Possible attack on bitcoin currency

[hopeAo]

Attack example:

1. Make several large transactions in block X and wait for N blocks.
 
2. Contact more than 50% of miners (for example large pools) and bribe them in real life to make a fork just before block X and to mine on that fork for N blocks. So the old branch becomes obsolete.

3. For a bribe you offer reward that is several times (let's say 3x) larger than the reward for N blocks.

------------------------------------------------------------
Conclusion:
The parties you paid to in block X will be accept your payment (as you picked N as 15 for example), and after rewind you get your bitcoins back.

 Other possible attacks on bitcoin could be:
•   Denial of Service (DoS) attacks
 Sending lots of data to a node may make it so busy it cannot process normal Bitcoin transactions. Bitcoin has some denial-of-service prevention built-in, but is likely still vulnerable to more sophisticated denial-of-service attacks.
•   Sybil attack
 An attacker can attempt to fill the network with clients controlled by him, you would then be very likely to connect only to attacker nodes. Although Bitcoin never uses a count of nodes for anything completely isolating a node from the honest network can be helpful in the execution of other attacks.
•   Packet sniffing
 Someone who can see all of your Internet traffic can easily see when you send a transaction that you didn't receive (which suggests you originated it). Bitcoin-QT has good Tor integration which closes this attack vector if used.
•   Illegal content in the block chain
It is illegal in some countries to possess/distribute certain kinds of data. Since arbitrary data can be included in Bitcoin transactions, and full Bitcoin nodes must normally have a copy of all unspent transactions, this could cause legal problems. However, Local node policy generally doesn't permit arbitrary data (transactions attempting to embed data re non-standard), but steganographic embedding can still be used though this generally limits storage to small amounts.

For more information on Bitcoin currencies attacks, check out these links:

https://en.bitcoin.it/wiki/Weaknesses   
https://www.reddit.com/r/Bitcoin/comments/7cht20/classification_of_attacks_on_bitcoin_oc/
https://btc-hijack.ethz.ch/

[croraf]

Attack example:

1. Make several large transactions in block X and wait for N blocks.
 
2. Contact more than 50% of miners (for example large pools) and bribe them in real life to make a fork just before block X and to mine on that fork for N blocks. So the old branch becomes obsolete.

3. For a bribe you offer reward that is several times (let's say 3x) larger than the reward for N blocks.

------------------------------------------------------------
Conclusion:
The parties you paid to in block X will be accept your payment (as you picked N as 15 for example), and after rewind you get your bitcoins back.

 Other possible attacks on bitcoin could be:
•   Denial of Service (DoS) attacks
 Sending lots of data to a node may make it so busy it cannot process normal Bitcoin transactions. Bitcoin has some denial-of-service prevention built-in, but is likely still vulnerable to more sophisticated denial-of-service attacks.
•   Sybil attack
 An attacker can attempt to fill the network with clients controlled by him, you would then be very likely to connect only to attacker nodes. Although Bitcoin never uses a count of nodes for anything completely isolating a node from the honest network can be helpful in the execution of other attacks.
•   Packet sniffing
 Someone who can see all of your Internet traffic can easily see when you send a transaction that you didn't receive (which suggests you originated it). Bitcoin-QT has good Tor integration which closes this attack vector if used.
•   Illegal content in the block chain
It is illegal in some countries to possess/distribute certain kinds of data. Since arbitrary data can be included in Bitcoin transactions, and full Bitcoin nodes must normally have a copy of all unspent transactions, this could cause legal problems. However, Local node policy generally doesn't permit arbitrary data (transactions attempting to embed data re non-standard), but steganographic embedding can still be used though this generally limits storage to small amounts.

For more information on Bitcoin currencies attacks, check out these links:

https://en.bitcoin.it/wiki/Weaknesses   
https://www.reddit.com/r/Bitcoin/comments/7cht20/classification_of_attacks_on_bitcoin_oc/
https://btc-hijack.ethz.ch/

I know there are several attacks. I wanted to post this attack as an example of low cost variant of 51% attack. In this attack you only have to spend like 3xN where N is the total mining reward for N blocks. You can use N as 10 for example. So if the current reward per block is around 130 000$. The attack will cost you 3x1.3 million USD or around 4 million USD.

And you can make around 1000 transactions in block X, if each is worth 10 000$ you gain 10 million USD. So you are in net gain of 6 million USD.


Parties you pay to will accept your payment of 10 000$ after 10 blocks.

[sigmabe]

Maybe I understand now the argument of many here, the problem is that even with majority mining power we can't realise double-spending profit in every scenario. There is no automatism of trust in the longest chain, when it's obvious that cheaters have build it. So honest miners stay on the shorter "real" chain and users too and they aren't interested in the whale chain. We have just created a "new coin" with the whale chain but nobody besides us is interested in it. Is this the point I didn't see?

[Colorblind]

Attack example:

1. Make several large transactions in block X and wait for N blocks.
 
2. Contact more than 50% of miners (for example large pools) and bribe them in real life to make a fork just before block X and to mine on that fork for N blocks. So the old branch becomes obsolete.

3. For a bribe you offer reward that is several times (let's say 3x) larger than the reward for N blocks.

------------------------------------------------------------
Conclusion:
The parties you paid to in block X will be accept your payment (as you picked N as 15 for example), and after rewind you get your bitcoins back.

If N == 1, you will need to bribe miners with 37,5+ BTC (Assuming miners will decide to accept your bribe). Most services accept transaction after at least 2 confirmation, it effective doubles the bribe and makes it 75 BTC. Since you probably won't be able to cash out double spent funds in next 10 minutes, you will have to bi lightning fast and still need at least 3 orphans block and bribe budget of 3 blocks in best case scenario (112,5 BTC or 1,3 millions of dollars at the very least). So the amount of fraud you planning should be considerably bigger than that sum (say 100 millions). And this is ideal case.

In reality you can't know for sure who will mine next block so you will have to bribe majority of miners. Miners will likely not accept just 3x of minig rewards keeping in mind that if fraud goes public (and it will after you double spend 100 000 000 worth of BTC) price will dip hurting future mining profits. This will raise cost up tenfold at least.

Overall without having 10-20 millions (probably way, way more in prior organizational costs) of throwaway money you should not be considering creating side chain of 3 orphan blocks (that translates to 30 minutes of reversible BTC transactions). That should make you think that just buying and holding probably more profitable for you.

[DannyHamilton]

In reality you can't know for sure who will mine next block so you will have to bribe majority of miners.

Bribing a majority of miners does not guarantee success.

If you bribe 51% of hash power, then there is only a 51% chance that they will mine the next block.

If someone that you did NOT bribe ends up getting lucky and solving the next block, then the attackers need to continue their attack for extra blocks in hopes of catching up with the longer chain.  They also have to hope that the amount of hash power on the longer chain doesn't increase enough during their attack to overcome their 1% advantage.

At any moment, any number of bribed miners could panic and fear that they are wasting time and money mining on a fork that will never catch up.  Realizing that other miners may be feeling the same fear, there will be a large incentive to defect early rather than waiting to be the last fool on the losing fork.

You'll need to find an equitable way to split up that bribe across all the pools that you bribe, and you'll need to hope that the pool participants don't figure it out and abandon the pool.