Bitcoin Forum

I wish to discuss the following attack vector, as it seems to be a major security risk for Bitcoin.

If Ethereum mounted a successful 51% attack on Bitcoin, it would likely crash the value of Bitcoin, making Ethereum the new number one cryptocurrency.

The cost of a 51% attack has been estimated to be $6–$20 billion [1]. This is only 1.3%–4.4% of Ethereum's current market cap. And it is only 0.5%–1.5% of its potential growth if Ethereum knocks down Bitcoin and conquers its full share of the cryptocurrency market.

If Ethereum's stakeholders pool their resources, they could thus easily afford a 51% attack (also known as a Goldfinger attack in this case) against Bitcoin, and could profit quite considerably from it.

In my recent preprint [2], I also discuss how the stakeholders could potentially bribe existing Bitcoin miners anonymously through smart contracts in order to make the 51% attack even more feasible.

I posted a similar topic over on AltcoinsTalks' discussion forum, and there seems to be at least partial agreement in that thread that Ethereum stakeholders could indeed afford such an attack, and that they could in theory gain from it. The main contention at this moment seems to be more about whether they would dare or not.

So I want to pose the following question to this discussion forum: What steps will Bitcoin take to mitigate this attack vector, if any?

In particular, is it realistic that Bitcoin will convert to Proof-of-Stake as well in order to prevent such a 51% attack from being profitable?

General discussion about the feasibility and severity of this "Rival Goldfinger attack vector" is also very welcome: Is it safe to invest in Bitcoin before this attack vector has been mitigated?

[1] L. Nuzzi, K. Waters, and M. Andrade, Breaking BFT: Quantifying the Cost to Attack Bitcoin and Ethereum, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4727999.
[2] M. J. Damgaard, A severe Goldfinger attack vector on Proof-of-Work blockchains, https://www.researchgate.net/publication/382247908_A_severe_Goldfinger_attack_vector_on_Proof-of-Work_blockchains.

ethereum highly likely cant/wont 51% attack bitcoin, its just not economically viable/effective/beneficial

firstly
ethereum is not even a PoW algo chain. so even if current ethereum users were to collude to want to 51% attack bitcoin.. they just cant decide one day and just do it
instead they would need to sell alot of their staked coin and then buy a heck of alot of asics. and this is not a cheap thing, nor a fast thing

bitcoiners dont buy bitcoin asics just for a one day poke at hashing for sats. they instead know that their hardware investment has about a 2 year ROI meaning that ethereum stakers cant just jump in and out for a quick one day attack at low cost. they instead have to spend ALOT of their stake combined over many many individuals colluding to afford hardware which wont reap rewards anytime soon

its also worth knowing a "marketcap" is not a storage of cash waiting for people. its just mathematics of its current(just processed) market order of a 0.0x eth multiplied by coin in circulation..

if you look at the ethereum market order book, orders are not thick of millions of coin sold per second so as soon as ethereum holders start selling coin to even try to collectively gather billions of dollars to then purchase bitcoin hardware.. just the effect of a few first runners selling ethereum would crash the ethereum market and cause the market price to drop with each subsequent seller lowering the price more and causing a case that there wont be enough buyers to get them to the billions needed

but lets say they gathered billions
at this point buying hardware, waiting for delivery and then running the asics.. wont be a situation where people would all be ready to 51% within day or a month, it would take many batches of orders over many months to get enough hardware delivered meaning many users already losing value on their eth sale wont then want to wait around to collude on a decided attack day, but instead want to morally mine bitcoin for good to start recouping losses.
so over these many months. ethereum market has dropped and lost many participants(stakers) so the ethereum community dies out trying to take on bitcoin.. and then most colluders would have felt the pain of loss and would not then want to hurt their investments(now in bitcoin) to hurt bitcoin because they would then be hurting themselves AGAIN. so they will convert to ethical miners helping the bitcoin network to protect bitcoin to protect their investment in bitcoin hardware which would need 2 year to recoup

..
as for the 51% attack itself
a 51% attack cant change the code network wide just from block producing, because if they chose to follow their own protocol in their colluding group all they are effectively doing is changing THEIR edited nodes to create an altcoin. whilst the normal nodes receiving normal blocks will continue receiving normal blocks from the moral half of the network
so effectively to stay on the network all that a 51% attack can do is:
*reverse recent confirmed blocks to undo a few transactions, which is not profitable unless they recently(same hour/day max) spent ALOT of value on bitcoin and received the goods and now want to refund themselves to "double spend" that value again..
or
*they would "empty block" new blocks containing no normal transactions apart from ones they choose.. which if they dont let certain transactions through they wont be able to spend their own rewards because the services they want to exchange with wont trust them or be able to do business if the exchanges/services other transactions are being denied

The fact is Bitcoin network had biggest total hash rates back in days when Ethereum blockchain was still Proof of Work.

This site gives you some information with its archive through Wayback machine.
https://howmanyconfs.com/

Archive in 2020
https://web.archive.org/web/20200814025529/https://howmanyconfs.com/

And now Ethereum is no longer pure PoW, how do they attack Bitcoin network by shifting rigs to mine Bitcoin rather than ETH?

A thread on risk of 51% attacks with main content from Jameson Lopp's blog.
How many Bitcoin confirmations is enough? (https://bitcointalk.org/index.php?topic=5443953.0)

@franky1, you make some very good points. In particular, it is true that the Ethereum stakeholders wouldn't just be able to buy the ASICs from one day to the other. Nor will they likely be able to bribe the existing miners unless they also pay for their ASICs as well, since these will most likely be very hard to sell after a fall of Bitcoin.

This cost is considered, however, in the referenced $6B–$20B estimate by Nuzzi et al.

I also want to contest you on the statement that Ethereum would collapse as a result of buying enough ASICs or bribing enough miners. $6B–$20B is only 1.3%–4.4% of Ethereum's market cap, so it will only require 1.3%–4.4% of all Ether in order to pay for a 51% attack. Not something that is at all likely to cause a crash of Ethereum, will you agree?

To your point about the attackers having to 'wait around to collude' (assuming that they choose to buy ASICs rather than bribe miners and buy into existing infrastructure), it is worth pointing out that they don't have to be idle as miners in that time. They can behave as honest miners right up until the attack. Also, since this will mean that rewards will become more thinly spread out, some of the actual honest miners, who aren't backed by Ethereum stakeholders, will likely fall off in that time, making it easier for the attackers to gain a majority.

And to your point about the consequences of a 51% attack, it is worth underlining that the majority of the costs of a 51% attack are from buying the equipment. The operational costs are small in comparison. Once the attackers have gained a majority (and with the backing of Ethereum's stakeholders), they will thus be able to rewrite many more than just a few blocks of the history. They could potentially steal a lot of bitcoin in doing so. And it is therefore unlikely, as far as I can see, that Bitcoin's value wouldn't be severely damaged by this. Would you agree?

The fact that Ethereum is now PoS is exactly the underlying reason why it is not really vulnerable to a similar kind of attack, aimed back at itself. Feel free to disagree with me on this point: I would not mind at all discussing this further.

Historically speaking, whenever Bitcoin crashed, it took the whole altcoin market down with it, including Ethereum. I highly doubt Ethereum would fare much better if it were the cause for such a crash (arguably, especially if it were the cause of the crash).



The same paper estimates an attack on Ethereum to cost around $34 billion. That would be around 2.5% of Bitcoin's market cap so the "threat" kinda goes both ways.

These are two very good points.

First of all, it is true that the price of Ethereum seems to have roughly followed the price of Bitcoin in the past. However, (as User Stompix pointed out in the mentioned AltcoinsTalks thread) it is not at all impossible that Ethereum will be able to spin it as battle between 'PoS vs. PoW' (and 'Ethereum vs Bitcoin'), sort of like a 'Nokia vs Samsung' or 'Pepsi vs Coca-Cola' situation. Once the public hears that there is a contest between the two technologies, the price of the two might no longer remain correlated.

Your second point is also very valid. But first of all, if some of the Ethereum stakeholders start funding an attack, all they and other stakeholders would have to do is to in order to mitigate a reverse attack is to collectively stake a larger amount of the total Ether. And what's more, if one reads the Ethereum docs, see in particular https://ethereum.org/en/developers/docs/consensus-mechanisms/pos/#pos-and-security, it appears that the Ethereum stakeholders believe (and maybe rightfully so) that they will easily be able to revert a 51% attack, even if one happens.

6-20M to reverse how many blocks exactly? The way PoW deterrence works is that the cost is disproportionately higher than the result of such attack. Spending such high percentage of total market cap would be viewed as a loss for Ethereum, because it means that after a couple dozens of such attacks Ethereum's value will collapse, will Bitcoin will just suffer from a temporary set back. And the practical damage of 51% attack can be mitigated by requiring more confirmations.

Successfull 51% attack on btc will create so big fud wave that all crypto will be doomed. Not sure that anyone from crypto really want to do it for promoting of own project

6–20 billion, so hundreds of blocks, really.

No, the potential gains of a 51% attack on Bitcoin is much higher than the operational costs (since the transaction volume is much greater than the mining costs). And especially if we are assuming that the value of Bitcoin will recover afterwards, as you do. Then the attackers would just be able to keep coming back for more, once they have gained a majority.

Well, imagine that the attack is preceded by a long argument between the Ethereum and Bitcoin communities about whether PoW is still a viable technology.

If the Ethereum stakeholders can only prove that they have enough the power and money to mount a 51% attack on Bitcoin, perhaps by showcasing a small and harmless demonstration, then they would have a pretty good argument for why investors should buy into their PoS solution instead.

At that point, all they would need to do, in my view, is to stir up tensions about whether an actual attack will happen just enough for the some of the Bitcoin stakeholders to become uneasy and start migrating to Ethereum instead.

Once this migration has started, Bitcoin's value would drop, which would then make a 51% attack even more affordable. This could thus create a positive feedback loop where more and more investors will start migrating from Bitcoin to Ethereum.

The first ones to move will earn a lot of money, just like the preexisting Ethereum stakeholders, but the last ones to move will have lost a lot.

What do you think, is this scenario pure sci-fi, or does it sound like something that could realistically happen? 

you think 1-4% is not enough to crash a market.. but here is the thing.. not all coins circulating are on the market.. only a small proportion of coins crculating are on market orders so a sudden increase of coins hitting the market supply would cause change

take for instance bitcoin, there are over 19m coins in circulation.. but there are not 19 m coins on the market. most market orders are 0.0X coins per order.. so if there was a sudden period where people were colluding to sell for instance 190,000(just 1%) coin the market orders would flood with sell orders compared to the norm.. now translate that to the numbers of ethereum circulation amount and market supply and see some scenarios of then dumping 1-4% of that circulation on the market supply.. you will soon see how it affects the markets

we seen it many times in the bitcoin market when the market orders were <1btc each. but then whales created walls and orders of just 1000 coin order lumps.. it had enough impact on the markets


so we agree that they would mostly want to act as honest miners until some colluded attack date when they had enough power to attack.. however they would then while running honest, realise that now they have become bitcoin investors. their own economic position is now in ROI of bitcoin. and wanting to shoot self in the foot to attack bitcoin.. would lose them income


if you play out hashrate speeds.. there is only so far they can go back and then be able to then re-hash old block heights to catch up with the honest mining pools..
..emphasis: to achieve an ability to go back x blocks and then catch up and overtake requires more then just 51%

imagine it like olympic runners (400m relay)
2 runners, one can do 100m in 10seconds. the other can do it in 9.8seconds
now if the fastest runner can just about beat the other runner each race.. how far can he run backwards before then running forwards to overtake the other runner
can the fastest runner honestly run the first 100m side by side other. then run backwards then start from the start and run the entire 400m and still beat the other, where the other only had to run 300m in the time the dishonest racer had to redo the entire 400m
think about that
the dishonest runner cant just go back as many xxxm portions and redo the race like 2km back and then overtake the other honest runner
run the math

Those are some very good points you mentioned there. If this happens, ETH price will drastically go down and we can probably see it below $1000 or may be even $100. It would be funny to watch ETH stakers collaborating such an attack only to find out that it would backfire at them.


Lol, at least they won't get any idea to attack a blockchain now that they will be supporting the top most blockchain  ;D

So far each time bitcoin had dropped, altcoins like ethereum get annihilator without recovering.
For example back in 2017 bitcoin was at $20k and ethereum at 0.15BTC then bitcoin crashed to $3k and ethereum got destroyed by dumping down to 0.01BTC.
Today bitcoin is back up to $20k and past that to almost $70k while ethereum is about 0.04BTC

You can't 51% attack with money, you'll need hardware. There is no $6-$20 billion worth of hardware for sale!
You can't also pay for it with market cap, they'll need to first own that much ether then dump it to get the money which would crash the price of this shitcoin and won't give them nearly as much as tens of millions let alone billions!

At the end of the day with or without bitcoin we all know that ethereum is useless. Its only utility is for junk creation (ICO, IEO, STO, NFT, etc.) that have no usages in the real world.
It also has unlimited supply and a mutable blockchain with so many security flaws.

That all means ETH has no potential for growth whatsoever even if bitcoin dies today!

There is no "profit" in performing an attack because a successful attack would crash the price and the market will shut down to prevent losses by exchanges.

A miner is running a business and has made a significant investment. Why would a businessman kill his own business by attacking the very thing that is making them profit?

The step are already taken and it is called PoW!

No because PoS is a fundamentally flawed protocol that opens the way for far worse attack vectors compared to the impossible and super expensive 51% attack.


They've already tried that with "flipenning" nonsense many years ago. They got a little hype for their shitcoin and saw a little pump that didn't last that long.
That's about it...

As I said, at the end of the day ethereum is useless in real world.

what people dont realise about ethereum is due to the change of ethereum years ago, they lost alot of independent market speculation. and jsut become a shadow of bitcoins arbitrage market.
in short its bitcoins doing arbitrage via eth bridges in the market that is keeping ethereums price up. even when its value(cost) had declined by 95%+
so when the stakers(locked of of the market) suddenly unlock and sell. they will affect the market more then people think

ethereum does not have much of its own independent value sentiment. its just a sheep market for bitcoin arbitraging
you can see this because the difference between its independent market discover changed to a near flat line compared to bitcoin where bitcoin took control of ethereum price discovery

look how random and independent ethereum price was before may 14th 2021
then look how calm and roughly pegged ethereums price ratio became after May 14th 2021
https://talkimg.com/images/2024/07/28/4eBVP.png

yes slowly ethereum is losing its price ratio peg, moving from 12eth=1btc to now 20 eth=1btc over 3+ years. but the stability difference of that may 14th 2021 is revealing that ethereum lost its independent price discovery and come somewhat pegged to bitcoin at the 12 to 20 eth per btc ratio since then.
that ratio would get hit more when ethereum stakers unstaked and went to market

We've already discussed 51% attacks on Bitcoin in a few recent threads. My own scenario had a large nation-state player like China or Russia doing it.

It's worth noting that in that discussion, it was pointed out that only two companies control more that 51% of the Bitcoin hashrate. An entity controlling these two companies (either through legal/political or clandestine means) could effectively control the Bitcoin network.

The other conclusion from the threads was that Bitcoin is ultimately protected by... the US federal government. Any actor, be it private or national, would have the USA to contend with if it were to try something like this. Indeed, it is undoubtedly the threat of the US government's reprisals that probably keeps a major entity from attacking Bitcoin. (Kind of ironic, given all of the anti-government rhetoric coming from some of the Bitcoin community).

This is worth thinking about, since the one thing Bitcoin could not survive would be an attack by the US government itself, say if Trump were elected and he was told that replacing Bitcoin with his own personal currency would make him a trillionaire.

I think at this point anyone that is interested enough in crypto to be invested (or to consider investing) is already well aware of the PoW vs PoS situation.

Regardless of that it seems impossible to guess how the market would react in practice, but given that history suggests both that (1) Bitcoin crashing takes the rest of the market with it and that (2) markets react surprisingly little to 51% attacks (though those were admittedly rather minor alts) it seems like the odds are not especially in an attacker's favor -- at least in the scenario of Ethereum trying to take Bitcoin's throne by means of a 51% attack.



Please note that I'm merely comparing the two cost estimates given by the paper, assuming that both cost estimates are equally reasonable and that both attack scenarios are of similar impact. Discussing the validity of these conclusions are a different matter, but would require taking a closer look at both estimates.



According to the paper the range of 6-20 billion would apply to an attack that lasts for one hour. So that's about 6 blocks, not hundreds.

This seems surprising to me. According to https://bitinfocharts.com (today), the transaction volume is roughly 0.6% each day. So I have a hard time wrapping my head around the proposition that transfers of 1%-4%, potentially over several days or months, would crash Ethereum?

Also, I think the context for why these transfers happen is important, i.e. whether they happen because investors lose interest, or if they happen simply as part of making payments.

By the way, have you considered the eventuality that I describe in my preprint where the stakeholders simply locks Ether to a smart contract instead, which is then automatically pays the participating miners in case of a successful 51% attack? Here the transfers only happen once the 51% attack has already taken place.

To your other points of your reply, yes it is true that it would require more than 51% for such an attack, ideally, and it is also true that the attackers have to weigh the profits of being honest miners against the rewards of an attack. But in the end, all this is a matter of money. And if the funding Ethereum stakeholders are willing and able to part with enough, then they should be able buy the miners for their malicious cause, assuming that the miners act selfishly, of course. 

I believe that you are vastly underestimating Ethereum. The value of Ethereum is not 4% of Bitcoin's. It is currently 32%, according to https://bitinfocharts.com.

And regarding all the supposed security flaws of Ethereum's protocol that you mention, this also shows that there are quite a lot of people who disagrees with you and believes it to be secure. However, I would love to hear more about what you believe those security to be? This sounds quite interesting.


Yes, this is already taken into account in the estimated price of the attack.

It's WAYYYYYYY more then that.
You also need
1) Places to host said miners.
2) Power to run said miners.
3) Staff to configure & take care of said miners
4) While buying all the available hardware for months and months you need even more money since due to lack a availability prices will go up.
5) Luck, because even someone with a $200 piece of hardware can ruin your plans.
6) Spare hardware because lets face it a lot of miners are not the most reliable things out there.
7) Even more hardware since as you are obtaining this hardware and setting it up difficulty keeps going up.

And I'm sure there are even more things I and others have not thought of mentioned.

There are many easier / quicker / cheaper ways to disrupt BTC mining. They have been discussed on and off for years and yet since nobody has ever done it, it shows that it's not really viable to do.

-Dave

Market capitalization (aka supply*price) does not correctly represent value specially for altcoins with no cap and a massive premine.

PoS is the newest flaw they introduced intentionally.
For others you gotta research the etherem's smart contract protocol and the flaws it has, like the most famous one that led to DAO issue and the subsequent roll back. A flaw that was never fixed.

Yes, this is already taken into account in the estimated price of the attack.
[/quote]
I'm not talking about the costs of the attack, I'm questionings its very viability.

It's not a 'flaw' it's a feature. Smart contracts don't stop you from doing anything stupid, that's not their job. Look at the thousands and thousands of token scams that keep popping up on ETH.
They don't stop coming.
People are still sending their ETH to contracts that will do nothing but take their money.




Pools are not miners. I am guessing that you are taking about Foundry USA and AntPool

Although they do host some miners that are under their control a lot of the mining hashpower that is coming into them is from independent miners running their own equipment. As soon as it looks like they are doing something funky / non legit people are going to point their miners elsewhere. If they get too big people will point their miners elsewhere. Even going back 10 years ago (crap has it been that long) GHash.io hit over 51% and the community freaked and miners moved off. It was a minor worry then and an even smaller one now.

-Dave

It doesn't really matter: a government entity could order whichever company to do their bidding, or take them over by clandestine means. In the latter scenario, nobody would even know what was happening until they had complete control of the network.

GHash.io is not Russia, China or the USA. GHash.io does not have a CIA, an FBI or nuclear weapons. Etc. etc.

Market capitalization of altcoins is very fake and distorted by massive pre-mined coins, tokens from founders and core team members. Newbies in the market, altcoin investors must be very cautious with altcoins and their market caps!

Bitcoin vs. Altcoins – projected Marketcap (https://bitcointalk.org/index.php?topic=5419558.0)

Well yeah but the whole system is flawed and that's because the idea behind it was flawed and it was also implemented with flaws!

Otherwise we have smart contracts in Bitcoin as well and the whole Bitcoin system is designed in a way to prevent users from doing stupid stuff like sending their coins to an OP_TRUE contract so that anyone can spend it.

Thanks for pointing out this write-up. Everybody investing in altcoins / memecoins should know about these things before they invest.

My project, Haypenny (https://haypenny.net/), seeks to be an honest and safe marketplace for altcoins / memecoins for the average consumer. With so much dishonest crap out there, our business model is to provide consumers a safe place, e.g. a marketplace with strong and enforced rules that protect consumers from fraud and misinformation. We're definitely going to add this write up to our site (in some format, not sure how yet).

My view is that the more information consumers can learn, the better it is for the long term health of the market. This is an aside to this conversation, but I'm glad it came up!

Also, again, the paper is assuming an attack duration of 1 hour.

That's $6-20 billion thrown out the window for... what? Showing that it could be done? The thing is, the 6 confirmations that the paper is using as a basis for calculating the attack cost are pretty much arbitrary. In case of an imminent or ongoing 51% attack, exchanges and merchants can simply increase the required confirmation count, increasing the attack's cost signficantly, with very little effort.

So basically you'd spend tens of billions to stall the network for a few hours. Basically what Ordinals achieved by accident, but to a much lesser extend.

Once again it shows you don't know how mining works. If I see VIABTC starting to do things I don't like my miners are going to be pointed someplace else in a matter of hours or less. Other more diligent miners will probably be quicker to point them elsewhere.
So will a lot of other people. So yes if a bunch of governments that are at least on the surface semi-hostile to each other got together and decided to force a bunch of mining pools in independent parts of the world operating in different countries work together to disrupt BTC then a bunch of other pool operators are going to see a ton more hashrate pointed to them.



Another thought, how much ETH is locked up in staking? [Don't know or care and not bothering to look] But if a bunch of people start unstaking their ETH to sell it's probably going to make other people wonder what is going on and they would start to unstake and sell and so on creating a dump.

