Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it

[mjdamgaard]

Just to hammer the point home, let me also mention something else, that I left out of my preprint, which is that when the attackers rewrite the ledger, they can also remove and rearrange the transactions of the any of the innocent traders in the same time frame.

This means that they can also make other traders inadvertently steal BTC in the same attack. Thus, they are able to make half the traders in the given time frame look as if they are accomplishes in the attack.

Since their ultimate goal is to cause a crash, it doesn't matter who steals the BTC, just as long as someone does, intentionally or inadvertently.

This relieves the attackers of having to trade the large quantities of BTC leading up to the long-range attack that we have just discussed on this thread, which is actually a significant improvement on this particular version of the attack vector since it then relieves them of having to make this activity appear normal, while keeping the secret that an attack is underway. 

[mjdamgaard]

you have again avoided alot of factors and then tried to debate something else yet again to then say that the new debate is not what you were talking about whilst in same sentence saying it was what you were talking about

anyway, you had your chances to learn, but instead just repeated your same mistakes

its obvious now that you only know of ethereum and a newbie to bitcoin, hense why i said several times for you to atleast play out your scenarios, playing devils advocate.. this means learn bitcoin and its mitigating factors and not just run things from the position of how ethereum can have a fantasy wet dream scenario of winning if bitcoin conditions are ignored

goodluck though, but ill leave you now to work out that your theory and method wont crash the market as a long or short term attack.. but enjoy working that out for yourself the hard way, because i know any further hints will just be met with "not convinced" or other avoidance's

so ill just leave you to it with your comedy of thinking you can steal alot of bitcoin in your fantasy, great laughs

You don't even deny that this was exactly the "delay service" you were talking about.

You are obviously being a troll. So goodbye.

[franky1]

blah blah blah shows you are still not ready to even run your theory through your own head properly

so knowing you just want best wishes from other ethereum supporters by pretending ethereum could crash the market of bitcoin.. lets really ram it home to you that you have not thought about things much but just want to mention a theory several times without much thought hoping your fellow ethereum shills will blindly just idolise you for mentioning a (untested) theory

firstly you mention not wanting to do multiple re-orgs of bitcoin ledger... (something we contested about over many posts and you now say you dont want to re-org bitcoin multiple times)
well then your 51% attack ends at the first and only re-org and all your other fluff and chest beating is not about 51% attacking to generate revenue to then push onto the market to crash bitcoin, but instead you simply want to play the markets to trade currency on different markets to re-generate countless revenue to attack the market.. hoping your efforts on the market wont get countered by other whales on the same markets

again if you only want to do one re-org and then play the markets, guess what there are other whales that will arbitrage counterclockwise to then crash the ethereum market to cycle their way back to the btc-usd market to then grow the btc back after each sell off you attempt

but most importantly about your last multiple posts arguing how you wont need multiple re-orgs of the btc blockchain... by you concentrating on the whole bob-eric market shuffle.. has nothing to do with blockchain manipulating, its just market manipulation

so why are you really here talking about 51% attacking if most of your waffle is about market manipulation methods to cycle funds to then keep dipping the market.. even when (if you run your scenarios) knew your dips would then be followed by BTC whales counter arbitraging your tactics on the market

please stop replying with your flatulent debate about how you feel your theory is untouchable and strong and guaranteed... without any knowledge on your part of all the mitigating circumstances that can play out against your theory.. and instead realise if you are not intending to do repetitive re-orgs, there is no point in you even starting with a 51% attack by wasting funds on hardware, and instead just skip to the market manipulation tactics you then discuss as your real intended attack method, by directly funding the bob-eric method without needing to waste funds on a 51% repeated blockchain attack..

please dont reply with an emotional expression.. just run the scenarios out and play devils advocate on your own theory(to learn the mitigating factors that can work against you) and realise how the risks and mitigations show your success rate is low of your 51% hardware invested method.. and then realise what went wrong and then work out other ways if you wanted to use the same $XXb investments

[mjdamgaard]

firstly you mention not wanting to do multiple re-orgs of bitcoin ledger... (something we contested about over many posts and you now say you dont want to re-org bitcoin multiple times)

[...]

but most importantly about your last multiple posts arguing how you wont need multiple re-orgs of the btc blockchain... by you concentrating on the whole bob-eric market shuffle.. has nothing to do with blockchain manipulating, its just market manipulation

I still don't know if you are being troll on purpose, or if you are just not reading anything that I write properly, which is also poor behavior.

