Powered by

You can successfully hack a $2B cryptocurrency network with only $1.5M

The PoW cryptocurrencies are using the same algorithms as the larger networks making it easier to hack their network

hacking cryptocurrency gains

Blockchains may be secure by design, but researchers continue to show that the same is not true for the thousands of motley cryptocurrencies based on the technology.

Husam Abboud, a cryptocurrency researcher at FECAP University in Brazil, has demonstrated that it would take as little as $1.5 million to execute a network attack on Ethereum Classic (ETC) — with a market cap of over $2 billion — and still be in profit. If you have $55 million, you could even bankrupt the currency, making off with $1 billion in profit.

The proof-of-work blockchains that use the same algorithms as larger blockchains (such as ETC, which uses the same algorithm as ETH) are particularly vulnerable to attacks, as there are no barriers to entry in terms of capital costs. The researcher notes that any miner who contributes as little as 2.5 percent of Ethereum Nethash can simply switch to mining Ethereum Classic and control more than 51 percent of hashing power of Ethereum Classic network.

The attack won’t cost the miner much either; the amount required to execute execute what’s called a ‘51 percent attack‘ on ETC for a day would be more or less the same as what you’d earning mining ETH for one day with 2.5 percent Nethash, i.e. about 525 ETH ($318,000).

Instead of relying on the classical model for calculating the cost for 51 percent attacks, Abboud relies on the Rindex v2.0 model. He notes that, the classical model includes the costs of acquiring mining equipment and electricity. These don’t have to be accounted for separately in the case of PoW blockchains. The Rindex model instead focuses on the cost of hashpower leasing.

The researcher calculated the costs of executing a 51 percent on Bitcoin Cash to be 250 BTC/day ($2 million), and on Bitcoin Gold to be as little as 26 BTC ($200,000) per day, using the same method. The attacks can keep going till the developers for the cryptocurrency deploy a fix, or the price drops so low that it becomes unprofitable to keep the attack going.

Abboud notes that Bitcoin’s creator designed the consensus protocol with the assumption that miners won’t perform such attacks because they would result in a lower market price for the cryptocurrency, making it unprofitable for them; but, nine years later, this doesn’t seem to be true anymore.

“We have major exchanges with a lot of liquidity which allow you to short-sell with a trading margin from 2.2 to up to 100 times,” Abboud notes of the outdated assumption. “It’s just becoming easier everyday and the market is more liquid for opportunities where you can benefit from price decline,” he said.

There have been rising concerns over the security of proof-of-work cryptocurrencies, with at least five attacks in the last two months involving Verge, Electroneum, Bitcoin Gold, and Monacoin.

Bitcoin developers Jameson Lopp and Peter Todd earlier noted that it is the lazy cloning of larger blockchains that is leading these cryptocurrencies to be attacked in this manner.

As per experts, multiple solutions exist to solve the problem of 51 percent attacks with these currencies. These include sharing the security of existing PoW chains,  upgrading to proof-of-stake protocol, increasing the number of required confirmations, or upgrading the hashing algorithm. Surely, cryptocurrencies worth billions of dollars can afford to invest a little in the security of their network.

Published May 25, 2018 — 13:12 UTC