Bitcoin Forum

Indeed

For the thousandth time, having 50% doesn't really help your attack chances all that much compared to having 49%. And even if you do have that much, the worst an attacker can do is double spend their own coins. No one can take your bitcoins or anything (at least, not the ones with many confirmations).

The best attack a pool with >50% could do is begin going backward in the block chain to rewrite it. During that time, no one in the pool would be getting paid, so people would be like, WTF. The network hash rate would drop by half so more people would be like WTF. Sooner or later the plot would be revealed and people would switch pools. No big deal. End of story.

On top of that, the pool owner probably has a heavy investment in bitcoins. If he screws with bitcoins he is just hurting his investment. Who would do that? He could probably make many, many times more continuing to run his pool correctly then he could get from a few hours of double spends followed by a crash.

The only real effect a >50% attack can have is mucking up bitcoin. And it only lasts as long as the 50% remains in control of an attacker. A pool isn't going to have that for long.

http%3A%2F%2Fs4.postimage.org%2F5ioikon6t%2Fchart_chs_350x200_chd_t_0_75_49_14_3_75_22_57_5.png

doesn't work

Where did the original post go?

EDIT: Ah, it is back.

It's not about the probability of it happening, It's about the possibility.

As it wasn't possible before, but now it is(almost).

You're right the pool owner probably won't try to sabotage it, but it's now possible for him to do it.(almost)

ATTENTION!
http://www.youtube.com/watch?v=J61wuSKSryE (http://www.youtube.com/watch?v=J61wuSKSryE)

It is possible to do a double spend attack when you have 49%, or 48%, or even 40%. You just have to get lucky and create more blocks than the rest of the network over a short period of time.

Even with 50% or 51%, you still need a good bit of luck.

There is a possibility of terrorists assaulting airports checkpoint and causing a big fricking huge massacre of civilians because the TSA doesn't give the fuck about REAL security.

True, but it doesn't mean it's going to happen.

It's ironic that the users who are supposed to guarantee for the security of the network are the ones who care the least about it as long as it makes them a couple of legacy bucks.

You know, as long as they are up on that chart, that is proof that they are using their resources productively. I'd be more suspicious is deepbit suddenly dropped to a small sliver, that could mean that they are diverting hashing power to an attack.

But then again, we don't know how big deepbit is besides what they productively do. Perhaps they are three times that large and are using the rest to mount a long term attack. And in the meantime, they are paying off their miners with their own funds. /conspiracy theory

My point is, the chart is useless. If someone were attacking, they wouldn't be on the chart. If they are on the chart, they aren't attacking.

who is designated responsibility for the security of the network? is that not up to the users to secure themselves? via securing their wallets and taking personal responsibility for third parties that they trust (pools, exchanges, etc)?

It might be a good idea to go with a less alarmist title.  This is a situation that might warrant asking miners switching to a different pool, but to say the security of bitcoin was nearly breached is an extreme over reaction and false.  The pool operator does not control the hardware of the members of the pool.  If the operator started monkeying with the transactions in the blocks it created...or tried to withhold some blocks in order to effect a double spend, I think it would get noticed in short order and the pool operator would find themselves swimming alone very quickly.  In fact, if the pool participants would simply announce any blocks they find directly on the network, it would eliminate the attack where the operator could withhold blocks in order to double spend.  There was also a proposal a while back for a way to operate a pool, but still allow the decision regarding which transactions go into a block to be controlled by the mining participants, not the operator.  And that would completely eliminate any issue with a powerful miner.

Still, it is good to encourage people to switch pools.

Tycho earns thousands of dollars per day legit by running the pool.

Why risk ruining a good business?
He's even proposed countermeasures & paid bounties for people to monitor him and nobody took up the challenge.

It's the miner's job to verify the block chain. This is the main nerve of Bitcoin, and it's not affected by locally encrypted files or auditing of services.

If the motive of a pool operator is to discredit Bitcoin rather than profit, this attack would do much more damage than a few exchange rate swings. We've seen how BTC Guild usage recently exploded, so it's not unthinkable that future pools will be able to gain mass network share. If profit is the motive I guess it would be a lot easier to just keep a few blocks now and then without announcing it to the users. And I suspect this is already happening.

