How does a double spend 51% attack work ? BTCurious explained it brilliantly in a couple of sentences:
If I had 51%, I could mine a chain of blocks in which I transfer all my coins to my personal wallet. I'd mine this chain about 10 long, but not tell the rest of the network. At the same time, I convert all my coins to dollars on the exchange and withdraw them. This happens on the normal blockchain.
After my withdrawal has gone through. the normal blockchain is about 9 long, while my blockchain is 10 long. I announce all my blocks to the network, and lo and behold, the network confirms I am right.
But dollars can't be reverted! So the exchange takes a loss.
Monacoin, bitcoin gold, zencash, verge and now, litecoin cash.
At least five cryptocurrencies have recently been hit with an attack that used to be more theoretical than actual, all in the last month. In each case, attackers have been able to amass enough computing power to compromise these smaller networks, rearrange their transactions and abscond with millions of dollars in an effort that's perhaps the crypto equivalent of a bank heist.
More surprising, though, may be that so-called 51% attacks are a well-known and dangerous cryptocurrency attack vector.
https://www.coindesk.com/blockchains-feared-51-attack-now-becoming-regular/This is the more comprehensive explanation:When one person controls more than 51% of the mining power on a coin network they can control the concensus.The attacker will rent (Miningrigrentals.com or Hashnest.com) or use a botnet to obtain a lot of hashpower.
For instance if the mainnet has 25 Gh of hashpower a 51% attack can be done with 25.5 Gh of rented mining power.
Which would be easy and not very expensive.
How the attack works:Using a secret pool they make a private chain that is longer than the public chain.
For example:
Say they start at block 100 000
They will build a longer private chain than the public chain.
The private chain has more hashpower so will find blocks faster.
The private chain might have found 10 blocks while the public chain has only found 9 during that time.
The Double-SpendAs soon as they start their private chain they go to an Exchange or merchant and make a large deposit.
Using 10,000 GLD as an example.
This is broadcasts to the public blockchain in block 100,001. But they don’t broadcast that transaction on their private chain, only the public chain.
On their private chain they make a transaction sending those same 10,000 GLD to another wallet address in block 100,001. This is the “double spend” part - they spend those same GLD twice.
How they ProfitThe exchange sees the 10,000 GLD deposit on the public chain and after 6 blocks of confirmations it is accepted and the balance is transferred to the exchange ledger – making it available to be traded.The funds are now securely in the exchange wallet – right ? Because the coin network has confirmed that they are there. It appears on the block explorer as a correct transaction.
The attacker then trades the 10,000 GLD for Bitcoin at market prices and immediately withdraws the Bitcoin.
The exchange approves the Bitcoin withdrawal and the attacker now have the proceeds in BTC.
By now, we’re at block 100,008 or 100,009.As soon as the BTC comes out of the exchange - the attacker will release their long private chain of 10 blocks, broadcasting it to the public network. Their longer private chain is now public. Because the private network has a higher hashing power (over 51%) and longer than the previous public chain it is now accepted by the public chain as the true record.
This is called “Chain Reorganization.” The 9 blocks previously on mainnet are orphaned and the 10 new blocks are put in place as the new mainnet. This is how any chain splits are resolved in the GLD coin network protocol .
The coins that were accepted origionally by the network in the exchange wallet are now rejected as invalid by the coin network.
But the exchange has already released the proceeds of the sale of the coins for BTC to the attacker in BTC.
While their wallet initially had 10,000 GLD the network has voided that transaction and approved the private chain as the “true chain”.
Suddenly, the mainnet does not include the original deposit of 10,000 GLD to the Exchange back in the original block 100001 but it does include a transfer of those 10,000 GLD to the attacker’s own wallet back from privately-mined block 100,001. On the new version of the chain the attacker never sent them to the exchange but they sent them to themselves instead.
So the attacker took out 10,000 GLD worth of BTC from the exchange, and they no longer gave the 10,000 GLD to the Exchange in the first place.They may have paid a lot of money for all that hashpower but the GLD they stole is worth a lot more than that.
So is it a hack ?The blockchain didn't get hacked. But the decentralized coin node network that runs the blockchain got
exploited because the network had inadequate hashrate to protect against that.
In May Bittrex was the victim of a 51% double spend attack on the Bitcoin Gold network. The Bitcoin Gold developers only offered to partially compensate Bittrex for the losses and Bittrex chose to delist Bitcoin Gold instead.
Other coins that have been targeted by 51% attacks have usually compensated exchanges for their losses.
If a coin has enough hashrate to secure their network it would be almost impossible to carry out a 51% attack.
Some coin networks have resorted to merged mining or introducing a hybrid of POW and POS.
Sources:
https://www.coindesk.com/blockchains-feared-51-attack-now-becoming-regular/https://forum.bitcoingold.org/t/anatomy-of-a-double-spend-51-attack/1398https://bitcointalk.org/index.php?topic=52388.0https://www.bleepingcomputer.com/news/security/hacker-makes-over-18-million-in-double-spend-attack-on-bitcoin-gold-network/https://cointelegraph.com/news/bittrex-to-delist-bitcoin-gold-by-mid-september-following-18-million-hack-of-btg-in-mayTranslations of this article:
Thank you to Lafu for the awesome German translation he has made of this topic.
https://bitcointalk.org/index.php?topic=5035620.0Thank you to theyoungmillionaire for his fantastic Filipino translation:
https://bitcointalk.org/index.php?topic=5038913.0Thank you to taikuri13 for a great Russian translation:
https://bitcointalk.org/index.php?topic=5039027.0
