Topic: Pools With a Significant Hashrate: A Realistic Double Spend Attack Taking 2 Hr - page 4. (Read 11679 times)

How easy is it to look at what you are mining? Won't people see that they are working on a different block number than the current one? And shouldn't some people notice that they found blocks that don't show?

DamienBlack: I wrote this as a counter-example to your comment in another thread that a 50% attack would be statistically noticed in the global hashrate.

I doubt Tycho keeps tens of thousands of BTC on his online infrastructure. His pool profits (~3% fee) only amount to ~100 BTC per day. But my counter example was also to illustrate that Deepbit, with its size, is now a valuable target to any attacker out there. The fact a pool owns ~50% of the hashrate is bad not only for Bitcoin, but also because it concentrates risk. My advice to users is to not keep any significant amounts of BTC in their Deepbit account.

If you hacked the site so thoroughly, you would probably have access to the pool's wallet, the one that makes payouts. I'm sure there is 10s of thousands. Take that and be done with it.

Well, many (most?) pool users automatically withdraw their BTC balance to their wallet. If the attacker diverted the blocks to keep the BTC he would not be able to honor these withdrawals and would be noticed very quickly, perhaps after mining only a few hundred BTC.

Whereas my attack works with any amount of BTC (I should have picked a few thousand BTC as an example). The only limit is your budget to purchase the initial amount. And withdrawal restrictions on the exchanges. But there are ways to bypass them (register multiple accounts, sell your USD balance on bitcoin-otc, etc).

Then he could much around for a few hours until people leave the pool. Then everything is ok (with maybe a minor blockchain rollback).

You get right on that then. I'll be waiting.

Remember, if deepbit is 50% of the network, you'd only have about a 50% chance of this attack working (you making a longer chain than the rest of the network. Otherwise you'll probably be found out with no harm done. And this attack could work even if deepbit had 49% or 48% of 40%... the odds just start tilting against you.

What if the hacker is ben bernanke and doesn't give a crap about bitcoins and just wants to see them fail.

Why would the hacker not divert the legit blocks being mined with 5000ghash/s to himself instead?
You have zero risk

(no initial purchase of 500BTC or need to fork the blockchain, people are still being shown they get paid so they continue mining, and you get about 6-10 solved blocks worth of BTC within 2 hours)

After the attack you have BTC from the 'normal' blockchain and you can launder them & sell for cash. Much less effort

No problem. I also quickly resell this remaining 500 BTC right after my attack.

Your original 500 BTC wont be much good after the price of bitcoin collapses
when the biggest pool is known to be used in a forging attack against the blockchain.

Which hacker with such skills will really ruin the entire economy for a few thousand bucks?

A double spend attack may be detectable after the fact, but is not likely to be stopped on time to prevent BTC theft. Pool owners with a significant hashrate are not the only persons capable of using it to their advantage. Here is an example: I am Malory, the proverbial malicious attacker, and I want to attack the Deepbit pool, managed by Tycho.

(Edit: Fixed the chain on which the BTC needs to be spent - thanks kjj/DamienBlack).
(Edit: Replaced fictional "500 BTC" amount with "10k BTC").
(Edit: Removed mentions of "50% hashrate" to emphasize that it is not required to perform a double spend.)

Step 1: I buy 10k BTC and transfer them to my wallet.

Step 2: I attack Deepbit's infrastructure to surreptitiously gain administrative control of the servers (eg. via a compromise of Tycho's workstation). Optionally, I also rob the pool of its BTC to further maximize my gains (using the pool's computational power to double spend its own money - hah!)

Step 3: I select a period of time of 2 hours during which Tycho is offline/sleeping. 2 hours is all I need because his pool, Deepbit, controls about half of the global Bitcoin network hashrate. Note that controlling exactly 50% or more is not necessary; if less than 50%, the probability of the attack being successful is simply lower.

Step 4: During these 2 hours, I send pool users work items to start forking the block chain, from the current legitimate block, but without broadcasting the forked blocks to the global Bitcoin network. The only visible effect is that the global network appears to solve ~6 blocks (instead of ~12) during these 2 hours; but no one notices because it happens all the time due to expected statistical variation. As a matter of fact, it is happening right now: in the last ~110 minutes only 6 blocks have been solved (135104-135109), and there is no reason to find this suspicious whatsoever.

Step 5: In the legitimate block chain (built by miners not in the pool), I include a transaction to transfer 10k BTC from my wallet to my TradeHill/Bitcoin7/MtGox account.

Step 6: TradeHill/Bitcoin7/MtGox detects my txfer after the legitimate block chain grows by 6 blocks (6 confirmations). I sell the 10k BTC.

Step 7: Profit! I have plenty of USD in my account. I quickly sell it on bitcoin-otc (eg. using MtGox's merchant API), or transfer it to my Dwolla account, or multiple accounts to bypass typical withdrawal limits.

Step 8: During this time, my forked chain should have grown 1 more block than the legitimate chain (if the attack was successful). I broadcast it to the network, which instantly invalidates the 10k BTC I transferred to TradeHill/Bitcoin7/MtGox. The 10k BTC automatically "reappears" in my original wallet (which I can now double-spend). The exchange is short on BTC and is screwed. An investigation later in the day reveals that Tycho's pool was compromised. Tycho's reputation is ruined. People switch to another pool, which gains 50% of the hashrate. I repeat the same attack on the other pool, and double spend again the BTC stolen from previous pools. Rinse and repeat.