Possible covert mining attack (in progress???)

[Gabrics]

Hi,

I don't want to be alarmist and this is not a Bitcoin dies FUD post. Just a theory as there is no proof.

The fact I started with:
50+% of mining capacity disappeared from the Bitcoin blockchain which has never ever happened. Difficulty is adjusting as it should, so nothing to see there.

But:
What IF this is a stealth syndicated attack by Chinese miners?

Example/imagine:
They didn't really shut down. They just forked the Bitcoin blockchain and started selfish mining ever since on an alternate private chain (eg. withholding all the blocks they find and building their own private chain). They can do this for long time and release at once the new, longer chain. As it has more PoW (as long as they have the majority hashrate) it will become the only chain accepted by all nodes. As far as I know there is no roll-back limit, so theoretically they can do this a month later (or more).

All the coins mined on the public chain between the two dates gone. All the transactions may or may not be included. Those with knowledge of this attack could have cheated (like sending coins to exchanges, withdraw the fiat/altcoins and a month later getting back the coin because they sent it to a different address sooner on the alternate chain).

Personally I don't think that the CCP would play along. But that doesn't mean it's impossible.

Do you know any limitation in the protocol which would prevent this (eg. rollback limit?)?
Do we have any hard proof that those huge (at least the known really big ones) mining farms are actually off?

Cheers
Steve

[1714157496]

1714157496

[1714157496]

1714157496

[1714157496]

1714157496

[mocacinno]

AFAIK, there is no limit as to how many blocks that can be reorganized.

I think the odds of china doing a 51% attack are very small tough, they'd probably just destroy bitcoin by doing this, but at a very big (energy, hardware and labour) cost. The destruction wouldn't be technical, but it would be the destruction of most of the trust in crypto.

It would be interesting tough to see how the community would react. In the past, checkpoints were used, hardcoded into the default core implementation. If there would be a consensus about adding a checkpoint against the non-CCP chain, there would probably be a fork: CCP-BTC and free-ish-BTC.
There would be pro's and con's against such a checkpoint tough... I guess everybody in the west would agree that a state-sponsored 51% attack isn't good, but i guess there would also be a large portion of the community that would oppose any interference with how the protocol works (so they'd be against checkpoints, even for a good cause).

[Gabrics]

Yes, I also think this would cause a "which is the real chain" war . Probably some kind of ETH ETC split.

I think it would be great to prevent it (I mean act before this actually happens - if at all happens). I mean this is a rare enough event to introduce a checkpoint?

On the other hand as long as anyone can have such a huge proven hashrate hidden the checkpoint would only postpone the issue. I think the only true solution would be to limit chain reorg to a large enough number. I believe 12 should be enough. That would force any attacking actor to publish the alternate chain sooner or loose it.

Exchanges and other players could protect themselves by accepting after six, but only allow withdrawal after 12.

Or just play the game and increase the visible hashrate as soon as possible...

I would be much happier if we would see the hashrate (visible) go up soon.

[ranochigo]

Checkpoints wasn't meant to prevent 51% attacks actually. You're either going to have someone babysit Bitcoin by assigning checkpoints or just having a moving checkpoints. Either of which isn't ideal and people seems to think that the checkpoints (often thousands of blocks deep) were meant to prevent 51% attacks. Not true and we've switched it out in favour of assumevalid.

I actually vaguely remember someone (I think Gavin) mentioning something about limiting re-org blocks but that wasn't really developed any further AFAIK. There simply isn't any reason why anyone would want to attack Bitcoin, the total cost of the attack and your ASICs probably cannot be covered by the profits from the attack. It is really not in their best interest to try to attack Bitcoin, too little incentives. Just move elsewhere with your millions of dollars in ASIC investment and continue generating profits.

You probably won't know which are the larger farms, some of them were quite stealth with their operations due to the nature of it.

Your concerns aren't unfounded, motivations goes far beyond monetary. But given the evidence that we've actually been seeing, I highly doubt that would be the case. CCP probably doesn't lose sleep over Bitcoin anyways, any attacks would've happened far earlier.

