Bitcoin Forum
April 10, 2024, 05:51:44 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: [ATTN!!] Bitcoin Security nearly Breached  (Read 6680 times)
dinker (OP)
Member
**
Offline Offline

Activity: 103
Merit: 10



View Profile
July 06, 2011, 11:10:30 PM
Last edit: July 06, 2011, 11:32:28 PM by dinker
 #1


Help Me Help You Donations:
14kP6tNtrz3woESs9nEE5aDB81QTybGyyZ
The Bitcoin software, network, and concept is called "Bitcoin" with a capitalized "B". Bitcoin currency units are called "bitcoins" with a lowercase "b" -- this is often abbreviated BTC.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1712728304
Hero Member
*
Offline Offline

Posts: 1712728304

View Profile Personal Message (Offline)

Ignore
1712728304
Reply with quote  #2

1712728304
Report to moderator
1712728304
Hero Member
*
Offline Offline

Posts: 1712728304

View Profile Personal Message (Offline)

Ignore
1712728304
Reply with quote  #2

1712728304
Report to moderator
1712728304
Hero Member
*
Offline Offline

Posts: 1712728304

View Profile Personal Message (Offline)

Ignore
1712728304
Reply with quote  #2

1712728304
Report to moderator
AtlasONo
Hero Member
*****
Offline Offline

Activity: 551
Merit: 500



View Profile
July 06, 2011, 11:11:07 PM
 #2

Indeed
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56
Merit: 1


View Profile
July 06, 2011, 11:17:50 PM
Last edit: July 06, 2011, 11:28:14 PM by DamienBlack
 #3

For the thousandth time, having 50% doesn't really help your attack chances all that much compared to having 49%. And even if you do have that much, the worst an attacker can do is double spend their own coins. No one can take your bitcoins or anything (at least, not the ones with many confirmations).

The best attack a pool with >50% could do is begin going backward in the block chain to rewrite it. During that time, no one in the pool would be getting paid, so people would be like, WTF. The network hash rate would drop by half so more people would be like WTF. Sooner or later the plot would be revealed and people would switch pools. No big deal. End of story.

On top of that, the pool owner probably has a heavy investment in bitcoins. If he screws with bitcoins he is just hurting his investment. Who would do that? He could probably make many, many times more continuing to run his pool correctly then he could get from a few hours of double spends followed by a crash.

The only real effect a >50% attack can have is mucking up bitcoin. And it only lasts as long as the 50% remains in control of an attacker. A pool isn't going to have that for long.
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


View Profile
July 06, 2011, 11:23:14 PM
 #4





http%3A%2F%2Fs4.postimage.org%2F5ioikon6t%2Fchart_chs_350x200_chd_t_0_75_49_14_3_75_22_57_5.png

doesn't work





Be humble!
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56
Merit: 1


View Profile
July 06, 2011, 11:25:39 PM
 #5

Where did the original post go?

EDIT: Ah, it is back.
dinker (OP)
Member
**
Offline Offline

Activity: 103
Merit: 10



View Profile
July 06, 2011, 11:27:56 PM
 #6

It's not about the probability of it happening, It's about the possibility.

As it wasn't possible before, but now it is(almost).

You're right the pool owner probably won't try to sabotage it, but it's now possible for him to do it.(almost)

Help Me Help You Donations:
14kP6tNtrz3woESs9nEE5aDB81QTybGyyZ
jwzguy
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1002



View Profile
July 06, 2011, 11:28:54 PM
 #7

ATTENTION!
http://www.youtube.com/watch?v=J61wuSKSryE
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56
Merit: 1


View Profile
July 06, 2011, 11:29:57 PM
 #8

It's not about the probability of it happening, It's about the possibility.

As it wasn't possible before, but now it is(almost).

You're right the pool owner probably won't try to sabotage it, but it's possible for him to do it.