You see it here with people trying to push the FUD that the MtGOX coins are going to cause a crash in BTC price, or some country selling off the BTC they too in from criminal busts is going to cause a crash in BTC price. Yet, it never really happens.
OTOH with people looking at $100000+ worth of ETH locked up in staking that take a while to unstake and a price that would be dropping I can see a lot of people pulling the trigger and getting out. IIRC it's something like a week once you unstake to get your coins so people are going to be worried about loosing even more $ with a big drop.

Also on that same note 2 providers (AWS and Hetzner) provide for just about 50% of ETH node hosting add in OVH and you are @ 60%
So if some government told these providers to shut down their services hosting ETH nodes you would have a lot of fun laughing as the ETH price dumped as people tried to get their funds out of staking (and could not since they could not reach their nodes) Also, I think if your staking node goes offline there are penalties [once again don't know or care].


-Dave

This is a very interesting point to discuss. I admittedly don't know much about the topic, but I did read this blog post by Conklin et al., https://sites.duke.edu/thefinregblog/2022/12/28/legal-liability-of-a-51-goldfinger-cryptocurrency-attack, as part of my research, which concludes that a 51% attack will be hard to prosecute in reality.

Its argument in particular about why the Computer Fraud and Abuse Act would be difficult for a prosecutor to use is quite interesting.

So a government has to get to... you. And people like you. Large governments would have no problem doing this through either legal or clandestine means.

There's no point dragging the discussion into the technical details of crypto when all cyphers can be broken with a Rubber Hose / $5 Wrench attack. Russia, China and the US have nuclear weapons and tens of thousands of personnel who can force people to do things, and economic control over millions more.

The only thing stopping a 51% attack on Bitcoin now and always, is... the US government. If another country did this, it would be an act of war and we would retaliate. If a large private entity did this, the FBI would intervene.

And if the US itself did this, then, well, they would control Bitcoin :).



Interesting article. Any takeover would probably need to break other laws though, which would be easily prosecutable, most likely. In other words, hacking, extortion, etc. would be required to pull off a 51% attack. Or in the case of overt move by a state actor, it would be an act of war on US citizens who hold Bitcoin, and the US would respond accordingly, no different than if Russia decided to attack Apple.

Yes, we certainly agree that it would likely require some change in the public perception of crypto. But who knows, that could happen. And it seems to me that once the Ethreum stakeholders truly realize that there could be up to a trillion dollars on the line, they will have more than enough motivation (and means) to make the public more acutely aware of the competition between the two blockchains.


No, the operational costs that the paper mentions are only in the millions. (And if we consider the daily total mining rewards, we also see that the price is measured in the millions.) So by far the largest part of the price of a 51% attack will be due to acquiring the ASICs (and/or compensating bribed miners for their ASICs).

Fair enough! I read/misunderstood your previous post as stating that $6-20 billion is all it takes, ignoring costs for the ongoing operation. But you're right, compared to the initial cost the operational costs are almost neglible.

So the US government was protecting Bitcoin from a 51% attack in 2012 and 2013 when Karpeles was running the biggest exchange in the world... That's an interesting theory :D
If China could do something about bitcoin and knew it was protected by the US, why didn't they? Why would they instead ban exchanges when Bitcoin was cheap and vulnerable to an attack by a rich and powerful country? As time goes by the cost of an attack will go up. There was a window to do it in the early years, but they ignored bitcoin thinking it wouldn't survive on its own. Now it's too late.
As for Russia forcing other people to do things... They can't even force one much smaller and weaker country to do what they want and give up some land.

Nope. Nobody, including the US government, cared about Bitcoin back then.

But if somebody tried it now, they would get in trouble with the US government (unless, again, it was the US government).



I am not sure what you are trying to say here.

you linked stats about blockchain transactions. not market volume
also of the $10b estimated actual market volume of ethereum today, majority of that is not sourced from staked ethereum holders but instead from a small amount of traders whom are bitcoin based and are arbitraging the markets in a loop pattern several times a second

so now put the math to work.. if you had an actual group of actual ethereum holders that want to wealth transfer to then invest in bitcoin hardware. the numbers even over many days would effect the markets

also i know you want to imagine it as many people selling just 0.0x eth every second for weeks on end, but in reality knowing that over 2 million bitcoin asics need to be bought over say 6 months to keep the collusive gang in check/entertained that their plan can succeed. they would need to sell hundreds of thousands of eth periodically to then bulk order in batches the hardware

as for your next suggestion about having ethereum users lock their ethereum and try to convince physical hardware owners of bitcoin miners to disrupt bitcoin whereby they only get paid after the disruption... um no just no.. the asic owners whom will still have hardware after the attack wont shoot self in foot for a temporary payday if it meant long term harm to their long term investment they physically hold

this is why asic miners dont even go full on extreme accelerating the hashrate as they know pushing the difficulty too fast too soon would affect their rewards.. so dont think that asic miners would suddenly jump ship just to attack their own investments for such a temporary payday that "may" not happen(ethereum holders lie about payout)

and lastly

you keep trying to make the false presumption that a 51% attack would lead to ethereum taking the top market cap.. and then win trillions because of it

sorry to inform you once again that the market cap $$ number is not real money stored in a vault waiting to be paid out..
the market cap is just a empty math number of taking the current price based on a small order of 0.0xcoin and then multiplying the number by how many coins in circulation.. its not based on real $$ held anywhere

infact if you only care about replacing a altcoin as the top market cap #1 stat.. do the simple thing.. create a altcoin with 5 trillion coins pre-mined/minted. sell 0.00x of those coins on a popular exchange for $0.01 and instantly create a market cap of multiple trillions.
yep a "#1 market cap attack" can occur at the cost of just $0.01

Oh, let me clarify, when I talk about the 'stakeholders of Ethereum,' I'm talking about all the stakeholders/investors/owners of the cryptocurrency, i.e. all those who are staking money in the blockchain, not just those who are currently staking their Ether as part of the consensus protocol. I can see how this might have caused confusion, and if so, I am sorry.

Maybe I should say 'Ethereum investors' instead from now on as to not cause this confusion.

In terms of there being no cap on the total amount of Ether, I think the point is that while Ether is deflationary, the owners are also able to stake their Ether in the consensus protocol, which will yield them returns. The average returns gained from each ETH at any given time will be equal to the average reduction of value of each ETH at any given time due to the deflation. And since the average returns equals the average reductions, the value of the asset remains constant in time (when disregarding other factors, of course) in the eyes of the investors.


Well, it seems that we agree that in order to bribe any existing miners, the Ethereum investors would have to also compensate them for their loss of business. Therefore, whichever strategy these investors choose, i.e. bribing existing miners or constructing new mining farms, they have to ultimately pay the capital expenditures (CapEx) regardless. And that price is estimated to be between $6B and $20B.

OP, you've seriously mis-thought all of this.


First off, price would not be 6-20 billion dollars. Very possibly over 100 billion dollars. Oh and don't forget all these people are gonna be paying taxes on their ETH sales so add a bunch more billions of ETH needed to sell.

You're talking about suddenly trying to purchase an amount equal to ALL the miners in existence, AND having to compete for these purchases with the existing mining industry which is always expanding, so prices of ASICS would go up. This would take wayyy more money than you suggest, and years to accomplish.

Then you need to add in the cost of finding places to run miners and set up the infrastructure, so add more billions of dollars.

Selling the Ether to get this done would drastically decrease Ethereum's price, meanwhile Bitcoin's price would be unaffected, making Ethereum's long term outlook to other market participants look weaker and weaker as the attackers are selling and setting up this plan over the course of a few years.

Oh by the way, in the several years that it would take to set this all up, the rest of the bitcoin hashrate will have grown so then these attackers will have to spend even more time and money (and selling ETH) to account for that and still be able to pull off the attack.

Finally, the people engaging in the attack would now no longer have a reason to want to do it because now instead of being Ethereum owners they are Bitcoin miners! They sold their Ethereum to mine Bitcoin. They are bitcoiners now, no longer participating in Ethereum. Their economic value is now tied to Bitcoin, no Ethereum. And besides, as stated above, by the time the attack could actually go off, Ethereum's market will have lost a lot of ground to Bitcoin so many of them at that point would probably not want to go back to Ethereum anyway when they are already now participants in a more successful cryptocurrency.

See how your entire idea works against itself. This is the power of Bitcoin and PoW. Bitcoin has global-level security and engaging in a 51% attack is pure folly.

I think this might be true for a Replay attack. But if the participating miners simply rewrites the blockchain ledger and steal a lot of bitcoin, but doesn't trade these for other commodities, then the trial will only concern the blockchain alone, and whether miners are legally allowed to construct such an alternative fork after x > 6 confirmations. Am I right in this?

And note that since the attackers true goal is to cause a crash rather than the steal itself, they would actually want to keep their stolen bitcoin on the chain.

What do you mean "steal a lot of bitcoin"? Do you know how the blockchain works?

No amount of mining allows someone to steal bitcoin from other wallets. In a 51% attack the attackers can choose which txs to mine and which not to mine so they would be able to censor the transactions, and they can double spend their own bitcoin, but they can't steal any bitcoin. The only way to steal would be from the double spending, stealing from the merchants they were supposed to be paying. And if a 51% attack is happening, pretty quickly everyone is going to know about it, and it'd be easy enough for bitcoin participants to stop taking payments from known attackers addresses until the attack ends. This is where the transparency of the Bitcoin network comes in handy.


Besides, the entire idea is preposterous for the reasons outlined in my previous comment.

under all assumptions made by topic creator of lets say ethereum stakers selling off coin to purchase all batches of asics for X months(meaning no honest network growth)

current bitcoin honest network is averaging 600exa = ~2.56m asics
https://talkimg.com/images/2024/07/30/5U3dH.png

at a average of $6.3k per asic to get the performance needed of 2.56m asics. thats $16billion
(note there are other current range asics much higher cost/electric draw, but ill go with low budget prices)

then with the electric needed to run those asics, at a low planetary range of electric $0.04/kw = $14c/hour per asic
running a asic farm of multiple asics usually requires doing electric contract deals with energy suppliers of energy contracts of 6-24 months. usually 24 months to cover the ROI timescale

this is $2,453 of electric for 2 years per asic which is another $6.23billion. meaning in locations with the cheaper rate electric would be a hardware and electric cost for a 2 year lifecycle ROI expectation of mining of ~$24bill

if those wanting to mine in more expensive end of the planets electric rates ($0.50/kwh = $1.75/h per asic) this can become over $100billion for hardware and electric on a 24 month upfront cost

It's not even just random coins they're selling. They'd probably have a lot of coins staked in the new Proof of Stake system so they would have to sell those too, tanking ETH by 1) all the coins they are dumping on the exchange and 2) the fact that there is now "staking power" in the ETH network will also make it's price suffer.

And that's if their staked coins are not even locked. Otherwise no chance of taking them out.

It would be a sort of Mutually-Assured-Destruction if they tried that.

at $24b to $100b is at current eth price, thats about 7m eth to 30m eth need to be sold*. this is way more than 1-4% of eth coin
its a minimum of 5% and upto 25%..

*.. and thats before even including all the factors of eth price crash whilst those coins sell meaning even more coins need to be sold just to get some (depleting) dollar price to then invest in asics

.. it is worth noting to sell eth, there needs to be a buyer. so new buyers would then take over the limited control of ethereum, which infact could be bitcoiners buying very cheap eth to then PoS attack the ethereum network, and arbitrage the ethereum market

so whilst colluding ethereum stakers sell out and wait months to get hardware hoping to attack bitcoin.. bitcoiners can market manipulate ethereum market and instantly attack ethereum due to its PoS system.. meaning bitcoin can attack ethereum faster than ethereum can attack bitcoin

This is a Bitcoin forum, so it is naturally expected to hear the opinion that other cryptocurrencies such as Ethereum might be somewhat inflated. But the picture that you are painting here seems just a little bit too unbelievable, and I for one need a bit more convincing. Ethereum is a cryptocurrency. As a commodity, its value is based on the fact that it can be used to make transactions and pay for stuff. If what you are saying is true, then its whole value is so incredibly inflated that it is essentially a complete bubble waiting to burst at any given moment. Or am I perhaps misunderstanding something?

If what you are saying is true, Ethereum investors are due to lose in the order of $440B at any given moment now, once some of them start realizing that it's all a complete bubble and start to sell their Ether. Or are they all in collusion to maintain this bubble do you think?

Now consider the fact that the price of Ethereum has had fluctuations of about 25% in this year alone! It seems that by your arguments, it is a miracle that Ethereum hasn't crashed this year. So I hope that you can see how your proposition that using 1%-4% of the Ether for its actual purpose of 'paying for stuff' will lead to a crash Ethereum seems a little hard to believe. But I'm happy to hear your arguments if you really want to maintain this position.

However, I also don't hope the conclusion of this discussion will be that 'No, Bitcoin do not need to consider trying to mitigate this attack vector at all' if that conclusion relies solely on the proposition that Ethereum is bound to crash at any given moment now, or that all its investors are somehow colluding to inflate its price out of proportions. I think that there are other more meaningful counterarguments to the attack vector..

if you check how ethereum (when it was PoW) had its own independent market sentiment and volatility based on its international variance window of value premium based on the differing mining costs due to electricity price variance... and then when going PoS you can see it become more of a shadow of bitcoin movement/wiggles cloning the ups and downs of the bitcoin market. and from the point of may 14th 2021 when it went very stable in comparison to bitcoins market. as seen by the bitcoin:ethereum market chart of the last 5 years where from may 14th 2021 the variance of the 2 markets went from instable to stable.

this is due to the bitcoin market taking control of the sentiment of ethereum market by arbitraging the market
check out the 5 year charts of the btc:eth market (stabilised where over 3 years the ratio only changed from 1btc:12eth to 1btc:20eth) whereby ethereum is slowly losing its ratio amount whilst still shadowing bitcoins price at the depleting ratio(slowly changing/losing its peg)

its went from a massive 1btc:60eth(2019 independent) to a 1btc:12eth(2021 controlled) when bitcoiners took control of ethereum sentiment and artificially fixed ethereum at a bubble market

this arbitrage ability KEPT the ethereum market up high even when the ethereums cost base of acquiring new coin by other means dropped by 95%
this means whilst the PoS coin acquisition market dropped to ~$50 a coin cost, the speculative market remained artificially held up at $thousands purely due to the arbitrage opportunities performed by bitcoiners

this bubble can burst
its also worth noting that you STILL think that its only going to need 1-4% of ether.. again i suggested you do some math, and i even done some math for you based on a hypothetical of freezing the prices.. now if you realise the 5-25% of coins will actually cause a price change.. meaning even 5% is best case of zero market crash, and its more likely to be a higher number of coins sold to get to the dollar amounts to need to buy the asics to perform an attack..

and as said, but worth emphasising
whilst ether stakeholders sell off and wait months to gather hardware to attack bitcoin but end up becoming honest bitcoin miners due to their ROI being at risk.. the bitcoiners whom could decide to buy up the cheaper ethereum can INSTANTLY attack the ethereum network due to its instant access to coin to then stake to then control code changes and block verification without need to wait months. so ethereum can be attacked far easier than bitcoin

so play some scenarios out and run the math. its fun and educational

for instance,
imagine the arbitrage market route of
ETH->USD->BTC
when a eth staker sells for dollar it causes a eth price decrease. then when they hand $ to asic manufacturers, those manufacturers could invest that $ in BTC causing a BTC price increase.
USD->BTC
then using the BTC to buy CHEAPER ETH,
USD->BTC->ETH
 the traders can repeat the arbitrage cycle and cause more ETH price crash, repeat
ETH->USD->BTC->ETH->USD

This really doesn't make any sense.

The cost of a 51% attack should be measured in compute, not dollars. Let's say it was $20 billion, using a percentage valuation of market cap is not a binary calculation. You can't just sell 4.4% of the total supply of Ethereum at a fixed price to fund a 51% attack. Also, 4.4% of Ethereum in circulation is not owned by a single person or entity, that would be able to make this sale and fund this attack. Your theory is founded on a lot of assumptions and mistruths.

It's not rocket science to find out the Capital Expenditures of Bitcoin miners. Many are publicly traded companies with open reports. I think the authors of the referenced paper, Nuzzi et al., have been able to make a valid estimate.

Yes, it would take some time if the Ethereum stakeholders choose to set up the farms themselves, but it can be be done, even if it will take several months.

This is a bit of a tangent but you mention that Bitcoin's price would be unaffected. Personally I don't foresee that. It seems to me that when knowing that an attack is underway, some Bitcoin investors would already start to get uneasy, and some would sell their bitcoin. And since this will cause the price of Bitcoin to drop, the 51% attack will then only be easier to afford in theory, as the mining rewards would be decreased and some of the honest miners therefore ought to fall off. This could create a feedback loop where, once the attack is looming in the near future, more and more Bitcoin investors will migrate elsewhere, potentially to Ethereum.

And just to put things into perspective, if we assume the lower estimate of around $6B for the attack, then even if only 20% of the Ethereum investors choose to contribute in funding the attack, they will only have to part with money proportional to 5% of their owned Ether in order to afford it.

And while we are on that topic, there seems to be people here who doubt that the Ethereum investors would be able to withdraw even as low as 1% of the total Ether without causing a crash of the whole cryptocurrency. But even though I personally find this proposition kinda far-out, in reality most investors do not just invest in one thing. The vast majority of Ethereum investors would thus have other kinds of assets as well that they can trade, and most likely easily more than ~5%. I hope we can soon put this particular sub-discussion behind us.



If the attackers rewrite a large part of the ledger, they can keep all the transactions that they want while discarding or replacing all the others. If they thus make sure to trade a lot of bitcoin back and forth in the time before the attack, they can in principle steal vast amounts if they then keep all their incoming transactions but discard and replace all outgoing transaction from their wallets.

This is but one example of the harm they can do. It is widely accepted that a 51% attack would be devastating to Bitcoin. (But we can of course discuss it further if you are not convinced yet.)

if the network knew the hash power was to get 2x competition(network doubles where half is a colluding group).. meaning older miners get half as much sats... its the same as a halvening event in regards to miners prospects.. we already seen miners re-evaluate global bottom value change from $25k per btc to now being ~$50k bottom due to reward halving this year
so it ends up the same thing. if miners have X cost but getting X/2 rewards then they wont sell the rewards at X they would only sell for x*2 to break even
then new users wanting to get into bitcoin but now unable to mine due to al batches for Y months are sold out. will work out the prospective costs of mining and then just buy coin on the market.. again causing a market rise effect

as we have already discussed the implications of a multi-month ramp up of batches to get a colluding group to 2x the hashrate/difficulty to get 51% of the network.. to match/beat the honest half of the network.. those honest miners would take that opportunity to buy more coin cheap at the $50k-$70k(current) knowing that the impending hashrate /difficulty growth and reduction in sat rewards would cause the market to INCREASE

and as said whilst the lead up to the collusive gangs trigger date for the attack, those getting early batches would honest mine and try to get ROI and end up not wanting to shoot self in the foot at trigger date because now they are highly invested in bitcoin and wont want to lose their investment
(in short a influencer cant convince hundreds of random ethereum users to collude becasue users end up caring more about their own investment, instead it would only work if there was one mass eth holder that doesnt care about losing investment because all he cares about is 'taking bitcoin down')

anyway, back to discussing a scenario of an impending attack in the next X months:
in that same time as the eth stakerconverting to be bitcoin miners.. exchanges would look into solidifying their deposit algo's to not allow new deposits to trade unless it meets X confirms. and then even when trading on exchange mysql databse balance. not allow withdrawals for X time to ensure that any nafarious pool trying to re-org the blockchain would need to re-org many many many blocks back.. meaning (as mentioned before) the colluding group would need far more then 51% of the network to be able to re-write blocks very far back

if you run the math of average block speed and how far back a 1% speed benefit means in reality to going backwards and then moving forwards to catch up and over take.. 1% benefit over honest network wont get the colluding group to go that far back. so services can just enforce the "6confirm rule" or a 72 hour wire transfer delay(if aim was to sell coin for dollar and cash out) to evade colluding pools from trying to double spend

YEARS not months. That much excess mining gear does not exist, so you would have to have been stockpiling for at least a year if not 2 or 3 to get that amount of gear. Or you could just take over the used markets and buy it all but then you are suffering from having an mixed batch of used equipment you have to deal with.

-Dave

Ok, let's pretend that's really a serious "paper". [1]

Ethereum is a very different cryptocurrency than Bitcoin. Ethereum focuses on smart contracts, while Bitcoin focuses on stronger decentralization and censorship resistance. It is not a homogenous market where each supplier has a "share".

Thus it is at least a very disputable assumption that Ethereum will rise in value if Bitcoin disappears or falls drastically in value. But the whole incentive structure of this attack depends on this assumption.

Ethereum actually has almost always crashed too when Bitcoin has crashed. So if Bitcoin is 51% attacked and crashes, Ethereum would also probably crash hard, because the "cryptocurrency market" as a whole would lose trust. Think about the ETFs which engage in both blockchains and their investors. They would actually probably retire from the whole crypto market as they don't want to be associated with users wasting billions on a failed attack between their own products.

I'm almost sure that these effects would make the attack a huge loss for the attackers. Well, as long as they don't short Ethereum too (and other blockchains ...) while they perform the attack ;) (this may actually a real vulnerability for a coordinated attack against crypto as a whole ... but supposedly there are not enough coins to short)

Ethereum could actually have to fear this kind of attack much more from its own competitors like Solana, because these are active in a much more similar market. Ethereum could actually have a hard time if Solana and other Ethereum killers come too close ... (at this moment, all Ethereum killers together have only 30% or so of ETH's market cap, but they come already close to the feared 34% attack ... ).

The last sentence between parenthesis was aktually a joke. Market cap is not the same than sales.

Thank you for capitulating so early, so everybody knows that there's nothing to see here. ;D

---

[1] I read the "paper" and it is ridiculously shallow. Its main section only explains a smart contract to bribe miners, which is the least important part of the puzzle. The rest is wild speculation. No wonder this "researcher" has zero citations.

