First it happened to verge. $1.8m of cryptocurrency swiped in a matter of hours. Then to bitcoin gold, plundered in an $18m double spend attack. Then to verge again, this time to the tune of $1.7 million. Along the way, monacoin is also believed to have been hit. Someone is methodically working their way through Proof of Work coins, controlling their hashrate, and then launching 51% attacks. Other PoW teams are now on high alert for signs that their coin could be next.
Following a Spate of Attacks, PoW Teams Batten Down the Hatches
51% attacks, in which a malevolent miner controls the majority of the network hashrate and then uses it to force through fraudulent transactions, are commonly discussed but rarely encountered. That all changed on April 4 when verge was hit by a 51% attack. At the time, the incident was put down to the general fog of incompetence that surrounds verge; the exploit was quickly patched and everyone moved on. Then, just over a month later, verge was hit again along with bitcoin gold and possibly monacoin too. The spate of attacks has caused a crisis of confidence in Proof of Work coins and forced their development teams on the defensive.
Although called a 51% attack, in reality it’s often possible to control the network with a much lower hashrate. Because verge uses five different hashing algorithms, for example, the attacker was able to reduce the mining difficulty for just one algorithm and focus all their firepower on that, armed with just one fifth of the hashpower they would otherwise have needed. The second time around, they modified their attack slightly and targeted verge with a dual blast using two different algorithms. Bitcoin gold, meanwhile, was targeted due to its equihash algorithm, the same one used by such coins as zcash and komodo.
The Cost of Staging a 51% Attack
Following the run of 51% attacks, teams have rushed out updates to reassure the community that their coin is safe, and to deter would-be attackers. The cost of attacking ethereum classic has been estimated at $70m, for example, and estimates have been made for doing the same with the top 10 PoW coins. BTC is priced at $2.2 billion to attack, whereas zcash comes in at $87m. In his blog post, Husam Abboud claims that “If a zCash miner with +8% of Nethash [switches] to mine Bitcoin Gold, he is +51% BTG nethash, that brings the cost of 51% attack on BTG to 580 ZEC/day ~$200k”.
Because bitcoin gold has a much lower hashrate than coins such as zcash, it is a far easier target to pick off. Now that the feasibility of double spending a recognized PoW coin has been proven, aspiring attackers are calculating the costs of renting hashing power from a provider such as Nicehash and using it to take over a target of their choosing. This is one of the dangers with an altcoin using an existing algorithm: it’s easy for an attacker to switch from mining one to another at the flick of a switch, leaving low hashrate PoW coins vulnerable to hostile takeover without warning.
There’s a Storm Brewing
PoW teams are hitting back, and have enacted various measures to thwart future attacks. On request, Binance has upped the number of confirmations required to deposit equihash-based coins onto the exchange. The more confirmations that are required, in theory, the more likelihood there is of detecting and thwarting a 51% attack. Maidsafe, meanwhile, has proposed a new consensus mechanism called PARSEC, though some believe it may be vulnerable to other threats such as Sybil attacks, which are a recurring theme with staking algorithms.
For the coins that are committed to remaining with Proof of Work, most of which descended from Bitcoin at some point in time, it’s a case of remaining on high alert for possible signs of foul play. One PoW altcoin team has set up a script to constantly monitor their hashrate. In the event of a spike of over 10%, they will be automatically notified. Should the newly added hashrate emanate from an unknown pool, or be in danger of tipping an existing pool over 50%, they have a large quantity BTC on standby with Nicehash ready to purchase their own firepower to counter the attack. It’s a high stakes game and PoW teams can’t leave anything to chance. No one wants to be the next bitcoin gold.