It is possible to do a double spend attack when you have 49%, or 48%, or even 40%. You just have to get lucky and create more blocks than the rest of the network over a short period of time.

Even with 50% or 51%, you still need a good bit of luck.
kiba
Legendary
*
Offline Offline

Activity: 980
Merit: 1014


View Profile
July 06, 2011, 11:31:54 PM
 #9

It's not about the probability of it happening, It's about the possibility.

As it wasn't possible before, but now it is(almost).

You're right the pool owner probably won't try to sabotage it, but it's now possible for him to do it.(almost)


There is a possibility of terrorists assaulting airports checkpoint and causing a big fricking huge massacre of civilians because the TSA doesn't give the fuck about REAL security.

True, but it doesn't mean it's going to happen.

bitclown
Full Member
***
Offline Offline

Activity: 185
Merit: 100


View Profile
July 06, 2011, 11:33:36 PM
 #10

It's ironic that the users who are supposed to guarantee for the security of the network are the ones who care the least about it as long as it makes them a couple of legacy bucks.
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56
Merit: 1


View Profile
July 06, 2011, 11:35:07 PM
 #11

You know, as long as they are up on that chart, that is proof that they are using their resources productively. I'd be more suspicious is deepbit suddenly dropped to a small sliver, that could mean that they are diverting hashing power to an attack.

But then again, we don't know how big deepbit is besides what they productively do. Perhaps they are three times that large and are using the rest to mount a long term attack. And in the meantime, they are paying off their miners with their own funds. /conspiracy theory

My point is, the chart is useless. If someone were attacking, they wouldn't be on the chart. If they are on the chart, they aren't attacking.
eramus
Newbie
*
Offline Offline

Activity: 27
Merit: 0


View Profile
July 06, 2011, 11:37:34 PM
 #12

It's ironic that the users who are supposed to guarantee for the security of the network are the ones who care the least about it as long as it makes them a couple of legacy bucks.
who is designated responsibility for the security of the network? is that not up to the users to secure themselves? via securing their wallets and taking personal responsibility for third parties that they trust (pools, exchanges, etc)?
Steve
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1007



View Profile WWW
July 06, 2011, 11:42:15 PM
 #13

It might be a good idea to go with a less alarmist title.  This is a situation that might warrant asking miners switching to a different pool, but to say the security of bitcoin was nearly breached is an extreme over reaction and false.  The pool operator does not control the hardware of the members of the pool.  If the operator started monkeying with the transactions in the blocks it created...or tried to withhold some blocks in order to effect a double spend, I think it would get noticed in short order and the pool operator would find themselves swimming alone very quickly.  In fact, if the pool participants would simply announce any blocks they find directly on the network, it would eliminate the attack where the operator could withhold blocks in order to double spend.  There was also a proposal a while back for a way to operate a pool, but still allow the decision regarding which transactions go into a block to be controlled by the mining participants, not the operator.  And that would completely eliminate any issue with a powerful miner.

Still, it is good to encourage people to switch pools.

(gasteve on IRC) Does your website accept cash? https://bitpay.com
Jack of Diamonds
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
July 06, 2011, 11:51:43 PM
 #14

Tycho earns thousands of dollars per day legit by running the pool.

Why risk ruining a good business?
He's even proposed countermeasures & paid bounties for people to monitor him and nobody took up the challenge.

1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
bitclown
Full Member
***
Offline Offline

Activity: 185
Merit: 100


View Profile
July 06, 2011, 11:52:16 PM
 #15

It's ironic that the users who are supposed to guarantee for the security of the network are the ones who care the least about it as long as it makes them a couple of legacy bucks.
who is designated responsibility for the security of the network? is that not up to the users to secure themselves? via securing their wallets and taking personal responsibility for third parties that they trust (pools, exchanges, etc)?
It's the miner's job to verify the block chain. This is the main nerve of Bitcoin, and it's not affected by locally encrypted files or auditing of services.