[mocacinno]

Checkpoints wasn't meant to prevent 51% attacks actually.
--snip--

That's true, but that doesn't mean it couldn't be used against a 51% attack...
In a real life example, bitcoin gold used checkpoints vs a 51% attack:

source: https://www.coindesk.com/attempted-51-attack-on-bitcoin-gold-was-thwarted-developers-say

Developers had circulated an update that featured a checkpoint at block 640,650 on July 2. That checkpoint prevented the attacker’s chain from taking over the honest chain, they said Friday.

source: https://www.coindesk.com/attempted-51-attack-on-bitcoin-gold-was-thwarted-developers-say

I'm not saying that this is what we should (ever) do, i'm just brainstorming potential idears and thinking about improbable scenario's (like the CCCP attacking bitcoin this way)

[Gabrics]

There simply isn't any reason why anyone would want to attack Bitcoin, the total cost of the attack and your ASICs probably cannot be covered by the profits from the attack.

The current time is unique though. 50+% hash rate just disappeared "overnight" which makes it somewhat likely that a state actor (China) is using this proven hashrate to covertly attack Bitcoin. If  they can't control damage it maybe damage it a lot. Could be the best time to be pre-emptive? I mean irreversibility is one of the main selling point for bitcoin besides the hard coded supply. If any of these fail... could be pretty bad.

You probably won't know which are the larger farms, some of them were quite stealth with their operations due to the nature of it.

Indeed, that's why I thought it's somewhat possible that they didn't actually shut down.

I highly doubt that would be the case. CCP probably doesn't lose sleep over Bitcoin anyways, any attacks would've happened far earlier.

Bitcoin matured a lot. China's problems are much bigger too. So I think this is probably the time CCP could have started to care
(especially as it won't cost them much, also they can show that they are the bid dog which they do care about)

[kano]

The current time is unique though. 50+% hash rate just disappeared "overnight"
...

No it didn't drop 50+% and the drop wasn't any where near overnight.

If you go back as far as 13-May (48 days ago) the (ATH) diff was 25.0T which is 179EH
Now the diff is 14.4T which is 103EH
So that's -42.7% over 48 days, so certainly not greater than 50% like your over stated post is.

Even if this diff change is another -10% to 92.5EH, you still only get a total hash rate drop of -48.4% over the 63 days by then.

Yeah it is now getting closer to -50%, but certainly vary far from overnight 50+%

If instead we claim 'overnight' is 3 weeks, for last 2 diff drops we get a diff drop of ... -31.8% ...

The difficulty at the end of any 2 weeks (2016 blocks) is the average of that 2 weeks (2016 blocks), there's no magic hash rate drop that doesn't affect the diff change.

[Gabrics]

Yeah it is now getting closer to -50%, but certainly vary far from overnight 50+%

But theoretically if you wish to attack the main chain this way you can schedule your brand new S19s (maybe even new locations?) to be fired up at the right time. So the close to 50% is awfully close for my taste today . I only worry about the long term roll back possibility. As far as I see that's the only real -albeit theoretical- danger.

Crossing my fingers

If instead we claim 'overnight' is 3 weeks, for last 2 diff drops we get a diff drop of ... -31.8% ...

Yeah, hence the quotation mark. Still happened continuously and fast. Of course it matches the story (China miners shutdown), so let's hope occam's razor is right. Crossing my fingers

I don't want to spread FUD. I too believe that this is small possibility only. I also believe what I explained is a possibility which we should be prepared considering the results of such an attack.

[ranochigo]

That's true, but that doesn't mean it couldn't be used against a 51% attack...
In a real life example, bitcoin gold used checkpoints vs a 51% attack:

source: https://www.coindesk.com/attempted-51-attack-on-bitcoin-gold-was-thwarted-developers-say

I'm not saying that this is what we should (ever) do, i'm just brainstorming potential idears and thinking about improbable scenario's (like the CCCP attacking bitcoin this way)

Correct, we should never do that. There is a very specific reason why it was removed from the code, and any changes would probably take a while for the network to adopt. Unless you know that someone is already doing so, then once you release the client, they release their own chain.

Now to address why it isn't necessary. There is no reason why anyone would do a 51% attack over a few hundred blocks. If you're in for the profits, your total gain must be at least the sum of the block rewards. So if we were to approximate it, over a hundred blocks, it would be currently 19 million dollars. Why would anyone spend 19 million dollars on an attack like this? If you want to make a statement, just orphan blocks as you go. People will panic, price will crash and it is so much cheaper than mining on a separate chain. Checkpoints are not fundamentally useful in nearly any motives for a 51% attack.

Could be the best time to be pre-emptive? I mean irreversibility is one of the main selling point for bitcoin besides the hard coded supply. If any of these fail... could be pretty bad.

If we had a good pre-emptive measure against 51% attacks, it would have been implemented a long time ago.

Indeed, that's why I thought it's somewhat possible that they didn't actually shut down.