If Bitcoin does not crash after the first big steal using a long-range attack (1 reorg), then the attackers can just repeat the attack to steal even more.

But obviously, if the attackers can just keep coming back for seconds, this will halt the trade of Bitcoin, thereby making it useless as a currency, and it's value will drop. This is not just me saying this, but this is a standard assumption in literature.

You pretend like I have avoided some of your arguments on this thread, but I dare you to quote any of your earlier arguments, and I will quote you back a counterargument (one that I have already given on this thread).

But then you have to promise me to actually read my counterarguments this time around. (I have almost no patience left for you.)

[mjdamgaard]

again if you only want to do one re-org and then play the markets, guess what there are other whales that will arbitrage counterclockwise to then crash the ethereum market to cycle their way back to the btc-usd market to then grow the btc back after each sell off you attempt

[...]

so why are you really here talking about 51% attacking if most of your waffle is about market manipulation methods to cycle funds to then keep dipping the market.. even when (if you run your scenarios) knew your dips would then be followed by BTC whales counter arbitraging your tactics on the market

[...] and instead realise if you are not intending to do repetitive re-orgs, there is no point in you even starting with a 51% attack by wasting funds on hardware, and instead just skip to the market manipulation tactics you then discuss as your real intended attack method, by directly funding the bob-eric method without needing to waste funds on a 51% repeated blockchain attack..

Again, a 51% attack is not market manipulation. My Bob–Eric example is not an arbitrage cycle; the crash only happens at the end after the reorg, not during the trading. This once again shows that you are only reading my posts so superficially that you don't even really catch any of the points. I'm sorry but I can't work with that.

[franky1]

read your own words but do it in a way that you actually play out your own words in a runthrough of a scenario where you are playing devils advocate

actually play through the scenario properly

i am not going to spoonfeed you the results/answers as you will just be ignorant to say "not convinced" and by you obviously avoiding playing out your theory to realise the mitigating factors at play you are not interested in finding out if your theory will even have a chance of working. you simply were hoping to get a collective cheer from other ethereum shills thinking that ethereum could overpower bitcoin.. im guessing you just wanted to see if people will give you a loving hug that you made a good decision to invest in ethereum with hopes that you can dream and fantasise about ethereum taking over bitcoin(sorry to burst your bubble, but ethereum has more chance of crashing and then staying down)

so again play it through and realise where your theory goes wrong, learn all the aspects of the investment costs of hardware and its delivery delays which then impact shills desires to stay loyal or become honest bitcoiners for their own investment security
learn about the economics of the markets and how they play out too whereby whilst your trying to play the market in one direction, bigger whales will be counter-playing in the other direction(causing ethereum to crash harder)

then all the other details of how long you can sustain the attack and win and how often you have to keep "crashing" the market, which would require constant funding and how you would manage to ensure you have constant funding.

i know you want to pretend im some newbie because im not just giving the answers, purely in the hope of your condescending tone will make me give you the answers.. but you are wrong in your tactics to hope i simply supply all the answers due to your ignorant responses pretending your fantasy will come true
i was initially willing to take you step by step spoonfeeding you tips.. but your avoidance of the mitigating factors and your stubbornness of wanting your fantasy to come true shows you are not willing to help yourself learn and instead just want to keep a dream alive

instead if you actually wish to know if your theory has merit, you should be pragmatic(devils advocate) about your own theory, by playing devils advocate against your own theory to work out the weaknesses and then customise your theory or accept the result.. rather than play ignorant thinking there are no weaknesses/faults to your theory just to self hug and confirmation bias your fantasy of thinking ethereum will overtake bitcoin

