Bitcoin SV rocked by three 51% attacks in as many months

Published at: Aug. 7, 2021

Bitcoin Satoshi’s Vision, the fork of another Bitcoin (BTC) fork, has for the third time in three months suffered a blockchain reorganization (reorg) attack. With a call to all stakeholders to mark the malicious network branch as invalid, Bitcoin SV (BSV) developers say the attacks have been repelled and all fraudulent chains identified.

The flurry of attacks against Bitcoin SV, though reportedly repelled, highlight the risks associated with proof-of-work (PoW) blockchains that have a low amount of hash rates backing their existence. Indeed, apart from Bitcoin SV, several chains, like Ethereum Classic (ETC) and Firo — formerly known as Zcoin — have been victims of such attempted blockchain reorg exploits.

While not all of such attacks are successful, some proceed with significant economic consequences for honest participants and the network, in general, as the rogue actors responsible for the malicious exploit on the network can double-spend “coins.” The problem has reached the extent that it is theoretically possible to launch these attacks with a few thousand dollars worth of rented hashing power.

Another blockchain reorg attack

Earlier in August, Bitcoin SV suffered a suspected 51% attack that was similar to previous incidents that occurred between the end of June and the first week of July. At the time, it was said that the malicious network exploit resulted in three versions of the main chain being mined simultaneously amid a deep blockchain reorg attack.

This type of attack occurs when a malicious actor controls 51% of the network’s hash rate and can use that hashing power majority to control and prevent block production as well as double-spend coins. The Aug. 3 incident is reportedly the largest-scale exploit against BSV since it forked from Bitcoin Cash (BCH) back in 2018.

At one point during the exploit, the attacker reportedly compromised about 10 hours’ worth of transactions on the Bitcoin SV chain, according to Nikita Zhavoronkov, lead developer at blockchain explorer Blockchair. Reacting to the event, the Bitcoin Association — a Bitcoin SV advocacy organization — advised honest node operators to mark the false chains initiated by the hacker as invalid.

Marking split chains initiated by 51% attackers as invalid is necessary to prevent the hackers from accruing any economic benefit, such as double-spending. Usually, the goal of such incidents is to send mined coins from the fake chain to the exchanges, thereby extracting monetary value from “thin air.”

In its incident update report, the Bitcoin Association stated that the hacker’s attempted 51% attacks were unsuccessful, while urging network participants to ensure that their nodes are only interacting with the chain supported by honest miners. As part of its report, the Bitcoin Association stated that all relevant stakeholders, including the Bitcoin SV Infrastructure Team, will continue to monitor the network to prevent any further attacks.

In a conversation with Cointelegraph, Steve Shadders, chief technology officer of Bitcoin SV developer nChain, stated that both stakeholders are implementing “a range of proactive and reactive measures” to prevent further attacks.

“Together with the Bitcoin Association team, we also worked with exchanges, miners and ecosystem businesses to quickly invalidate the fraudulent chain containing the illegal double-spends by using the invalidateblock command — an RPC code introduced to Bitcoin in 2014 and still part of the codebase for both BTC and BCH.”

According to Shadders, this move invalidated the attacker’s efforts, allowing honest participants to direct their hashing power to the correct chain. Shadders also stated that the attack had galvanized more hashing power to the Bitcoin SV chain to “defend the network.” Indeed, data from BitInfoCharts shows an increase in Bitcoin SV hash rate between Aug. 3 and Aug. 4, with the network’s hashing power growing by almost 15%.

Three attacks in as many months

The fact that there have been three attacks in three months, each using similar methods, has brought up talk of whether there is an agenda against Bitcoin SV. Between June 24 and July 9, Bitcoin SV suffered four separate attempted 51% attacks that resulted in double-spent coins being sent to Bitmart crypto exchange.

In July, Cointelegraph reported that Bitmark was seeking a restraining order from a New York judge to prevent the hackers responsible for the 51% attacks on Bitcoin SV from selling their double-spent coins. As of this writing, it is not apparent whether the August attacker was able to send double-spent BSV to any exchange.

In a note sent to Cointelegraph, the Bitcoin Association clarified that the existence of double-spend transactions in the June and July attacks did not have any detrimental effect on Bitcoin SV users, adding:

“It is possible that the malicious actor has been double-spending their own transactions. No losses have been incurred and nobody has had anything stolen.”

The June 24 and July 1 attacks reportedly went unnoticed, with investigations starting only after the July 6 incident. At the time, some exchanges, including Huobi, paused deposit and withdrawal services for BSV, thereby setting off inaccurate speculations that trading platforms were moving to delist the coin.

Commenting on the likelihood of the August attacks being connected with the earlier incidents, Shadders told Cointelegraph: “At this stage, while we do not have definitive proof that the same malicious actor is responsible for both these latest attacks and the earlier attempts in June and July, the similarity in attack vector and methodology would indicate that it is likely to again be the same attacker.”

The only difference between the two sets of attacks is that the June and July exploits used the pseudonym “Zulupool” — not connected to the legitimate Hathor Network miner of the same name — while the August hacker impersonated the Taal mining pool. Indeed, the June and July attacker is believed to have impersonated Zulupool and has also been linked to the block reorg exploit against Bitcoin ABC back in March.