Sorry I'm lagging a bit behind the discussion. My internet is not the best where I'm at right now.

Well, for the sake of the argument, let us just agree that it could be as low as 5% for now? And then we can always discuss later if it could be even less.

So as I understand you, you are saying that Ethereum's value is not at all based in its estimated use as a cryptocurrency (by the investors), now and in the future, but its value is instead based solely on some current money scheme, and one which is dependent on the existence of Bitcoin?

I hope I'm not the only one who doesn't know about this. Can you perhaps briefly explain how this scheme works to inflate the price of Ethereum? Or if you have some links/references, maybe you could give them?

I will posit, however, that if Bitcoin indeed has this security flaw and Ethereum does not, then it would seem to me that Bitcoin is the inflated cryptocurrency, and that Ethereum is bound to overtake it at some point, unless of course Bitcoin is able to mitigate this attack vector.

To your point about Bitcoin being able to attack Ethereum, the point of Ethereum's consensus mechanism, in its current state, is that at least a third of the stakers is supposed to confirm a block before it reaches finality. So that would already be 33% of the Ether required (assuming that intention of the attack will be leaked and that the Ethereum investors have enough time to join the staking process). This is $144B.

And what's more, the Bitcoin investors would only be able to grow their assets by ~30% if they somehow manage this, whereas the Ethereum investors would be able to grow their assets by ~200%, i.e. given that the attack causes the rival to take its competitors full share of the cryptocurrency market.

If the roles were reversed, on the other hand, and Bitcoin was ~30% of the price of Ethereum, the Bitcoin investors would not even have the money to afford the attack, albeit if we count only their wealth in Bitcoin assets.

And on top of all this, if you for instance read the 'Proof-of-Stake and Security' section of https://ethereum.org/en/developers/docs/consensus-mechanisms/pos/#pos-and-security, it seems that the Ethereum investors would just choose to revert the 51% attack in case that it happens (similarly to what they did with the DAO). This is possible when the voting power of the cryptocurrency ledger is ultimately distributed to the stakeholders/investors rather than whoever controls a portion of the hash rate in the world.

the real "problem" lets call in this way isn't only that you need to own 51%.
This doesn't give you the chance to "own" the blockchain. You have just 51% of hashpower, likewise you have the chance to get your block in 51% vs other users. But this not means an user with a neglictible amount could ... find your block!

Well if this wasn't enough, if you want to build blocks by your own, you need to go faster versus other miners. It will not enough build 1 block. You need even more.

In the past there was CEX.IO that with their pool owned 51% of total hashpower. It doesn't happens nothing ::) but of course in most of the cases it would be pretty useless since a miner is likewise a bitcoin owner.
Even if it will able such magic machine able to outperform the whole hashpower... it would be useless attack bitcoin since there is a very little market cap.
But the real problem arise since it's all pubblic and undeniable. imagine what happens if block is produced each second. In matters of hours there will be no market...

What I am imagining is that the Ethereum stakeholders could first of all start being vocal about this security risk of Bitcoin. This wouldn't require any effort, really, and no risk. And already it might make some investors migrate from Bitcoin to Ethereum, which would thus grow their assets. In fact, I think they are bound to do this at some point, since it could potentially gain them a lot with almost no effort.

I've mentioned that once this migration has started, it might cause a positive feedback loop (due to lower mining rewards, which in turns makes the 51% attack even more affordable), causing more and more investors to follow suit. But let's assume that this talk alone won't exactly cause a total crash of Bitcoin yet (which is of course a reasonable assumption).

But now the Ethereum stakeholders/investors are in a situation where the more they talk about how they might actually consider an attack in some near future, the more the Bitcoin investors might get uneasy and start moving their assets to Ethereum instead. So while they might be hesitant to come out in support of an attack at first, with up to around a trillion USD on the line, they are bound, in my opinion, to be more and more bold in terms of being publicly open towards participating in an attack.

They might also very well invest some effort into drumming up public support for an attack, using the argument that the elimination of PoW would end up sparing the world from a large electricity consumption. Given how a very large part of the public is very mindful of energy consumption and CO₂ emissions, I don't think that will have a hard time at all swaying a large part of the public.

And after this whole (long) prelude, if the Bitcoin investors haven't already started to abandon ship, but stubbornly maintains that Bitcoin isn't at risk, and/or that a 51% attack wouldn't cause much harm to it, then the Ethereum investors might very well slowly start to band together to fund some initial acts of showcasing their power, e.g. by making what I refer to as 'partial attacks' in my preprint.

And if somehow the Bitcoin investors still cling to their blockchain, and also won't commit to try to hard-fork to a PoS consensus mechanism in order to mitigate the attack vector, well, then who knows, some of the Ethereum stakeholders might then even be bold enough to try to fund (perhaps anonymously) an actual 51% attack against Bitcoin.

Long story short: The whole process might take several months or years in total, and might include a large portion of the Ethereum investors in the end.

Fair enough, let's agree to assume that it could take years (i.e. given that the existing Bitcoin miners are somehow very loyal and cannot be bought by the competitors/attackers).

Wait, are Bitcoin miners able to sell their mined bitcoin to a higher price than the market price?? Who are buying these coin? It would make sense that the Bitcoin stakeholders as a whole could benefit buy making sure that the miners get enough rewards to continue keeping the hash rate high, but it highly surprises me if a few Bitcoin investors are willing to selflessly make sacrifices on behalf of the group in order to make this happen.?

Edit:
By the way, I promise to get back to you about your other points in the same post.

you seem to not know about the underlying economics. especially if you then try to make out that it implies a flaw in bitcoin.. you really have things warped round the wrong way

the reason bitcoin is $50k plus and not $500 is because there is underlying value bottom no one wants to sell below because at some point no one on the planet can mine for less and so no one wants to sell for less.. theres real costs and integrated economics of the PoW that do affect the value premium window which the market price sits in.,. PoS has the fault in its economics of not having this value bottom protection. and it can crash to zero far more easily than bitcoin would

..
as to your question.. if ethereum had its own economic sentiment of its own independent community valuing ethereum for its own ethereum purposes.. the market price would never shadow bitcoins market wiggles at a certain ratio
but just check out the market charts
ethereum only hit its ATH when bitcoin hit its ATH.. bitcoin has known market cycles, known factors of its price evolution.. so when ethereum is also peaking/following at the same time as bitcoin, you know its being controlled by bitcoin
ethereum lost its independence of market sentiment on 14th May 2021, and ethereum just become a lame sheep to bitcoins market

bitcoin has a underlying store of value bottom support of $50k meaning its in good secure support. yet ethereum price can crash down to $50.. so keep that in mind

The fluctuations of the price of Ethereum does seem to follow those of the price of Bitcoin as far as I can see. The way I see it, perhaps as naive as I am, this indicates that these fluctuations are due to investors' overall confidence/regard for cryptocurrency fluctuating (put in simplified terms), whereas the relative regard for value of Ethereum vs. the value of Bitcoin remains comparatively constant in the meanwhile.

You seem to think that this is wrong. Is this an opinion you see mirrored elsewhere? Am I simply out of the loop in terms of how cryptocurrency is valued?

Is its price not ultimately based on how useful the investors foresee it to be as currency, and thus how many people will draw utility from the it and use it as a means of payment, in the present as well as in the future?

You also talk of some mechanism that ensures that the price of Bitcoin will never fall below a certain threshold. Can you perhaps provide a link or reference explaining this, or can you elaborate a bit more? It seems a tad unbelievable to be quite honest, but I'm happy to be corrected.

In regards to Ethereum and Bitcoin not being competitors on exactly the same market, this is a really good point. I certainly think that you are right that Ethereum's market is more than just the core cryptocurrency itself, but also the smart contracts, NFTs, etc. And assuming that PoW is regarded by some as a more decentralized technology than PoS, then you are also right that Bitcoin have a market for their cryptocurrency that isn't fully in competition of Ethereum.

However, we must agree that they are still competitors to a large extent in terms of their core cryptocurrency, nonetheless.

I for one could actually imagine a future where PoS cryptocurrencies will be 'the thing to have,' and where PoW blockchains are marginalized, and especially because if PoS cryptocurrencies ever take over, then the attack vector described in this topic could very well mean that the PoW blockchains will be kept down.

In regards to the potential for an attack on Ethereum, see my recent Reply #51. I don't believe that Bitcoin would even be able to retaliate, and the other PoS blockchains pose a much lesser threat, to say the least.

Ha, I don't quite see how that's capitulating, and I certainly didn't mean to! ;D

And about your last point, I also have some critiques of my own of that paper, but I don't suspect that their calculations of the CapEx is completely off, at least at the time it was written. And now I've seen someone (User @Stompix) estimate $12B in the mentioned AltcoinsTalks thread, as well as @franky1 here with an estimation of ~$24B (for both the CapEx and the OpEx).

So, do you really thing while someone is buying billions and billions of dollars of mining gear over a couple of years (and not mining with it) nobody is going to notice.
Remember, other people will keep buying gear and increasing difficulty and that would make you have to buy even more gear (and not mine with it) otherwise you will be driving up the difficulty on yourself.

ETH being a POS coin with as I stated above 60% of it's capacity at 3 providers would be easier and cheaper to kill. Think about it $20 billion will get you 1% of Amazon stock and a complete buyout of Hetzner & OVH
With 1% control of the Amazon stock it would be simple to put a proposal out to the board an have them shut down all ETH nodes hosted there along with the others you could take out 60% of the ETH nodes leaving people hanging. And then watch as a bunch of the remaining stakers all start to sell to get their coins out before the total crash.

Could probably do it for a lot less Hetzner has 18% of all ETH nodes out there and the company is valued at less then $3 billion OVH has 12% of the nodes and it valued at a lot less add in a couple of others for for $5 billion you could control over 35% of the ETH nodes and close to 50% of the staked nodes. Then you come in one morning and shut them all off. Sit back and watch the chaos.

Most people staking have no idea what to do or how it works, all the know is they clicked a few keys and now their ETH is earning less then having sold it for cash and putting that cash in a savings account. (3.25% give or take for ETH vs 4%+ for a good savings account and if you want to lock up your cash like the ETH stake people have their ETH locked up you can get 5%+ on a short term CD)

If someone (or some government) wanted to attack BTC there are better / cheaper ways of doing it then mining. EVERYONE knows this more or less. And as I keep pointing out since no person / government has done it it just kind of proves that they know that even if massively attacked BTC would improvise & adapt & overcome.

-Dave

Doesn't matter if there'd be enough coins to short though; in the end shorts are just IOUs and as we all know that there's no limit to those, at least if we talk about shorting on centralized exchanges. It would still be a risky play though, given that squeezing shorts can be just as profitable.


--


Either way, as interesting as I find this whole discussion to be, there are probably cheaper and more effective ways to sway the market in one way or another.

Imagine what you could do with even the low end of $6 billion. That's 17 times the budget of Avengers: Endgame, except it's a whole cinematic universe about crypto (tacky, I know, please don't do this). 8 stadiums like the crypto.com arena, except the crypto-community builds and owns it, instead of merely sponsoring it. Provide UBI for a small town of 1,500 people (named after the cryptocurrency of your choice), each receiving a yearly income of 50k over a lifespan of 80 years.

Or, you know, just buy a handful of politicians.

I believe either of these would probably more effective than attempting a 51% attack on Bitcoin.

Really fascinating read! Your analytical insights into this theoretical attack vector are quite enlightening. While these are serious concerns that should not be overlooked, it's always refreshing to see these discussions as they push for progress and contribute to better security measures in the world of cryptocurrency. Bitcoin has weathered many storms before, and it will be interesting to see how the community works towards mitigating this potential threat. Looking forward to more of your thought-provoking posts!

firstly. the linkage of the movements of the bitcoin and ethereum market are clear that ethereums market is shadowing bitcoin. because bitcoin has known market cycles and if ethereum was independent it would not be following bitcoins market cycles. so when it does follow bitcoins market cycles, its obvious that its ethereum that is the follower

also its not a case of bitcoiners dumping their bitcoin to move to ethereum and stay with ethereum. its instead a financial action called arbitrage where by traders loop around the markets to get back to their base currency to repeat opportunities again
(arbitraging is fun. but was way more fun years ago when it was just a opportunity between LTC and BTC as the swings were wide and more often)
when comparing many market pairs of different altcoins you can start to see which coins are leaders and which are followers. ethereum is not a leader
...
as for the certain thresholds. you can use the market history. and compare it to other data
for instance if you measured the hashrate average of 2021-2022 and worked out rational lowest global electric prices and calculated out the (then) generation of asics to come up with most economic global mining cost you will then see that the 2022 period tested the bottom.
this can be seen in other times too when the market bottoms were tested and compare it to those times economic cost lows.
you can then do the same for the most expensive regions and get a top(premium) and then see the periodic tops being tested. such as the 2021 ATH as well as other ATH

this is where the international market of bitcoiners know these numbers where those in the most expensive regions will happily buy all the way to the top if the market swayed in their direction but even they have a cut off point where they decide things are getting a lil too crazy
and as said a few times now about the periodic bottoms that when bitcoin cannot be acquired any cheaper people stop selling for less and it creates the supportive bottom no one wants to cross

its called economics
same applies to many assets that have real world costs. things like gold is backed and has a bottom the market wont go below due to the mining costs,

there is actual reasons why markets bottom out at certain levels periodically and topout at certain levels periodically
bitcoin topped out at $70k in 2021 for good economic logical reason..
bitcoin in 2024 has a higher window than you think right now and has not actually tested the top yet(thats the fun of next year) its currently being held down at the $70k level by whales that only have trade algo patterns that only work based on old limit data so they are holding it back until the market cycle is ready to push forward, which would be around the time the miners with lengthy hardware and electric contracts that expire and they evaluate their coins earned vs their next contract cost to calculate how much to sell coin for, for the next market cycle in 2025
(there are reasons ATH happen a year after a halving)

That's a great point.
ETH would not profit from attacking bitcoin because:

1. It would have to allocate tremendous resources into that and it would not destroy the network. All it would do is prove that with enough effort it can be done, but we all know it can be done and we all know it such attack cannot be sustained. It's like a DDOS on the whole country. You could do it and cut a country from the Internet for a while, but how much it would cost you and how long would you be able to sustain it?

2. A panic on the bitcoin market would most likely cause a panic on all other coins. If this attack was only to buy more of everything, that might work, but it would not make people flock from one coin to the other. The whole crypto industry is a big ecosystem.

3. What do you thing would happen if bitcoiners found out Vitalik and team are behind the attack? He'd climb above SBF and CSW to become the most hated person in the industry.

Oh no, on the contrary. I don't think that they will be able to keep it a secret at all, nor do they need to. Secrecy is a requirement if you plan to make a replay attack where you also aim to trade the stolen Bitcoin for other commodities. But as mentioned in a previous reply, this is not the goal for a Goldfinger attack.

In fact, the less secret the attack is, the better. Since the ultimate goal is to a crash the value of Bitcoin, rather than the steal itself, it is (in my view) better to let the attack be as public as possible. Hereby the attackers can hope that the Bitcoin investors will start to get uneasy already when the attack is underway, and that some of them will start to abandon ship before the rest, causing the attack to become even cheaper. (But this last point is currently an ongoing discussion on this thread, i.e. whether a drop of the price of Bitcoin would make the attack even cheaper.)

About the potential for a reverse attack, do you then believe that Bitcoin would actually be able to profit from such a "rival Goldfinger attack" on Ethereum?

It certainly goes against the whole philosophy of PoS, which is that since the 51%-attackers will have to become stakeholders of the blockchain in order to get 51% of the vote, it will never be in their interest to attack it. Especially if we believe the word of the Ethereum community, and assume that the whole group of stakeholders would just vote to revert a 51% attack in case it happens, then it does seem unlikely that a Goldfinger attack would work against Ethereum.

In terms of "improvising and adapting" to overcome a Goldfinger attack, I think that Bitcoin would be much better off by making sure to plan ahead of what to do in case of such an attack, in order to prevent investors getting uneasy and start moving their assets away from Bitcoin.

I'm sure that you are right to some extent, but then again, by that logic, the Ethereum investors, as well as Bitcoin investors, should then all pursue these ventures and make their fortunes double in no time.

If we assume the hypothesis that Ethereum would fully conquer Bitcoin's share of the cryptocurrency market if Bitcoin is reduced to almost nothing, then we are talking about a growth of the investors assets of ~200% over just a matter of a few years (or perhaps less, in theory).

If they knew other investment ventures that could come even close to competing with that, they would certainly invest all their money in those, rather than being crypto investors.

Thank you very much!

What's the point of attacking Bitcoin when it's designed to self-destruct ? (halvings+not enough tx fees to cover miners)

 ;D ;D ;D

you keep circling the weird, silly, foolish notion that the marketcap ranking have real dollar/% value

how about create a altcoin of 1trill coins and sell 0.01coin for $1 and see that you just created a #1 market cap of $100trillion for just $1

please realise that the market cap numbers are not at all related to any true $ amount held anywhere. people dont get richer via market cap numbers

@franky1, you bring a lot of knowledge and insight to this discussion, and I for one am thankful for that.

I promise to get back to you on your earlier points. By the way, I'm back to civilization now, so I can hopefully answer more frequently from now on.

In terms of your last point, yes, I have indeed been working with a perhaps simplified assumption, in my work and in my arguments for this discussion, that the price of Ethereum is not inflated.

You are right that if I were able to convince a only small number of people that my altcoin, in your example, is worth $1, then I would appear to have a much greater fortune than I actually have.

However, if I were able to convince the world (or a sufficiently large number of people) of that value, and were able to sell them all, then I would indeed have that fortune.

You argue that Ethereum is inflated. That's fair. Your claim that it is inflated to the point that 5% of stakeholders can't move their assets without causing a crash seems a bit wild, though.

However, you have made some arguments about why it is inflated that I have yet to answer, so let me get back to you.

And in the meanwhile, just know that I understand what you mean when you say that you don't think the market cap represents Ethereum's true value, and that investors won't be able to withdraw it all, and especially not if they do it simultaneously.

Edit:
Let me also just briefly repeat my earlier point that the Ethereum investors will generally also own other kinds of assets with all likelihood. So even if we accept your claim that their Ethereum investments are are so fragile that even a "withdrawal" (which is actually a trade) of 5% of the Ether will cause a crash, they will most likely still be able to afford the attack nonetheless, wouldn't you agree?

2nd edit:
Well, I guess if the Ethereum investors agree with your assessment themselves, they might fear that a big "withdrawal" in the aftermath of an attack will cause a crash. But I guess we should really ask them about that.

3rd edit:
(Not that they would have any need for withdrawing their Ether after an attack other than this hypothetical anticipation of a crash, but then we might ask ourselves: Why aren't they anticipating a crash already? And why aren't they then trading all their Ether for USD as we speak?)

You seem to be of the opinion that the price of Bitcoin is directly dependent on the cost of mining. By that logic, the Bitcoin stakeholders could always just spend a small percentage of their wealth at any given time to increase the combined hash rate of the world, and then see their assets grow by a similar factor. You do see that this logic is flawed, don't you?

I've already addressed the point that the miners loss of CapEx in terms of not being able to sell their ASICs after the attack has to be compensated by the stakeholders, and that this is part of price of the attack.

In terms of Bitcoin extending their confirmation period, you bring up a valid point. Bitcoin would indeed likely extend this period if an attack is anticipated.

However, they cannot extend this period retrospectively. And because the operational costs of an attack are relatively small compared to the full price (and not least compared to the potential winnings of a 'Rival Goldfinger attack'), the attackers could in theory rewrite months of the ledger in an attack. So in order to mitigate an attack by extending the confirmation period, Bitcoin would thus have to extend it to months. And if Bitcoin does this, its use as a cryptocurrency will then be close to none, which would therefore cause severe damage to its value already.

If you are really a researcher, and I doubt it, then you should make at least a small effort to prove the plausibility of your assumptions. Your assumption is extremely speculative.

The PoS/PoW debate is not new at all but exists since 2012. PoS has very distinct characteristics than PoW. PoS depends heavily on "weak subjectivity", this means of the ability of the user to connect to a trusted node to know the currently valid list of validators. So BFT limitations are fully in force. While PoW is not 100% "neutral" in this regard it's still much easier for an user to find the longest chain in an environment where many nodes try to eclipse attack this user, because a lot of attack vectors on PoS simply don't work on PoW.

I have defended PoS in many debates in the past and still think it has some merits, but after years of discussion my opinion now is that PoW is (unfortunately) superior in most aspects.

We could even say that "the market has decided" that PoW is superior because Bitcoin is still #1 by a wide margin, after 12 years of PoW/PoS debate. The small amount of successful PoW altcoins is not contradicting this, because PoW tends very much to a single "winner" due to the 51% attack threat for smaller blockchains. So it's reasonable for altcoins to adopt PoS because it provides reasonable security, as a tradeoff to less decentralization and the "weak subjectivity" problem.

If computer science advances and finds out that PoS can work without weak subjectivity and thus the PoW superiority paradigm is wrong (probability is very low), and also as an absolute last resort "mitigation strategy" against any large scale 51% attack, Bitcoin could simply change to PoS after the attack (i.e. creating a new chain based on a snapshot based of the old chain 1 block before the attack). This would perhaps be a "capitulation" or assuming that PoW is inferior and could make it lose some value, but a large part of the Bitcoin ecosystem would be able to be retained. Thus it is likely that Ethereum folks would not be able to profit from the attack at all. They would perhaps even be seen as pariahs of the blockchain world and Solana could take over or so ;)

Yes, I'm speculating wildly now myself, but you have not done different in this thread. As a "researcher", you should not speculate but try to find evidence, and you should be neutral regarding the result, not trying to prove a point. I would even say that in this thread you're not behaving like a researcher but like a random Ethereum shill.

In this reply you argumented that Bitcoin (whales) would not attack Ethereum because it could only profit from a low "market share". For smaller PoS coins, the opposite would be true. Several whales of distinct "Ethereum killer" chains could even unite to take Ethereum's throne. :P

And I repeat: "Market cap" is not the same as "sales".