..
and by the way, your latest meander:

Again, a 51% attack is not market manipulation.

i was the one trying to tell you that.. you became ademant that to crash the market(market manipulation) YOU wanted to perform a 51% attack, you were the one that remained determined that a 51% attack is your method of crashing the market not realising the separation of events and mitigating circumstances of a 51% attack, separate from a market manipulation event and its own mitigating circumstances

Again, a 51% attack is not market manipulation. My Bob–Eric example is not an arbitrage cycle; the crash only happens at the end after the reorg, not during the trading. This once again shows that you are only reading my posts so superficially that you don't even really catch any of the points. I'm sorry but I can't work with that.

if you do a re-org and then trade CEX database balance. the CEX will see the re-org and will simply delete your CEX balance
especially if your now not doing a arbitrage cycle to mix the funds before the intended one time crash spend

[tiCeR]

@mjdamgaard what do you think about negative cascade effects for the attackers? I tried to read most of the posts here and I think what you are bringing forward, despite being hypothetical, is worth discussing.

One thing that came to my mind is how likely is it that an ETH whale is not a BTC whale? I know this is mostly speculation and I can't prove it, but I doubt that many of the ETH whales are not owning significant amounts of BTC. But now onto the cascade effect: if a consortium of attackers could take BTC down or cause significant damage to the network value, how can they know that the public wouldn't respond with a major sell-off of ETH as well? The past has shown that BTC worked as a seismograph for the market as a whole. If it turns out that these attacks can lead to major losses in the strongest and most valuable network there is, what is the chance that ETH wouldn't take a major hit and take a dive, going down in insane chaos?

...

Thank you, and thanks for your post.

You are right that all that would probably be infeasible, especially when you are assuming that the miners have to be anonymous.

But first of all, in order for the Bitcoin devs to respond, they need to find a way to respond. They can't exclude the attacking miners, so it seems that they would have to hard-fork to PoS, or something to that effect. (There is currently a discussion about what steps they could take to mitigate an attack on this thread.)

The also don't have to fear being discovered for legal reasons, it seems, since they are not doing anything legal in the lead-up to the attack, and not in carrying out the attack itself, arguably (see the discussion above about this topic).

Now, they might not want to reveal their intentions to their suppliers, as you point out. That is a good point. But at the end of the day, how can the suppliers really know what their buyers are up to and/or who they sell their ASICs to? Will they really make their customers sign a contract not to participate in a 51% attack, and would that even work?

Also, let me just quickly point out again, that the Ethereum stakeholders can buy/bribe existing mining farms. This proposition has apparently been dismissed so far in this discussion thread, almost as if 'honest' is a predicate that "sticks" to you as a miner, which seems odd to me, especially when the whole concept behind PoW blockchains is that the miners 'behave selfishly.'

I think that an operation of that magnitude wouldn't come to fruition without some very important players in the market noticing and taking the opportunity to stop it. The suppliers aren't only producing ASICs for the sake of mining. But if some of the suppliers (there aren't that many) are approached with an order of that size, I doubt they wouldn't get suspicious. Actually I believe that the suppliers might be well connected with the mining industry. They would ask someone who knows someone who knows someone... If it turns out that there seems to be a group ordering a record breaking, unreal number of ASIC devices, the warning would already be out.

Further, if selfish miners get bribed, what is the chance that all of them would agree to perhaps destroy the entire industry as a whole? Then the big miners are mining pools. What is the legal situation when the allegation of bribery would ever come to the surface and a mining pool operator would be convicted for attacking the network in the worst interest of its users (those who provide the hash power)? It would be obvious if one of those pools attacks the network, but if it happens without the consent of its users, wouldn't there be legal consequences?

I am not sure how it would work, but convincing a pool that operates mining facilities and pools hash power on behalf of its users would probably not agree to getting bribed. But without the pools, an attack that involves bribery wouldn't get the attackers very far.

What if someone from the attacking group blackmails the attackers after they signed contracts with ASIC suppliers? Once the production went on for 12 months, one of the attackers could go rogue and blackmail his own group, threatening to make those plans public.

