Did you see that ZenCash was hit with a 51% attack the other day? It’s true; they’re the most recent to join the club of currencies that have been impacted by someone controlling a majority of the hashrate. For the time this is the case, they can do whatever the heck they want — like double spend or invalidate transactions or steal all the monies or whatever.
Personally, I feel like Zencash got off lucky. The attacker made off with about 700k in USD. The market cap is about $91M, so this isn’t terrible percentage wise compared to what they could have done. I think the attackers were either trying to be subtle or they were trying to ensure their stolen value held value for a while by not crashing the entire currency value.
I would like the record to show that I told you so. For example, I *just* did a talk about this at ISACA’s CACS conference but I’ve been warning about this for years. Everyone forgets about this part from the original Bitcoin paper: “The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.”
Anywho, there are three reasons why I’m interested in this:
- The implications that viable 51 percent attacks have for nascent cryptocurrencies (and how to protect against that),
- the not-as-improbable-as-you-think scenario that someone could pull this attack (or an attack like it) off for the “big enchilada” (i.e. Bitcoin), and
- the implications that this has for commercial blockchain implementations
Starting with number one, it’s interesting to me because how can a new cryptocurrency develop in the climate when 51 percent attacks are not only feasible but are actively being done? Imagine with me for a moment a growth curve reflecting the hashrate for a cryptocurrency — it starts at zero, is flat for a while, and eventually expands non-linearly. Maybe it looks a lot like the hashrate chart for Ethereum that I’ve included below from the awesome folks over at etherscan.
After the “hockey stick” starts (in the Ethereum chart above around about the March or April 2017 timeframe) it gets exponentially harder to pull off a 51% attack, right? But what about before then? What about the flat part of the curve before the exponential growth? The catch-22 is that nobody will want to stream Jim Cramer-style their trading on Twitch “buy stuff” with – or speculate in – the cryptocurrency if there’s a solid likelihood of a 51% attack and there’s no community. But yet, the growth curve can’t make that impractical until after people adopt it.
Quandry? Yes… yes it is.
Bitcoin didn’t have this problem because, frankly, very few people cared enough about it when it came out to actively do this type of attack. By the time it became within a few orders of magnitude of the money supply of a large country, that attack was out of reach… at least to the person in their basement with a network connection and access to somebody’s commoditized cloud compute fabric. The plot of Silicon Valley aside, I feel like this makes it super challenging for a new currency looking to do an ICO — it’s really super dangerous unless there’s a strategy to out-compute what an attacker might be willing to spend. Not sure how to do that — especially when mining nodes are designed to be anonymous. Even if they figure that part out, that’s just another way of retaining centralized control over it. Either way, it’s dodgy.
The second thing that makes me interested about this is the implication – and I’d argue continued viability – of an attack like this against Bitcoin. No, not by somebody in a basement, but by someone controlling a large chunk of the hashrate. Say, for example, Bitmain. I’ve talked about why it is that market forces tend to favor mining monopolies (it is truth), and in fact we’re pretty damn close to Bitmain controlling 51%. Like, as of right now, they control about 44-46-ish percent — because remember that Antpool is Bitmain, and BTC.com is also Bitmain. Those two alone are like 40-ish percent without even accounting for any other folks that might be using Antminer or their other hardware. Seems to me like Bitmain should just buy out the admin of ViaBTC and be done with it.
“But who cares?”, you ask. That hardware is like distributed out among like a gagillion different people… it’s like 80 million petaflops… What difference does it make if they’re all in the same pool, or all using the same hardware, or both? The counterargument to that is of course Antbleed. Like, Bitmain already installed a firmware backdoor… that’s yesterday’s news. Was it malicious? Maybe. It could just be helpful “phone home” functionality to be offered as a “service” to customers… it did however let them directly shut off as much of the hashrate as they want (within the purview of what they control). Personally, I feel like that’s not good. The whole point of Bitcoin in the first place was that people didn’t trust countries like the EU or the US because fiat control over the currency is dodgy. Is it better if Bitmain has fiat control instead? Like, basically, s/US Treasury/Bitmain/g and we’re all set? This seems worse than the problem Bitcoin was trying to move us away from. This continues to bother me, especially since nobody seems to care about it.
Lastly, and I’ll keep it quick because I’m starting to get too far into what I had planned for today is the implication that these attacks have for stuff that isn’t currency. Like, for example, commercial blockchain applications. That scares the hell out of me. For example, I can actively choose to not buy Bitcoin while Bitmain directly controls anything north of 30 percent of the hashrate (that is my cutoff rate by the way) or at least until their hardware is less than 20-ish percent… I’ll could for example stick to ETH until such time as BTC mining stops being crazysauce. But what about an application that I have no control over — because someone somewhere “heard blockchain was the new thing” so decided to just implement whatever? Like stock exchanges… or insurance… or voting… or your driver’s license. Any “blockchain app” that doesn’t have a consensus protocol isn’t worth doing in my opinion (like, just use a database because the security reduction is equivalent)… so long as we’re using hashrate (CPU time) as that consensus protocol, people need to give a crap about this.
Either people don’t understand this or they don’t care. I’m really hoping it’s the former because that at least is addressable.