The vision of Bitcoin Satoshi Nakamoto, another Bitcoin fork (Bitcoin) fork, suffered the third blockchain reorganization (reorg) attack in three months. Call on all stakeholders to mark the malicious network branch as invalid, Bitcoin SV (BSV) The developer stated that the attack has been repelled and all fraud chains have been identified.
The series of attacks on Bitcoin SV, although reportedly repelled, highlighted the risks associated with proof-of-work (PoW) blockchains, which have low hash rates to support their existence. In fact, in addition to Bitcoin SV, A few chains, Like Ethereum Classic (and many more) And Firo-formerly known as Zcoin-have been victims of such incidents Attempt to reorganize the blockchain to exploit the vulnerability.
Although not all such attacks are successful, some attacks can have significant economic consequences for honest participants and the network, because rogue actors responsible for malicious use of the network can double spend “coins.” The problem has reached the point where it is theoretically possible to launch these attacks with leased hashing capabilities worth several thousand dollars.
Another blockchain reorganization attack
In early August, Bitcoin SV suffers a suspected 51% attack This is similar to what happened between the end of June and the first week of July. At that time, malicious network utilization was said to have led to the simultaneous mining of three versions of the main chain in a deep blockchain reorganization attack.
This type of attack occurs when malicious actors control 51% of the network’s hash rate and can use that hash power to control and prevent block production and double-spending coins. According to reports, the August 3 incident was the largest attack on BSV since the Bitcoin Cash fork (Bitcoin cash) Back to 2018.
According to reports, at some point in the exploit Compromised According to Nikita Zhavoronkov, the lead developer of the blockchain browser Blockchair, the value of transactions on the Bitcoin SV chain is approximately 10 hours. In response to this incident, the Bitcoin Association-a Bitcoin SV advocacy organization-recommended that honest node operators mark the fake chain initiated by hackers as invalid.
It is necessary to mark the split chain initiated by 51% of attackers as invalid to prevent hackers from gaining any financial benefits, such as double spending. Usually, the goal of such events is to send the mined tokens from the fake chain to the exchange, thereby extracting monetary value from “out of thin air.”
In its event update report, the Bitcoin Association statement Hackers attempt 51% of the attacks unsuccessfully, while urging network participants to ensure that their nodes only interact with chains supported by honest miners. As part of its report, the Bitcoin Association stated that all relevant stakeholders including the Bitcoin SV infrastructure team will continue to monitor the network to prevent any further attacks.
In a conversation with Cointelegraph, Steve Shadders, CTO of Bitcoin SV developer nChain, stated that both stakeholders are implementing “a series of active and passive measures” to prevent further attacks.
“Together with the Bitcoin Association team, we are also cooperating with exchanges, miners and ecosystem companies to quickly invalidate the fraudulent chain containing illegal double spending by using the invalidateblock command-this is the RPC code that was introduced to Bitcoin in 2014, and it is still Part of the code base is for BTC and BCH.”
According to Shadders, this move invalidates the attacker’s efforts and allows honest participants to direct their hashing power to the correct chain. Shadders also stated that the attack stimulated more hashing capabilities for the Bitcoin SV chain to “defend the network.”In fact, the data from BitInfoCharts show Between August 3 and August 4, the Bitcoin SV hash rate increased, and the hash power of the network increased by nearly 15%.
Three attacks occurred in a few months
There have been three attacks in three months, each using a similar method, and this fact has sparked discussions about whether there is an agenda for Bitcoin SV. Between June 24 and July 9, Bitcoin SV suffered four separate 51% attack attempts, resulting in double spend coins being sent to the Bitmart cryptocurrency exchange.
In July, Cointelegraph reported that Bitmark is seeking a restraining order A judge from New York to prevent hackers who carried out 51% attacks on Bitcoin SV from selling their double spend coins. At the time of writing, it is unclear whether the August attackers were able to send double-spending BSV to any exchange.
In a note sent to Cointelegraph, the Bitcoin Association clarified that the double-spending transactions in the June and July attacks did not have any adverse effects on Bitcoin SV users, adding:
“It is possible that malicious actors have been repeatedly spending their transactions. No losses have been caused and no one has stolen things.”
According to reports, the attacks on June 24 and July 1 went unnoticed, and the investigation only started after the July 6 incident. At that time, some exchanges, including Huobi, suspended BSV’s deposit and withdrawal services, which caused inaccurate speculation that the trading platform would be delisted.
Shadders told Cointelegraph when commenting on the possibility of the August attacks related to earlier events: “At this stage, although we have no clear evidence that the same malicious actors are responsible for these latest attacks and early attempts in June and June. 7 In August, the similarity of attack vectors and methods indicated that it is likely to be the same attacker again.”
The only difference between the two sets of attacks is that the June and July attacks used the pseudonym “Zulupool”—not connected to a legitimate Hathor network miner of the same name—and in August the hackers impersonated the Tal mining pool. In fact, it is believed that the attackers in June and July impersonated Zulupool and were also related to the block reorganization vulnerability against Bitcoin ABC in March.
In view of the suspicious connection between all the attacks, Shadders told Cointelegraph that legal measures are being taken, noting that:
“The Bitcoin Association and its legal representatives are actively involved in law enforcement in affected jurisdictions-the Bitcoin SV infrastructure team is continuing to support this process by collecting and collating all forensic evidence left by the attackers.”
Fragile PoW network
PoW networks with significantly lower hash rates are vulnerable to 51% attacks because the hash power required to requisition the network only costs a few thousand dollars. In some cases, renting hundreds of dollars worth of hash power from NiceHash is sufficient to exploit blockchain reorganization vulnerabilities on certain PoW chains.
According to data from Crypto51 (a platform that tracks the theoretical cost of 51% attacks on PoW chains), it cost Approximately $5,200 rented the hashing power required for a 51% attack on Bitcoin SV for one hour.
Ethereum Classic, another PoW network, also Suffered multiple 51% attacks in 2019 and 2020According to reports, in one incident, the attacker stolen more than 5 million U.S. dollars from the network, and only spent 192,000 U.S. dollars on hash power for the attack. However, it is important to note that although such attacks are still possible, network participants can take steps to mitigate the vulnerability.
In fact, in the absence of Bitcoin’s superior network effects and powerful hashing capabilities, other PoW chains need to create a secondary security protocol to detect malicious blockchain reorganization. In stark contrast to the difference in computing power, the current total computing power of the Bitcoin network is more than 320 times that of Bitcoin SV.
Cryptocurrency exchanges also need to increase network confirmation requirements for coins whose chains do not have sufficient hashing power. Most 51% of attackers try to double spend their transactions through exchanges, using their counterfeit currency in exchange for legitimate funds held by the trading platform, usually on behalf of their users.
Therefore, even if the blockchain eventually repels the attack, hackers can extract value from the exploit by trading their counterfeit coins on exchanges that have not adopted the necessary minimum confirmation protocol.