I am not convinced an attack launched by Ethereum would crash Bitcoin and not the exact opposite effect instead.  Let technicalities to the side and think about it through the mind of an average person.  If Ethereum plan attacks on Bitcoin, they are becoming sort of an Evil force trying to destroy the other forces in their way to get through to the top.  If I was an Ethereum holder and heard of this, I would immediately sell every thing I have and move to any thing else other than it.  An attack would not destroy the Reputation of Bitcoin but of Ethereum.

To your first point, the problem is that if Bitcoin somehow recovers after an attack, the steal itself would then be valuable for the attackers. In fact, they could in theory steal so much bitcoin as to pay for the whole thing. And even if they only manage to steal slightly less, they now have the CapEx for future attacks. So they could just keep coming back for seconds!

If attackers gain a 51% majority of the PoW network, and their intent is to crash the value of Bitcoin, they will be able to do so. (Edit: unless Bitcoin can mitigate the attack somehow, potentially by switching to PoS.)

To your second point, yes, the whole idea is dependent on the Ethereum stakeholders being able to convince the public that Ethereum isn't connected to Bitcoin. This is definitely worth discussing further (as we are currently doing on this thread). I personally think that with that much money on the line, they will surely be able to do so. (There's also an ongoing discussion about to what extent they are even competitors at all, which is also a relevant discussion.)

And to your last point, Vitalik and co. first of all don't have to take part. It only requires a subset of the Ethereum stakeholders to take part in principle. (And in my preprint, I even describe how they can potentially be completely anonymous.) Second of all, sure the attackers will be hated by the Bitcoin investors that are left behind, and the fans of the blockchain, but who knows, they might be revered by the early migrators from Bitcoin to Ethereum, who will also see their assets increase by perhaps as much as 100%-200%. And not least, they might be liked by a large part of the public if they can successfully campaign that PoW is a wasteful (and flawed) technology, and that the crash of Bitcoin would thus be good for the planet.

Implying the attacker would get to keep the coins. Depending on the duration of the attack, reorgs after the fact are still in the realm of possibility. If the attack continues for so long as to make a reorg infeasible... congrats, you've just become a Bitcoin miner. You won't get to do another double spend though, because for that you'd have to divert hashing power, loosening your grip on the network.

Also keep in mind that double spends are easily detectable. It's highly unlikely you'd get to cash out any reasonable amount of double spent coins, especially with everyone being on high alert. The only "steal" an attacker could hope for is that the mining rewards they received aren't nullified by aforementioned reorg.



I'd expect Bitcoin to migrate to a different hashing algorithm long before even considering PoS. (much to the dismay of gamers worldwide)

Well, here you are actually contradicting your earlier point somewhat, aren't you, namely that PoS and PoW (and in particular Ethereum and Bitcoin) are not in direct competition?

I agree with this latter statement that Bitcoin currently occupies the "winner" spot. But this also means that Ethereum could in theory become the "winner" at some point in the future if Bitcoin crashes (on its own or by force), and that the price of ETH would likely increase as part of this happening.

I was actually personally very skeptical of PoS at first, mainly due to the potential for long-range attacks. But now it seems to me that at when you dig into the core of the concepts behind PoS and PoW, then they are both just decentralized ledgers that both create a Nash equilibrium in order to prevents cheating in their everyday protocol. And the difference in the core concepts just lies in the fact that for PoS the voting power is directly proportional to the amount of stake you have in the blockchain, whereas for PoW the power is instead distributed according to the hash rate an individual controls (and where the miners of course compete for the privilege to add new blocks and gain rewards). I personally don't see 'weak subjectivity' as ever truly becoming a problem for the consensus on a blockchain like Ethereum. The point is: Why would the Ethereum stakeholders ever allow an attack to finalize for good when that would undermine their currency?



I like this proposition a lot. But I don't see why it wouldn't be even better, perhaps very much so, for the Bitcoin community to try to come to agreement on this in advance. Then it would be seen as much less of a capitulation in the hypothetical event that an attack happens, and it would perhaps not be seen as 'the "little brother," Ethereum, bullying Bitcoin into submission.'    



Since the topic of the discussion is the security of Bitcoin, it is okay to speculate about what could potentially happen. It is also okay to speculate the other way around in order to discuss why a risk might not be very high, as you do, but then you just have to make sure, at the end of the discussion, that you haven't accidentally based your conclusion that Bitcoin is safe and secure on some speculative assumptions that you made along the way. That would be a poor security strategy.

But this doesn't mean that too speculative assumptions don't need to be called out on both sides, and you are free to call mine out if you can point to some; at the end of the day, we have to assess together what is probable and what is not, on both sides of the argument.

(And I don't see how I behave like a shill, I very much beg you to differ on that point. I'm trying to discuss a potential security risk of Bitcoin, and when almost everyone here has so far tried to argue that there is nothing to worry about, then that requires me to argue the position that the risk might be real. Otherwise it would be a moot and boring discussion, wouldn't it?)



Yes, I can't quite see how Ethereum stakeholders will be able to profit from attacking themselves? Especially since it seems that other stakeholders would just subsequently vote to revert the attack. And since the voting power is already distributed according to PoS, this would not be a capitulation on Ethereum's part. (In fact, they already seem to state that they intend to do so in case of an attack.)



Sales? Bitcoin and Ethereum are a currencies. Their worth is, in principle, equal to the perceived value of each BTC, in case of Bitcoin, times the amount of BTC in circulation. Now, you might speculate that there currently is a minority of investors/buyers who perceive the value of Ether to be more than others, and that these are somehow able to set the tone for the pricing, which would mean that the price would be more than it actually is. (And if you then were to take a short position on Ethereum, you would become a wealthy person, given that you have something to invest in that venture.) But at the end of the day, the market cap is representative of what the (tone-setting) buyers currently perceive the value of the cryptocurrency to be.

Every single Ethereum stakeholder believes that their Ether is worth its price, or more. Otherwise the would sell it, the price would drop slightly, in theory, and the same proposition would be true once again. If a Goldfinger attack against Bitcoin causes the price to rise 100% or more, then each Ethereum stakeholder will by that time believe their Ether to be worth that much as well.

Please, if I'm overlooking some advanced and profound mechanism that makes this proposition untrue (and I am admittedly not an economist), do correct me.

Yawn

seems the topic creator is too ethereum obsessed, ignoring the math, avoiding scenarios that go against his ethereum adoration preference..
if maths, logic and common sense wont convince him. he will always fail at investing no matter what currency he chooses to hoard

when he one days comes around to reality to realise the true hardware/electric cost of securing ethereum vs cost of securing bitcoin. he will then learn that ethereum is the at risk currency

Simply - No, Stupid, and Laughable. What would happen is they'll have one successful double-spend before the network of full nodes push them OUT.

PLUS they'll simply notice that they would actually be paid in Bitcoin if they merely mined honestly. Welcome to the Bitcoin community Ethereum Stakeholders.

 8)

Yes, you are talking about the potential that the actual honest miners will make a (temporary) soft fork on order to make the original chain overtake the "attack chain" once again, right? That's a very valid point; it could certainly happen.

But this effectively still requires a rethinking of the Bitcoin protocol, namely if the defense against a Goldfinger attack is to always soft-fork back to the original chain. And then one in theory has to determine exactly what reorgs constitute an attack, and what reorgs are just normal activity on the blockchain. Otherwise the community might disagree on a particular decision, which could thus cause a hard fork.

If Bitcoin defines a specific threshold for what is an attack and what is just a normal reorg, however, then this opens up for the possibility that the 51%-attackers can target this exact threshold in order to cause disagreement on whether a certain chain is invalid or not.

The only way they can resolve this will then be by implementing a protocol for voting on which is the valid chain. They can't use PoW to distribute this vote, however, since the attackers might control the majority. So if they want it to remain decentralized, they have to opt for something like PoS instead.

So it seems that this line of thinking will eventually lead back to the question of this topic as well: Should Bitcoin adopt PoS in some capacity in order to mitigate this attack vector?   

[deleted]

Edit:
@franky1, I'm sorry that you don't think I'm listening to you. I don't think that's fair of you at all, and I honestly don't think you do either. I have addressed almost all your points so far, except the point about the arbitrage market. I'm listening to your points, asking whenever I find something unclear, and trying to provide some counter points, which is what is expected in a discussion. You can simply expect me to take your word for anything outright.

In terms of the arbitrage market point, I'm afraid I also don't quite follow you here. I'm sure you might be right that the price of Ethereum might be determined by the arbitrage traders. But why does this inflate the price of Ethereum? Doesn't that just mean that the arbitrage traders are relatively determined in their regard for the value of Ethereum in relation to the value of Bitcoin? (Edit: In other words, are the arbitrage traders not just the tone-setting traders at the moment in terms of determining the price of Ether?)

I also need some clarification if we are to continue with the discussion about the supposed lower threshold on the Bitcoin price. Am I understanding you right that you are saying that the price of Bitcoin is dependent on the work it takes to mine a coin? And if so, do you not agree that Bitcoin investors potentially thereby have a complete money machine?

Not really, as it's pretty straightforward to determine: Does the chain include an adversarial double-spend? Reorg. No adversarial double-spend? No reorg.

Obviously actually pulling the hashing power to trigger a reorg would be no small feat in itself, but determining whether the chain is "honest" or run by the attacker is rather trivial.

Hm, maybe you are right..! It actually does sound quite simple when you put it like that.

It sort of brings into question why we bother so much with consensus mechanisms at all, then, but still...

... Yeah, so maybe a mitigation strategy could simply be to add to the protocol: 'If a chain is the result of a reorg that has allowed double spending, then it should be regarded as invalid.' Could that work?

Ideally you should then also roll out an update where miners can vote to declare any new contentious chain invalid.

... Well, but then in theory, we still have the problem that 51% of the miners might be compromised, if voting is distributed according to PoW. So the voting power still has to distributed some other way, doesn't it..?

Edit:
How about this: The vote in such a case is not distributed to the miners, but rather to the investors, who pay the miners (and other bitcoin owners) for their coin. Could this principle be enough to prevent a hard fork?

Circling back a bit, because I just noticed I never got around answering:


1) Who says they aren't? (buying politicians, I mean)

2) Bitcoin and Ethereum investors haven't used their money to attack each other's network either. That is to say, I said these examples would be probably cheaper and more effective than the attack scenario you describe. They're still bad ideas, just slightly less bad.



Because in the end you still need consensus on where the coins of a transaction should end up.



No. Double spends are not detectable on a protocol level. They also don't need to be. But they are pretty obvious to outside observers, e.g. non-adversarial miners that could then direct their hashrate accordingly or exchanges that would ignore the double spends until matters are settled.



PoW is the voting power.

But any merchant, exchange, counterparty that an adversary would transfer coins to can just ignore whatever looks like a double spend. In the end the coins will end up either here or there. If an adversary gains nothing in return (e.g. by exchanging coins for another currency or goods and services), all they do is send their own coins in circles.

Put differently, the moment you start a 51% attack, your adversarial transactions will likely get detected and ignored (again, outside the protocol. on the protocol level the coins will end up either here or there, but that doesn't gain you anything if your counterparty doesn't honor your transaction).

The moment you're not running a 51% attack... you're simply a miner that could spell trouble. But you're not actively hurting the network itself.

In the end it would be just like that Bank Heist sketch by Key & Peele:
https://www.youtube.com/watch?v=jgYYOUC10aM



There's already a mechanism for that, though maybe not as you imagine: A hard fork resulting in two separate coins, with the market deciding which coin is the more valuable one.

The more extreme example of this may even sound familiar to you: Abandon all principles of decentralization and somehow kludge a rollback. Not something I'd personally like to see, but amazingly even coins that pulled tricks like this have done pretty well.


---


One last thing, maybe it's been brought up before, but it seems rather relevant:

At the heart of the attack scenario you describe is the assumption that Bitcoin and Ethereum investors are mutually exclusive groups with purely adversarial incentives.

I don't think that's the case.

While most investors will be more exposed to one coin than the other, I'm pretty certain that almost everyone in crypto has a stake in both coins, especially whales. Accordingly I don't think any one side would have much of an incentive to strike the other, even assuming that an attack in either direction were feasible.

priceof bitcoin dependant on mining?.. no
dont confuse PRICE with value/premium

lets translate it to another commodity.. lets use milk as an example

lets say 2litre of milk costs at the farm $0.50 to produce(mine) at the most efficient farm on the planet
last year there were 2x more cows so was $0.25.. and in 2021-22 before inflation was about $0.15 minimum global cost to produce at globel efficient farms

now lets say the most expensive farms on the planet at a cost from the farm of
2021-22 $0.75
2022-23 $0.95
2023-24 $1.45
2024-25 $3.00

now this is the costs at the farms around the globe.. current production range of $0.50-$3

now knowing that the retailers then resell milk to the general public from different sources and may have freeze dried some milk from earlier supplies
what price range do you think RETAILERS(exchange users) would want to sell their milk for today in 2024

do you really think they want to sell it for <$0.15 of 2022's min cost today.. or would they see that no one can even produce milk in 2024 for less than $0.50 and set that as the benchmark as even current producers cannot produce for less so so it currently retails for $0.60-$0.75 with a potential that it could reach $3 if there is a economic event next year

lower threshold value is $50k(bottom support barrier) but the market PRICE is $60-$75 this year with potential to go to $300k next year if a ATH pump even occurs

I wouldn't pretend to know what the ultra-rich do to grow their fortunes. But keep in mind, if for instance Ethereum grows by 200%, then all the investors will see that growth including the small ones. Those could easily make up more than 5%, couldn't they? So even if we somehow assume that the very rich will just shrug at an opportunity to grow a part of their fortune by up to 200%, there could still be plenty of Ethereum investors who are willing to participate.



Yes, there of course still needs to be an everyday consensus mechanism, you're right. It seems that we are both thinking more about what potential fail safe mechanism Bitcoin could have (if any) in order to mitigate the effects of an attack after it has happened, and somehow getting a consensus to ignore the "attack chain."




Yes, that was also what I was getting at: Could Bitcoin survive unscathed by an attack without implementing any fail safe mechanism other than the fact that 'new investors wouldn't want to buy into a blockchain that is the result of a malicious reorg?'

I've come to think that there is a problem with this strategy, however. I fear that there could easily be times where double spends are not easy to detect. Not for long-range attacks, of course, but if the attackers deliberately targets the very edge of the current confirmation period, and thus try to hit exactly the threshold for when a reorg is considered normal activity and when it is considered malicious, then this could cause disagreement about whether a chain is invalid or not. And without some predetermined voting system, this could result in a hard fork. What's more, the attackers (backed by Ethereum investors) could also try to drum up hubbub by pretending to be disgruntled traders on both sides of the argument, who each claim to be the victim of a double spend (or nullified spend) if the other chain is declared as the valid one.

As a new investor, it might become hard to determine which chain is the "non-malicious" one. And as a result, we might get a hard fork of Bitcoin in the end after all.

As far as I can see, a much easier solution would be to just implement a fail safe PoS system to determine which is the valid chain in such a case. It wouldn't require that much effort to implement, compared to how much money is on the line. And it would also only be a soft fork to the Bitcoin protocol, presumably, since if one of the chains is unambiguously declared the invalid one, then the miners will stop working on it at some point, even the Ethereum-backed ones. What do you think?



No, this point has actually not been brought up so far. It's a good point. However, if the Goldfinger attack truly only requires a fraction of the investors in order for it to be profitable, then it might still be a possibility. Especially since there is also the risk that investors who wants to participate in the whole "venture" can then simply start moving their assets from Bitcoin to Ethereum in the lead-up to the attack. This movement might then also cause the value of Ethereum to grow relative to Bitcoin already, but this would only aid the would-be attackers.

That's a quite naive understanding of the differences between both consensus methods.

PoS is a bit of a circular logic: consensus determines stakeholders, and stakeholders determine consensus. I hope you know about the Nothing-at-stake problem. The root of that problem is that in PoS there is no way to determine objectively in a decentralized setting if a certain entity is "staking coins" and has thus the right to be a validator. For this reason, you have to be sure that the node you connect to when you re-sync the chain has the correct information. This is different in PoW (see below).

Empirically it seems that PoS blockchains have stood the test of the time and "just work". This however doesn't mean that the Nothing at stake problem has been "solved". Instead some mitigation strategies, including BFT principles, were applied which make it more difficult to attack the PoS consensus. But the problem is: These strategies depend on a certain grade of centralization. Weak subjectivity means approximately: If everybody agrees that the nodes by the Ethereum Foundation and some big exchanges are authoritative for the state of the blockchain, then most nodes will follow their nodes and we have a stable "state". So it "looks" like the chain is safe.

And still, as the consensus lacks objectivity, it is not impossible the find a loophole to attack. A complex attack involving hacking of the servers of "authorities" like exchanges and foundations and perhaps even identity theft (imagine Vitalik's node and his social media accounts being hacked and luring users to the attack chain) could reduce the cost of an attack to a fraction of 34% or 50% (depending of the attack's goal) of the staked coins.

In a PoW blockchain, you don't need to trust other nodes. If you are eclipsed for some time by an attacker, then you may think for a moment that you are following a wrong chain, but as long as you are not 100% eclipsed (which is nearly impossible) and can connect to at least one node with the real "longest" chain, then you're fine. In PoS, you need to find an authority.

We could argument for example, with the same validity than your assumptions about "Ethereum attacking Bitcoin", that Bitcoiners could fund an AI to discover loopholes in the PBFT PoS mechanism of Ethereum and attack it in a similar way I described above. ;) Is this case contemplated in Ethereum's security policy? ;)

In the attack I mentioned you wouldn't know who is a legitimate stakeholder and could vote. Thus every time the blockchain is attacked a hard fork would have to occur. That's the same as in PoW.

Who would sign this agreement? Bitcoin's CEO and the CTO? ;)

Of course a developer group could prepare such a fork in advance, but that would only be necessary once really such an attack was going on, for example if a smart contract like the one you propose appears on ETH's blockchain and gets some traction. Such an attack would probably take months to materialize. Enough time to create a PoS "final last resort" fork.

Bitcoiners of course would probably first try a Scrypt/some-other-algo "last resort" fork, and such ideas have already been discussed for years (maybe even decades ... I remember the so-called "nuclear option" in 2017, I think there was even usable code). The oh so rational Ethereum attacker group would then have to repeat the attack and waste the same resources again in Scrypt hardware. There may be even more algos to try. And "changing the algorithm" is something that happened a lot of times in the altcoin world, and is thus not really an experimental thing one has to pray that there's a 1% probability that it works :)

No, you are trying to promote a "paper". I'm heavily suspecting from your behaviour that it's a pseudoscientific "paper" to disseminate FUD and try to establish some "PoS is better than PoW and Ethereum will be flippening!" narrative. Prove me wrong :)

The only "novelty" your "paper" offers (the rest is only "with much money you can 51% attack bitcoin" - even Satoshi knew that) is that you claim that Ethereum owners could profit from the attack, but you have not apported a (falsifiable) hypothesis to back this claim. And I don't see a question mark in your thread title either, which would be the way a serious researcher would go if they wanted to start an open-ended discussion. This post (https://bitcointalk.org/index.php?topic=5504373.msg64377749#msg64377749) adds to the "strange smell" in this thread.

If I'm wrong and you're really concerned about Bitcoin's security without trying to install the PoS > PoW narrative, you could for example research similar attacks in the real world. There are numerous cases where companies with predatory behaviour tried to attack and kill their competitors. But not all cases are useful. Here I jump to the "market cap" vs "sales" issue.

Your hypothesis that a smaller coins' stakeholders could profit if a bigger competitor is successfully attacked, is based on the assumption that the cryptocurrency market works like a market of goods (say: apples) where sales are the figure to analyze. This means: there is a "static" necessity creating a demand, which is fulfilled by several competitors with a certain market share, and if one of them sells less, then the others normally sell more.

The crypto market however doesn't behaved like that historically. The "competitors" are often dependant one from another (one crashes, the others crash too, or vice versa). And there are also other products outside the crypto space (gold, stocks, bonds, "speculative assets" in general) partially covering the same demand. This means that while a "market" exists, if one competitor loses market cap, other coins in most cases do not benefit directly from that. Instead there is a very complex interdependence with dependencies to the outside world (e.g. vs the bonds market via the interest rate). And the market for strange reasons in some years contracts 70% and then again expands 500% ...

You would have to find cases in the real world where a similarly complex market exists and then such a predatory attack was successful, to support your claim.

Let's continue speculating in this direction. Imagine a ETH->BTC attack occurs. How can you prevent that people flee in extreme numbers from the whole crypto space because trust has been eroded, and instead invest again in what they have invested until Bitcoin appeared in 2009? Then Bitcoin, Ethereum and most other coins would crash.

In addition: If the Ethereum->Bitcoin attack works, then that means probably that also a Solana -> Ethereum attack would work, and I already wrote that the Solana and Ethereum markets are more similar than the BTC-ETH markets.

I can also imagine Bitcoin holders invested in also Ethereum (not a rare case absolutely, see HeRetiK's last post) in the case of an ETH whales ->BTC attack push an Ethereum competitor to harm the ETH whales. Bitcoin holders would then be selling their Ethereum (crashing it) and instead buying Solana. Solana in this case could emerge as the winner surpassing ETH's market cap, and if the ETH whales having tried to attack BTC would score huge losses. If the ETH whales due to this failed experiment would have to stop their BTC attack then even BTC could recover, and ETH would be the only loser.

Perhaps slightly, but in the PoW/PoS comparison it isn't relevant that the market is similar to a "sales" market of goods with exactly the same type of demand. In your "attackers benefit from competitor market share" scenario it is much more relevant.

Thank you very much for clarifying this point.

I will say, I'm inclined to believe that this theory might not be fully applicable for Bitcoin at all times due to some differences, namely that bitcoin isn't a consumable or degrading product: When you buy milk it needs to come from the producers, whereas bitcoin is a finite and non-degrading resource. Also the cost of mining depends on how many miners there are, as opposed to producing milk. (Edit: And in fact, the amount of produced bitcoin does not depend at all on the number of "producers.") But it does seem that the average transaction volume is currently not much larger than the mined bitcoin, so maybe you are right that this theory is roughly applicable at the moment.
(2nd Edit: My mistake, the daily transactions is currently around $15B, meaning that only around 0.1% of the traded bitcoin are the newly minted bitcoin. So never mind, I don't believe that the theory is applicable here at all.)