However I look at it, I don't know how such a huge operation could be pulled off. I know we are discussing theoretical scenarios, but this is really too much theory for me.

[vapourminer]

One thing that came to my mind is how likely is it that an ETH whale is not a BTC whale? I know this is mostly speculation and I can't prove it, but I doubt that many of the ETH whales are not owning significant amounts of BTC.

no comment on the scenario the OP has except i think its wrong.

however, the comment about whales holding both eth and btc is likely valid. now im not a whale in either but i was around when eth was launched. so i wound up with an amount of eth (mainly from curiosity they were a few bucks i think when i did it) that just sits. im sure OG whales could of loaded endless bags of each for dirt cheap.. they just dont advertise it.

[mjdamgaard]

@tiCeR, thanks for a great post.

I think your point about ETH investors also owning BTC is a very good one. User @HeRetiK also brought up this point earlier:

At the heart of the attack scenario you describe is the assumption that Bitcoin and Ethereum investors are mutually exclusive groups with purely adversarial incentives.

I don't think that's the case.

While most investors will be more exposed to one coin than the other, I'm pretty certain that almost everyone in crypto has a stake in both coins, especially whales. Accordingly I don't think any one side would have much of an incentive to strike the other, even assuming that an attack in either direction were feasible.

I'm first of all afraid that I don't personally have much insight into whether ETH whales are also BTC whales, and vice versa. But I do think that this is indeed quite likely.

My reply to @HeRetiK was, however, that if it is really true that a Goldfinger attack would only require a fraction of the Ethereum investors, namely something like 2%–6%, in order to for the attackers to start to break even in terms of costs and gains, then it could potentially be possible without these whales (of course assuming that these don't own it all).

And what's more, if there really is this potential to grow your crypto assets by something like 100% or more in this rival Goldfinger attack, then it might happen that some investors who have previously invested in both cryptocurrencies at the same time will start to trade a portion of their BTC for ETH, either because they fantasize about joining the attack, or just as a precaution if others want to do so.

But of course, at this point, this is all still just speculation.


To your point about a negative effect on ETH as a result of Bitcoin being attacked, I personally think this is one of the best arguments against the danger of a rival Goldfinger attack I have heard so far, and it is certainly a point that has been voiced by many users on this thread.

Historically it seems that the value of ETH follows the fluctuations of BTC. So a successful attack would thus require the Ethereum investors to first make an efficient campaign to communicate to the public that this attack vector only really affects PoW blockchains, like Bitcoin, and not really PoS blockchains in practice.

Now, I agree that the Ethereum and Bitcoin communities might be quite friendly at this point in time. But that doesn't mean that the Ethereum community don't already try to highlight all potential advantages of PoS over PoW to the public. And I personally find it quite unlikely that they wouldn't at some point also try to point out this potential "rival Goldfinger" threat, if the theory holds up. If nothing else, then at least in order to try to make the public feel more positively about PoS in relation to PoW.

I think that an operation of that magnitude wouldn't come to fruition without some very important players in the market noticing and taking the opportunity to stop it. The suppliers aren't only producing ASICs for the sake of mining. But if some of the suppliers (there aren't that many) are approached with an order of that size, I doubt they wouldn't get suspicious. Actually I believe that the suppliers might be well connected with the mining industry. They would ask someone who knows someone who knows someone... If it turns out that there seems to be a group ordering a record breaking, unreal number of ASIC devices, the warning would already be out.

I think you are right, but I do wonder: What can they even really do to stop customers from buying their ASICs? Even if the suppliers deny these costumers, what prevents the latter from just acquiring those ASICs through middlemen? Could they perhaps make their customers sign a contract not to participate in a 51% attack, or to sell them on to other buyers who will?

Well, since the attackers can just use a whole array of middlemen in principle, and since they can also in principle make it so that their mined blocks in an attack can't be traced back to them in the first place, it seems quite unlikely that such contracts would work, at least to me. What is your opinion on this?

