Is it possible to fake the BTC blockchain?

[DannyHamilton]

This post is a kind of work in progress, as much info I get that make me change my mind as much the "rules" are changed. I'm not after imposing my opinion, just to see whether there is an issue or not. So I "changed my rules" because of the previous post. But thank you for many valid points explained.

If you are trying to find out if there are ways that gullible people can be scammed, history tells us that the answer is always YES.

If you are trying to determine if a savvy user taking the proper precautions can be scammed, the answer is: Maybe.  It depends on motivations, risk tolerance and awareness, and many other factors.

If you are trying to determine if Bitcoin-Qt itself has a fatal flaw that someone could take advantage of, the answer is: Yes.  Bitcoin-Qt assumes a "rational actor".  If someone (or a group of people) is willing to spend huge amounts of money to turn another person (or group of people) into victims, without gaining any monetary benefit for themselves, then a it would technically be possible to acquire more hashpower than the rest of the world combined and create havoc with anyone they want to.

Seems like performing this kind of attack against a lite wallet is much easier, right?

Performing an attack that takes advantage of the victim's trust is always possible. It doesn't matter what form that trust takes.  Using a Bitcoin-Qt that is provided to you by the attacker is a form of trust. Accepting an unconfirmed transaction is a form of trust. Accepting a single confirmation on a BTC transaction valued at $200,000.00 is a form of trust. Using a light wallet is a form of trust.  Using a hosted wallet is a form of trust.  Using a block explorer is a form of trust. Using paypal is a form of trust. Using paper checks from a bank is a form of trust.

Choose your favorite form of trust, assign it to the potential victim, and yes, it will be possible to take advantage of that trust.

[1714936624]

1714936624

[1714936624]

1714936624

[1714936624]

1714936624

[1714936624]

1714936624

[pooya87]

what you are asking will always come down to HOW the received is checking the status of the transaction he receives.
people already explained the case where receive runs a full node i want to address two other things that were mentioned here.

SPV wallets
in this case it still is impossible to fool the receiver. although it depends on the wallet but a decent one (like Electrum) would download the block headers, verify their proof of work and could also use merkle root to make sure the "server" it is connected to is not lying about transactions and their state. and since everything is protected by an still strong hash algorithm and the proof of work, the design is fraud proof.
in this scenario the only thing that a malicious server can do is to show a confirmed transaction as unconfirmed. the opposite is impossible. for example if the malicious server shows an unconfirmed transaction as confirmed then it also has to provide a merkle root from the block that it claims contains this and since it can't, this attack becomes impossible. (the same arguments about having hash power and mining the block is true here too).

web wallets and block explorers
in this case it is also impossible to fool the receiver. in order to fool the receiver (eg. show an unconfirmed tx or a tx that  doesn't even exist) as confirmed the attacker has to perform a Man In the Middle attack. even if you are using his WIFI you are still communicating over an encrypted channel. the only way this is possible is if either the web wallet/block explorer was NOT using SSL encryption or if the attacker can inject a malicious certificate authority into receiver's device and then pull the MITM attack easily.

[migws]

It's a bit of time I'm asking myself this question.
Let's imagine the following situation:
A guy visits another guy to receive a payment in BTC.
He doesn't have mobile internet connection, so he asks his host to connect to his host's wi-fi.
His host, that we assume for the sake of our inquiry wants to scam his guest, connects him to a fake internet in which the real BTC blockchain was forked in order to fake a transaction that in really will never happen.
So once the first guy will go back home he'll see that his payment has disappeared.
Is this situation technically possible?

I think it’s possible to deceive a person using online crypto wallets. However, what you are asking about is excluded, it is checked very easily and "fake Internet" will not be able to help scammers to fake the BTC blockchain

[johnwhitestar]

I think I've got my answers and I'm satisfied.
Thank you guys! 

[franky1]

running scenarios through my head.
if your running a full node that has not been synced you are more at risk than one that synced.
but take that with a grain of salt

lets simplify it without the techni detail
imagine your node was synced recent enough to knows it needs blocks of ~50exa hashes performed to get a block
the attacker only has 50petahash(1000 asics($200k equipment))
what would take the public ntwork 2 weks to make 2016 blocks
and would take attacker 38 years to produce 2016 blocks to even gt to a point to start reducing the difficulty

imagine your node was last synced in 2014 enough to knows it needs blocks of ~a few petahashs  performed to get a block
the attacker only has 50petahash(1000 asics($200k equipment))
the attacker could easily convince your node his privat fork has good reliable chainwork to make your node build upon blocks after the blockheight your node requests that you dont have.

