Mining reward "stealing" attack

[tublo]

As there are more than 1.8 million bitcoins that have not been moved since they were mined, isn't it possible that someone rebuilds the entire blockchain in order to claim those bitcoins? This attacker could even keep all transactions made till today, so people would not lose their balance.
It would take 200 days with the present hashrate to rebuild the entire blockchain. So, for instance, if someone invest in mining facilities equivalent to double the present hashrate (a lot of money, but not impossible), it would take 200 days to create a new blockchain with more work than the original one (100 days to have the same work as it has today and other 100 days as the blockchain would be bigger by then).
Comparing the alternatives, with that amount of hash rate:
1) If the attacker mined in the original blockchain, he would obtain 240,000 bitcoins in 200 days (1,800 btc/day * 200 days * 2/3 of total hash rate), probably at a loss.
2) If he performs the attack, he would obtain 1,800,000 bitcoins.
So, the incentives are pro-attack. Also, those incentives are expected to be greater in the future, as the block reward gets smaller.

What do you think about this? Is there something I am missing here? 

[1713540668]

1713540668

[1713540668]

1713540668

[odolvlobo]

Double the current hash rate is a lot of hash rate.

[achow101]

First of all, double the current hashrate would be nearly impossible for someone to get. They would have to acquire ALL of the mining equipment in the world, and then do it again, all without taking away the existing equipment. This would be exorbitantly expensive, both in resources and in time. Manufacturers can't just magically produce machines that they don't have. It takes time, money, and raw materials. Such an operation would be very obvious.

Second, people running nodes, and nodes themselves, are not stupid. They would definitely notice a 500,000+ block blockchain reorganization. That is extremely obvious and there would be warnings put up all over place. Such an attack would likely result in some form of human intervention which prevents people's nodes from switching to using the attacker's blockchain.

[philipma1957]

well thanks to the op  bitmain will have something to do.

Realistically they are the only company that could stand a shot to do it.

but they would need a lot of s-9's

46,740,917,366 GH/s/14,000ghs = 3,338,636  s9's

so say 4 million s-9's  power wise 5600 megawatts  which would be all of Niagara Falls x 2



https://en.wikipedia.org/wiki/List_of_largest_hydroelectric_power_stations

at 5 cents a kwatt  a mega watt is 50 bucks an hour x 5600 = 280,000 an hour or  6,720,000  a day x 730 = 4,905,600,000

so at least 5 billion in power

and 4,000,000 x 300 = 1,200,000,000  in gear  so more then 6 billion  more likely 7 or 8 billion to get 1,800,000  worth 7500 each or

13,500,000,000

a lot to risk  8 billion for 13.5 billion

[ABCbits]

Aside from reason above member mentioned, it's impossible since :
1. Some Bitcoin client/nodes have feature called Checkpoint (basically stored hash of block at certain height) which is used to prevent someone re-write Bitcoin history by re-mine/re-doing PoW all block with low hashrate and manipulate each timestamp.
2. You still need to find way to make existing nodes to accept your block with far lower block height or older timestamp. Even SPV/light nodes will reject (or confused) your block since block header they store and your block header is different.

Additionally, even if you could overcome the problem somehow, people surely will notice and panic which lead to Bitcoin price crashing and you just wasting your time, money and energy

[RGBKey]

At this point when you have half the hashrate of the current network you might as well launch a 51% attack and go for everything, not just the untouched coins. It's equally as covert and you'd get more money. Which to be fair, is not covert at all.

[Zin-Zang]

As there are more than 1.8 million bitcoins that have not been moved since they were mined, isn't it possible that someone rebuilds the entire blockchain in order to claim those bitcoins? This attacker could even keep all transactions made till today, so people would not lose their balance.
It would take 200 days with the present hashrate to rebuild the entire blockchain. So, for instance, if someone invest in mining facilities equivalent to double the present hashrate (a lot of money, but not impossible), it would take 200 days to create a new blockchain with more work than the original one (100 days to have the same work as it has today and other 100 days as the blockchain would be bigger by then).
Comparing the alternatives, with that amount of hash rate:
1) If the attacker mined in the original blockchain, he would obtain 240,000 bitcoins in 200 days (1,800 btc/day * 200 days * 2/3 of total hash rate), probably at a loss.
2) If he performs the attack, he would obtain 1,800,000 bitcoins.
So, the incentives are pro-attack. Also, those incentives are expected to be greater in the future, as the block reward gets smaller.