Why risk taking a whole block every now and then when you get 3% of each block anyway?

And it isn't risk free, the miner could have software that informs him he has found a block, and if it isn't later reported, it could arouse suspicion.

What i think would be useful is if someone with the right set of skills and resources would monitor Deepbit and Slush, and figure out how much of their power comes from botnet participation...  ;)

BtcGuild was big until they supposedly decided to ditch a botnet and got DDOS'd. It will be interesting what size it will be once it comes back.

Perhaps, on basis of that, we'll be able to make some wild guesses regarding how much of Deepbit is actually botnet power being stolen from unsuspecting internet users...  ;)

Botnets simply cannot contribute that much. The average computer could only hash pathetically. Even tens of thousands of average computers would probably only be 50-100 gh/s.

Graph doesn't have a title.

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......

which would probably be considered a small botnet. to back you up, the problem is not that each computer is only offering a small amount of computing power, the real problem is when they are aggregated together. 10/100s of thousands of small machines could potentially make up a large percentage of a pool. when you consider the fact that who ever is running the botnet is pulling in btc while not paying for any of resources (except software costs) for those machines and requiring only a small amount of manually effort, its looks like a very lucrative venture to point those machines at a mining pool. i have no doubts that they will get better and better about masking themselves: load balancing pools, randomly disconnecting to look like a normal user, multiple withdrawal addresses, etc. Or just flat out running their own pool -- not much could stop them.

Word! Testify!!! Amen!  ;D

If the BtcGuild story is true, BIG UP to them, for having the ethics to do what Deepbit probably doesn't...  :)

There are nearly 50% of pool miners there for one reason - they like DeepBit better than the others.

When other sites are more reliable, cheaper, produce more coins, have a nicer interface, whatever the reasoning people are choosing deepbit - they will switch to someone else.

It's not about hacking or stealing coins or any of this other nonsense.  3% commissions on 50% of 154 blocks a day... lets see... excluding the "change", and neglecting the 10% fees on the share miners:

77 * 50 BTC = 5775 BTC per day * 2% = BTC 115.5 per day, or $1732.50 USD at $15/BTC...

Now tell me, when you're already making $52,000.00 a month, or $623k a year conservatively, why are you going to muck around?

People need to stop and think before making these idiotic posts.

cheers, m8. Glad you understood my not so carefully drawn out thought there. My main point being the amount of hash power from such a small botnet. The usual assumption I have seen echoed here is that botnets would produce much lower hash per zombie than what was seen from the recent one. Scale it up and it = scary shit.

 :D Right. And Micro$oft Windows became the predominant OS because it was better than all the rest...  ::)
http://www.youtube.com/watch?v=Xda4mZK4wpM (http://www.youtube.com/watch?v=Xda4mZK4wpM)  ;)

You'll note I didn't say it was better - ever.  What I said was "they like DeepBit better than others".

The quality of a product has nothing to do with whether or not people like it better.  It's a contributing factor for some, but Dodge will always sell a ton of Dodge Neons because some people don't care about quality, as long as there are readily available coffee can mufflers and plastic spinner hubcaps for it.

Microsoft's dominance hasn't changed, but it certainly has less of a margin with both OS's and browsers, with browsers slowly sliding towards no longer being dominant.

Microsoft became the predominant OS for several reasons:

-They made the personal computer affordable versus IBM PCs with IBM DOS
-They made deals with computer manufacturers that incentivized them to sell Windows and not OS/2 or Mac or Linux
-Even with less than perfect and sometimes terrible implementation of ideas, they eventually "Get it right" and give people what they want.

The difference with Mac is, they invent something new and its either a.) very useful or b.) they use hype to convince people its a NEED.  Microsoft combines innovation with immitation.

That being said:

I have an apple phone
an apple desktop
an apple laptop
a windows computer
a windows notebook
a windows NETbook
a linux server
and an android tablet.

Each has its own purpose.

Unfortunately I don't speak Russian, so I can't really understand the youtube video, but I'm sure to you and the other 9,000 viewers it was epic :)

Well, since you don't speak Russian, perhaps you should use GoogleTranslate and spend some time in the Russian parts of this forum and the internet, before making your own "idiotic posts" about Deepbit...  :D

As a Russian: "Just saying..."  ;)

Deepbit blocked it then it was shopped over to BTCGuild who caught it and blocked it, then bitcoin.lc who blocked it so far.