They will know, we won't. If you're occupying a huge space and you consume a huge amount of electricity, either you're growing marijuana or Bitcoin mining. To confirm which is it, just go and take a look.

Bitcoin matured a lot. China's problems are much bigger too. So I think this is probably the time CCP could have started to care
(especially as it won't cost them much, also they can show that they are the bid dog which they do care about)

Well, perhaps they see it as a threat and they don't want to endorse any part of it. If you were to destroy Bitcoin, another crypto would just rise. This time even higher than Bitcoin, there is no point.

[stompix]

What IF this is a stealth syndicated attack by Chinese miners?

Stealth? You wouldn't be doing stealth attacks with all that drama.
And a coordinated attack would certainly not look like this, with regions takins actions one after the other, with Bitmain still delivering gear outside of China right now pushing up the hashrate of the 'competition", allowing miners to pack gear and move it and allowing a ton of gear to be sold as we speak and shipped around the globe. You should take a look at channels where mining gear is sold in bulk and you would be amazed how much has been moved lately.

Plus, to mine on a separate chain, you would need yours to exceed the other and the one way to do that would have been to completely cut mining to the international chain at once, not by  - 15.97 %, - 5.30 %,- 27.94 % by those number if a secret chain is right now being mined is still below the main one and time will be shortly running out even in this fantasy scenario.

Now, why would the whole Chinese mining cartel do this and ruin themselves?
Let's assume they're doing this under orders from the Chinese government, then why wound't they have done this simply in secret, seizing all mining farms, arresting the owners or put them under surveillance, order them to stay put and mine on a secret chain and that's it, nothing would have been found in the western world till it would have been too late. What is happening right now is anything but stealth.

[philipma1957]

The current time is unique though. 50+% hash rate just disappeared "overnight"
...

No it didn't drop 50+% and the drop wasn't any where near overnight.

If you go back as far as 13-May (48 days ago) the (ATH) diff was 25.0T which is 179EH
Now the diff is 14.4T which is 103EH
So that's -42.7% over 48 days, so certainly not greater than 50% like your over stated post is.

Even if this diff change is another -10% to 92.5EH, you still only get a total hash rate drop of -48.4% over the 63 days by then.

Yeah it is now getting closer to -50%, but certainly vary far from overnight 50+%

If instead we claim 'overnight' is 3 weeks, for last 2 diff drops we get a diff drop of ... -31.8% ...

The difficulty at the end of any 2 weeks (2016 blocks) is the average of that 2 weeks (2016 blocks), there's no magic hash rate drop that doesn't affect the diff change.

Well reasoned and common sense post.

AT op it is not over night it is over a long period of time.
https://www.coinwarz.com/mining/bitcoin/difficulty-chart

diff of 25.0465 from 14 to may 29
diff of 21.0477 from may 30 to june 13
diff of 19.9328 from june 14 to July 3
diff of 14.3630 from July 3 to now

and maybe a drop to 12.8-13.1 July 20

So yeah even if we go to 12.8 that is 48.89 % drop.

In order for 50% drop to be true we need to drop to a diff of  12.2 around July 22

but the op has also failed to realize that BCH is way way way way more likely to be getting stealth attacked.

Since the amount of hash off line is huge as compared to BCH or BHA or XEC or BSV

in fact maybe this is being done to all of those coins and not BTC at all.

[Gabrics]

If you want to make a statement, just orphan blocks as you go. People will panic, price will crash and it is so much cheaper than mining on a separate chain.

I think if you wanna do one time max damage this is the way. Overwrite a month of bitcoin's history with empty blocks (or blocks with made up transactions) and that could be a close to be kill shot. Not to mention if you leak the date a few hours in advance and all the people who sent bitcoin anywhere in that months send it back to themselves... on  the new longer chain before the original transaction could be re-broadcasted.

Thanks for all the inputs guys, I hope we are all right and this is not an attack. I am more relaxed for sure seeing that no one is worried (am I? ). Let's prepare for the cheap miners for sale;)

[Gabrics]

No it didn't drop 50+% and the drop wasn't any where near overnight.
If you go back as far as 13-May (48 days ago) the (ATH) diff was 25.0T which is 179EH
Now the diff is 14.4T which is 103EH
So that's -42.7% over 48 days, so certainly not greater than 50% like your over stated post is.
Even if this diff change is another -10% to 92.5EH, you still only get a total hash rate drop of -48.4% over the 63 days by then.
Yeah it is now getting closer to -50%, but certainly vary far from overnight 50+%

It is close, but the attacker could also get more hashrate with new machines (I mean now we are talking about single digit %). So the already disappeared hashrate maybe less than the current (possible) attacking hash rate. Hope not though  

[jeyzeus]

What IF this is a stealth syndicated attack by Chinese miners?