Let me then ask you, in regards to the topic of this discussion, do you then think that a 51% attack wouldn't cause any severe damage to the value of Bitcoin? Not even in the scenario where the attacking miners can keep making as many long-range attacks as they want once they have already paid the CapEx, i.e. as long as the price of Bitcoin stays afloat?

Just as another thought experiment would be how much would it cost to get enough ETH while people are selling theirs to do this to launch your own 51% attack on ETH.

The fact that there is no real work involved just having enough money to buy enough of a specific coin has always been a weakness of all POS coins.
And now that there are ETH ETFs there is an incentive for people to be able to short the ETFs if they think their value will go down.

Think about it, get enough funds to buy the companies I discussed above that host a bunch of the ETH staking nodes, while simultaneously buying ETH and spinning up your own nodes and then a simple 51% attack against ETH.

-Dave

I think you are right, at least in principle, about this problem with PoS. This also mirrors my original concern about PoS, it sounds like, namely that earlier stakeholders can just make a long-range attack by creating a seemingly legitimate chain. And you are right that they could in principle try to flood (and/or hack) the network in order to actually convince other users that their new reorganized chain is actually the honest one that has been used all along.

However, since traders are actively following the ledger, and since a part of the community is following the ledger as well, I think this might be nearly impossible to pull off in practice—similarly to how the Bitcoin community would also easily be able to at least detect the long-range attack, as I'm currently discussing with @HeRetiK.

But you're right that Ethereum has flaws and vulnerabilities (e.g. the whole DAO mess-up). And you're right that any opportunistic Ethereum stakeholders who toys with the idea of a Goldfinger attack would certainly at least consider the potential for Bitcoin retaliating in one way or the other.

If the Bitcoin community chooses to rely on this fact, however, it would technically mean relying on the belief that Ethereum is vulnerable in order to feel safe that Bitcoin is not.

I think you misunderstood me: I was talking about the field of IT Security in general. Here it doesn't work to only think about what is the most likely thing to happen; you need to speculate at least a bit beyond that.;)

Well, your not wrong in that I am trying to promote my discovery, and hoping that it will be seen as an interesting an useful contribution to the field. In terms of "FUD," I don't think you really need to be too worried about that. I'm quite certain that there are ways for Bitcoin to mitigate the attack vector, as long as the community doesn't completely dismiss it as being impossible, and ignores it. (I could imagine that this might only make any would-be attackers more bold, by the way.)

In my preprint, I suggest that Bitcoin might switch to PoS. But as you rightly point out, there's no central authority, and this move could therefore potentially cause a hard fork. Although, if PoW is deemed insecure, then it is not unrealistic that by far the majority of Bitcoin investors would choose to invest in the new version.

However, I've also recently come to think that there might be a middle-ground solution where Bitcoin adopts PoS only as a soft fork. This is also what I've talked about recently in my discussion with @HeRetiK above.

Personally, I don't see why Bitcoin would then want to also cling to PoW necessarily, and to the fact that their users and investors have to continue carrying the daily electricity bill of the miners (ultimately), now and in perpetuity, but that's just my own personal view; you seem to think that this bill is worth it, and I'm sure that there are a great number of other people who do.

ok lets tell you what mitigates 51% attack

a 51% attack just means that 51% of the network is malicious and plans to edit blockdata either in the past or ongoing
which can cause lots of orphans(re-orgs) if the honest network then wins a block and retains its own blocks

so lets deal with the details AGAIN
to be at 51% of the network does not mean 100% control it means equalish opportunity with a slight lead to make blocks. but the other side can also get lucky.. yes this means that the other pools can still have luck to produce blocks faster and orphan the blocks that were the dis-honest pools blocks

the chances of a malicious pool to make for instance 6 blocks in a row before the honest network makes a block to re-org back to blocklist of honest blocks is marginally small. thus for years now many people have had the strategy that for high sat amount transactions being at risk of being re-round and unconfirmed is for services and recipients to wait 6 confirms, as the 51% is more likely to make one or 2 blocks before the honest network gets its block

its like a 600m olympic relay race
if there are 2 relay teams competing. one team that on average runs at 10sec and the other at 9.98 seconds average. its not a guarantee that the slightly faster team will always win every race/every 100m batton passing point in the race.
its also not a guarantee that if its a relay race of passing the batton of 2 competing teams that if one team went back 100m and started again the team would be able to go back 1-6 lengths of 100m and then catch up to overtake the honest running team that always went forward

just imagine it in your head for one second. a relay team where one member drops the batton, has to turn around and go grab it and start running again the team needs to be way more then a 0.02sec advantage per 100m to catch up if they wasted 10seconds picking the batton back up whilst the honest team just moved forward with that advantage


in most cases if dis-honest racers were running for 50 lengths on a different asphalt ring(edited chain) trying to catch up, and none of their blocks are yet to be seen by the olympic officials (network) even malicious miners with their livelyhood at risk will jump teams and want to just race on the asphalt WITH the honest runners

aswell as the wait X confirms if receiving high amount transactions,  there is also the fact that the network wont let any mining pool spend the block reward for 100 confirms. meaning an attacker would need to sustain their block list for 101 blocks to be able to spend their first block win. that means having 100 blocks of their preference be the 'mainchain'

and if they just showed up with race results to the officials that they are ahead(with a list of more then 2 blocks that dont match the honest network), the officials will see the latest block ID of dishonest teams 'previous block' does not contain the ID of the lastblock of the honest list

now its for you to actually not dismiss the math and mitigations of bitcoin risk. and actually run real scenarios of how bitcoin actually works rather then side step things just to promote your bias for ethereum
and not dont be silly and decide to rather talk about "milk is consumable" to avoid the point that production cost is different than retail cost
you went too literal about the word milks to talk about it a consumable rather then realise i was talking about any product has a real production cost and a separate retail price

In theory, a 51% attack on Ethereum would cost > $300B × 50% = $150B. (Bitcoin and Ethereum have apparently just dropped 11% and 21%, respectively, in this past 24 hours.)

And a 34% attack would cost > $300B × 33.3% = $100B.

The stakers would lose that money (in a Rival Goldfinger attack), and they would only be able to gain $300B, and only when assuming that the Bitcoin investors share the costs equally. If not, it would thus take at least 33.3% of the Bitcoin investors to participate in an attack in order to break even in terms of costs and gains. (And for a 51% attack, it would require at least 50%.)

Now, if the Bitcoin investors is somehow able to keep their attack a secret, they would in theory not need to beat 33.3%, but only ~0.01% (in the current moment), which is the actual fraction of staked Ether compared to what's in circulation. But on top of the need to keep it a secret, this theory also assumes that safe guards like described in https://ethereum.org/en/developers/docs/consensus-mechanisms/pos/#finality isn't implemented or doesn't work.
(Edit: Sorry, my mistake! I mistook 33M ETH for 33M USD when I looked up the amount. The amount of staked Ether is currently 28%, not 0.01%. x))

Last but not least, in order for the steal to be finalized for good, the attackers would also need to confuse the Ethereum community of whether the reorg was malicious or not, assuming that the remaining 66.6% of the Ethereum stakeholders would otherwise just revert the attack afterwards. (Edit: Think of what happened with the Ethereum Classic fork.)

For a 51% attack, the attackers would be able to force a hard fork when the "honest" stakeholders revert the attack. But unless again the attackers can succeed in confusing the whole community, the community and investors will know which of the two chains they ought to support, if they don't want to support the chain that actively tries to undermine its own currency.

The problem of most Proof Of Stake networks is the ledger will be open to attacks if there's isn't any check-points implemented. But if there are check-points being done, then the network is reduced to a "consensus" through "ask a friend", and not from the staking of the tokens itself.

I agree with this statement.

I don't really believe that any attackers would be able to actually confuse the Ethereum community/traders of which is the honest and the malicious chain in practice, however. Do you agree with this?

But it's still a valid point, and why some might choose PoW over PoS. However, if PoW truly has this vulnerability that a rival blockchain could profit from a 51% attack, then its not certain that PoW will remain the more favored protocol, and Bitcoin might want to consider a switch as well.

A "51% attack" is actually somewhat of a misnomer. It should actually be called a ">50% attack" if we wanted to be more precise. If the attacking miners controls 60%, 80%, 99%, etc., then it is still known as a "51% attack."

If one team of relay runners runs even just 6/4 = 150% the speed of the competition (in case they control 60% of the hash rate), then the would be able to overtake their opponents at some point, even if they start from a distance significantly behind them.



Ah, something just clicked. Maybe we have discussed two different things all along.

A '51% attack' refers to several kinds of attacks, both in how its executed and how the attackers gain a profit from it. In some versions, we are talking about miners who tries to collude in order to gain a larger share of the newly minted coin for themselves. And you are right, in this case, unless the attacking miners are very cohesive as a group, then it would be enticing for each individual miner to break ranks and join the honest miners.

This is not the kind of 51% attack that I'm talking about. I'm talking about an attack that targets the traders, more so than the miners, namely by rewriting a recent part of the ledger in order to steal bitcoin.

They can in principle steal a lot of bitcoin thereby. However, it is typically assumed that the value of bitcoin would crash as a result, meaning that such 51%-attackers would need to very quickly trade that bitcoin for other assets/commodities in order to make it profitable for them.

And then in a Goldfinger attack, the attack is then furthermore orchestrated by someone with a reverse stake in the blockchain (and I point to the fact that this opponent could in theory be a rival blockchain), which means that in case of a crash, their losses is covered by the gains from the reverse stake. 



I have addressed this point earlier. My counterpoint is that increasing the confirmation period would already damage Bitcoin's utility as a cryptocurrency quite a lot, especially since we are potentially talking months here. And they unfortunately can't extend the confirmation period retrospectively (relying purely on PoW). So they have to extend it continuously in anticipation of an attack if this is their mitigation strategy.



You seemed to argue that Bitcoin's price have a lower threshold that it can never fall below, and that the fact that Bitcoin miners spend a lot of money in the "production"/minting of new bitcoin somehow will always keep its price up. (And your milk example seemed to double down on that claim, unless I am mistaken?) By that logic, Bitcoin's price will rise towards infinity once the amount of newly minted coins drops to near zero, don't you agree?


Oh, I've asked about clarification on this point earlier. Do you mind? Are you really saying that miners are able to sell their minted bitcoin at a higher price than the "retail" market price? Or perhaps the other way around: that the miners are only able to sell it at a lower price than the "retailers," similar to most other real-world cases, like the milk example?

In theory, there are some attacks in POS chains that would make the malicious chain indistinguishable from the honest chain, therefore they need check-points. But the problem - how do you decentralize check-pointing. And for those projects that claim they have, they are hard to analyze.


To find out is simple - Attack Bitcoin. If the attackers are successful with that, then Bitcoin has no right to exist.

firstly if your a malicious pool with lots of hashpower you own to match/beat honest network of pools and miners.. or even if you collude or intice many individuals to collude with you to get hash power.
even if you reversed old confirmed transactions. YOU can only then respend the transactions no longer confirmed if you own the private keys to the funds of the transactions that you edited out of the blockchain that you re-orged.. you cant just steal other peoples transaction value. you can only make their transaction no longer exist by going back. this means its only financially viable to do block re-orgs if YOUR transactions you signed previously and got confirmed to spend with a service, got reversed for you to then spend that amount again..
but you would only be able to do this effectively if you when spending first, received goods or services or another currency to keep that value. to then reverse the transaction to then spend the transaction amount again to double your value.
if you deposited funds into an exchange. and then bought ethereum again. but didnt withdraw it and just had it as exchange database balance. if you reversed your btc deposit tx. the exchange can just change its database balance of the eth to not give you the eth.. you would have needed to withdraw the eth to then not allow the service to react.

this means spending alot first(significant amount worthy of doing a re-org), waiting for the service to accept the amount is settled(significant amount would be 6confirms+), release their goods/service/other currency to you, wait for you to deem that other value type as received and then edit the blockchain to double spend the initial transaction amount to then be edited out the blockchain

this is not something you can do within just a couple blocks of the honest network.

meaning honest network then gets a blockheight headstart of 7 blocks ahead of dishonest pool, which then have to build on to catch up*
this 7 block difference takes time for the dishonest pool to catch up
(reality is if an exchange service does fiat withdrawal from your initial btc deposit you are not only waiting 6 confirms for the deposited to be accepted but then waiting for X time(can be 72hours(432 blocks)) for the fiat to clear your bank on withdrawal request)
(reality is if you buy goods with your initial btc spend, you have to wait for delivery of goods which would be alteast next day(144blocks))

so for you to then go back and then undo- your confirmed deposit/goods spend tx.. you then need to catch up x fold of time

now lets again ask you to do the math using jsut a small headstart
a 51% of honest network(2% advantage) is not enough hashpower to race against the honest network that is minimum 6confirm ahead
work out using math how many blocks it would take before the dishonest network can overtake the honest network

hint if just 6 confirm lead. the dishonest network with a 10% advantage(55% network) would need atleast ~44 blocks just to re-org a block that was initially just 6 blocks behind honest pools when the attack was initiated* and would need over 55 to be then 1 block ahead of the honest pools

* this is just a 6 block re-wind/re-org timeframe with a 10% lead(55% of network)
https://talkimg.com/images/2024/08/06/5vDxP.png

the more blocks a malicious pool need to go back. the more speed blocks it would require to build on from its edited block to then catch up
so if the service had a next day-72 hour goods/fiat delivery time.. the networks catchup time would be multiple factors longer to catch up

what you also find out is during those missing time blocks of dishonest catch-up time. there may be some miners working on that dishonest pool seeing that although it aided in building XX+ blocks for its pool for the pool manager to double spend pool managers funds. the miners are not seeing their attempted blocks ID and previous block ID visibly on the honest network YET, thus think they are running on some altcoin, so they would want to protect their investment, would jump to a honest pool whos blocks are visible

again the dishonest pool wont show results instantly. but would take time to get ahead of honest network to have results seen and the more blocks it has to go back the longer it takes to catch up to show results

run the math

---

as a separate argument about the effect of the malicious pool having on the market price
if a malicious pool were to be winning blocks(half of the blocks) where then the honest pools have competition.. the cost of mining for the honest side and malicious side doubles as they would only be winning half as many blocks compared to pre-attack. thus they wont want to sell at a loss and so the market speculation would be like the hashrate has doubled which is like a halving of rewards per mining pools competing. and so the market would actually want to go up as less would be willing to sell for less

just note how when the hashrate was half as much the bottomline of market value was half as much
(2022 bottomline hashrate tested $15k and now hashrate is X more the market is testing ~$50k bottom)

even the dishonest miners will want to recoup ROI from their investments and not sell rewards at a loss 2x loss and so they too wont want to crash the market and due to the competition on the hashrate causing mining costs to double for the network as a whole, they too wont sell cheap but instead push the market up

im saying if production cost of most efficient asics is $48k/btc COST..  only those at $48k+ would sell at $48k+ to break even/profit. no one likes to sell at a loss

those with higher costs would just retain coin and wait for the market to rise before selling
this causes a lack of supply on the market

also those with coin from say 2012 ($6/btc cost) may have sold to someone else in 2017 at $20k, where that buyer of that coin has a now $20k min break even so wont sell for $6 even if that coins origins had a mining cost initially of $6.. if then the guy that bought the $6 mined coin for $20k then sells that coin to someone else in 2021  ATH for $70k. the new buyer sets their break even at $70k so wont be selling their stash for under $70k
thus although the coin mined in 2012 had a mining cost of just $6 it has a current break even cost of $70k thus wont be on the market when the market price is $50k.. and would be retaining the coin off the market and wait for the market to reach their desired amount..
so again less supply willing to sell at <$50k

i for instance am one of the rare ones with coins still held from 20212($6/btc). however im not ready to sell and no i wont be interested in selling at <$50k even if my initial cost was just $6/btc..
those that do panic about markets more than likely already have sold and as such the new buyer sets the new break even amount

when you look at the mining costs and the coin acquisition costs of coin movements (realised value) you start to build a picture of how much coin is supporting certain price levels

if people are willing to sell at a loss. they probably already have. EG those that bought at $70k in 2021 and panicing in the 2022 $15k price range. if stupid enough to sell at a loss. they already have. meaning the new buyer at $15k+ in 2022+ may have more control of emotion to not sell at a loss.
which reciprocally they would sell at profit only in the $15k-$75k range of 2022-2024. where the next buyer then sets their break even above the $15k range. again strengthening the periodic bottoms of 2023-2024 of $25k- ~$50k

and no..its not about the market being $50k today and people are finding ways to sell coin today for $70k-$300k. its about people setting limits of break even to decide to sell now at $50k today OR hold onto coin because its not yet time to sell, they wait for the market to rise to sell when the market price is right

if people have no intention to sell in the 2024 period of $50k-$70k they wont put their coin into the market, they obviously want to wait for more then $75k before selling so are just holding onto coin and not putting it on the market

then you have to look at the other side of the market.. when there are regions of the planet where it costs $300k to mine (they assess cost before actually investing) they see its not worth mining at $300k a coin and would happily buy coin at $50k+ from the market. which also supports the market and the underlying value because they know chances of getting coin via any market for less is extremely thin, because even trying to get coin via OTC hidden markets of the most efficient mining pools will still have those efficient miners not wanting to sell below $50k today

Yeah, there seems to be no way to do this algorithmically, i.e. with pure PoS. So the system in principle relies on the fact that people, not computers, are able to collectively remember some sort of checkpoints (albeit with the help of computers/servers). And it of course also relies on the fact that stakers/stakeholders won't risk the punishment associated with trying an attack.


Ha, that's pretty cold. ;D

In some POS blockchains/networks, there's check-pointing that's signed by a centralized entity - usually the developers - every X blocks to ensure that that is the real history to be followed.


If an attacker/attackers could be successful in getting more than 51% of the Hashing Power behind him/her/them, AND overcome the network's army of full nodes, then that would prove that Bitcoin has failed and therefore it has no reason to exist.

With 55% of the hash power, it will take, let's do some math: 55% × (6 blocks/hour) × t > 45% × (6 blocks/hour) × t + 6 blocks  <=>  t × (6 blocks/hour) × (55% - 45%) > 6 blocks  <=>  t > 6 blocks / (6 blocks/hour × 10%) = 10 hours.

In an earlier reply, you agreed that a 51% attack from Ethereum could last for several months in principle. (And in fact, if they go absolutely all in on the attack, then it could even be many years, at least in theory, as mentioned in my preprint.)



When analyzing a 51% attack, is it normally assumed that attackers need to trade the stolen bitcoin for other goods/services/currency due to the fact that the value of BTC might crash as a consequence. Is this why you say that they would need to trade to other goods/services/currency?

If so, note that in a Goldfinger attack, i.e. when the attackers believe that any loss of bitcoin due to a crash in its value will be covered by gains due to their reverse stake, then they don't need to trade their stolen bitcoin immediately (in fact, it would probably be better not to, for legal reasons; better white-wash them first by transferring them around between different wallets).

when doing an attack to re-org the blockchain to double spend your funds. each attempt is not going to happen in minutes. i was explaining that you first need to spend the funds and get goods or things of value in  another form to then want to reset the network and remove the transactions existance to then spend it again. this will take not minutes but hours.

like i said if you want to attack the network to get double spend value of any significance services already delay things like deposits and withdrawals via things like X confirm wait or 72hour for bank withdrawals or 1 day to deliver packages. so you have to wait more then 6 blocks before resetting the tx/block

i used a 6 block min as a minimum for simple math.
but if you wanted to sell coin for fiat where its $1m involved you would have to wait 72 hours (432 blocks) and then go back 432 blocks and start from that point and then move forward.. which to then move forward and catch up would be like a 432*9 factor(3888)

by which time those participating in mining these unseen 3887 blocks before they match the honest network. those participating wont see those blocks on the network and would be more then likely prefer to jump away from the malicious pool because for 3887 blocks unseen also means not getting any rewards and also the honest network can still beat the dishonest network where the honest network may not get ahead for many other mitigating reasons.

yes the malicious pool after like 4000 blocks can then do it again. and for months respend a respend of a respend by keep repeating it for years. but again those participating unless they are seeing profits can simply jump to a honest pool in SECONDS

so while you think its a guarantee that a malicious pool with have endless power more then honest pools. what you dont realise is when the dishonest group are persuaded in the dishonest task to raid their eth stake, and buy bitcoin hardware, are more so pursuaded once invested in bitcoin to become honest, due to the lack of ongoing sat rewards per block because they are only getting possible returns of investment rarely and only if the malicious pool achieves the goal

a malicious pool wont reset the network transactions just to respend a coffee cup amount when it involves the risks of the honest network doing counter activities and also where it costs hundreds of thousands per block to do an attack which over 50-4000 blocks adds up to alot that the malicious pool would have needed to initially spend and receive goods from before trying to reset to then spend again to break even per attempt

so unless they are initially buying lambo's/mansions and ensuring the car/house is registered.. or they get $Xm's fiat in bank accounts that cant be cancelled/refunded/returned.. its not worth doing a double spend attack as its not as cheap as you think per attack
..
as for doing it to just win every block or every 2nd block to then spend the block rewards. again if you want to crash the market as a pool manager, you will find your asic workers you incited to be on your pool may want to get ROI on their hardware and instead want to save the network by jumping to honest pools now they are invested in bitcoin hardware and also help the market

..
also you lastly say white wash coins by moving them to different wallets(facepalm)
if you are re-orging blocks then any attempt to move funds gets undone when you the reset the blocks that moved the coins..
you cant just hoard coins and delete transactions because(let this sink in) the transactions is where the coins are.. they are not stored separately in wallets

your wallet does not store coins... your wallet just stores the signing key
if your resetting the transactions your resetting which addresses have the coins

As I wrote in my last post mitigation strategies for 51% attacks were already discussed, like the switch of the mining algorithm. In 2017, for example this was discussed as a last resort action against Asicboost (https://bitcoinmagazine.com/business/breaking-down-bitcoins-asicboost-scandal-solutions), even if this wasn't really a 51% threat but an efficiency improvement with a patented technology many Bitcoiners rejected. This would stop the attack and leave the attackers with worthless hardware, so it would also influence negatively the incentives to carry out the attack. It would harm the original miners, but a change to PoS would have an even worse effect, as they wouldn't even be able to re-use their installations with other hardware (staying in the Bitcoin business).