so in short if an attacker wants to do something your full node needs to be very outdated in sync to b a cheap attack.
or the attacker needs to invest more to be able to do a for attack the more rcent the re-sync is required

so again not possible. but just low chance for more experienced users that sync regular
noobs that are fresh and totally unsynced(never used a full node before thus have no sync to fork/orphan) an attack can be cheap, very cheap as the only data the noob would b getting is the private forks version

[johnwhitestar]

running scenarios through my head.
if your running a full node that has not been synced you are more at risk than one that synced.
but take that with a grain of salt

lets simplify it without the techni detail
imagine your node was synced recent enough to knows it needs blocks of ~50exa hashes performed to get a block
the attacker only has 50petahash(1000 asics($200k equipment))
what would take the public ntwork 2 weks to make 2016 blocks
and would take attacker 38 years to produce 2016 blocks to even gt to a point to start reducing the difficulty

imagine your node was last synced in 2014 enough to knows it needs blocks of ~a few petahashs  performed to get a block
the attacker only has 50petahash(1000 asics($200k equipment))
the attacker could easily convince your node his privat fork has good reliable chainwork to make your node build upon blocks after the blockheight your node requests that you dont have.

so in short if an attacker wants to do something your full node needs to be very outdated in sync to b a cheap attack.
or the attacker needs to invest more to be able to do a for attack the more rcent the re-sync is required

so again not possible. but just low chance for more experienced users that sync regular
noobs that are fresh and totally unsynced(never used a full node before thus have no sync to fork/orphan) an attack can be cheap, very cheap as the only data the noob would b getting is the private forks version

I'm thinking about the real world use scenario. That's why when someone has said here that the naive user could be scammed and there is nothing to do I don't feel quite satisfied with it.
But still I'm considering that if someone takes his laptop to go to someone to get paid he'd sync his blockchain before especially if he lives in a place where the internet is not that quick. So he'd sync before just to avoid waiting both him and the payer during the transaction (which by itself may take up to one hour).
So my receiver is not a complete noob as he accepts BTC as payment, but he lives in a very remote, poor place somewhere in the world, where the scammers are very active and technology doesn't work always as it should be.
In any case he has his a recent blockchain downloaded, so as per your explanation the attack can't be performed.

[realdantreccia]

Is it possible for a 99% consensus 'SCAM' to possibly be the real "BTC" blockchain?

[franky1]

Is it possible for a 99% consensus 'SCAM' to possibly be the real "BTC" blockchain?

if victims node was downloaded to be a vrsion that the attacker hintd at, thus victims nod had ruls accepting attackers funky non btc rules.. then yes
but if victims node was recent proper btc node it would just regect the blocks from attacker

alt of people think a mining pool can just create a block that magics new coins or is 100mb and if 99% of people receive the block then it becomes accepts.. no
first the ndoes have to have a rule to not check balances to allow magic coins to be accepted. and then a rule to allow a 100mb block
and then majority of nodes if they pass the funky rules then need to follow a chain of blockhashes that the pool has produced by out pacing other pools..(tripl hard as it involves not only hash power but users havng the re-codd clinets to accept )


in most cases in just a current form '51% attack' a pool cant make mega blocks or make new coins appear from nothing.. al they can do is choose which valid rule following transactions to include or exclude

EG a transaction that follows ral btc rules. but where the attacker has only broadcast the tx to his attacker pool on the privat network thus only shows as confirmed in the forked private chain. but not even registered on the real btc chain.
thus when user gets home and syncs to the true btc chain. he ends up seeing his transaction is not confirmed as it was not broadcast and included on the real public btc chain

in short. people worry too much that pools can change the rules without needing consensus of chaning the code client run.. but all a pool can do is change th transaction lists in blocks

[franky1]

anyway. much cheaper attack to achieve if user is just using a lite wallet cellphone app. which would usually be the case for most meet up stuff

[johnwhitestar]

anyway. much cheaper attack to achieve if user is just using a lite wallet cellphone app. which would usually be the case for most meet up stuff

From what @pooya87 above has said about Electrum, for instance, seems it's not that easy to fake a blockchain with the lite wallet either:

SPV wallets
in this case it still is impossible to fool the receiver. although it depends on the wallet but a decent one (like Electrum) would download the block headers, verify their proof of work and could also use merkle root to make sure the "server" it is connected to is not lying about transactions and their state. and since everything is protected by an still strong hash algorithm and the proof of work, the design is fraud proof.
in this scenario the only thing that a malicious server can do is to show a confirmed transaction as unconfirmed. the opposite is impossible.

