo

legendary

Activity: 4466

Merit: 3391

Double the current hash rate is a lot of hash rate.

tublo

member

Activity: 103

Merit: 31

As there are more than 1.8 million bitcoins that have not been moved since they were mined, isn't it possible that someone rebuilds the entire blockchain in order to claim those bitcoins? This attacker could even keep all transactions made till today, so people would not lose their balance.
It would take 200 days with the present hashrate to rebuild the entire blockchain. So, for instance, if someone invest in mining facilities equivalent to double the present hashrate (a lot of money, but not impossible), it would take 200 days to create a new blockchain with more work than the original one (100 days to have the same work as it has today and other 100 days as the blockchain would be bigger by then).
Comparing the alternatives, with that amount of hash rate:
1) If the attacker mined in the original blockchain, he would obtain 240,000 bitcoins in 200 days (1,800 btc/day * 200 days * 2/3 of total hash rate), probably at a loss.
2) If he performs the attack, he would obtain 1,800,000 bitcoins.
So, the incentives are pro-attack. Also, those incentives are expected to be greater in the future, as the block reward gets smaller.

What do you think about this? Is there something I am missing here?

Topic: Mining reward "stealing" attack (Read 431 times)