Plus, to mine on a separate chain, you would need yours to exceed the other and the one way to do that would have been to completely cut mining to the international chain at once, not by  - 15.97 %, - 5.30 %,- 27.94 % by those number if a secret chain is right now being mined is still below the main one and time will be shortly running out even in this fantasy scenario.

underrated point. people think that if you get 51% of the hashrate its game over. in reality, there are still 49% of people out there mining, competing against you. they've already mined a crap ton and do NOT want the chain they've been mining to be the invalid one.

meanwhile the stealth attack chain started that's had several weeks of mining is already falling behind cause it started with only 15% of the hash rate and waited many weeks to add more hash rate. the gap would be too large since the drop in difficulty took several adjustment periods.

[ranochigo]

I think if you wanna do one time max damage this is the way. Overwrite a month of bitcoin's history with empty blocks (or blocks with made up transactions) and that could be a close to be kill shot. Not to mention if you leak the date a few hours in advance and all the people who sent bitcoin anywhere in that months send it back to themselves... on  the new longer chain before the original transaction could be re-broadcasted.

You can't fabricate transactions.

Truth is, the economic majority probably wouldn't want to continue using a chain which was manipulated by an external party. The only rational way out is to rollback the chain to before the 51% attack and continue mining with a different algorithm. It would be as if the attack has never happened. Announcing prior to the attack would just result in majority of the exchanges halting deposits and I would be surprised if there isn't any mechanism to monitor for extended re-orgs on exchanges, considering how many altcoins are already susceptible to these attacks.

underrated point. people think that if you get 51% of the hashrate its game over. in reality, there are still 49% of people out there mining, competing against you. they've already mined a crap ton and do NOT want the chain they've been mining to be the invalid one.

They have no choice. As long as someone else has the capability to build a longer chain with a greater accumulated PoW, everyone will re-org to that chain. If we do discover some malicious intent, then I don't believe it would be a huge issue to just abandon that malicious chain in favour of the honest one.

[Gabrics]

You can't fabricate transactions.

Of course I can. I can have 1 Bitcoin and I definitely have unlimited addresses. I can send this any time to any addresses in any amount, hence I am able to create an unlimited number of valid transactions. The only thing I lose is the transaction fee. But in the current "attacking longer chain" case it wouldn't matter as I am the miner too who is receiving that fee. So the attacking blocks would be full if I want them to be (canceling any consensus change requiring non empty blocks). I can also include any number of chosen (by me) real transactions from the public blockchain as long as it's valid on my partial chain (eg. coming from an unspent UTXO).

If we do discover some malicious intent, then I don't believe it would be a huge issue to just abandon that malicious chain in favour of the honest one.

I think this kind of possible attack fits the current consensus hence it's not "forbidden". I think it's still an attack judging by the roots of Bitcoin, but technically (by the current consensus) you are not forced (or even rewarded!) to publish the mined blocks as long as you have the longest accumulated PoW and you sure of it.

[ranochigo]

Of course I can. I have 1 Bitcoin and unlimited addresses. I can send this any time to any addresses hence creating any number of valid transactions. The only thing I lose the transaction fee, but in this case it wouldn't matter as I am the miner too. So the attacking blocks would be full. I can also include any number of chosen real transactions from the public blockchain as long as it's valid on my partial chain.

Oh okay, then it's not fabricating transactions.

It doesn't matter except that it slows the propagation of your blocks down by a lot. End result is still the same, fork with a different algorithm and chain. Extended re-orgs are not very common without malicious intent so it wouldn't be difficult to differentiate. If the end result; forcing Bitcoin to change the algorithm and instill fear in the people is the same, whether you just start attacking in real time or release your own alternate chain, then I fail to see what is the difference except the latter is far, far more costly. It's mostly a difference between a few million dollars and a few hundred million dollars, assuming that they don't have to care about the cost of the ASICs nor the space.

So the attacking blocks would be full if I want them to be (canceling any consensus change requiring non empty blocks).

There isn't any rules about that, nor would it be implemented realistically. We wouldn't bother to implement any consensus change that doesn't deal with the root of the problem; rather, I believe that invalidating that chain and changing to an algorithm would be the most obvious and direct way to deal with it.

