Powered by

Why Proof-of-work isn’t suitable for small cryptocurrencies

It seems that while PoW works for Bitcoin, it doesn't always work for smaller cryptocurrencies

proof of work

It seems that proof-of-work (PoW), the consensus protocol behind Bitcoin, isn’t ideal for smaller cryptocurrencies, because they’re far more vulnerable to what are called 51 percent attacks. At least five PoW digital currencies have been affected by such attacks in the last two months.

Verge Currency (XVG) and Electroneum (ETN) both suffered 51 percent attacks last month causing a theft of more than a million dollars.

On Tuesday, Verge suffered another attack of the same kind — resulting in a theft of more than 35 million XVGs worth over $1.7 million at the time.

Monacoin reportedly continues to suffer from a 51 percent attack as well, and has already resulted in a theft of over $100,000 so far.

51 percent attacks occur when one entity gains control over 51 percent of the network hash-rate. This entity can now both prevent valid transactions from occurring as well as reverse already occurred transactions on the blockchain. A single coin can even be spent twice from the same origin with this sort of control, in what’s called a double-spend.

Bitcoin Gold (BTG), a hard fork of Bitcoin, also suffered a double-spend attack last week. Their control over the blockchain allowed them to make off with more than $35 million worth of BTG.

The fact that all of these cryptocurrencies utilize the PoW consensus protocol of Bitcoin raises some doubt over the suitability of the protocol, especially for smaller cryptocurrencies.

It’s virtually impossible for Bitcoin’s blockchain to be compromised by a 51 percent attack because it will require a lot of hashing power to gain more than 50 percent control over it — although Ghash.io, a Bitcoin mining pool, has come close; not once, but twice.

But, is carrying out a 51 percent attack on smaller cryptocurrencies easier? We asked Bitcoin developer Peter Todd:

If PoW is used naively, yes. PoW relies on being able to outspend your attacker; a smaller currency with its own PoW chain has fewer resources that it can afford to devote to defence, so it’s less secure.

Todd notes that in cases such as Verge, it is the technical glitches with their blockchains that allow these cryptocurrencies to be compromised so easily. But even if these flaws are fixed, it won’t exactly solve the problem of 51 percent attacks on their blockchains — for PoW to work in the way it is intended, you still need to be able to outspend your attacker.

Todd explains that, all of these cryptocurrencies that suffered the attack have chosen the naivest possible technical architecture : to have an entirely separate PoW chain for each of their currency.

The smart way to implement what they’re attempting to do is to share the security of an existing PoW chain. There’s quite a few ways to do this, including the embedded consensus mechanism that the OMNI protocol pioneered. Tether as an example happens to use OMNI on Bitcoin, so if you wanted to attack Tether, you’d have to do a 51 percent attack on the entire Bitcoin ecosystem.

“The important thing to note with all those currencies is they’re just copy-cat clones of existing stuff, created in pump and dump schemes,” Todd notes of the attacks. “I suspect the coins that have been attacked recently use that technology simply because it’s easier to copy and paste existing code rather than do the real work of technology development – they’re pump and dump schemes after all.”

There are rising concerns over the number of cryptocurrencies that are simply cloning existing blockchains. As we reported earlier, Bitcoin alone has seen more than 44 hard forks since August last year, and most of them don’t bring anything new to the table.

Despite being riddled with technical flaws, many of these currencies are popular with traders. All four cryptocurrencies that have suffered 51 percent attacks in the last two months, are among the top 100 most traded cryptocurrencies in the world at the moment. Surely the digital currency community can do better.

Published May 24, 2018 — 12:00 UTC