You got a little prejudice on your face there.

As with all things in life, time will tell what's on whose face...  ;)

The chart just pulls hashrate numbers from the pool websites, then divides by the overall network hashrate to get the percentages.

During an attack, the total network hashrate would drop, but the attacking pool would probably continue to report its usual numbers (unless the attacker intentionally changed them).  The "other" category might even go negative, since it just represents the portion not accounted for by the reported pool hashrates, though I'm not sure how that would show up on the chart.

So this whole supposedly decentralized, resilient crypto-currency comes down to this?  "We trust this one guy.  Why would he want to screw us over?"  Why not just use E-Gold or something and quit wasting electricity?

Also, remember that you're not just trusting Tycho.  You're trusting anyone capable of compromising his systems, or of performing a rubber-hose attack against Tycho himself.  You think he's going to side with us if the Russian mob starts threatening his family?


What good would that do?  I've been watching Deepbit's hashrate hover above and below 50% of the total network this morning.  Most of the miners are probably asleep right now.  As for the rest, if they can't get their shit together to keep things balanced, what makes you think they would do anything about an attack in progress?  It would only take about 2 hours to pull off. (http://forum.bitcoin.org/index.php?topic=26683.0)

Cuddlefish had a much better idea to solve this problem (http://forum.bitcoin.org/index.php?topic=9137.0), but it doesn't seem like anyone's working on that either.  No posts in that thread for a month now.

http://www.securelist.com/en/images/pictures/klblog/208188134.png (http://forum.bitcoin.org/index.php?topic=24448.0)

Very nice to see they are doing something. Ouch that it apparently is capable of snagging legitimate users as well.  Maybe the ip limit is too low verse period of time multiples connect? How many IP's did you have connected, if I may ask?

That's proof of the botnet that Deepbit "doesn't have the ethics to block" for people who like to make damning statements without doing any research.

I wish you could comment the guy's statement who is accusing Deepbit outside of my comments. I just don't want to appear I was pointing a finger, which i was not.



And in response to the Russian post, I was under the impression this was a regular user who was blocked by the new security measures Deepbit imployed but he is a legitimate user. Maybe you can read Russian and saw differently?

did they setup their own pool?
other seems rather large, it was almost 45% earlier now it's about 1/5 of the total.

Thats a 'shopped' image there, homey G nugs...

Well, if something in the Deepbit interface is "proof" enough to you that Deepbit is blocking ALL the botnets, good for you!   ;D

As i said, i'll wait until a more credible third party has some proof, which would obviously not be Deepbit or its workers.  :D

Some pretty shady "business" deals are made and unethical actions tolerated in the Bitcoin world. As in the rest of the criminal world, one botnet doesn't have the same friends, alliances and capabilities as every other...  ;)

Try clicking on the image for your "proof." Until then, you are on very shaky ground.

nah, this:
http://www.bitcoinwatch.com/

the cool little pie chart, g.i.t.s. looking thing.
earlier it was about 45%, then about 1/5th. unless the only reason they were in other making it so large was because they got kicked from the named pools, and they didn't have anywhere to go?

My point was that, as we have seen before, one person's parasite botnet is another person's "business partner."  ;)

Even IF it turns out that Deepbit doesn't have such "business partners", it's unethical for Deepbit and its workers to take even close to 50%.

That makes a joke of the already obvious fairytale of "decentralized Bitcoin," in which the system can be disrupted by attacking or subverting just one mining pool...  :D

What also then becomes obvious is that - just as it is for the Wall-Street bankers - for Deepbit and its workers it's not really about the health of the monetary system as a whole. "It's all about me and getting mine"...

In the immortal words of one proud miner:

That makes all of the Bitcoin ground pretty damn shaky... :D

So you are not going to retract your accusation regarding Deepbit accepting botnets?

And you're interested in Bitcoin to what, buy rainbows and gumdrops for all the third world children?

How do we send people back to the newbie board? Posting this kind of repetitive alarmist BS should be automatic timeout to the newbie board for a month.

And when will SMF give filtering options so that you can hide all threads not started by 'x' level poster...