Bitcoin could even improve with this move, e.g. switching to a then more modern hashing algorithm.

The attackers, of course, can try to prevent (e.g. investing in botnets for a "second-line" attack too) but the costs would increase drastically.

So my proposed mitigation strategy would be:

1) General measure against any 50+% attack: Leave the door open for a change in the mining algorithm. Don't concentrate on a single algorithm like Scrypt, making it more difficult for any attacker to prepare for this event. Perhaps even maintain a fork of Bitcoin code with several other algorithms, so the switch can happen rapidly.

2) Specific measure against a "rival blockchain attack": Identify a third blockchain directly competing with the attack blockchain (in the case of Ethereum being the attack chain, for example Solana, Cardano or Avalanche). So those invested both in the attacked and the attacker blockchain can dump their stakes on the attacker blockchain buying the third chain's coins, reducing the attacker blockchain's value and increasing the third blockchain's value. The third blockchain's whales will very likely not participate in the attack, because they will benefit much more if the attack blockchain crashes and they can get the market share.

3) Extreme last resort: I would not be against just preparing the ground for a fork with PoS (e.g. with a proof of concept or even a testnet "what could happen" if PoW really fails), which would be never enacted. But the possibility alone should disincentive any attack based on supposed specific PoW vulnerabilities. If #1 is a standard nuclear bomb (can be employed in rare cases like Hiroshima/Nagasaki), this would be the H bomb (will never be used but it's advantageous to have it).

I don't know if this sub-discussion is worth pursuing for much longer, unless you are actually claiming that Bitcoin doesn't need to fear a vulnerability because the value will never drop below a certain value. Is this really so?

In case truly you are claiming this, let me give a small example that will hopefully convince you that your theory is not applicable here (nor in many other cases):

Suppose that I am a car factory that produces 1000 cars at a cost of $50,000 apiece, and suppose then that it turns out that there is, say, a security flaw (faulty steering or whatever) that almost kills the demand for the car, and that people do not want to buy the cars for more than, say, $20,000. Then I can't just wait for the demand to magically increase to allow me to sell them for >$50,000 at some point. Instead I will be forced to sell them at $20,000.

The theory that you are using implicitly assumes that there is a static demand for bitcoin; that people have a need to collect them. But as User @d5000 also points out, there isn't.

You are also explicitly assuming that 'the miners can just wait for the market price to rise again.' This is simply false. If the value of Bitcoin was as sure to rise again as you claim, then EVERYONE would buy bitcoin. No. If the demand for bitcoin drops, the price drops with it (since the supply is steady, at least in periods between Bitcoin Halving dates).

I was talking about transfers after the attack. I thought that this was quite obvious, but apparently it wasn't, sorry.

You seem to assume here again, at least during these few paragraphs, that the attackers try to steal a larger share of the newly minted coins (as miners). This is not their objective. Their objective is to steal a lot more than that via trades that they then rewrite afterwards, keeping only their ingoing transactions. (And their ultimate objective is actually to cause a crash of the cryptocurrency, assuming that this is what will happen.)

Think of it as the Key and Peele sketch that User @HeRetiK mentioned above, but instead of their "plot" being to earn a salary, their plot is rather to sabotage the bank from within, causing it to crash, and then get a much greater reward from a competitor.

As a side note, if we dive deeper into this metaphor, then the competitor probably wouldn't try this in real life if it can be traced back to them. This has also been a point that we have discussed a little in this discussion thread: Would the Ethereum stakeholders not ruin their reputation if they did this to Bitcoin? I think it is worth noting here, however, that the attack will in theory only require a fraction of the stakeholders to make it profitable for them, and they can reward the attack anonymously, as I point out in my preprint. So it will be almost impossible to prosecute, first of all, and the majority of the Ethereum community might even be seen as innocent.

This is assuming that the Ethereum community wants to be seen as innocent. But with enough campaign money, and enough time, both of which they have, I personally think that they will be able to convince a large part of the public that a switch to PoS is better; both for security, for reduced operational costs, which the users and investors ultimately have to pay, and not least for the planet, which is a topic that seems to generally be efficient in swaying a large part of the public.

I think that out of all our ongoing discussions, @franky1, this is currently the most interesting: Can the attackers actually steal enough bitcoin that they will be able to make a profit, given that the value of Bitcoin does not crash?

Let me start by pointing out that the daily transactions is currently around $15B. The daily mining rewards (greater than the costs) are only ~0.13% of this, currently. So the attackers would need to account for only ~0.13% of the trade in the time leading up to an attack. And again, since they are rewarded in case of a crash (which is the whole point of this Goldfinger attack), they do not need to keep the USD, or whatever they are trading the bitcoin for (although they could simply trade bitcoin for bitcoin or tokens, at least in principle). They can rather spend the USD immediately to make new trades, then repeat.

if they keep only their own tx. they cant do double spends..
remember they can only double spend their own value they control so if they are not reversing their own transactions then they cant double spend
also by reversing other peoples transactions they cant then take control of other peoples. because the malicious side does not have the key to sign the fund of other people. so in no way can a malicious side steal funds by reversing other peoples transactions.
emphasis a double spend is only able to happen by the malicious side reversing its own transaction and then re-spending their own value

to which i explained to achieve that the people in the attack need to convert their btc to goods/services/other currency. receive those goods/services/other currency in a settled final manner.. and THEN they can undo the blocks containing the transactions they want to reverse knowing they already have the value settled in another form(goods/fiat/altcoin). to then know when the btc transaction is reversed they can then respend the btc again to a different recipient.. to double spend that same btc


its not about "crashing" its about the method to double spend btc successfully via block re-orgs

you keep avoiding one point by presenting another point to attempt to evade running scenarios to find out your first point falls flat. you have done this many times now.. evaded one scenario by trying to play dumb and try to raise another scenario to then evade that scenario by taking it in context of another scenario

so lets make it clear

if your only scenario result you want is a market crash attempt, lets fully delve into that scenario
firstly when adding another 50% of network hashrate. it means the honest network has double the competition. AND EMPHASIS: half as much reward and double the cost of mining due to higher difficulty due to the competition..
this pushes up the basic value:premium window which then causes all those assessing the acquisition methods of btc to then have a higher speculative price expectation which means all those wanting btc would be more willing to buy higher and the sellers wont sell for less but instead only willing to sell for more.. this would cause the market to go UP

as for you saying about re-orging blocks to then mess with the market to crash it.
to be successful with that when the malicious pools deposits coin into an exchange. it has to wait for the exchange to deem the funds are settled with them (6 confirms for any significant amount deposited) the malicious users would then have to waste their deposit balance on orders to force a crash. and then remove the other currency to then re-org the blockchain to undo the deposit. so they can then do it again
however exchanges will notice these tactics of re-using a utxo thats was previously spent, and just block/ban users thus avoiding users abusing their balance database and market orders
also as said to do this, they cant just respend the same utxo every block by doing re-orgs every block. as i explained they would need to go through a process of delaying a 51% blockchain attack by ~50-4000 blocks to play each round out to then re-do it again.. by which time even the invited people to the malicious pool whom bought into bitcoin hardware will see the negative affects actually hurt their investment and they can within seconds jump to honest pools. where by it takes a malicious pool multiple hours/days per attack round

however in a ethereum attack the custodian of stake can manipulate blocks whereby the stakers wont counter it, because the stakers funds are at risk(the penalty) and the stakers cant simply jump to a honest custodian in seconds because it takes a day to de-stake. so the risk of a dishonest custodian on ethereum is far more harmful to ethereum users than a bitcoin attack is to bitcoin

if you want to delve dep into a blockchain attack to effect a CEX market you really need to learn the difference between the blockchain transactions which are not the market price orders vs the CEX balance and market order databases which are not the blockchain
then run scenarios on whats actually involved in doing an attack and how things operate

dont just side step things simply because it doesnt appease you hopes that people simply dont say ethereum is king
instead learn the mitigating factors of reality and realise bitcoin has alot more strengths than ethereum does

like i said if you are attempting to re-org the blockchain in a 51% attack to double spend funds to continually crash the market. you need to learn how the delay of the confirms. the length of "catch up" time and also the mitigating factors a CEX can put inplace in regards to its balance and market order database and services decisions all are factors
its very easy for a CEX to keep a log of the UTXO's being spend as deposits. and then ban users that try re-using the same UTXO even in a block -reorg situation

aswell as if those now highly invested in bitcoin hardware wont want to lose their investment. they would soon realise that being malicious harms themselves more, they would quickly jump away from the malicious pool and join the honest side to protect their own value now invested in bitcoin
...


heres where you go wrong
if there is a real world physical limit of material cost across the globe that the cheapest new car on the planet can be built for is $50k in q3 of 2024
it doesnt matter that people prefer to want a new car for $20k.. they wont get it. car dealerships wont sell a car at $30k less than material cost.. thats just bad business
what you find is that there is across the globe a different material cost of manufacturing cars of $50k-$300k dependant on region and so if there is a low demand for new cars or where people want to pay the least possible.. the MARKET price will be around the $60k-$75k for most of the period and occassionally try to test the bottom of $50k where only those in the special regions willing to sell AT COST of lowest COST are still selling
when demand rises then the price can go premium upto $300k

yes if no one buys any cars, then the manufacturing gets affected and slowsdown(hashrate drop) where the material cost could go down due to less demands of materials(less asics) thus the cost can go down, which could then cause the dealership(market) bottom to go down. but this is a lengthy process in of itself

but there would need to be some fatal flaw that stops all trades and causes manufacturing to drop its material cost competition

Great posts here and there are some more variables that must be considered. Hash rate fluctuation! Bitmain aims at producing around 50,000 to 100,000 ASICS per month. I am not going through all the devices and provide the numbers for $/TH, but this is an overview I think suffices to sum things up.

https://talkimg.com/images/2024/08/07/5VfsD.png

It seems as if it were easy mathematics to find out how many miners someone needs for a potentially successful 51% attack, but in reality there are fluctuations of over 60%.

https://talkimg.com/images/2024/08/07/5Vy9f.png

How many miners is an attacker going to order and how long will the consortium of attackers wait? How are they going to stay anonymous when they make the biggest order of ASICS in human kind history? How will that go undetected and not allow the Bitcoin dev team to respond to the inbound attack? What interest does Bitmain have to produce enough ASICS such that an entity can destroy their most important customer network - aka bitcoin? What would Bitmain say if someone walks in and says they need 1.1 mil. miners (S21 Hydro only)? A hash rate spike could destroy the plans and the attackers either need to wait (which they most likely can't afford because the message will be out) or they need to order more miners.

It was also said that 50,000 to 100,000 is ambitious and this refers to all models across the board. I have now taken the fastest ASIC in my example. The attack would cost around $8 billion in hardware only. While someone might argue that the cost would go down due to requested large scale production, you could as well argue that the cost will go up because ASICS involve rare resources and in this case demand might actually drive the price up.

It is not feasible in my opinion. The logistics would be unbelievable. How would it even be set up? Where? Pools are called pools because they pool hash rate from all around the world and demand for electricity is distributed. In this scenario an attacker would have to set up the whole infrastructure in one hidden place. How would sufficient electricity be provided? How long would it take to set up the operation and what is the chance by the time it is set up that the miners aren't getting closer to obsoletion and more miners would be needed to make up for increased efficiency in newer devices?

Can't really add anything so belatedly, franky1's response, while not exactly the scenario I had in mind, describes just how complex it would be to even mount such an attack. The preparation, the sheer breadth of collusion -- word would get out before they could put the resources in place, and the moral Ethereum devs and nodes would ensure a quick abortion.

But yes -- even if they succeeded, as many people have already considered (I remember Antonoupoulos describing the aftermath of a potential attack very well many years ago) -- a reorganisation would undo the attack. Remember, success isn't one single 51% attack to create an altcoin. Success means also convincing everyone else the altcoin is the one everyone would follow. Colussion also involves conversion.

Economically non-feasible is vastly underestimated.

It's a good point. I personally think that this is one of the strongest arguments against the possibility of a "Rival Goldfinger attack," especially if you also the point that a part of the public might take Bitcoin's side, being the victim of the attack, and think negatively about Ethereum.

To the latter point, it is worth noting, however, that an attack might only require a fraction of the stakeholders of Ethereum. And they can potentially do it anonymously, as I point out in my preprint. So a majority of the stakeholders might look to have their hands clean. Furthermore, as I also said in a recent reply:


Now, to your point about the price of Bitcoin and Ethereum being correlated, you are first of all right that they are. And you mention that this is because they partially cover the same demand. People compare investing in crypto to other markets, like how they are comparing investing in precious metal to other markets. But this doesn't mean that if, say, gold all of a sudden loses its value/demand (imagine that all gold turned radioactive all of a sudden, or something like that), then silver wouldn't increase in value. No, it likely would.

And similarly if Bitcoin was out of the picture, investors would turn to some of other options whenever the choose to invest in crypto.

Also, regarding the trust in crypto, if only PoW has this vulnerability, then as long as investors are aware of this, there's no real reason why they couldn't still trust PoS blockchains (assuming that they already do).

I like these points a lot.

I find your second point particularly interesting; that's a very creative idea. If the Bitcoin investors can truly identify who's behind the attack, then they can in principle choose, if there's enough cohesion, to just migrate to a third coin, rather than to the attacking one (Ethereum most likely). I think you're right.

And you are also absolutely right about your third point; this might very well help deter an attack.

You seem to assume here that the 51%-attackers needs to make only one replay per reorg. But in fact they can make several replays per reorg:
Suppose Alice trades 1 bitcoin with Bob for some tokens or some USD, then trades that for "another" bitcoin from Claire (meaning that Claire's ownership of the coin isn't dependent on the first transaction with Bob), then trades that bitcoin away again to Doris, then buys "another" bitcoin from Eric. And suppose that Alice is then able to rewrite this recent part of the ledger afterwards. Then Alice can keep the transactions with Claire and Eric, i.e. where a bitcoin is transferred to a wallet of Alice's, but replace the transactions with Bob and Doris with two other transactions where the bitcoins are instead transferred to two other wallets of Alice's. At the end of this, she will have 3 bitcoin in 3 separate wallets: the one she started with and the ones from Claire and Eric.

And she could in principle have kept repeating this process (before rewriting the ledger) as many times as she can find traders whose ownership over the traded bitcoin isn't dependent on earlier trades with herself (i.e. she can only replay each single bitcoin once).

Now turn this example into Alice instead being a great number of people, who are backed by billions of dollars in total to do this attack.

And furthermore consider the fact that it is typical to see around $15B being traded each day. (And again, you agreed that Ethereum investors could in theory afford an attack lasting for several months, once they've paid the CapEx.)

And like I've said: the confirmation period unfortunately cannot be changed retrospectively, at least not with pure PoW.

It's not fair of you at all to say that I'm evading this economic discussion of the supposed lower threshold when we have discussed this very topic for quite a while now, and you are even quoting my latest reply in this discussion in your very same post. (!) How on earth is that fair even one bit?

I've been very keen to try to answer all your points, and I'm not trying to evade them. If you at any point that you feel like I've skipped one of your arguments, please just point that out (e.g. by posting that I've missed that point and just quote yourself), and I will answer it.



Well, this is exactly what we are talking about in this topic: If it turns out that Bitcoin has a fatal or near-fatal flaw that makes it vulnerable to a particular kind of 51% attack, then its price will drop severely.

Maybe I went to low with the prices in my example, so to really underline the point, imagine instead that the cars cost $190k to make, and it turns out that their motors have a risk of exploding, or something like that.

If it turns out that there is an attack vector on Bitcoin where attackers can keep stealing money and profiting as long as its price doesn't crash, then Bitcoin will crash (i.e. unless the attack vector is mitigated). You have to agree with this, don't you?

(And if you do, then we don't really need to discuss this specific topic anymore in relation to the overall topic of this thread, even if we still disagree on some points: We could do that in another thread.)

lets get serious about your analogies
if cars cost right now $50k-$300k to build, due to underlying material cost
by having another car manufacturer join creates competition and takes away some material meaning the material cost increases

yep just the increase of hashrate alone due to ethereum users switching to mine bitcoin will cause the underlying cost value:premium to increase
this then makes the retail/dealer sell cars publicly for more

yes if there was a fatal flaw that explodes engines or makes miners defunct to cause hashrate to drop. then yes this can also cause the underlying value to drop and thus the market price to go down when the public stop demanding bitcoin

however a ethereum group cant change the network just by having control of blocks. they still have to obide by the design of the network, if they tried to design a new algo that had a flaw. they would just create a new altcoin. and it would be that altcoin that fails(explodes)

bitcoin has had 15 years of safety checks of the main safety features, heck even satoshi himself left a p2pk address with some bitcoin on it that is in a re-used address thus leaving some data leakage of keys. and no one has been able to steal satoshis coins from the known address he send coins to hal and sent coins back as change

so trying to imply that a ethereum group can steal other peoples coins is a sign you have not researched bitcoin nor its risk mitigations and instead you just want to keep dreaming scenarios hoping someone will kiss you and tell you ethereum will be king,. becasue you evade actually going deep into wanting to truly know about bitcoin security and features that protect it. you instead change your attack scenario to try to pretend there is another way to do it

you need to realise in the many many months pre-atack the ethereum group shift over to bitcoin they would work as honest miners whilst they wait for leadership announcement. and then even when ethereum leadership announce an attack date. the result would be that the attackers would be working on a blocklist that is not visible to the honest network for multiple blocks and is not guaranteed to take over the honest network and pursist
also the attempt to re-spend old confirmed funds would only be worthy if the value involved was significant, to which services would log which funds are being undone and mitigate the user re-spending those funds

there are many mitigating circumstances and features and economics at play, even things like a pool needs to have their block visible and unorphaned for 100blocks before they can spend the rewards. however the honest network can reject the malicious pools blocks by simply not accepting the blocks that dont have the previous hashID of the blockheight
EG
if malicious pool started a (backward 1 block re-org) attack at block 850,000(editing 849999) but only got to catch up at block 850,070,
(meaning honest networks hash ID chain of 849,999->850,070 wont match the malicious pools hash chain of 849,999-850,070)
the block 850,071 that gets ahead and is published to the network from malicious pool wont have the 'previous hash id' of the honest networks version of 850,070 so the honest network would reject the malicious pools 850,071

Thank you, and thanks for your post.

You are right that all that would probably be infeasible, especially when you are assuming that the miners have to be anonymous.

But first of all, in order for the Bitcoin devs to respond, they need to find a way to respond. They can't exclude the attacking miners, so it seems that they would have to hard-fork to PoS, or something to that effect. (There is currently a discussion about what steps they could take to mitigate an attack on this thread.)

The also don't have to fear being discovered for legal reasons, it seems, since they are not doing anything legal in the lead-up to the attack, and not in carrying out the attack itself, arguably (see the discussion above about this topic).

Now, they might not want to reveal their intentions to their suppliers, as you point out. That is a good point. But at the end of the day, how can the suppliers really know what their buyers are up to and/or who they sell their ASICs to? Will they really make their customers sign a contract not to participate in a 51% attack, and would that even work?

Also, let me just quickly point out again, that the Ethereum stakeholders can buy/bribe existing mining farms. This proposition has apparently been dismissed so far in this discussion thread, almost as if 'honest' is a predicate that "sticks" to you as a miner, which seems odd to me, especially when the whole concept behind PoW blockchains is that the miners 'behave selfishly.'

I'm not sure that the Ethereum devs would necessarily try to prevent something which might force Bitcoin to switch to PoS. And even if a majority of them will want to abort/revert an attack, doing so will undermine Ethereum's own purpose, since Ethereum has no agreed-upon obligation to save Bitcoin in case of an attack. So even though they could abort/revert a smart contract rewarding a Goldfinger attack if a majority of the stakeholders also agree (otherwise the devs are powerless), unless they are required to do so by law, it would undermine the freedom of Ethereum.

Furthermore, since the non-participating stakeholders also stands to potentially grow their assets by perhaps as much as 100% or more, it's hard to imagine that they would actively vote for a soft fork/hard fork preventing this.

Now that I've thought about it, I think it might be dangerous for Bitcoin investors to switch to a third PoS coin (fully or partially) as a solution. The danger is that if they are not extremely coordinated, the first investors to buy the third altcoin might get them for cheap whereas the last ones to move will have to pay a lot more BTC for them. This could cause a great shift in the wealth between the individual Bitcoin investors.

It would probably be much better to them create a brand new PoS coin and simply copy all the wallets and balances from Bitcoin to that one. Note that this is similar to making a PoS hard fork of Bitcoin in practice. Afterward the investors can trade the new coin in order to establish its value compared to Bitcoin (the PoW version) via the normal market forces.

What do you think of that?

Good, at least we agree on that, then.



We are not talking about them changing the algorithm. We are talking about replay attacks (steals).



This is simply false. It is not only widely accepted that replay attacks can happen (as long as the attacker has the money/power to do it), but they have also happened in reality to smaller PoW coins.

Somebody else, please back me up on this.




Here you are ignoring/not considering this earlier reply:
And you are ignoring/not considering my earlier point that when the attackers profit from (or believe that they are profiting from) a crash, they don't have an incentive to keep any other assets/products, but can keep their stolen bitcoin after the attack. (It's a win-win: Either Bitcoin keeps its value, and they get rich, or it crashes, which is what their benefactors are trying to reward.)




