Powered by

Blockchain, cryptocurrencies, and insider stories by TNW.

Bitcoin Cash ABC update exposes potentially catastrophic vulnerability

It apparently only costs $27K to cause major damage

bitcoin, cash, hard, fork, wright, cryptocurrency, blockchain, ABC

It hasn’t been long since the monstrously wasteful hash wars began, but it already seems both newly spawned blockchains are running into potentially crippling technical difficulties.

Shortly after BSV (nChain’s implementation of Bitcoin BTC Cash) suffered from a bug that split its network in two, it appears that BAB (Bitcoin-ABC’s implementation of Bitcoin Cash) has rolled out a software update that puts its entire network at risk of 51-percent attacks from rogue miners.

Understanding the vulnerability

Under constant threat from rival blockchains, ABC devs introduced a special line to its code, changing how the network enforces trust in the transactions being submitted for processing.

While previously ABC relied on a classic Proof-of-Work algorithm to validate blocks on its network, its latest software update introduced controversial “checkpoints,” which miners use to ensure they are working with the most valid blockchain.

Checkpoints are meant to protect ABC against “deep organization attacks,” which involve bad actors tricking the network into mining (fake) versions of its blockchain.

This can lead to transaction reversals and other network interruptions.

With the new validation model, though, ABC uses every 10th block mined as a thermometer for accuracy. If a miner sees blocks on the network that don’t match this checkpointed version of the ABC blockchain, it will automatically reject them.

But the introduction of this protection has caused a raft new security concerns, cryptocurrency systems analyst Eric Wall told Hard Fork.

Wall explained that if an attacker controls more than 50 percent of the overall processing power driving the ABC blockchain (hashrate), they can actually submit a set of 10 blocks to the network simply by reorganizing nine “honest” blocks.

Although this is technically allowed, if the attacker does this at the exact same time as the network finds the 10th block in that submitted sequence (and thereby selecting it as an “honest checkpoint”), it can cause ABC to suffer a chainsplit. This means ABC is currently completely open to being maliciously hard forked.

“Since not all information gets propagated over the network at the exact same time, some nodes will see a 10-block reorganization, which they will reject, and others will see a [nine] block reoganization, which they’ll accept,” says Wall. “The network will then have forked into two, and if there’s two exchanges on different forks, it’s trivial for the attacker to sell the same cryptocurrency twice, on both these exchanges, and thus be double-spending.”

The seemingly arbitrary decision to use every 10th block to ensure chain validity, rather than trusting the longest chain with the most hashes, has drawn some heavy criticism from other blockchain insiders too, and not just for reintroducing the very vulnerabilities it was meant to fix.

Apparently, the new ‘checkpoint’ is maintained by the node operators themselves, without the confirmation that comes by writing it to the underlying blockchain, a big no-no for Proof-of-Work purists.

“It’s shifting consensus power to developers, away from miners,” wrote long-time cryptocurrency evangelist Andreas Antonopolous. “It is best to be skeptical about such shifts of power.”

While it’s certainly true Bitcoin has relied on checkpoints at several stages in its history, currently Bitcoin does not use any – and especially not at the 10th block.

51-percent attacks on ABC are cheap

It only gets worse.

Estimates now suggest that for as little as $27,000, attackers can effectively control ABC armed with nothing but a standard, retail cryptocurrency miner.

51-percent attacks consist of one or more bad actors taking control of the majority of a blockchain’s hashrate.

When this happens, attackers can ‘freeze’ the network by halting transaction processing, censor the blocks of other miners, and open avenues for double spending. But according to Wall, ABC is now susceptible to being similarly controlled by entities that wield much less hashpower.

“A ‘minority hashrate’ miner can choose to mine 10 ABC blocks right now, in a sequence,” Wall explained to Hard Fork. “If that miner is just submitting his own blocks for processing while ignoring the other miners’ blocks, this will become a minority chainsplit that nodes (who have seen the longest chain) will inevitably ignore.”

But if a node that’s out-of-sync reconnects to the network – say, after going offline for a few hours – it could receive data related to the wrong blockchain first, leading to the “real” chain being rejected from then on.

The attacker then has full control over what transactions this node accepts, which also can be exploited to execute double-spend attacks,” warns Wall.

Surely, $27,000 isn’t all that expensive, but it’s worth noting that if attacker only had access to a single Antminer S9, it would take them two full years of surreptitious mining to be considered a real threat.

But the bottomline is still the same: it only takes one (mildly powerful) mining rig to cause significant problems for ABC’s entire network.

Hard Fork reached out to ABC to ask more about the potential security risks posed by the new changes, and will update this piece accordingly should we hear back.

Published November 21, 2018 — 17:52 UTC