Come on man, that's not fair to the newbies! They need to be put in isolation. Maybe time to institue the mod that blocks trolls from posting in threads but still shows their posts in the threads. After 2 or 3 usernames they might get bored and go away or actually become contributory to the forums.

Not just threads started, filter any posts at all by a user configured post number.

It's not an accusation; it's a simple hypothesis, given the way some of the biggest business is traditionally done in Russia. ;)

Since Deepbit's terms and technology can be duplicated by any other pool, its persistently incongruous size is suspicious. It will be useful when someone with credible skills and network position figures out the botnet share of that. Deepbit plantation helpers are not a credible source of such info to me...  :D

What is pretty clear to me is that an entity or a group that doesn't have the ethics or greed limit to stop itself from grabbing 40-50% of the worldwide supply of something, would not be above tolerating a friendly botnet to help it continue to do so... ;)

It's purely a hypothesis, but he'll follow it with plenty of accusations. Love it.

Let's See:
Security Troll: Check
Paranoid/Conspiracy Troll: Double Check

You have a right to your delusions, just as i have a right to mine...   :)

There's another way to get big, and that is by providing a great service and making your customers very happy. Since you're new here, you should look at Deepbit's history; this is mostly what Deepbit has done.

I don't know what "Deepbit's plantation helpers" means.

As for me, I stopped mining at Deepbit after he gave an answer I didn't like about having 50% of the network. Maybe I'll start again after he has less percentage of the network. Maybe I won't.

If you do some research regarding my registration date, you'll see that you are the new one here...  :)

I was already here before there was such a thing as Deepbit or Tycho, even Slush wasn't open yet, and i could mine with a 5450...  :D

So, there is little point in my reading the history that i watched happen real-time...  ;)

It was already clear then that the exceptionally greedy farmers, such as ArtForz, were about to force everyone else to pool, which would create vulnerable centers in the "totally decentralized Bitcoin" still being falsely advertised today...  :D

Then, there would be greedy pool operators, such as Tycho. In a few years, they will consolidate, and become the central bankers of Bitcoin, if it survives that long.  :-\

Then, we'll be back to the same thing we have today with fiat bankers - a few influential central bankers of Bitcoin dictating to the rest of us how much share of the market they will have, and how much in fees we'll have to pay them...

How great that revolutionary new system will be!  Then, i will also not care if "Bitcoin fails"... :D

So there is/was a discussion if deepbit allows botnets ? Or was this the first time anyone mentioned this idea.

Very interesting, I need to look more into this. 

A number of issues I've encountered on other pools, just kept pushing me back to deepbit. For some reason Deepbit just works (except during a Ddos). Other pools need to get their act together and compete better.


I'd think so too, at least regarding all the mucking around that has been mentioned in this thread, double spending etc... no-one in their right mind is going to risk a $50,000 per month income that's still growing to rip people off once with some double spending or sh*t like that.

No, it seems to me the risk is in the pool doing something that will benefit itself AND its miners and being able to pull that off alone. The most obvious thing would be to increase (let's say double) the mining reward (or refuse to lower it to 25 BTC by the end of next year). Not only would that double the pool owner's income (in BTC terms), it would also double what the miners earn, and would more likely attract more miners.

If other pools didn't follow suit, they'd find all their blocks invalidated and end up earning nothing. Pressure to follow such a move would therefor be enormous.

This would all be at the expense of those holding BTC, in exactly the same fashion as a central bank that prints more money.

The only miners opposed to such a change would be those already holding lots of BTC.

Or have I overlooked something that makes this scenario impossible?

Worse than that: there was a discussion regarding the major pools forming a cartel (https://forum.bitcoin.org/index.php?topic=2227.0) to collude against the rest of the network...

If you think Tycho, Slush and the like are of such pristine moral fiber that they would never "muck around" with that to satisfy their unlimited personal greed, i have a forest of Bitcoin trees near Moscow to sell you...  :D :D

Well if this is your scenario then why wouldn't they just decide to make the reward 10k per block as of today? Yes they could fork the chain but those blocks would not get accepted by the rest of the bitcoinDs. So you mine BTC' that will not comply to BTC. Guess that's a stupid plan. Exchanges and honest users would not accept those.

Better they start a new chain then ...