[bounceback]

It's a bit of time I'm asking myself this question.
Let's imagine the following situation:
A guy visits another guy to receive a payment in BTC.
He doesn't have mobile internet connection, so he asks his host to connect to his host's wi-fi.
His host, that we assume for the sake of our inquiry wants to scam his guest, connects him to a fake internet in which the real BTC blockchain was forked in order to fake a transaction that in really will never happen.
So once the first guy will go back home he'll see that his payment has disappeared.
Is this situation technically possible?

I don't think they can fool people like that because the bitcoin blockchain has so many blocks that each transaction requires block verification, it's impossible to manipulate or send fake bitcoin, unless they use third party applications or sites that cannot be reached by the blockchain technology created by the recipient to be sent via a fake application.

[fiulpro]

Technically everything is quite possible , one thing that you learn in cyber security is that you are not supposed to actually let anyone connect you with a wifi or Bluetooth and send something in your mobile , you should understand that everything that we see right now can fall anytime ... Everything does have one or more negative sides therefore we don't know how one can do it but we do know it's possible.

[malikusama]

As far as I know, the receiver cant get tricked assuming:

• The receiver has had his bitcoin address ready(probably pre-copied address to his notes app, or a screenshotted QR code)

Even if the bitcoin address is pre-copied the host can generate fake transaction on "fake blockchain" on which visitor is connected.

• The receiver is viewing his bitcoin address through a reputable and untampered app(Mycelium, Electrum, etc)

Yes, if he is using a reputable app he can't be fooled by a fake transaction as it will not appear on his app.

[zalixo]

It's a bit of time I'm asking myself this question.
Let's imagine the following situation:
A guy visits another guy to receive a payment in BTC.
He doesn't have mobile internet connection, so he asks his host to connect to his host's wi-fi.
His host, that we assume for the sake of our inquiry wants to scam his guest, connects him to a fake internet in which the real BTC blockchain was forked in order to fake a transaction that in really will never happen.
So once the first guy will go back home he'll see that his payment has disappeared.
Is this situation technically possible?

This is an eye opener mate, must persons are just looking for your idea, they have all it takes to make things work.
Just tell them what you think, and they will make it a reality!

I hope something like this will not happen in years to come.
It will really have a negative effects on cryptocurrencies In general.

Not all innovations are welcome development

[johnwhitestar]

Not all innovations are welcome development

Seems like you haven't read what we were speaking about here.

[Ucy]

It's a bit of time I'm asking myself this question.
Let's imagine the following situation:
A guy visits another guy to receive a payment in BTC.
He doesn't have mobile internet connection, so he asks his host to connect to his host's wi-fi.
His host, that we assume for the sake of our inquiry wants to scam his guest, connects him to a fake internet in which the real BTC blockchain was forked in order to fake a transaction that in really will never happen.
So once the first guy will go back home he'll see that his payment has disappeared.
Is this situation technically possible?

This is an interesting one.
It looks like it can be done but I don't know exactly how.
 I guess traders should be careful of "fake internet" then or even avoid exchanging Bitcoin via public Wi-Fi or other people's internet.

 Imagine if this is done on a large scale by a powerful entity.

[johnwhitestar]

This is an interesting one.
It looks like it can be done but I don't know exactly how.
 I guess traders should be careful of "fake internet" then or even avoid exchanging Bitcoin via public Wi-Fi or other people's internet.

 Imagine if this is done on a large scale by a powerful entity.

TBH from this discussion it seems like it can't be done or at least the cost of doing it would be much higher than just buying the BTCs 

[Kyraishi]

He doesn't have mobile internet connection, so he asks his host to connect to his host's wi-fi.
His host, that we assume for the sake of our inquiry wants to scam his guest, connects him to a fake internet in which the real BTC blockchain was forked in order to fake a transaction that in really will never happen.

I'm not sure how this would work. Is he going to connect the guest to an internet network that he is able to manipulate data from it? I mean, this could be possible, similar to how countries block certain sites, I am sure smart hackers are going to be able to also manipulate things on someone's phone when they try and access the internet (eg, making things show up, after they use the internet).

So once the first guy will go back home he'll see that his payment has disappeared.
Is this situation technically possible?

You could be able to another address show up in place of an actual address possibly, but this hacker would need to be incredibly skilled.

[bitcoinposts]

No it is nt possible to fake any btc  or blockchain transaction all the transactions are listed in blockchain website we can access all transactions

[Russlenat]

That is quite technical but for general point of view, I think we cannot fake blockchain only if transaction are done according to its usual process.
What you site in your example is some kind of negligence on the person transacting and we know that if we are transacting a big amount of BTC , we will have to make sure that we will not fall for any kind of trick to steal our money.