Retention and 51% attacks: two months of difficulties for cryptocurrencies

in #bitcoin6 years ago

In recent months, various cryptocurrencies have suffered a series of attacks that have compromised the well-being of their communities and the functioning of their respective networks. Block retention attacks, 51% attacks and hacking have been some of the main strategies that have put the security of these blockchains in check. In this article we will show you the most outstanding cases so far this year.

ATTACKS OF 51% AND RETENTION OF BLOCKS

A 51% attack comes from the ability to control the processing power of a network to alter the history of transactions or prevent them from being confirmed. In the case of networks such as Bitcoin, the alteration is achieved by obtaining, on the part of the attacker, the greatest amount of processing power during the execution of the Work Test, which is the mechanism by which the registration is completed. the operations that are carried out in the network and that is designed to distribute in a random way among all the participants the procedure that updates the history of the network every so often. In this type of blockchains, the registry that has the most blocks is considered the most current. With this type of aggressions the process of updating and registering the network can be compromised.

These attacks suppose the concentration of more than half of the power of processing to be able to validate the chains of blocks that count on the transactions that the attacker wishes, generally destined to realize important movements of retirement or deposit of cryptocurrencies. By concentrating the sufficient amount of mining power, an attacker could manipulate the state of the network, being able to control the register of transactions in the chain of blocks of a cryptocurrency. Under this type of attacks the management of the blockchain is discretionary.

On the other hand, the block retention attack implies that an attacker makes sure to concentrate a percentage of processing power that without reaching 51% of the total is enough to be able to take control of the chain for a period of time, generating blocks of Modified operations that can be inserted in the original chain. The malicious miner mines blocks with transactions that he wants to keep but does not spread them. Thus, it is carrying its "secret" chain, which will be longer than the current network.

After achieving its objective, either deposit a number of coins or exchange them for others, the miner propagates all the chain of secret blocks he had and as it is longer than the current one, creates a kind of bifurcation in the network that leaves the previous orphan blocks, invalidating previous transactions, replacing the state of the network with its manipulated blocks.

Cryptocurrencies that use PoW for their consensus and require little processing power are especially vulnerable to these attacks because it is difficult to defend the block chain of attackers that have a greater processing capacity, either because they rented the necessary hardware for a certain time or because they are part of a mining pool that has the technical capacity to mine in different block chains.

MONACOIN AND ELECTRONEUM: TWO NOTICES

Algorithms: Lyra2REv2 (VertCoin, Rupee, Straks) and CryptoNightV7 (Monero).

On May 21 the Monacoin network suffered a retention attack in which an attacker managed to mine several consecutive blocks without communicating them to the rest of the chain. In this way, its backup of the blockchain was considered the correct one because it had more blocks than the main one. Upon achieving this, the miner was able to execute transactions and then discard his chain, when returning to the main chain the coins created will be invalidated, but the attacker will continue with the product of his purchase. Through this attack, the perpetrator caused damages equivalent to about $ 90,000.

In the case of Electroneum, the attackers concentrated a significant amount of mining power, although they could not obtain funds. The network managers are working since late May on an update of their blockchain, so the attack was neutralized, in addition to notifying mining pool operators about the possibility that there was some kind of alteration in the chain.

BITCOIN GOLD AND THE ATTACK THAT WAS NOT

Algorithm: Equihash (Zcash, Bitcoin Private, ZenCash, Zclassic are some currencies that use this algorithm)

On May 21, the Bitcoin Gold project suffered a 51% attack, although it was not determined whether the attacker obtained that percentage of processing power, whose main objective was to take advantage of the automatic systems of the exchange offices that work with this cryptoactive , according to the words of the Bitcoin Gold team. "An exchange house could accept large deposits automatically, allow users to swap them for another currency quickly and then withdraw the funds automatically. That is why they are focusing on the exchange houses, "explained Gold developer, Ed Iskra.

In this type of attacks the procedure consists of executing a transaction, having the rapid approval of the exchange house to make the exchange to another currency and later reversing the transaction made at the beginning, taking advantage of the domain of computation and registration in the network.

However, although the effect of the attack was not confirmed, and the event did not obtain the expected returns, some exchange houses such as Bittrex even canceled their operations with BTG in order to avoid compromising the security of their funds.