This idea goes against the principles of PoW. [deleted]
Edit: That is not to say that this idea couldn't work, but you have to agree that it would be a departure from pure PoW?

i did address it
i already said the mitigating factors YOU missed
EG before alice trades with bob on the market, alices deposit goes into an exchange (so i presume you are calling the exchange bob) and needs X confirms (significant amount is usually 6confirms)

so the exchange(bob) would then have the coin
now alice then exchanges the usd in another exchange for more bitcoin
but that involves moving stablecoin of usd to a different exchange(claire) so that your held value is safe from not being drawn back by bob(no longer in bobs exchange database balance)
this again means waiting time for funds to clear for clair to then trade
repeat a couple times with a few more exchanges(doris, eric)

and then you want to re-org a old block where you deposited with bob(exchange) to make that A->B transaction disappear

well you are now going to have to go backward many many blocks. re-do that block. and then have to catch up with the network again and over take it and hope the other nodes accept your new list
even with a 10% advantage(55% attack) and only re-winding 6 blocks, it would take like ~50 blocks to catch up
so play out your time frame to just do a bob, claire, doris, eric trades.. and realise you would then need to go back a heck of alot more blocks and edit the block containing the alice-bob trade

so run the scenario and do the math

..
also you state the $1.5B traded each day
you can rewind a block and that makes YOUR transaction ge undone so you can re-spend YOUR funds to a different destination.. but yo dont have the keys for the other users transactions to change their destinations to you. you cant steal other peoples funds so you cant control the other $1.5b transactions
like i said if you wanted to perform an attack then you need to run the scenario out properly and consider the mitigting circumstances and whats actually going to happen based on real things, not the fantasy results you made up and hope people will agree with

if you made a transaction where you deposited $1b and traded it for USD and then withdrew it via wire transfer, you would have to wait 72 hours atleast for the banks to clear it meaning a minimum re-wind time of ~450 blocks and the a catchup and over-take time of THOUSANDS of blocks

Well, I think you are still forgetting about this part:

In reality, "Alice" could be a great number of people, all making these kinds of trades at once. Since the transaction volume can easily reach $15B (not just $1.5B) on a normal day, they would seemingly be able to trade a billion each day, in principle, without raising major suspicions.

Not that they need to trade that much each day, by the way: Buying and selling something like $100M worth of bitcoin would also be enough if they just reverse enough blocks, as this would make them close to $100M for each day of the ledger that they rewrite. More precisely, they would earn $100M worth of bitcoin (using the pre-attack rates, of course), minus the mining costs of the attacking miners, plus the mined bitcoin.

Do you now see the potential severity of a successful a 51% attack?

here the thing, if they were to have enough incentivised people to buy 2,500,000 asics at $6.3k each ($16b)
.. then there is no point doing a 51% attack if the only aim is market manipulation... they can just market manipulate using the $16b without wasting money on hardware

did you know you can produce billions of market trade volume without needing billions of dollars to trade with

think about it
if you swap ETH->BTC and then sell BTC->USD and then buy USD->ETH
you can get back to ETH and if timed right only cost you some small % los in trade fee's and still have 9X% of funds back as ETH to then repeat

whilst the very act of doing it you can crash the bitcoin price(and raise the eth price) by the selling btc to USD and by the act of buying ETH with said USD.. and not need to throw $16b as a deposit into the market.. by instead depositing $200m and repeating that circle(arbitrage) many times(80x) and then deposit another $200m the next day

again please run the scenarios and realise how there are better ways to crash a market far cheaper than a 51% attack and far faster
again please run the scenarios and realise doing a 51% attack is more costly, slower and less market affecting, and less guaranteed to work

...
i know you want others to run through all the scenarios for you and give you the conclusions.. but sometimes when people act like they are unable to feed themselves and want to be spoonfed, and they reject what they are fed,, its time you learn to feed yourself and if you truly wanted a real answer you would take the time to work things out for yourself in about 10 minutes, rather then waiting multiple days for people to tell you things you dont want to hear

I wasn't at all suggesting that devs would respond to prevent Bitcoin from switching. I was only saving devs would respond on moral conscience -- to simply attack another network using Ethereum resources (selling Ether as you said remember?) is not a coonscienable action.

Also, I personally think Ethereum undermined themselves long ago when they rolled back... mostly at the behest of the haves, but I suppose partially on a moralistic capitalist argument.

P.S. Reason I don't actually support or go against technical routes is simple -- I actually am very weak in technical discussions =)

P.P.S. I would actually really much like to see your theory put into practice to prove/disprove us all. Have a feeling we would see so many things happen in wildly different paths to what's been predicted. It would be fun, and we can dream, can we not?

This is a turn of events.

You now seem to finally accept that a 51% attack could cause severe damage to the value of Bitcoin, thus ending our long discussion on this thread.

And not only that, you even claim that there are other, more efficient ways of doing this, and for someone (e.g. an investment fund) to easily and rather quickly make billions, at a low risk, starting with $16B in capital.

In fact, these ways are so trivial that someone like me (with a background in physics and computer science, by the way) should only spend 10 minutes in order to figure them out.

Maybe I'm blind, but I'm not too convinced about these latter claims myself quite yet. Feel free to elaborate. Also, I wonder what other people on this forum thinks about them?

However, I'm glad we finally seem to agree that a 51% attack could cause severe damage to Bitcoin.

Perhaps you (and others) would be interested, then, in discussing what Bitcoin could do, if anything, to mitigate such an attack?

User @d5000 has already given some suggestions above in this regard.

Ah, I see. You are saying that the devs wouldn't try to support an attack, not that they necessarily would try actively to prevent it? In that case, I think you're probably right.


Ha, yeah, I'm sure it would shake things up somehow... ;)

(But in all seriousness, I would personally rather see a good, broad discussion of the risk first, such that investors aren't caught unaware of it.)

you are not even reading whats being said. you are not even running scenarios to convince yourself either way if a theory works or not
heck you dont even realise what was said had nothing to do with a 51% attack nor made any suggestion that a 51% attack would affect the market in any meaningful way

you have not run the time frame to perform the alice-eric fund movements to realise how many confirms you would then have to undo to then catch up on.

again just take 10 minutes of your own time to run the scenarios out. stop thinking you are finding people who are agreeing with you when you are not even reading whats being wrote.

stop waiting hours and days for peoples next replies or waiting for people to suggest things and then saying "im not convinced" .. and instead do the research and scenario game theory playouts yourself
dont say your not convinced to then ignore whats been said, and then pretend what was said then agrees with your silly notions which you are too afraid to even think deeply about

you dont want to think deeply about the scenarios, you simply sound like a ethereum shill just trying to see if you can get people to say they adore ethereum and think is better... its not

But why would it do that? I believe that in my 6+ years of investing and looking at both markets closely I can safely say that these two cryptocurrencies and their communities are both hand-in-hand keeping the entire cryptocurrency industry alive, cause big as it may seem the crypto world is pretty infantile compared to tried and tested investment tactics, and they badly need bitcoin and ethereum's support at this stage to keep the whole thing afloat and make sure that no one's caving in. Ethereum undermines bitcoin or the other way around? We're going to see a massive collapse in price, value, and purpose for cryptocurrency as a whole, may even be the cause of its death for all I know.

@franky1, I'm very sorry if I misunderstood you. But you first of all start your reply by saying "here's the thing," which already seems to imply at least that you don't necessarily disagree with my point. Then you go on to write that there is in fact an even better way for attackers to target Bitcoin and make a lot of money. You follow that up with two comparative statements, saying that your way is better than the 'Rival Goldfinger attack,' and that the latter is more costly, slower, etc., than your way.

This is a complete change of the conversation. Now we are not talking about the feasibility of the 'Rival Goldfinger attack,' but of its efficiency compared to some arbitrage venture, that you have by the way only brought up in the same post. (You have talked about arbitrage before, but as I recall, you have never stated that it is a more lucrative way to target Bitcoin as part of this discussion.)

Why do you even bring up this arbitrage venture as a better way to target Bitcoin if you are still not agreeing (against the conventional wisdom) that a 51% attack would be severely harmful to Bitcoin?  

But oh well, apparently bringing up your arbitrage venture idea was only a somewhat unrelated tangent to the discussion (?), and you still think that a 51% attack can't be profitable (given that the value of Bitcoin doesn't crash).

You seem to be hung up on the confirmation time. But even if the attackers exchange their BTC back and forth for USD (rather than trade them perhaps more quickly for tokens or ETH), you still agree that it only takes a few days at max for each confirmation. Now, whatever confirmation period there is, this is something that all traders have to deal with. Yet there are still being traded BTC worth billions of dollars each day, despite these long confirmation times! You must agree that with enough money and backing, there is nothing stopping the attackers from trading many millions each day on average (and in principle, it seems that they might be able to trade upwards of billions).

So do you see that we don't really have to discuss the current confirmation time here; not when we are talking about a long-range attack that could rewrite months of the ledger?

Also, you seem to want me to research your arbitrage venture idea, which I definitely want to do if it indeed only takes 10 minutes, and constitutes a business that completely blows all other investment options out of the water, which, you must admit, you make it sound like. I'm sure more people on this forum would love to hear more about this idea, even if it is only half as good as you make it out to be. (But maybe you should create another discussion thread for it, though, if it is not directly related to this one?)

This is a good point. If your wisdom is well-founded, then Bitcoin might not have anything to fear.

I guess we really ought to hear out the Ethereum community of their opinion(s): Would a fall of PoW be good for Ethereum or not?

arbitraging the bitcoin market is about manipulating the market.. it has nothing to do with the PoW mechanisms of mining and changing the blockchain
emphasis TWO SEPARATE THINGS

..
YOUR whole premiss was that you want to manipulate the market purely by changing blockchain data.. but you have avoided, ignored, dissmissed and been not convinced of all the mitigations of the blockchain attack vectors you discussed.

and you also did not understand:
the real world timeframes of doing one thing to realise if it would help or hinder the other thing
the real world affects and limits to effects of one thing on the other
the real world costs of one thing compared to the other

you did not seem to actually want to play out any theoretical attack and see if it actually results in a market manipulation. instead you just posted some lame theories hoping to find some ethereum shills to blindly agree and pat you on the back to pretend that ethereum is better without any actual knowledge or thought

it seems you just want to pretend bitcoin can be attacked easily by ethereum, but you have not gone into the research depths of even trying to prove a point

you seem to only want to find people whom you think are saying "yes buddy ethereum wil be the master currency" almost as if you are looking for a confidence builder of why you invested in ethereum, by pretending that ethereum will overtake bitcoin.. well im sorry to tell you that its actually bitcoin that is keeping ethereum afloat. and ethereum can crash alot harder and faster than bitcoin would and could

It's not really 'market manipulation' in any way. It's an 'adversarial exposure of a security flaw in the technology of a competitor,' and arguably 'sabotage' if they really go through with a full attack.


Name one mitigation strategy that you have mentioned above on this thread that isn't either 'extending the confirmation period,' which as I've explained doesn't really seem to help much since it cannot be done retrospectively, or would mean a departure from pure PoW, which would be a remarkable option as it would go against Bitcoin's protocol as is.

Also if you like, feel free to mention any other interesting ones that you can think of, as this discussion was the main intention behind this thread.

ive said it multiple times now

you dont need to extend the confirmation periods,, for over a decade now services have always followed the guidelines that if someone is spending $millions to wait 6+confirms to deem it settled. because if you DO THE MATH(said many times)
to go back certain amount of blocks to rewrite those blocks and then catch up and over take the network with a certain amount of competing hashrate takes alot of that hashrate cost to achieve. and services can also delay the withdrawal of the funds so the attacker wont try instigating the attack until after the withdrawal clears to ensure when they finally go backward X blocks they get to truly double spend. it then becomes unworthy of attacking the network just to get a refund, because CEX have other mitigating factors

..
as for manipulating the market price.. the market price is based on centralised exchange market orders on THEIR databases.. not the blockchain. so run some scenarios nd realise the separation between blockchain attacks vs market manipulation and realise if your end goal is "market crash", that there are easier methods that could have better success rates at less cost, compared to your un-thought-out scenario of thinking a 51% attack will affect the market as much as you assumed without thinking

run some scenarios. and try thing out. learn how bitcoin works, learn the mechanics and economics of bitcoin and what affects what

You know that I already did that exact math:




Isn't this exactly that 'extend the confirmation time' idea I was talking about? You know that this isn't going to do anything to prevent an attack on that scale, as I've already made clear:
Or what exactly are those "other mitigation factors" that you are talking about? 




Just saying that "I know some much better ways to target Bitcoin than your un-thought-out one" gets us exactly nowhere. If you sit on some arguments why the 'Rival Goldfinger attack' wouldn't work that you haven't yet divulged, then do so. Or if you know of another way that is sure to make Bitcoin crash... Well, I guess make another thread about it.

Why would you go for the most expensive hashrate on the market?
Bitmain sells plenty of gear way cheaper at $20/ths or even s19 at $11/ths, which would bring the numbers down to 6 billion, and this not even counting that you can buy used gear even cheaper, huge batches of gear sold at $4 per this, and you only need to run them for a few days.

So that 16b is closer to a number that would guarantee you more the hashrate for the next few months, at maximum efficiency and not counting how many miners will go bankrupt when their income is halved because you add that much hashrate.
A far more down-to-earth number would be a quarter of that at max.


Too much talk about morals in an ecosystem driven only by $. ;D

Besides, I don't understand why everyone is focused just on ETH, for example, another player, CZ could do this with just a fraction of his wealth, and more importantly, he already has a pool set up and can grab a lot of rented hash while playing innocent.

i didnt go for the most expensive hasrate, however you are just looking at the hardware cost, not realising that there is an electric cost involved(something that for years you have 'guesstimated' wrongly many times or ignored in your estimations)
as for saying only needs to run for a few days to ROI shows you have not done the math or run scenarios, much like the OP has not
if you think miners get ROI in days, you have not learned about mining
if you think people buy hardware and only run it for days you have not learned about mining industry
if you think people can get $billions in returns so fast, you have not learned about mining industry
if you think people can obtain $billions of hardware in days you have not learned about the mining industry

---

no.. its about YOU need to run scenarios based on the CURRENT mitigating delays services put on the deposits and withdrawals to cause a attacker to have to wait out clearing their settled other currency.. to then go backwards..
its not about asking services to change things from now on..


yes there are other mitigating factors. but you seem to not want to run scenarios on the CURRENT factors.. thus until you can see how things would play out on just the basic mitigating factors discussed so far, it wont make sense to then teach you about the others..

but here is a hint which i did mention already
if a large value transaction got undone. services can red flag a utxo that got undone and if any exchange then got a deposit of that same utxo spend a second time then they can just ban the user from doing any market orderbook trades, (there are other things too but.. before you can run through those factors you need to first walk through the basics factors discussed already and not bypass them

..
as for your end goal of wanting to use some ethereum funded richguy or group to try to crash the bitcoin market.. your obsession with thinking a 51% attack is the route is aimless and not guaranteed nor a high chance without causing actual real losses to the ethereum individual/group... where as a direct economic market attack not involving asic renting/purchasing and instead just market manipulation would be more of a success rate

please just run some scenarios of the theories you present.(play devils advocate on your own theory, work things out) stop just posting a theory and wasting days for responses where you just hope people will blindly tell you they love your plan and think ethereum is best(which i think is your true desire to hear) instead you see people debunk your theory just for you to then ignore with "im not convinced" as an  avoidance tactic to not think deeply about how your theories wont work..
play out your scenarios and actually articulate things

@franky1, it's clear that you are not really listening.

Here in this comment:
you are saying that "no, it isn't about extending the confirmation time," and then in the same breath you saying that it is about "delay services" instead. Unless you can somehow explain to me that "delay services" isn't about 'extending the confirmation time,' I will regard you as being dishonest.

You also give me a "hint" that:
This either assumes that attackers need to do several reorgs in order for the attack to work, or that the attackers are somehow reliant on being accepted by specific crypto exchanges after the attack. If you had paid attention (i.e. to me explaining about the long-range attack above, or the fact that the ultimate goal is to crash the market), you would know that neither of these things are relevant. So either you are not paying attention or you are being dishonest.

As for your whole tactic of avoiding argument by pretending that you know something that I don't while being unwilling to say what that is, and at the same time pretending that I'm the one not listening to your arguments while hardly doing anything to point us back to whatever arguments that would be... Well, I don't think I'm the only one who sees through that tactic.

Please stop that behavior, or just leave the thread.

Well, unless Bitcoin somehow retains its value after the attack (in which case he could just steal, steal, steal), he would either have to be smart enough to be able to end up with other assets/products/currency that don't lose their value (Edit: and this would require a quick short-range attack, which means he can't steal very much, and not enough to make it worth it), and also get away with that (staying anonymous or within the bounds of the law somehow). Or he would have to take a large enough short position to cover the loss from the crash of Bitcoin, which would probably also be quite a tall order, as far as I know.

But rather than taking a large short position, he could also invest in ETH instead, and hope that a fall of PoW will elevate Ethereum by a large enough factor to cover his costs (and future loss of revenue from his ASICs).

Now, the thing about this latter option is that if it succeeds, it will also make all other Ethereum investors besides him have their ETH grow in value by a similar factor. So by e.g. creating a smart contract like the one described in my preprint, he might be able to get some of these other Ethereum investors to help fund the attack, thus lowering his own costs and risk associated with it.

If enough Ethereum investors joins in, the risk of losing $6B–$16B might be worth the potential gains (of upwards of a trillion dollars) if the plan succeeds.

But yeah, not saying that investing in ETH is the only option (let alone paying the miners in ETH). :)

again.. these delaying things are actually standard practice that have and are ALREADY been in practice for decades.. again ill explain, its not about services suddenly needing to implement new delays to mitigate a new attack.. its about the mitigations already in practice for decades that already mitigate the attack you want to discuss
again. run your scenario, play it out. think about how long it would take to do your alice to eric fund shuffle.. work out how many blocks that would be of time thats passed. then work out how far back you would have to go and then work out based on 2% extra luck (51% attack) 10% extra luck(55% attack) how long it would take you(from the position of going back) to then catch up and over take the network. then ontop of that work out would the rest of the honest network accept your overtaking block as the chain to follow if your blockheights block+1 doesnt include the previous block that matches the honest network..

realise how these mitigating factors already in practice do not mean your attack is a guarantee..
emphasis again: current mitigating factors, not requiring adding new unused before mitigating factors
and once you learn the situation we can then progress the conversation to other mitigating factors i have not yet explained.. but first you need to understand the basic ones already mentioned and fully realise how your attack is not as convincing as you want it to be
i know you just want to bypass working things out for yourself, but do try, it will help you to learn instead of bypassing it with empty statements of "im not convinced".. so try to work things out, try to play out scenarios, play devils advocate on your own theory


it would require several re-orgs.. because you cant just do one double spend and crash the market. because you have other mitigating factor at play.. i would love to discuss the other factors at play and in practice already.. but until you fully understand the first ones i talked about we cant progress the discussion..
i did hint at some, but no point going into depth of those until you gone into depths of understanding the first ones.. but here is another mitigating factor at play right now

if you were to make the btc price come down 5% you will have many other traders selling their BTC for eth at the ~1:XX ratio of btc:eth. then sell the eth for USD causing the eth-usd market to crash, which based on supply on the market orders would crash the eth market by more then 5%. and then using the USD to then buy BTC at a 5% discount to bring back the btc-usd back up.
in short whilst you are arbitraging in one direction to try crashing the btc market. there are whales on the BTC side countering your attempt by arbitraging in the other direction to get cheaper btc which would bring the market for btc back up whilst making the Eth market crash further

so for you to(in your theory) try to keep fighting the btc whales, you would need to keep shifting funds around and then re-orging to double spend again to try again which all takes time. which you are not willing to account or run scenarios to realise how much time it would take to continually put pressure on the market.



its not about me pretending to know something you dont.. its about you just not knowing all the things that are already in practice within the btc market and economy and mining industry(which many already know). i simply ask you to try learning more about bitcoin and testing out your theory, run scenarios, play devils advocate. however its you that dont see all the mitigating factors nor want to look into them, nor test them. you constantly just want someone to beleive your theory will work as is, un tested, and tell you that your a clever guy for mentioning something,... however MANY MANY people know the mitigating factors and yet you just respond "im not convinced", its become obvious you are not even willing to try to work things out to see if your theory has a high chance of success

again if your end goal is to crash the btc market, but doing so via blockchain re-orgs. you are missing many factors which you have yet to think about that make your theory not as easy as you try to make it seem. also there are other ways to crash the market without even needing to mess with the blockchain. your perceived notion that blockchain re-orgs = market crash, fall flat of guaranteed success due to you not understanding the factors at play.

Okay, I will accept that maybe you sincerely thought that I was talking about "implementing new delays." So I'm giving you the benefit of the doubt, even though you still ought to have paid better attention.

We are both talking about exchanges (and such) delaying the confirmation time (beyond the standard 6 blocks), which is indeed a standard and well-known thing that they can do. And each individual exchange/trader is indeed able to do it independently, and temporarily, whenever they want to.

Regardless, I've explained why that wouldn't help anything in a long-range attack. Now, you both ask me to once again do the (easy) catch-up math, and you also explicitly state that an attack would require several reorgs, "otherwise they wouldn't be able to steal enough to make it affordable."

This all shows that you either don't know what a long-range attack is, or have somehow missed the point, even after this long conversation.

Okay, I'll forgive you for that, but then you better listen more carefully now:

In a normal replay attack, an attacker tries to pay for other assets/currency/etc. with BTC, then reorgs the ledger, and then quickly tries to cheat another party to sell some other assets/currency/etc. for the same BTC, before they notice that a big reorg has happened, thus "replaying" the same BTC.

If this were the kind of attack we were talking about here, then you would be right: The attacker would not be very likely to make this attack worth it, namely since exchanges and such would likely notice the large transfers on the blockchian and choose to temporarily require a longer confirmation time (more than 6 blocks, i.e.), until that large transfer is more sure to be finalized. (This is the "delay services" that you are also talking about; we are talking about the same thing here.)

However, this is not the kind of attack that I'm talking about. Note that in my Bob–Eric example, Alice ends up with BTC, not other assets/currency/etc. And note also that Alice is making exactly one reorg of the ledger in this attack. (And note that she could have made many more trades in principle, even in parallel rather than one at a time, and trade more BTC each time.)

This kind of attack is known as a long-range attack, where the goal is not to replay non-BTC assets/currency/etc, but to steal BTC alone.

