According to cryptocurrency enthusiast and researcher in the field of security under the name geocold51, a small cryptocurrency at risk of the most dangerous attacks in the industry — the attack 51%. During this attack, the miner owns more than half of the hashing power of the network, which allows him to remove the last transaction and to replace them by other transactions and double-spend the same funds.
Although the ecosystem that was built around bitcoin and cryptocurrencies, making them resistant to these types of attacks, other cryptocurrencies with a weaker community of miners is far from safe.
For smaller coins, these types of attacks are becoming more common. A recent report by Group-IB found a steal cryptocurrency worth $20 million in 2018, committed by such attacks.
On Saturday, October 13, geocold51 decided to show how easy it is to carry out such an attack 51%. The whole process it was broadcast live, showing the attack on cryptocurrency Bitcoin Private capitalization of approximately $47 million at the time of this writing.
Geocold51 said that if cryptocurrency can be so easily attacked, “it means that the cost of this coins are properly valued by investors.” According to estimates Geocold51, he spent $100 to get to the point where he could demonstrate double-spending Bitcoin Private, but was stopped.
Geocold51 was not interested in stealing the coins, and so he organized a demonstration in which he would send Bitcoin to Private, which he owned, in two different wallet owned by him. Thus, neither the user or the operator of the exchange would not be affected. He just wanted to show that many of the coins vulnerable and overrated.
Geocold51 believes that to profit from attack 51%, the attacker would have to spend about two times more – about $200 to buy on the exchange bitcoin for Bitcoin Private and then make another transaction on the longer chain which will void the first transaction and returning him and leaving Private Bitcoin exchange in the red.
While involvement in the exchange process bears certain expenses, attack, 51% is still quite economical because of the growing popularity of cloud computing. According to geocold51, without access to the cloud mining has carried out an attack on the Bitcoin Private, would cost him about $100,000 that he spent on hardware.
“Mining Nicehash service and the possibility to rent hashing power to radically change the nature of the attacks 51%,” said geocold51. “If cryptocurrency does not have sufficient hashing power to ensure its security, but it is considered valuable, you can make the attack 51%.”
Because geocold51 announced
the attempted attack on Reddit, his demonstration attracted a lot of attention — even the Creator of Dogecoin Jackson Palmer (Jackson Palmer) tweeted that watching the stream.
However, the demonstration was not quite as planned, and geocold51 said that will take a full attack later. He noticed that will do so without the online broadcast this week and will shortly publish a record of their demonstration on YouTube.
The approach of a young researcher in the field of safety somewhat reminiscent of the nature of the actions of other gurus in this field.
According to geocold51, he was inspired by one of the most legendary hackers in recent years: geohot, who hacked the original iPhone, thus opening the possibility of obtaining access to the file system of several models of iPhone, iPod, or iPad.
Now geohot often starts online-broadcast on time which demonstrates the process of finding vulnerabilities. And geocold51 believes that he can start to do the same in the ecosystem of cryptocurrencies.
Geocold51 well versed in cryptography. Previously, when mining bitcoin on the GPU makes a profit, geocold51 got quite a decent amount of bitcoins. He then traded on the stock exchange Cryptsy, before the General Director of the site allegedly disappeared
with millions of dollars of their clients. And then he lost almost all of its bitcoins.
But he’s still interested in the industry and continues to study her work. And because the industry was divided into hundreds and thousands of different cryptocurrencies, geocold51 thought he could shed some light on the pitfalls of their security systems.
And other members of the community seems to be interested in his idea. His post on Reddit about the attack he received 1,500 votes, and on stream site Twitch he donated $888.
The day of the attack
It is also interesting that Private Bitcoin was not his first target. First geocold51 wanted to attack Einsteinium — a fork of Litecoin with a market capitalization of $19 million and a trading volume of $598, 000 dollars per day.
He publicly announced his intention, and when he prepared to attack, commentators on his Twitch channel noted that the hash rate of the bitcoin and began to grow.
Because he announced in advance of the attack, the community Einsteinium increased hash rate because it was concerned that such an attack may lead to a split chain and the creation of a second blockchain, which can get stuck users, according to Ben Kurland (Ben Kurland), one of the leaders of the project. While Einsteinium was in the process of updating the purse, and if the users or the exchange has not updated their wallets in time, the separation of the blockchain could lead to loss of funds.
Seeing the increasing power of the hash geocold51 decided instead to attack Bitcoin Private.
According to geocold51, he received about 60,000 hits during the stream on Twitch before the pad broke off the stream. Team Twitch, according to him, temporarily restricted
him a job on the platform, referring to the section “attempts to harm the” community guidelines.
He started another live on Stream.Me in half an hour.
He was able to hire miners using Nicehash for mining Bitcoin Private. In fact, he almost immediately got a block. And in a very short time began to control more than 50% of the hashing power of the blockchain.
Pretty soon in the comments to the broadcast appeared the user under the name CommunityWatch and wrote: “Just wondering: do you think that these actions are lawful?”.
A few minutes of the broadcast Stream.Me was also forcibly stopped.
Geocold51 said he has already received about two thirds of the Bitcoin hash rate yet Private. He gave his first transaction with the second wallet, which he controlled. And he has created another transaction for the offline chain, which went to the third purse under his control.
He was going to send the longest chain in the network, but since the original goal was to show how easy it can be realized the attack, he stopped as soon as the online broadcast was interrupted.
However, geocold51 decided to complete his mission, so he will record his next attack to share videos on YouTube in the near future.
Although this vulnerability is likely to cause concern for many in the community, geocold51 noted that there is another way to protect these coins based on the cryptocurrency game theory.
If anyone tries to sell any significant amount of coins, their price is likely to fall sharply, since the community is not stable and has high liquidity. Thus, geocold51 argues that even if easily buy hashing power and get the network under control, it would be inappropriate to try to earn a lot of money on the attack.
However, geocold51 is going to continue to carry out attacks 51%, using the donations he received, and perhaps even try to carry out the attack and other cryptocurrencies.
He even said that specifically will attack those cryptocurrencies that are alleged to have implemented protection against such attacks to test their security system. For example, the team developing the Horizen (formerly Zencash), believes that it has found a way to neutralize the attack 51%, by introducing specific penalties for miners.
Geocold51 said he was happy to fail in respect of such protective measures.