VERGE OR FALL THREE TIMES WITH THE SAME ROCK

Algorithm: Myr-Groestl, scrypt, lyra2re, X17 and Blake2s.

On May 24 Verge suffered a major attack of 51%, according to the statements of the team behind the project. Although more precise data were not disclosed, it is presumed that, although it has been denominated in this way, it was an attack of block retention, which resulted in the generation of 35 million XVG, with a value of 1.4 million of dollars for the moment of the event. The attacker managed to take possession of a significant percentage of the processing power of the network, violating the lyra2re and scrypt algorithms.

The attacker took advantage of two characteristics of this blockchain: the use of five different algorithms and the difficulty adjustment protocol by algorithm. Thus, he created blocks with a false temporary mark to deceive the protocol and drastically reduce the level of difficulty of mining the section that uses the scrypt algorithm, so he could generate 35 million cryptocurrencies in hours. However, the case of Verge is particular, this same fault had already been exploited at the beginning of April.

Recall that at that time the hacker mined hundreds of blocks with false time stamps, with only seconds of difference between them, all taking advantage of the scrypt algorithm. In this attack some 250,000 XVGs were produced, and the Verge team decided to apply a hardfork to solve the problem, and roll back the chain to blocks prior to the attack.

A few days ago a new block retention attack was reported. In forums such as Bitcointalk it has been pointed out that the modifications made to correct the previous errors have not been sufficient, and the increase of the difficulty has not mitigated the potential block retention attack.

Several users reported that due to the failure, their portfolios had not received their tokens or the blocks of their operations would have been orphaned. Some even scoffed at the project, given that the security deficiencies of its code and the inconvenience of working with five different algorithms have been pointed out as weaknesses of this currency.

ZENCASH: 550,000 DOLLARS AND 38 REVERSED BLOCKS

Algorithm: Equihash

The development team of ZenCash published a statement informing that the network received a 51% attack, as described by the developer team, through which an aggressor managed to take control of the block chain registry, reorganizing the recorded data to steal 550 thousand dollars through transactions that generated double expense to the miners. The attack happened this Sunday, June 3.

Members of a mining pool that works in this network informed the development team, who implemented mitigation measures such as contacting those in charge of money exchange offices who work with ZEN and initiating an investigation into suspicious transactions. The developers' research helped find two double-spending transactions of 6,600 and 13,000 ZEN, equivalent to about 550,000 dollars.

¿PRICE LISTS?

This time, 51% attacks gain strength and there have even been those who venture their own calculations on the value of an attack of this nature. In the network circulates a price list of the cost that, in theory, would have an attack of this type for one hour, through mining power rent. If factors such as the acquisition of hardware and electricity consumption are considered - although these are not the only ways to carry out an attack of this type - the figures rise considerably.

According to this list, based on the rental prices of NiceHash mining equipment during an attack time of 51% against the blockchain, it would cost 587,864 dollars. However, NiceHash does not really have the capacity to undermine a network of the magnitude of Bitcoin. BTC.com, Antpool and BTC.TOP would have to join their mining power in the Bitcoin network in order to make a successful 51% attack, an agreement that at least looks unlikely

Other blockchains such as Litecoin (with $ 62,401) or Ethereum Classic (with $ 13,599) give the impression that the procedure is possible, although it could not be assured that by those figures some mining group is willing to rent their mining equipment.

Since several block chains that require high processing power and share consensus procedures use the same algorithms and hardware to perform block confirmation with transactions, block chains that require less processing power are vulnerable to group attacks. or people who decide to use their technical advantage, -their greater processing power- to take control of a certain blockchain.

According to the creators of the list, the objective is not to encourage this type of attacks, but to open a discussion, because they represent an erosive force and its danger for the welfare and development of the ecosystem. The idea is for the cryptocurrency community to discuss these risks on a daily basis and evaluate ways to mitigate them.

Sort:  

Go here https://steemit.com/@a-a-a to get your post resteemed to over 72,000 followers.

Coin Marketplace

STEEM 0.35
TRX 0.12
JST 0.040
BTC 70734.57
ETH 3561.52
USDT 1.00
SBD 4.75