Now, it is normally assumed that Bitcoin would crash as a result of such an attack (unless honest miners somehow manages to regain a majority of the hash rate after the attack and then soft-fork the blockchain back to the original chain), which means that long-range attacks haven't been much feared before, since they have thus also been deemed as very unlikely to be profitable for the attacker, and therefore "who would do it?"

The so-called 'Goldfinger attack,' however, gives a potential reason why attackers might do it anyway: Either they could be politically motivated, and/or act on behalf of some government/institution, or the attackers could perhaps take large short positions (I assume you know what that is). In particular, if they do the latter, this might then potentially make up for the fact that Bitcoin would crash as a result of such a long-range 51% attack (or another potent 51% attack, more on that in a minute).

Because if the attackers have a reverse stake in Bitcoin, and will thus profit from a crash, then this turns it into a win-win situation, as I have already explained: Either Bitcoin doesn't crash, in which case the attackers can now spend all their stolen BTC at will, perhaps after some whitewashing first, or they profit from the crash itself due to their reverse stake.

And as you know by now, I point to the fact that rather than trying to take such a large short position in order to make this work, the attackers might instead be (or be funded by) stakeholders in a rival blockchain, and one that does not use a PoW protocol itself, hoping to profit from the fall of the competitor.

Now, I must also add to all this: A long-range attack is not necessarily the only kind of 51% attack that could work for such a (rival) Goldfinger attack. A sustained 51% attack that DoS'es Bitcoin for months or years might also do the trick. But let's put this discussion on the shelf for now until you have shown that you now finally understand how a long-range Goldfinger attack could be profitable for the attackers (assuming that they can profit from a crash of Bitcoin in the first place, of course, and also assuming Bitcoin does not take any new steps to mitigate such an attack).  

you have again avoided alot of factors and then tried to debate something else yet again to then say that the new debate is not what you were talking about whilst in same sentence saying it was what you were talking about

anyway, you had your chances to learn, but instead just repeated your same mistakes

its obvious now that you only know of ethereum and a newbie to bitcoin, hense why i said several times for you to atleast play out your scenarios, playing devils advocate.. this means learn bitcoin and its mitigating factors and not just run things from the position of how ethereum can have a fantasy wet dream scenario of winning if bitcoin conditions are ignored

goodluck though, but ill leave you now to work out that your theory and method wont crash the market as a long or short term attack.. but enjoy working that out for yourself the hard way, because i know any further hints will just be met with "not convinced" or other avoidance's

so ill just leave you to it with your comedy of thinking you can steal alot of bitcoin in your fantasy, great laughs

Just to hammer the point home, let me also mention something else, that I left out of my preprint, which is that when the attackers rewrite the ledger, they can also remove and rearrange the transactions of the any of the innocent traders in the same time frame.

This means that they can also make other traders inadvertently steal BTC in the same attack. Thus, they are able to make half the traders in the given time frame look as if they are accomplishes in the attack.

Since their ultimate goal is to cause a crash, it doesn't matter who steals the BTC, just as long as someone does, intentionally or inadvertently.

This relieves the attackers of having to trade the large quantities of BTC leading up to the long-range attack that we have just discussed on this thread, which is actually a significant improvement on this particular version of the attack vector since it then relieves them of having to make this activity appear normal, while keeping the secret that an attack is underway. 

You don't even deny that this was exactly the "delay service" you were talking about.

You are obviously being a troll. So goodbye.

blah blah blah shows you are still not ready to even run your theory through your own head properly

so knowing you just want best wishes from other ethereum supporters by pretending ethereum could crash the market of bitcoin.. lets really ram it home to you that you have not thought about things much but just want to mention a theory several times without much thought hoping your fellow ethereum shills will blindly just idolise you for mentioning a (untested) theory

firstly you mention not wanting to do multiple re-orgs of bitcoin ledger... (something we contested about over many posts and you now say you dont want to re-org bitcoin multiple times)
well then your 51% attack ends at the first and only re-org and all your other fluff and chest beating is not about 51% attacking to generate revenue to then push onto the market to crash bitcoin, but instead you simply want to play the markets to trade currency on different markets to re-generate countless revenue to attack the market.. hoping your efforts on the market wont get countered by other whales on the same markets

again if you only want to do one re-org and then play the markets, guess what there are other whales that will arbitrage counterclockwise to then crash the ethereum market to cycle their way back to the btc-usd market to then grow the btc back after each sell off you attempt

but most importantly about your last multiple posts arguing how you wont need multiple re-orgs of the btc blockchain... by you concentrating on the whole bob-eric market shuffle.. has nothing to do with blockchain manipulating, its just market manipulation

so why are you really here talking about 51% attacking if most of your waffle is about market manipulation methods to cycle funds to then keep dipping the market.. even when (if you run your scenarios) knew your dips would then be followed by BTC whales counter arbitraging your tactics on the market

please stop replying with your flatulent debate about how you feel your theory is untouchable and strong and guaranteed... without any knowledge on your part of all the mitigating circumstances that can play out against your theory.. and instead realise if you are not intending to do repetitive re-orgs, there is no point in you even starting with a 51% attack by wasting funds on hardware, and instead just skip to the market manipulation tactics you then discuss as your real intended attack method, by directly funding the bob-eric method without needing to waste funds on a 51% repeated blockchain attack..

please dont reply with an emotional expression.. just run the scenarios out and play devils advocate on your own theory(to learn the mitigating factors that can work against you) and realise how the risks and mitigations show your success rate is low of your 51% hardware invested method.. and then realise what went wrong and then work out other ways if you wanted to use the same $XXb investments

I still don't know if you are being troll on purpose, or if you are just not reading anything that I write properly, which is also poor behavior.

If Bitcoin does not crash after the first big steal using a long-range attack (1 reorg), then the attackers can just repeat the attack to steal even more.

But obviously, if the attackers can just keep coming back for seconds, this will halt the trade of Bitcoin, thereby making it useless as a currency, and it's value will drop. This is not just me saying this, but this is a standard assumption in literature.

You pretend like I have avoided some of your arguments on this thread, but I dare you to quote any of your earlier arguments, and I will quote you back a counterargument (one that I have already given on this thread).

But then you have to promise me to actually read my counterarguments this time around. (I have almost no patience left for you.)

Again, a 51% attack is not market manipulation. My Bob–Eric example is not an arbitrage cycle; the crash only happens at the end after the reorg, not during the trading. This once again shows that you are only reading my posts so superficially that you don't even really catch any of the points. I'm sorry but I can't work with that.

read your own words but do it in a way that you actually play out your own words in a runthrough of a scenario where you are playing devils advocate

actually play through the scenario properly

i am not going to spoonfeed you the results/answers as you will just be ignorant to say "not convinced" and by you obviously avoiding playing out your theory to realise the mitigating factors at play you are not interested in finding out if your theory will even have a chance of working. you simply were hoping to get a collective cheer from other ethereum shills thinking that ethereum could overpower bitcoin.. im guessing you just wanted to see if people will give you a loving hug that you made a good decision to invest in ethereum with hopes that you can dream and fantasise about ethereum taking over bitcoin(sorry to burst your bubble, but ethereum has more chance of crashing and then staying down)

so again play it through and realise where your theory goes wrong, learn all the aspects of the investment costs of hardware and its delivery delays which then impact shills desires to stay loyal or become honest bitcoiners for their own investment security
learn about the economics of the markets and how they play out too whereby whilst your trying to play the market in one direction, bigger whales will be counter-playing in the other direction(causing ethereum to crash harder)

then all the other details of how long you can sustain the attack and win and how often you have to keep "crashing" the market, which would require constant funding and how you would manage to ensure you have constant funding.

i know you want to pretend im some newbie because im not just giving the answers, purely in the hope of your condescending tone will make me give you the answers.. but you are wrong in your tactics to hope i simply supply all the answers due to your ignorant responses pretending your fantasy will come true
i was initially willing to take you step by step spoonfeeding you tips.. but your avoidance of the mitigating factors and your stubbornness of wanting your fantasy to come true shows you are not willing to help yourself learn and instead just want to keep a dream alive

instead if you actually wish to know if your theory has merit, you should be pragmatic(devils advocate) about your own theory, by playing devils advocate against your own theory to work out the weaknesses and then customise your theory or accept the result.. rather than play ignorant thinking there are no weaknesses/faults to your theory just to self hug and confirmation bias your fantasy of thinking ethereum will overtake bitcoin

..
and by the way, your latest meander:

i was the one trying to tell you that.. you became ademant that to crash the market(market manipulation) YOU wanted to perform a 51% attack, you were the one that remained determined that a 51% attack is your method of crashing the market not realising the separation of events and mitigating circumstances of a 51% attack, separate from a market manipulation event and its own mitigating circumstances

if you do a re-org and then trade CEX database balance. the CEX will see the re-org and will simply delete your CEX balance
especially if your now not doing a arbitrage cycle to mix the funds before the intended one time crash spend

@mjdamgaard what do you think about negative cascade effects for the attackers? I tried to read most of the posts here and I think what you are bringing forward, despite being hypothetical, is worth discussing.

One thing that came to my mind is how likely is it that an ETH whale is not a BTC whale? I know this is mostly speculation and I can't prove it, but I doubt that many of the ETH whales are not owning significant amounts of BTC. But now onto the cascade effect: if a consortium of attackers could take BTC down or cause significant damage to the network value, how can they know that the public wouldn't respond with a major sell-off of ETH as well? The past has shown that BTC worked as a seismograph for the market as a whole. If it turns out that these attacks can lead to major losses in the strongest and most valuable network there is, what is the chance that ETH wouldn't take a major hit and take a dive, going down in insane chaos?


I think that an operation of that magnitude wouldn't come to fruition without some very important players in the market noticing and taking the opportunity to stop it. The suppliers aren't only producing ASICs for the sake of mining. But if some of the suppliers (there aren't that many) are approached with an order of that size, I doubt they wouldn't get suspicious. Actually I believe that the suppliers might be well connected with the mining industry. They would ask someone who knows someone who knows someone... If it turns out that there seems to be a group ordering a record breaking, unreal number of ASIC devices, the warning would already be out.

Further, if selfish miners get bribed, what is the chance that all of them would agree to perhaps destroy the entire industry as a whole? Then the big miners are mining pools. What is the legal situation when the allegation of bribery would ever come to the surface and a mining pool operator would be convicted for attacking the network in the worst interest of its users (those who provide the hash power)? It would be obvious if one of those pools attacks the network, but if it happens without the consent of its users, wouldn't there be legal consequences?

I am not sure how it would work, but convincing a pool that operates mining facilities and pools hash power on behalf of its users would probably not agree to getting bribed. But without the pools, an attack that involves bribery wouldn't get the attackers very far.

What if someone from the attacking group blackmails the attackers after they signed contracts with ASIC suppliers? Once the production went on for 12 months, one of the attackers could go rogue and blackmail his own group, threatening to make those plans public.

However I look at it, I don't know how such a huge operation could be pulled off. I know we are discussing theoretical scenarios, but this is really too much theory for me. :P

no comment on the scenario the OP has except i think its wrong.

however, the comment about whales holding both eth and btc is likely valid. now im not a whale in either but i was around when eth was launched. so i wound up with an amount of eth (mainly from curiosity they were a few bucks i think when i did it) that just sits. im sure OG whales could of loaded endless bags of each for dirt cheap.. they just dont advertise it.

@tiCeR, thanks for a great post.

I think your point about ETH investors also owning BTC is a very good one. User @HeRetiK also brought up this point earlier:


I'm first of all afraid that I don't personally have much insight into whether ETH whales are also BTC whales, and vice versa. But I do think that this is indeed quite likely.

My reply to @HeRetiK was, however, that if it is really true that a Goldfinger attack would only require a fraction of the Ethereum investors, namely something like 2%–6%, in order to for the attackers to start to break even in terms of costs and gains, then it could potentially be possible without these whales (of course assuming that these don't own it all).

And what's more, if there really is this potential to grow your crypto assets by something like 100% or more in this rival Goldfinger attack, then it might happen that some investors who have previously invested in both cryptocurrencies at the same time will start to trade a portion of their BTC for ETH, either because they fantasize about joining the attack, or just as a precaution if others want to do so.

But of course, at this point, this is all still just speculation.


To your point about a negative effect on ETH as a result of Bitcoin being attacked, I personally think this is one of the best arguments against the danger of a rival Goldfinger attack I have heard so far, and it is certainly a point that has been voiced by many users on this thread.

Historically it seems that the value of ETH follows the fluctuations of BTC. So a successful attack would thus require the Ethereum investors to first make an efficient campaign to communicate to the public that this attack vector only really affects PoW blockchains, like Bitcoin, and not really PoS blockchains in practice.

Now, I agree that the Ethereum and Bitcoin communities might be quite friendly at this point in time. But that doesn't mean that the Ethereum community don't already try to highlight all potential advantages of PoS over PoW to the public. And I personally find it quite unlikely that they wouldn't at some point also try to point out this potential "rival Goldfinger" threat, if the theory holds up. If nothing else, then at least in order to try to make the public feel more positively about PoS in relation to PoW.



I think you are right, but I do wonder: What can they even really do to stop customers from buying their ASICs? Even if the suppliers deny these costumers, what prevents the latter from just acquiring those ASICs through middlemen? Could they perhaps make their customers sign a contract not to participate in a 51% attack, or to sell them on to other buyers who will?

Well, since the attackers can just use a whole array of middlemen in principle, and since they can also in principle make it so that their mined blocks in an attack can't be traced back to them in the first place, it seems quite unlikely that such contracts would work, at least to me. What is your opinion on this?



I definitely think that it would indeed be very much illegal for them to change the protocol and make an attack without consent of the users. So if such mining farms are to participate in an attack, they would have to make it a choice for the individual user whether that user wants to join in the attack or not. (And they would also have to update their contract such that the participating users will also be owed their part of the spoils/rewards.)



Here's the thing, though: I don't really see why they would need to keep it a secret. I could be wrong, of course; I'm by no means an expert on legal matters. I just go by what I have read in this blog post: https://sites.duke.edu/thefinregblog/2022/12/28/legal-liability-of-a-51-goldfinger-cryptocurrency-attack, which argues that a 51% attack might not even be illegal, in the sense that it might not prosecutable in a court of law. (I definitely think that this is worth discussing more, however.)

If that is indeed the case, then it seems that the more rumors there are about the build-up of the attack, the better it would actually be for the ETH investors, as it might just make BTC investors migrate preemptively, which would only make the cost go down, in theory.  (This is of course assuming that they can indeed communicate successfully to the public that PoS is still safe, and that they can thereby convince some of the now uncertain BTC investors to migrate to ETH instead).


Ha, yeah, it's all quite theoretical at this point. But your inputs are valuable.

Yes, reading this thread is quite some work, so sometimes some details may be missed, but thanks for pointing it out as I could drop some merit for HeRetiK. I think this point is very relevant. I believe ETH was raised in 2014 from the ICO? There were already a lot of people with a ton of BTC in their hands, ETH was marketed all around the world like no coin before and it was dirt cheap for those who had already a lot of money, aka whales.

"Only require a fraction", but that fraction has to come from someone or a group of people. The bigger the group, the more likely it becomes public before the attack could be pulled off (defense could be prepared) and the guys literally have to liquidate somewhere between $6 billion and $18 billion while facing the risk of losing it all. I doubt there are a lot of Elon Musks who would be willing to spend $44 billion on a Twitter platform. Liquidating that amount would also hurt their remaining holdings. Then all the uncertainty whether it works out or not. War escalates, logistics gets worse and available resources for chip manufacturing decrease out of a sudden etc.


To me it is not even about how friendly these communities can and want to coexist or not. I think the attack can't be pulled off without making it public beforehand and if that happens, I would expect resistance not only from the BTC community, but also from the ETH community to some degree. Wallets could be identified that are emptying billions of dollars. Don't forget that ETH has publicly known faces around the world and they would have to provide answers at conventions and what not. The uproar would be insane. I doubt that BTC whales would accept losing billions of dollars to an ETH holders attack. BTC's network value is around 4 times as high as ETH's network. If it becomes publicly known that an attack is planned, there is a chance that BTC whales will pool funds and fight back. They could approach ASICs manufacturers, miners, and they could say "if" the attack is pulled off, we will pool 10 billion dollars to defend against it in some creative way. There are many ways to raise the price for the ETH attackers and keep in mind that the ETH attackers need to liquidate in the first place.


Acquiring millions of ASICs through middlemen would again raise the price. The whole coordination, logistics, higher price per piece, timing, getting it from A to B. Involving a high number of middlemen would make things only worse for the attackers and I am still absolutely convinced that simultaneous orders of ASICs that amount to the hash power of a potential 51% attack would definitely not go undetected. Then. the question remains whether ASIC manufacturers would dig their own hole by destroying POW and essentially their own gold mine.


Ok if we assume that they make the attack public (or not), and they destroy 50% of BTC's value, which is around $650 billion, what do you think would the backlash be from all the relevant authorities? What would the consequences be for the cryptocurrency ecosystem from the SEC, CFTC, politicians, all relevant authorities around the world? Do you think they would say "well, there is a currency war and that's awesome". I think they would rigorously regulate every cryptocurrency out there because they can finally pretend to have a good reason. The consequences would be devastating and there would be investigations for sure. Whether they would be justified or not, but investigations would take place. ASICs providers would be probed whether they knew that the equipment would be used for an attack or not. If really $650 billion go down the toilet and the planning is of that magnitude as you described with middlemen and an attack coordination, I am sure heads would be rolling in one way or another.

Short selling is under thorough scrutiny all the time and market manipulation is as well. If an attack were to be announced and the market gets into turmoil afterwards, I doubt all authorities would accept that. Then the coordination itself involving billionaires and the ASIC manufacturing industry (you literally need the entire industry because of the sheer volume), I just can't see how that would be pulled off without consequences. It's not how the legal world works these days. Maybe for banks, but not for the crypto industry which is a target for many authorities anyway. If bringing BTC to its knees is expected to make another group of people of the same ecosystem rich, it doesn't make a lot of sense to me.

And all of that ignores the fact that ETH could be attacked in a similar way. POS is not a flawless security model and in order to attack it, the attackers would not have to buy a shitload of ASICs and the network is only 1/4th of the value.

Yes, I agree that the attack is unlikely to come from just a few rich individuals, and if the attackers form a large group of people, then it is sure to reach the public, I also agree with that.

So the point here on which we might disagree is the question of whether it would hurt the attackers if their plans become publicly known or not.

You argue that:

It is not unthinkable that all these institutions would try to search for the attackers and take them to court. But as far as I can see, I don't really think that they have much stake nor interest in this, first of all.

You argue that they would care about $650 billion. But it's not their $650 billion, and the Bitcoin investors knew the risk. (The risk of a 51% attack is described in the very Satoshi whitepaper.)

Second of all, I really don't think that they would have much of a case even if they tried. Besides what the aforementioned blog post says, consider this:

While the Bitcoin exchanges, mining farms, etc., are all subject to various laws (and have to do what they promise their customers), they have no control or authority over the blockchain protocol itself. No one has. This is the defining factor of what it means that the currency is 'decentralized.'

This means that anyone is actually free to declare what they think the Bitcoin protocol should be, at any moment. And the only reason why the Bitcoin protocol doesn't change so easily is due to the Nash equilibrium of the protocol, which means that as long as >50% of the miners agree on the same protocol, it will not be economically viable for any individual to start using a different protocol.

And that's it. The miners are not in any way obligated to follow the rules of the conventional Bitcoin protocol. Sure, mining farms are bound to follow that protocol if they have advertised that they will do so to their users. But even if they have, they can (with all likelihood) easily and quickly introduce another option to mine with a different protocol.

So this means that the attackers are just as free to declare that their protocol is actually the "right" protocol, and that the "honest miners" follow an (in their eyes) out-dated protocol. And if they do, they should, as far as I know, have just as strong case against the "honest miners," as the "honest miners" (and other institutions) have against them.

(Edit: I should clarify that when I'm talking about using a 'different protocol' here, I'm talking about a soft fork, not a hard fork of the protocol. In particular, the attacking miners can choose to declare the current "honest" chain as being invalid (for their own reasons), and start mining from an earlier point in the blockchain.)


With this in mind, do you then agree that the line between "attacking miners" and "honest miners" is actually not legally meaningful (except in cases where a miner has agreed to a contract), as miners are not obligated to follow a specific Bitcoin protocol? Or am I missing something major?

And if you do, do you then agree that the would-be attackers don't actually really have to hide their intentions from anyone?

---

So do you think that the ASICs suppliers would make their costumers sign a contract not to use their ASICs in a 51% attack? And do you think that they will be able to ensure that willing miners can't get around those contracts?

By the way, can I ask what you think about existing miners joining the attack? (If the Ethereum stakeholders reward them automatically via a smart contract (see my preprint), then it seems that anyone can join the attack at any time.)


(Let me get back to your other points in the same post in a little while.)

Here I will refer you back to my answer to @DaveF (sorry for the initial mistake):

---

Okay, here we are talking about potential mitigation strategies. I also think that Bitcoin investors must be able to do something. The question is just what? (I'm personally still thinking that planning a switch to PoS themselves might seem like the best option, btw.)

While I agree that one might be able to do something with $10 billion, I'm not sure that trying to pay the "honest" miners more would be a very good strategy at all (if that was indeed what you were thinking of). My concern is that this would just immediately incentivize all miners to try to make it seem like an attack is underway, in order to cash in on this mitigation money as a large bonus to their normal earnings.

I guess the Bitcoin investors could try to buy mining farms directly, instead of simply raising the on-chain rewards. But that would then still incentivize such mining farms to help fund the attack (which I explain in my preprint paper can seemingly be done anonymously via smart contracts).

Last but not least, one also has to ask the question of whether the Bitcoin investors are really that cohesive when all any single investor has to do to avoid the threat, and avoid paying their share of the 'mitigation money,' is to just preemptively trade their BTC for ETH (or perhaps another PoS coin). With the shear amount of BTC that is traded each day on the blockchain, even the large players (at least most of them) should be able to make this move pretty quickly.

But what do I know about the fortitude and cohesion of the Bitcoin investors as a group: not much. This is only speculation on my part. What do you think in this regard?