Further, if selfish miners get bribed, what is the chance that all of them would agree to perhaps destroy the entire industry as a whole? Then the big miners are mining pools. What is the legal situation when the allegation of bribery would ever come to the surface and a mining pool operator would be convicted for attacking the network in the worst interest of its users (those who provide the hash power)? It would be obvious if one of those pools attacks the network, but if it happens without the consent of its users, wouldn't there be legal consequences?

I am not sure how it would work, but convincing a pool that operates mining facilities and pools hash power on behalf of its users would probably not agree to getting bribed. But without the pools, an attack that involves bribery wouldn't get the attackers very far.

I definitely think that it would indeed be very much illegal for them to change the protocol and make an attack without consent of the users. So if such mining farms are to participate in an attack, they would have to make it a choice for the individual user whether that user wants to join in the attack or not. (And they would also have to update their contract such that the participating users will also be owed their part of the spoils/rewards.)

What if someone from the attacking group blackmails the attackers after they signed contracts with ASIC suppliers? Once the production went on for 12 months, one of the attackers could go rogue and blackmail his own group, threatening to make those plans public.

Here's the thing, though: I don't really see why they would need to keep it a secret. I could be wrong, of course; I'm by no means an expert on legal matters. I just go by what I have read in this blog post: https://sites.duke.edu/thefinregblog/2022/12/28/legal-liability-of-a-51-goldfinger-cryptocurrency-attack, which argues that a 51% attack might not even be illegal, in the sense that it might not prosecutable in a court of law. (I definitely think that this is worth discussing more, however.)

If that is indeed the case, then it seems that the more rumors there are about the build-up of the attack, the better it would actually be for the ETH investors, as it might just make BTC investors migrate preemptively, which would only make the cost go down, in theory.  (This is of course assuming that they can indeed communicate successfully to the public that PoS is still safe, and that they can thereby convince some of the now uncertain BTC investors to migrate to ETH instead).

However I look at it, I don't know how such a huge operation could be pulled off. I know we are discussing theoretical scenarios, but this is really too much theory for me.

Ha, yeah, it's all quite theoretical at this point. But your inputs are valuable.

[tiCeR]

Yes, reading this thread is quite some work, so sometimes some details may be missed, but thanks for pointing it out as I could drop some merit for HeRetiK. I think this point is very relevant. I believe ETH was raised in 2014 from the ICO? There were already a lot of people with a ton of BTC in their hands, ETH was marketed all around the world like no coin before and it was dirt cheap for those who had already a lot of money, aka whales.

"Only require a fraction", but that fraction has to come from someone or a group of people. The bigger the group, the more likely it becomes public before the attack could be pulled off (defense could be prepared) and the guys literally have to liquidate somewhere between $6 billion and $18 billion while facing the risk of losing it all. I doubt there are a lot of Elon Musks who would be willing to spend $44 billion on a Twitter platform. Liquidating that amount would also hurt their remaining holdings. Then all the uncertainty whether it works out or not. War escalates, logistics gets worse and available resources for chip manufacturing decrease out of a sudden etc.

Now, I agree that the Ethereum and Bitcoin communities might be quite friendly at this point in time. But that doesn't mean that the Ethereum community don't already try to highlight all potential advantages of PoS over PoW to the public. And I personally find it quite unlikely that they wouldn't at some point also try to point out this potential "rival Goldfinger" threat, if the theory holds up. If nothing else, then at least in order to try to make the public feel more positively about PoS in relation to PoW.

To me it is not even about how friendly these communities can and want to coexist or not. I think the attack can't be pulled off without making it public beforehand and if that happens, I would expect resistance not only from the BTC community, but also from the ETH community to some degree. Wallets could be identified that are emptying billions of dollars. Don't forget that ETH has publicly known faces around the world and they would have to provide answers at conventions and what not. The uproar would be insane. I doubt that BTC whales would accept losing billions of dollars to an ETH holders attack. BTC's network value is around 4 times as high as ETH's network. If it becomes publicly known that an attack is planned, there is a chance that BTC whales will pool funds and fight back. They could approach ASICs manufacturers, miners, and they could say "if" the attack is pulled off, we will pool 10 billion dollars to defend against it in some creative way. There are many ways to raise the price for the ETH attackers and keep in mind that the ETH attackers need to liquidate in the first place.