If the operator started monkeying with the transactions in the blocks it created...or tried to withhold some blocks in order to effect a double spend, I think it would get noticed in short order and the pool operator would find themselves swimming alone very quickly.
If the motive of a pool operator is to discredit Bitcoin rather than profit, this attack would do much more damage than a few exchange rate swings. We've seen how BTC Guild usage recently exploded, so it's not unthinkable that future pools will be able to gain mass network share. If profit is the motive I guess it would be a lot easier to just keep a few blocks now and then without announcing it to the users. And I suspect this is already happening.
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56
Merit: 1


View Profile
July 06, 2011, 11:59:17 PM
 #16

It's ironic that the users who are supposed to guarantee for the security of the network are the ones who care the least about it as long as it makes them a couple of legacy bucks.
who is designated responsibility for the security of the network? is that not up to the users to secure themselves? via securing their wallets and taking personal responsibility for third parties that they trust (pools, exchanges, etc)?
It's the miner's job to verify the block chain. This is the main nerve of Bitcoin, and it's not affected by locally encrypted files or auditing of services.

If the operator started monkeying with the transactions in the blocks it created...or tried to withhold some blocks in order to effect a double spend, I think it would get noticed in short order and the pool operator would find themselves swimming alone very quickly.
If the motive of a pool operator is to discredit Bitcoin rather than profit, this attack would do much more damage than a few exchange rate swings. We've seen how BTC Guild usage recently exploded, so it's not unthinkable that future pools will be able to gain mass network share. If profit is the motive I guess it would be a lot easier to just keep a few blocks now and then without announcing it to the users. And I suspect this is already happening.

Why risk taking a whole block every now and then when you get 3% of each block anyway?

And it isn't risk free, the miner could have software that informs him he has found a block, and if it isn't later reported, it could arouse suspicion.
imanikin
Hero Member
*****
Offline Offline

Activity: 702
Merit: 503



View Profile
July 07, 2011, 12:17:34 AM
 #17

What i think would be useful is if someone with the right set of skills and resources would monitor Deepbit and Slush, and figure out how much of their power comes from botnet participation...  Wink

BtcGuild was big until they supposedly decided to ditch a botnet and got DDOS'd. It will be interesting what size it will be once it comes back.

Perhaps, on basis of that, we'll be able to make some wild guesses regarding how much of Deepbit is actually botnet power being stolen from unsuspecting internet users...  Wink

DamienBlack
Jr. Member
*
Offline Offline

Activity: 56
Merit: 1


View Profile
July 07, 2011, 12:20:35 AM
 #18

What i think would be useful is if someone with the right set of skills and resources would monitor Deepbit and Slush, and figure out how much of their power comes from botnet participation...  Wink

BtcGuild was big until they supposedly decided to ditch a botnet and got DDOS'd. It will be interesting what size it will be once it comes back.

Perhaps, on basis of that, we'll be able to make some wild guesses regarding how much of Deepbit is actually botnet power being stolen from unsuspecting internet users...  Wink

Botnets simply cannot contribute that much. The average computer could only hash pathetically. Even tens of thousands of average computers would probably only be 50-100 gh/s.
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


View Profile
July 07, 2011, 12:22:25 AM
 #19

Graph doesn't have a title.

Be humble!
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
July 07, 2011, 12:29:14 AM
 #20

What i think would be useful is if someone with the right set of skills and resources would monitor Deepbit and Slush, and figure out how much of their power comes from botnet participation...  Wink

BtcGuild was big until they supposedly decided to ditch a botnet and got DDOS'd. It will be interesting what size it will be once it comes back.

Perhaps, on basis of that, we'll be able to make some wild guesses regarding how much of Deepbit is actually botnet power being stolen from unsuspecting internet users...  Wink

Botnets simply cannot contribute that much. The average computer could only hash pathetically. Even tens of thousands of average computers would probably only be 50-100 gh/s.


Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!