What do you think about this? Is there something I am missing here?  

Won't work, you can't reorg before the last checkpoint.
https://bitcointalk.org/index.php?topic=194078.0

Most coins contain checkpoints in their source code to prevent tampering with historical data.

If you purchase double the modern day mining capacity, you could 51% attack the chain at will and kill it.
Or profit by selling all of the mined bitcoins until you crash the price.

[Thirdspace]

instead of "rebuild the entire blockchain", why not just brute force the private keys?
do sequential just like LBC group, but start in the middle, they're doing ~25 tn keys/day
with that much hashrate I think brute forcing keys is somewhat doable (maybe??) but costly nonetheless
aim for those "unmoved mining rewards" and pick up others as well in the process

[morantis2015]

Yeah, a lot better ways to invest the computational power, if you have it.  Best case scenario, besides taking a 51% hold, would be that the coins would appear in your wallet/wallets, but you're pretty much riding your own fork. All in all, it doesn't matter if you can fool some nodes or wallets out there, the key to dying or living is whether you and the exchanges are on the same ledger, because that's where the BTC becomes either fiat(for most people to spend) or becomes a tool for any real use, no one is going to just hand you cash for BTC, not many, and they will want the network to confirm first.

[S00rabh]

Instead of investing so much in Hash power, just quarter of that $$$ to buy actual BTC and then you can control the market in much better way.

[Thirdspace]

Instead of investing so much in Hash power, just quarter of that $$$ to buy actual BTC and then you can control the market in much better way.

"quarter of that" = 1/4 * $8 bn = $2 bn @ $6,500/BTC = 300,000+ BTC
control the market?   maybe...
but wouldn't his buying frenzy willl pump the price? (eating up all sell orders)
then shortly afterwards price crash/correction/dump happens and gets him in a big loss

[tublo]

well thanks to the op  bitmain will have something to do.

Realistically they are the only company that could stand a shot to do it.

but they would need a lot of s-9's

46,740,917,366 GH/s/14,000ghs = 3,338,636  s9's

so say 4 million s-9's  power wise 5600 megawatts  which would be all of Niagara Falls x 2



https://en.wikipedia.org/wiki/List_of_largest_hydroelectric_power_stations

at 5 cents a kwatt  a mega watt is 50 bucks an hour x 5600 = 280,000 an hour or  6,720,000  a day x 730 = 4,905,600,000

so at least 5 billion in power

and 4,000,000 x 300 = 1,200,000,000  in gear  so more then 6 billion  more likely 7 or 8 billion to get 1,800,000  worth 7500 each or

13,500,000,000

a lot to risk  8 billion for 13.5 billion

Yes, it is a lot of risk now. But what I am trying to say is that, in general, 51% attacks are not incentivized because the eventual attacker earns more if he mines the original chain. But, in this case it is different. In 15 years, the yearly reward will be less than 100,000 bitcoins. The attack would be more profitable.

[odolvlobo]

Yes, it is a lot of risk now. But what I am trying to say is that, in general, 51% attacks are not incentivized because the eventual attacker earns more if he mines the original chain. But, in this case it is different. In 15 years, the yearly reward will be less than 100,000 bitcoins. The attack would be more profitable.

You have come up with an interesting scenario. Another aspect is that I don't think many people would care if only unspent coinbase transactions are stolen.

[onelineproof]

The problem is

if

a) The attack is unsuccessful, the attacker loses a lot of resources

b) The attack is successful, the value of Bitcoin plummets (perhaps people switch to an altcoin or hard fork Bitcoin with a PoW change), and the attacker still loses a lot of resources.

It's more worth it for them to just mine honestly and get honest rewards, unless their only goal is to harm Bitcoin, in which case people will just switch to a more robust PoW system (like multi algo, merge mining), so don't see what they will gain.

[tublo]

How a PoW system change would solve that?

[onelineproof]

How a PoW system change would solve that?

Currently, the most proof-of-work chain for Bitcoin is the one that most SHA256 work. If a hard fork is done that allows for continuation with some other algo, then the most proof-of-work chain would be defined differently. Maybe the definition would consider SHA256, but not exculsively. Even if the attacker gets more proof of work for SHA256, they would have a hard time getting more than Bitcoin for some other algo I assume. It depends on how it's done, so not sure, but either way it would be an ugly situation, and something we want to avoid.