I think you are right, but I do wonder: What can they even really do to stop customers from buying their ASICs? Even if the suppliers deny these costumers, what prevents the latter from just acquiring those ASICs through middlemen? Could they perhaps make their customers sign a contract not to participate in a 51% attack, or to sell them on to other buyers who will?

Well, since the attackers can just use a whole array of middlemen in principle, and since they can also in principle make it so that their mined blocks in an attack can't be traced back to them in the first place, it seems quite unlikely that such contracts would work, at least to me. What is your opinion on this?

Acquiring millions of ASICs through middlemen would again raise the price. The whole coordination, logistics, higher price per piece, timing, getting it from A to B. Involving a high number of middlemen would make things only worse for the attackers and I am still absolutely convinced that simultaneous orders of ASICs that amount to the hash power of a potential 51% attack would definitely not go undetected. Then. the question remains whether ASIC manufacturers would dig their own hole by destroying POW and essentially their own gold mine.

Here's the thing, though: I don't really see why they would need to keep it a secret. I could be wrong, of course; I'm by no means an expert on legal matters. I just go by what I have read in this blog post: https://sites.duke.edu/thefinregblog/2022/12/28/legal-liability-of-a-51-goldfinger-cryptocurrency-attack, which argues that a 51% attack might not even be illegal, in the sense that it might not prosecutable in a court of law. (I definitely think that this is worth discussing more, however.)

If that is indeed the case, then it seems that the more rumors there are about the build-up of the attack, the better it would actually be for the ETH investors, as it might just make BTC investors migrate preemptively, which would only make the cost go down, in theory.  (This is of course assuming that they can indeed communicate successfully to the public that PoS is still safe, and that they can thereby convince some of the now uncertain BTC investors to migrate to ETH instead).

Ok if we assume that they make the attack public (or not), and they destroy 50% of BTC's value, which is around $650 billion, what do you think would the backlash be from all the relevant authorities? What would the consequences be for the cryptocurrency ecosystem from the SEC, CFTC, politicians, all relevant authorities around the world? Do you think they would say "well, there is a currency war and that's awesome". I think they would rigorously regulate every cryptocurrency out there because they can finally pretend to have a good reason. The consequences would be devastating and there would be investigations for sure. Whether they would be justified or not, but investigations would take place. ASICs providers would be probed whether they knew that the equipment would be used for an attack or not. If really $650 billion go down the toilet and the planning is of that magnitude as you described with middlemen and an attack coordination, I am sure heads would be rolling in one way or another.

Short selling is under thorough scrutiny all the time and market manipulation is as well. If an attack were to be announced and the market gets into turmoil afterwards, I doubt all authorities would accept that. Then the coordination itself involving billionaires and the ASIC manufacturing industry (you literally need the entire industry because of the sheer volume), I just can't see how that would be pulled off without consequences. It's not how the legal world works these days. Maybe for banks, but not for the crypto industry which is a target for many authorities anyway. If bringing BTC to its knees is expected to make another group of people of the same ecosystem rich, it doesn't make a lot of sense to me.

And all of that ignores the fact that ETH could be attacked in a similar way. POS is not a flawless security model and in order to attack it, the attackers would not have to buy a shitload of ASICs and the network is only 1/4th of the value.

[mjdamgaard]

"Only require a fraction", but that fraction has to come from someone or a group of people. The bigger the group, the more likely it becomes public before the attack could be pulled off (defense could be prepared) and the guys literally have to liquidate somewhere between $6 billion and $18 billion while facing the risk of losing it all. I doubt there are a lot of Elon Musks who would be willing to spend $44 billion on a Twitter platform. Liquidating that amount would also hurt their remaining holdings. Then all the uncertainty whether it works out or not. War escalates, logistics gets worse and available resources for chip manufacturing decrease out of a sudden etc.