I think this kind of possible attack fits the current consensus hence it's not "forbidden". I think it's still an attack judging by the roots of Bitcoin, but technically (by the current consensus) you are not forced (or even rewarded!) to publish the mined blocks as long as you have the longest accumulated PoW and you sure of it.

It is an attack that threatens Bitcoin, that is correct. Whether it is viable to do so, is a whole other question.

[Gabrics]

whether you just start attacking in real time or release your own alternate chain, then I fail to see what is the difference except the latter is far, far more costly

The main difference that you can gain much much more than just the block reward with the long term attack. Imagine if you hidden mine your longer chain for two weeks. Under that two weeks you can send your real bitcoin to an exchange and withdraw the FIAT or exchange bitcoin for USDC, Monero, etc. That's all on the public chain.

On your hidden chain you send the bitcoin back to yourself to spend the input TXU. So when you publish your longer chain you get your coins back and also can (most likely, depends on jurisdiction, etc.) keep the FIAT and other coins you exchanged. On the other side someone bought bitcoin and it will go back to it's original owner

This is why I think that some rollback limit would be useful. There would be at least a point in time when you can be sure it won't be rolled back. Like an 6 or 12 blocks. Also limit the rollback to once only until you don't reach the roll-back limit (number of blocks) again to prevent rolling back X blocks at a time.

[ranochigo]

The main difference that you can gain much much more than just the block reward with the long term attack. Imagine if you hidden mine your longer chain for two weeks. Under that two weeks you can send your real bitcoin to an exchange and withdraw the FIAT or exchange bitcoin for USDC, Monero, etc. That's all on the public chain.

On your hidden chain you send the bitcoin back to yourself to spend the input TXU. So when you publish your longer chain you get your coins back and also can (most likely, depends on jurisdiction, etc.) keep the FIAT and other coins you exchanged.

Yes. That is a typical double spending attack in theory.

As I've said, the cost of such an attack, or at least the opportunity costs is in the neighbourhood of a few million dollars. Whether the exchange is willing or is able to process such a big transaction without at least some precautions in place isn't guaranteed.

The thread is a covert mining attack with the state adversary against Bitcoin. There is no reason why the state would be remotely interested in the profits; as said, the costs of an extended attack is huge with their attacking chain becoming either abandoned or at least largely unpopular with the community. If you're in it for the profit or attempting to recoup any significant part of it, the fiat exchanged must be at least 400 million dollars, given two weeks and even more because your ASICs are now worthless. China isn't interested in doing that, their GDP is 14 trillion USD, and you don't gain enough from an attack like this. An attack from China cannot possibly be profit motivated. If you're not looking to profit from it, mining alongside the chain for extended periods of time only serves to make the attack much more expensive.

Chinese miners are also not interested in that. They've made tremendous investments in mining, they are going to profit more by being honest.

This is why I think that some rollback limit would be useful. There would be at least a point in time when you can be sure it won't be rolled back. Like an 6 or 12 blocks. Also limit the rollback to once only until you don't reach the roll-back limit (number of blocks) again to prevent rolling back X blocks at a time.

I think there is a security issue right here. If some of the nodes aren't online at a specific time, then they won't know if the blocks were reorg-ed before. Sybil attacks are also a problem in this case. The potential for a network split in this case is far greater.

[stompix]

The main difference that you can gain much much more than just the block reward with the long term attack. Imagine if you hidden mine your longer chain for two weeks. Under that two weeks you can send your real bitcoin to an exchange and withdraw the FIAT or exchange bitcoin for USDC, Monero, etc. That's all on the public chain.

On your hidden chain you send the bitcoin back to yourself to spend the input TXU. So when you publish your longer chain you get your coins back ....

And let's stop there.
Because the moment you do this the value of those coins will drop if not to zero pretty closeby it, imagine 4 weeks of transactions getting rolled over, who the hell do you think will use this coin, all aspects of security are destroyed, once this attack happens is clear another one is possible so everyone will simply dump.
So you will end up with the coins/fiat that you exchanged first, worthless coins after the attacks and worthless mining gear as the reward will plummet too in $ terms.
At this point, you're at a loss.

Financial attacks make no sense at this level, the way you picture it this would be an attack to kill the coin and that's it, after such a thing the is no way out of it, who do you think will deal with it anymore? You buy coins at an ATM and 3 weeks later you have no coins? You sold 100k$ worth of stuff and suddenly you have nothing? You traded some shitcoins for BTC and you end up with zero? What about all the miners who have mined at zero income for a month?

Do you really think there will be something after all this chaos?