Thursday, June 19, 2014

Ghash.io Was Capable of a 51% Attack on Bitcoin's Network

     I've written in the past about Bitcoin's vulnerabilities, and among those is a 51% attack.  This is, to put it in laymen's terms, a situation where one group of miners has over 51% of the hashing power of the entire Bitcoin network, and can more or less decide what is and isn't a legitimate transaction.  This is, of course, an exceedingly dangerous vulnerability as anyone who has that power could quickly cash in on it or cause general disruptions (for example, they could simply spend money then delete the transaction, so that the bitcoins effectively never left their wallet, but most likely they would have the goods/services they bartered them for, and leave the merchant in the cold).

     I'm bringing this up because Ghash.io recently hit the 51% mark.  There's a lot of rumor mills and speculation going around about what they did in the brief window they had at 51%, but the reaction was very clear.  Their sites are now under DDoS attacks, and their hashing rate is down to about 30% of the network total.  Because of the way coins are mined (in that the first one to solve the puzzle wins the whole block, and the more hashing power you have the more likely you are to do so), there is great incentive towards group mining, which leads to large power blocks of miners.  This will not be going away anytime soon, either.

    What is interesting is the effect that the DDoS attacks had on the hashing power of Ghash.io.  It dropped it by about 40% of their original value, from 51% to 30ish%.  Naturally, this means all the other networks increased their share by about 40% of their original value.  This could lead to mining pool "wars" where the number 2 or 3 mining pool launches DDoS attacks against one another to secure a 51% stake and initiate an attack.  Now, it would take a lot of prep work, but even if it fails, its not like you are out anything.  If anything, you still are mining more blocks because of the relative increased power of your hash rate.  There's no reason not to DDoS your competitors, except for the resources expended and the potential good will loss and retaliation.

     If you are in Bitcoin, it might be time to evaluate your investment.  The next month or so will be telling as to the future and stability of the currency.

No comments:

Post a Comment