Given the suspected links between all the attacks, Shadders told Cointelegraph that legal steps were being taken, stating:

“Bitcoin Association and its legal representatives are actively engaged with law enforcement in affected jurisdictions — a process which the Bitcoin SV Infrastructure Team is supporting on an ongoing basis by collecting and collating all of the forensic evidence that the attacker has left behind.”

Vulnerable PoW networks

PoW networks with significantly lower hash rates are vulnerable to 51% attacks since the required hashing power required to commandeer the network only costs a few thousand dollars. In some cases, a few hundred dollars worth of rented hashing power from NiceHash is enough to stage a blockchain reorg exploit on some PoW chains.

According to data from Crypto51 — a platform that tracks the theoretical cost of a 51% attack on PoW chains — it costs about $5,200 to rent the hashing power needed for a 51% attack on Bitcoin SV for one hour.

Ethereum Classic, another PoW network, also suffered multiple 51% attacks in 2019 and 2020. In one incident, an attacker reportedly siphoned over $5 million from the network while only spending $192,000 on hashing power to carry out the attack. However, it is important to note that while such attacks remain a possibility, network actors can take steps to mitigate the vulnerability.

Related: If you have a Bitcoin miner, turn it on

Indeed, in the absence of the superior network effect and massive hashing power of Bitcoin, other PoW chains need to create secondary security protocols to detect malicious blockchain reorgs. To put the hash rate disparity in stark contrast, the total Bitcoin network hashing power is currently more than 320 times greater than that of Bitcoin SV.

Crypto exchanges also need to increase the network confirmation requirement for coins whose chains do not hold sufficient hashing power. Most 51% attackers strive to double-spend their transactions via exchanges, trading their fake coins for the legitimate funds held by trading platforms often on behalf of their users.

Thus, even if the blockchain does eventually fight off the attack, the hacker can siphon value from the exploit by trading their fake coins on exchanges that fail to adopt the necessary minimum confirmation protocols.

Tags
Related Posts
100 fascinating facts about crypto’s last 100 days
Crypto data aggregator CoinMetrics has compiled a list of 100 insights into the recent performance of the digital asset markets — and the figures add up to a very bullish picture for the ecosystem. Released to celebrate the 100th issue of its “State of the Network” report, the list notes that a $100 investment made into Dogecoin (DOGE) 100 days ago would be worth $2,742 today — outperforming the same $100 investment in Bitcoin (BTC) (which would be valued at $135 today), Ether (ETH) ($186), and Uniswap (UNI) ($401). The report states that Bitcoin has seen $14.5 billion worth of …
Technology / April 28, 2021
Crypto miner Hut 8 surpassed 5K Bitcoin held in reserves
In its third-quarter earnings release, Canadian cryptocurrency miner Hut8 announced that it surpassed its goal set earlier this year of holding 5,000 Bitcoins (BTC) in reserves through mining. Its Bitcoin balance now amounts to 5,053, for a total market value of $430 million. During the quarter, Hut 8 generated 50.34 million Canadian dollars (CA$) in revenue and CA$23.37 million in net income, up from CA$5.75 million in revenue and a loss of CA$0.90 million in the prior year's quarter. The company hosts a sizable fleet of Application-Specific Integrated Circuit, or ASIC, machines used for Bitcoin mining. In addition, it deploys …
Technology / Nov. 11, 2021
$3.3B Bitcoin mining company Griid to list on NYSE via SPAC deal
In a filing with the United States Securities and Exchange Commission on Tuesday, special purpose acquisition company, or SPAC, Adit EdTech Acquisition Corp, announced it would merge with Cincinnati-based Bitcoin (BTC) miner Griid at a $3.3 billion enterprise valuation. SPACs are blank check companies created for the sole purpose of acquiring other firms. After the deal consummates, Griid will list on the New York Stock Exchange under the ticker symbol GRDI. The deal is expected to close by the first quarter of next year. According to its investor presentation, Griid expects to mine 637 BTC this year with a total …
Technology / Nov. 30, 2021
Bitcoin miners believe global hash rate to grow ‘aggressively’
Bitcoin (BTC) seems to be on everyone’s mind lately as the world recently witnessed the price of BTC take a rather unexpected bearish turn this month. On January 21, 2022, Bitcoin reached six-month lows, sinking below $40,000 for the first time in months. While some panicked, other industry experts pointed out that the Bitcoin network has become verifiably stronger than ever before. The growth of the Bitcoin network has become apparent, as hash rate figures for BTC continue to set new highs this month. For example, on Jan. 22, the BTC network recorded an all-time high of 26.643 trillion with …
Technology / Jan. 30, 2022
What is a 51% attack and how to detect it?
Despite being underpinned by blockchain technology that promises security, immutability, and complete transparency, many cryptocurrencies like Bitcoin SV (BSV), Litecoin (LTC) and Ethereum Classic (ETC) have been subject to 51% attacks several times in the past. While there are many mechanisms by which malicious entities can and have exploited blockchains, a 51% attack, or a majority attack as it is also called, occurs when a group of miners or an entity controls more than 50% of the blockchain’s hashing power and then assumes control over it. Arguably the most expensive and tedious method to compromise a blockchain, 51% of attacks …
Blockchain / Nov. 12, 2022