Yes, I agree that the attack is unlikely to come from just a few rich individuals, and if the attackers form a large group of people, then it is sure to reach the public, I also agree with that.

So the point here on which we might disagree is the question of whether it would hurt the attackers if their plans become publicly known or not.

You argue that:

Ok if we assume that they make the attack public (or not), and they destroy 50% of BTC's value, which is around $650 billion, what do you think would the backlash be from all the relevant authorities? What would the consequences be for the cryptocurrency ecosystem from the SEC, CFTC, politicians, all relevant authorities around the world? Do you think they would say "well, there is a currency war and that's awesome". I think they would rigorously regulate every cryptocurrency out there because they can finally pretend to have a good reason. The consequences would be devastating and there would be investigations for sure. Whether they would be justified or not, but investigations would take place. ASICs providers would be probed whether they knew that the equipment would be used for an attack or not. If really $650 billion go down the toilet and the planning is of that magnitude as you described with middlemen and an attack coordination, I am sure heads would be rolling in one way or another.

It is not unthinkable that all these institutions would try to search for the attackers and take them to court. But as far as I can see, I don't really think that they have much stake nor interest in this, first of all.

You argue that they would care about $650 billion. But it's not their $650 billion, and the Bitcoin investors knew the risk. (The risk of a 51% attack is described in the very Satoshi whitepaper.)

Second of all, I really don't think that they would have much of a case even if they tried. Besides what the aforementioned blog post says, consider this:

While the Bitcoin exchanges, mining farms, etc., are all subject to various laws (and have to do what they promise their customers), they have no control or authority over the blockchain protocol itself. No one has. This is the defining factor of what it means that the currency is 'decentralized.'

This means that anyone is actually free to declare what they think the Bitcoin protocol should be, at any moment. And the only reason why the Bitcoin protocol doesn't change so easily is due to the Nash equilibrium of the protocol, which means that as long as >50% of the miners agree on the same protocol, it will not be economically viable for any individual to start using a different protocol.

And that's it. The miners are not in any way obligated to follow the rules of the conventional Bitcoin protocol. Sure, mining farms are bound to follow that protocol if they have advertised that they will do so to their users. But even if they have, they can (with all likelihood) easily and quickly introduce another option to mine with a different protocol.

So this means that the attackers are just as free to declare that their protocol is actually the "right" protocol, and that the "honest miners" follow an (in their eyes) out-dated protocol. And if they do, they should, as far as I know, have just as strong case against the "honest miners," as the "honest miners" (and other institutions) have against them.

(Edit: I should clarify that when I'm talking about using a 'different protocol' here, I'm talking about a soft fork, not a hard fork of the protocol. In particular, the attacking miners can choose to declare the current "honest" chain as being invalid (for their own reasons), and start mining from an earlier point in the blockchain.)


With this in mind, do you then agree that the line between "attacking miners" and "honest miners" is actually not legally meaningful (except in cases where a miner has agreed to a contract), as miners are not obligated to follow a specific Bitcoin protocol? Or am I missing something major?

And if you do, do you then agree that the would-be attackers don't actually really have to hide their intentions from anyone?

Acquiring millions of ASICs through middlemen would again raise the price. The whole coordination, logistics, higher price per piece, timing, getting it from A to B. Involving a high number of middlemen would make things only worse for the attackers and I am still absolutely convinced that simultaneous orders of ASICs that amount to the hash power of a potential 51% attack would definitely not go undetected. Then. the question remains whether ASIC manufacturers would dig their own hole by destroying POW and essentially their own gold mine.

So do you think that the ASICs suppliers would make their costumers sign a contract not to use their ASICs in a 51% attack? And do you think that they will be able to ensure that willing miners can't get around those contracts?

By the way, can I ask what you think about existing miners joining the attack? (If the Ethereum stakeholders reward them automatically via a smart contract (see my preprint), then it seems that anyone can join the attack at any time.)


(Let me get back to your other points in the same post in a little while.)

[mjdamgaard]

And all of that ignores the fact that ETH could be attacked in a similar way. POS is not a flawless security model and in order to attack it, the attackers would not have to buy a shitload of ASICs and the network is only 1/4th of the value.

