Bitcoin Forum

I won't say who via twitter but a #Hacker, #engineer, #entrepreneur. #Consultant had this to say

"You could shut Bitcoin down with a DDoS that would cost under $1 million to execute."

You can ddos specific nodes, but they will never be able to ddos all.
If I want to send you some bitcoins, I just connect to you(assuming our blockchains are up to date) and can execute the transaction.

Absolutely, most certainly false.

I'm lost without you guys I swear  :)

It is false, you can take torrents as an example + the streisand effect.

It depends if they found a flaw in the network itself. Hitting Bitcoin with standard DDoS tactics will do nothing, but if they found a flaw in the way the users connect to one another and know of a way to have the users 'unknowingly' DDoS each other, then yes, it can happen. I haven't looked at the Bitcoin protocol so I can't really comment on it, but it wouldn't be surprising if something like this does exist. Think of it like the way SYN floods used to work:

User1: SYN -> User2
User2: SYNACK -> User3<fake>
User1: SYN -> User2
User2: SYNACK -> User3<fake>
...

If a certain flaw were found, it is theoretically possible to have the network flood itself once it is seeded in some specific way.

$1 million can buy enough mining hardware to take over the bitcoin network and basically ruin it for everybody. Assuming you can even find that many GPUs, which you won't on the open market.

You would need about 3,500 mining rigs, each with 3x6990 AMD cards. I haven't done the maths, but you can probably buy that for $1 million. Edit: More like $5 million.

That's not technically a DDoS attack though.

When you buy large quantities for lots of money, you usually get a discount. You could negotiate a contract with Sapphire, and have them make you a bunch of your desired GPU for cheaper than retail price.

Trippy, your calculations are flawed.

The current estimated hashing power is near the 7.5 thps mark. A 5970/6990 can pull around 0.8 ghps. Dividing yields an estimate of 9375 5970s/6990s. They both hover in the 700 USD mark so it will take near 6.5 Million in hashing hardware just to reach parity with the network. Keep in mind this does not include the facility/datacenter and specific required hardware like PSUs, Motherboards, CPUs, on-site admin, cooling(For such a big density). That would topple the cost to well over the 15 Million mark plus a 50K USD per month maintenance + bills.

This would not only stop being enough after a week or two seeing its current growth, it would be worthless for a while. :/ I mean, you got the coins, then what? If you expect to get at least some of it back, you would sell as any other miner and you would end up being assimilated by the network. This thing will reach the 50 Million quite soon, in about 2 weeks or so. There is no sense in trying.

zamrock, still really expensive, though a real possibility. Why don't we miners seek for a huge wholesale deal?

Laughable.  Who are they going to attack?  The pools?  And then what.... Everybody switches to a different pool or solo mines.  Then they plan on attacking everyone separately?

Not to mention hackers are generally poor bastards.  No the demise of bitcoin will not be through hackers.  It will be through the U.S. Government calling it illegal.

Yes they were flawed, it was only a back-of-the-envelope calculation. I didn't think the maintenance cost and building cost would be so expensive compared to the GPUs themselves, but you probably know better.

I think you may have misunderstood my line of attack though. Once somebody has more computing power than everybody else put together, they should go about 1,000 blocks back and try to build a new chain building off that, in secret. (This would take a week.) However their chain will not include any of the transactions from the last 1,000 legitimate blocks. Once it becomes longer than the existing chain, they publish it and instantaneously a whole week of transactions un-happen, i.e. they are reversed and the money (including mining fees) returns to the hands of the original owner, whereas the 50,000 BTC legitimately mined disappear, and the new 50,000 BTC generated are owned by one bitcoin address, the attacker's.

This would cause a massive panic and the price of BTC would crash on the exchanges.

They are then pretty much done in my opinion. They can turn off their datacentre and as long as everybody knows that the datacentre is there and can be powered up again at any time, people will not want to use bitcoins or any similar system.

Of course ideally all the miners would rally together and increase the network power, so much so that our attacker is forced to order another batch of GPUs or give up. But that's a little too idealistic for me.

I am just pointing out the fact that even if they would be able to do so they are literally trashing a lot of money. We are about to experience a lot of difficulty jumps each time making it harder to stop.

When BTC is being traded at 100 USD the likely cost for this project would be of 75 Million USD and the constant ups in price and difficulty will keep it rising, you can't simply wait to get a week of progress, in that week the network will overrun you.

So in this scenario, they will have spent a massive amount of money on computing power.  And it has to be FAR greater than the current combined network (to create fake week-old transactions, and to catch up to present, and then finally to surpass the present).  And then, according to your scenario, they will create their own 50,000 BTC (which, at current market prices is itself worth almost $1M), and then throw away that $1M, by driving the price of BTC to zero.

Who would do this?  A government, I suppose.  But you wouldn't do it to make money!

I would rephrase it to:

"You could severely disrupt Bitcoin with a DDoS that would cost under $1 million to execute."

Reasons/Targets:
Attacking main pools + the IRC channel as single point of failure would make transactions VERY slow to process. Once 3-4 big pools are down, it takes ~1 hour to mine 1 block + the miners WON'T solo mine but try to switch to other pools (if even) effectively DDOSing these to death too. Miners are more like sheep, they seem to like to be in herds! ;)

As a result the exchange rate on MtGox would plummet, if some more alert miners cash out, then skyrocket again if some investors have any money lying around. Chaos + Confusion will break out.

