A clever route to perform a 51% attack?

[SlickMcFavorite]

Someone stop me if I'm off base, but the current DDoS attack on litecoinpool.org got me thinking (always dangerous, I know):

I understand that 51% attacks are costly and difficult, especially given the growing hash power of the various cryptocurrency networks. However, based on the distribution of the Litecoin network's hash rate (http://tinyurl.com/cje8ck2), it seems like an attacker could go after a few of the major pools directly. Once these were knocked out, the attack could then run their own miners to execute a 51% against a (now) much weaker network.

Am I missing something? Is there a solution to this kind of vulnerability?

[DarkHyudrA]

Am I missing something? Is there a solution to this kind of vulnerability?

P2Pool and/or when "all" mining pools are down, you can try solo mining.

[brie]

The answer is decentralization. If there are many, many pools, then good luck knocking them all down at the same time.

[FuzzyBear]

NOTE to all miners..... set urself a backup pool or 2 or 3, and failing all pool fails, go solo... always good to be mining somewhere if ur main pool is attacked or offline as this is the network security that could be an issue... most larger pools have now sorted out some kind of DDOS counter one way or another

[SlickMcFavorite]

Good answers -- I learned about P2pool while I was trying to figure out where to mine and my hardware is too crappy to solo mine ATM.


But, for the time being, P2Pool is only 2% of the litecoin network and it's not even named in the bitcoin network hash distributions I've found.

So, are the cryptocurrency networks currently vulnerable to this kind of attack?

[legend]

A lot of big pools have anti-ddos.
I'm new to cryptocurrency and mining, does it use a lot of bandwith?
I may offer anti-ddos for a fee.

[SlickMcFavorite]

I have no idea, but it does look like at least a few of the top LTC pools are currently offline

[Stephen Gornick]

I have no idea, but it does look like at least a few of the top LTC pools are currently offline

A 51% attack would likely be performed so as to double spend against an exchange,

e.g., attain a significant amount of hashing power for solo mining but don't release solved blocks, start DDoS against pools, spend LTC to exchanges and spend same LTC to a locally controlled address broadcast only to self-mined blocks.  When the LTCs reach an exchange, sell them and withdraw bitcoins.  Then release the secret blockchain which is now longer than DDoS'd side has reached, which will then invalidate the LTC payments to the exchanges but that doesn't impact the BTC withdrawal.

This only makes sense though if there will still be value to the LTCs the attacker received after the double spend.   An attack like this might render those LTCs essentially worthless.

Either way, any exchange that converts between crypto currencies and then honors withdrawal requests when pools in either currency are being DDoS'd would be essentially inviting such an attack to be attempted (and thus putting customer's funds at risk).

[SlickMcFavorite]

Thanks Stephen, that's a really good point. I supposed one of the altcoins that is amenable to ASIC mining is likely more vulnerable to such an attack than bitcoin or litecoin. The hash power to solo mine many blocks would not be that hard to acquire.