Here I will refer you back to my answer to @DaveF (sorry for the initial mistake):

Just as another thought experiment would be how much would it cost to get enough ETH while people are selling theirs to do this to launch your own 51% attack on ETH.

The fact that there is no real work involved just having enough money to buy enough of a specific coin has always been a weakness of all POS coins.
And now that there are ETH ETFs there is an incentive for people to be able to short the ETFs if they think their value will go down.

Think about it, get enough funds to buy the companies I discussed above that host a bunch of the ETH staking nodes, while simultaneously buying ETH and spinning up your own nodes and then a simple 51% attack against ETH.

-Dave

In theory, a 51% attack on Ethereum would cost > $300B × 50% = $150B. (Bitcoin and Ethereum have apparently just dropped 11% and 21%, respectively, in this past 24 hours.)

And a 34% attack would cost > $300B × 33.3% = $100B.

The stakers would lose that money (in a Rival Goldfinger attack), and they would only be able to gain $300B, and only when assuming that the Bitcoin investors share the costs equally. If not, it would thus take at least 33.3% of the Bitcoin investors to participate in an attack in order to break even in terms of costs and gains. (And for a 51% attack, it would require at least 50%.)

Now, if the Bitcoin investors is somehow able to keep their attack a secret, they would in theory not need to beat 33.3%, but only ~0.01% (in the current moment), which is the actual fraction of staked Ether compared to what's in circulation. But on top of the need to keep it a secret, this theory also assumes that safe guards like described in https://ethereum.org/en/developers/docs/consensus-mechanisms/pos/#finality isn't implemented or doesn't work.
(Edit: Sorry, my mistake! I mistook 33M ETH for 33M USD when I looked up the amount. The amount of staked Ether is currently 28%, not 0.01%. x))

Last but not least, in order for the steal to be finalized for good, the attackers would also need to confuse the Ethereum community of whether the reorg was malicious or not, assuming that the remaining 66.6% of the Ethereum stakeholders would otherwise just revert the attack afterwards. (Edit: Think of what happened with the Ethereum Classic fork.)

For a 51% attack, the attackers would be able to force a hard fork when the "honest" stakeholders revert the attack. But unless again the attackers can succeed in confusing the whole community, the community and investors will know which of the two chains they ought to support, if they don't want to support the chain that actively tries to undermine its own currency.

[...] If it becomes publicly known that an attack is planned, there is a chance that BTC whales will pool funds and fight back. They could approach ASICs manufacturers, miners, and they could say "if" the attack is pulled off, we will pool 10 billion dollars to defend against it in some creative way. There are many ways to raise the price for the ETH attackers and keep in mind that the ETH attackers need to liquidate in the first place.

Okay, here we are talking about potential mitigation strategies. I also think that Bitcoin investors must be able to do something. The question is just what? (I'm personally still thinking that planning a switch to PoS themselves might seem like the best option, btw.)

While I agree that one might be able to do something with $10 billion, I'm not sure that trying to pay the "honest" miners more would be a very good strategy at all (if that was indeed what you were thinking of). My concern is that this would just immediately incentivize all miners to try to make it seem like an attack is underway, in order to cash in on this mitigation money as a large bonus to their normal earnings.

I guess the Bitcoin investors could try to buy mining farms directly, instead of simply raising the on-chain rewards. But that would then still incentivize such mining farms to help fund the attack (which I explain in my preprint paper can seemingly be done anonymously via smart contracts).

Last but not least, one also has to ask the question of whether the Bitcoin investors are really that cohesive when all any single investor has to do to avoid the threat, and avoid paying their share of the 'mitigation money,' is to just preemptively trade their BTC for ETH (or perhaps another PoS coin). With the shear amount of BTC that is traded each day on the blockchain, even the large players (at least most of them) should be able to make this move pretty quickly.

But what do I know about the fortitude and cohesion of the Bitcoin investors as a group: not much. This is only speculation on my part. What do you think in this regard?