I think you will cause a nice weekend and a deep dent in the global hashrate with this, in the end it won#t bring Bitcoin down though, and might very likely even lead to more popularity of BTC than before (if it is really a big attack, not just a DOS attempt at 1 single pool). It might however shatter trust a bit, making people more alert with what they are doing with their money...

Does this make it less threatening?

Bitcoin opposes state authority - therefore it is not unlikely to happen.

He might have been referring to the penny-flood type of attack.
Or creating ultra big transactions by sending massive ammount of coins to yourself split in a high number of different addresses/clients. The attack funding would actually be spent on fees. If they can craft transactions that are really heavy, that could obstruct the network for a while ?

Yes.  The fewer entities that have motivation to do it, the less threatening it is.

You could (temporarily) DoS all of Bitcoin for far less money than a million dollars. However, DoS attacks are illegal, doubly so if you use a botnet to get lots of IPs and anonymize your tracks.

If somebody does actually start DoSing Bitcoin, I guess it'd be time to add autodrop code that would detect and block bad IPs. The attack could be quite disruptive until people upgraded to the new version.

That statement is not true.  A DDOS attack would, at worst, prevent the network from normal function while the attack was ongoing.  It couldn't do any lasting harm to the currency system or the network, a non-trivial portion of which does not exist in any "publicly" accessible form that can be dossed at all.

Yes, but then the miners would be laughing at the attacker, because he would have to be paying them for the privilage of attacking the network.  This kind of attack ends once the money runs dry.

one concern i've long had is that several kinds of 'attacks' or at least attempts at denying service to achieve external effects (like market manipulation) conform to bitcoin's network and functional protocol and thus are probably unlikely to be regulated. but it's a grey area.

in any case, to give my own reply to the original question, i believe it's a true statement. even the most intuitive attack that requires no special knowledge (the 'overwhelm the hashing power of the network' attack) would cost only a few million dollars at present for permanent purchase of the necessary hardware, and far less for rental. there are many cleverer things that can be done, however. for example, analyses by bytecoin and "s" have explained similar attacks that require fewer resources.

this isn't really a threat to the bitcoin technology as a whole. satoshi wasn't particularly concerned with it, as you can see from his last few messages at the forum. but as i and others have pointed out for a long time, it makes any individual block chain subject to more potential kinds of market manipulation that many speculators seem to suspect.

bitcoin will likely continue, but the value in any particular block chain can at present be very easily 'attacked' through denial of service and similar mechanisms. that we haven't seen much more than a denial-of-service attack on mt gox and a few mining pools likely reflects nothing more than the still-relatively-small footprint of bitcoin and the fact that it is not presently easy to profit from falls in the price of a bitcoin at any significant scale.

As I understand the code, clients running after the fork and before the merge won't pay any attention to that new block chain.  Newly booting ones may have to decide which to believe, but no one is going to rewind past the last few blocks.

I'd love to hear anyone that's deeper into the code than I correct me on that.

you can't easily go back that far even with massive hashing power. satoshi's original paper shows this numerically.

i believe the whitepaper covers the case of trying to undo a transaction, whereas - as i understand it, trippy was speaking of maintaining a "shadow" fork that would suddenly emerge and attempt to usurp the block chain since the fork.

perhaps the maths cover that case as well, and i'm ignorant of their full implications.

oh, i misread. that is indeed possible, and it hasn't gotten enough attention. it's like an expanded version of the 'finney attack' and could be used quite strategically to significant negative effect.

in some ways, it's a particular case of the sort of problem that ben laurie was warning us about at http://links.org.

i don't believe anything in the code limits large reorganizations, except the hard-coded checkpointing of particular blocks at some releases. the network couldn't easily survive if newly downloaded clients disagreed with the old ones about the state of the network. they need to validate each proposed chain for themselves and accept the one with the greatest total proof of work. (that said, i haven't stayed current with each new release of the code, so i'm not sure if it has been modified in this respect. but unless very sophisticated, my belief is that such a change wouldn't make much sense.)

seems like a couple public write-once block databases would sew this up - in a total OMFG freak out the clients could go into quorum mode...  freenet, maybe?

right, it requires a redundancy that is not presently part of the bitcoin system. the problem is that it will never be clear, without a non-bitcoin mechanism for reaching meta-consensus, which block chain is the 'honest' one. as an example, it might not be the first; for all we know, the first was the attack, and the 1000 others were the remedy to the attack. (this once happened in response to an integer-overflow bug that led to a mended block chain at satoshi's direction with the help of powerful miners.)

"s" once outlined a detailed mechanism for redundancy, but he or she was apparently pushed away from the forum by extremist responses and deleted that post. but i recall a model similar to freenet as one robust anti-double-spending mechanism.

But if the attack were sprung right away like that, wouldn't it hit folk's radar pretty quick?  As I understand it, you can't simultaneously wrest control of the network AND dodge the difficulty increase.

Nobody smart would attempt to DoS Bitcoin by outrunning the chain. That's not a threat worth worrying about. You can knock nodes offline without any expensive computation and because all nodes are discoverable that means you can take the network temporarily offline, until people upgrade to a new software version that is more DoS resistant.

Not all nodes are discoverable.

If you mean non-listening nodes, they don't matter because to take the network offline all you need to do is take out the listening nodes.

No, I don't mean non-listening nodes, but those would qualify also because they are intermittently listening.  The network is a very fault tolerant, self-healing system.