Author

Topic: Withholding attacks - analysis of 200 tera-hash withholding attack (Read 5403 times)

hero member
Activity: 873
Merit: 1007
BTCGuild had a 2PH witholding attack earlier this year. Are you saying that withholding attacks over a certain hashing size are not true, worthwhile, or both?  It's also been alleged that in the withholding attacks, that the miners aren't really mining either.

Withholding attacks don't make financial sense - that's easy to prove with math.

The thing is, however, that sometimes people do things that don't make sense.  Like mining at a loss instead of buying coins.  Somebody with a grudge may very well want to see certain pools get hurt.  It is also possible that the attacked was genuinely stupid and didn't know his custom CGMiner wasn't working - although many people doubt somebody with 2PH/s would be that stupid, but as we all know money doesn't buy intelligence  Grin
legendary
Activity: 1512
Merit: 1057
SpacePirate.io
BTCGuild had a 2PH witholding attack earlier this year. Are you saying that withholding attacks over a certain hashing size are not true, worthwhile, or both?  It's also been alleged that in the withholding attacks, that the miners aren't really mining either.
full member
Activity: 195
Merit: 100
In this scenario, our villian has a 200 tera-hash pool of equipment that he is willing to hire out to anybody who wants to launch a withholding attack. The hypothetical cost of power is $6,000/month or $20/month per tera-hash. At 1KW per tera-hash that works out to roughly 25% of the best month-to-month hosting quotes out there. Not going to happen. Assuming the villain rolls his own data center for this 200KW footprint $80/tera-hash is far more realistic all in cost. Assume the miners cost $1/giga-hash and we have a $200K capital investment plus about $24K/month operational cost.

Given the short life of mining equipment, our villain needs to recoup that investment in, say, six months or about $34K/month. So he needs someone to pay him $34+24 = $58K + profit margin per month for 6 months to be a villain.

What is the payback to the larger pool initiating the attack? Assume our villain can operate without detection by rapidly changing identities and payout addresses and can drive three 1200 tera-hash pools out of business in six months. Right now the network hasth rate is about 160,000 tera-hashes. 3600 tera-hashes must be re-allocated. Looking at Eligius where I mine, their portion of the total pool about 6%. So Eligious would stand to gain about 220 THS of the newly available mining capacity. At a cost of $344,000 plus profit to the villain.

I don't see a huge payoff to anybody to a withheld block attack. Too much work, too expensive and too easy to detect.
full member
Activity: 195
Merit: 100
Moving this analysis from an unrelated thread for discussion.

since then btcguild suffered a confirmed withholding event.  supposed to be accidental .  it did happen and it clearly shows bitcoins  weakness is that a wealthy miner and or pool can attack a smaller pool and kill the luck.

OK, I read up on the withholding attack. Does the bolded statement mean a pool can launch the attack, or individuals supporting the larger pool join the targeted pool and withhold?

I am confused about the distinction between individual and pool behavior.


Okay  lets pick the guy with the bad luck soft ware.  It has been proven to exist. I track him down buy it from him.  I now put myself out as a hit man.

 So to speak I live in Washington or Oregon  Or any place with cheap power.  I sub-contract my bad luck system   to pools like cex.io or btcguild or eligus  they trust me the super villain of BTC and  pay me to hit smaller pools with my bad luck gear.

 So I run 100th or 200th at bitminter a smaller pool and  while they have 1200th of good gear they now have 1400th.   1200 good and 200 bad.  It only takes 45 sp30's to do this or 450 s-3's .  or 200 dragon miners..  do it for a week in a row and the cost is my power.  say  4000 kwatts a day that is  200 usd a day thats all in power cost.  so a one month cost against bitminter is   6000 in power  and they will have  a 12/14 or  85 percent luck of normal not 100 percent.. forget the lost btc I know people say whattt.      but the incentive to attack smaller pools is huge. think of someone with low power cheap gear and the correct software.  he does not need to be a pool.  he could be and individual hired by bigger pools. to attack smaller pools.

Now does he exsist?  I do not know.

Does cex.io attack small pools? I do not know

Does anyone do this join a pool with bad luck gear/software for the purpose of attacking that pool?  I do not know.

But it did happen to one pool BTCguild and  most likely to Eligus pool.  Accident well maybe on purpose well maybe.   I am on many pools.
Jump to: