This college freshman has 51% to attack your cryptocurrency

[ad_2][ad_1]

A college freshman is coming after your cryptocurrency – but not to steal your coins, just to prove that someone could do it fairly easily.

According to a cryptic enthusiast and security researcher using the "geocold51" handle, most small-scale cryptocurrencies are at risk from the most feared vulnerability in the industry – the 51% attack. During this attack, a miner takes more than half of the power to extract a cryptocurrency, which allows them to cancel a past transaction and replace it with another transaction, called double spending.

While the ecosystem that has been built around bitcoins and other high-level encryption makes them resistant to this type of attack, other cryptocurrencies with less than a community of miners are not as secure.

Sure enough, on smaller coins, these types of attacks are becoming more common. In a new report, Group-1B detected a $ 20 million encryption theft with such attacks in 2018, as reported by TNW.

On Saturday October 13th, geocold51 decided to show how easy it was: to live out its 51% attempt to attack Bitcoin Private, a crypt with almost $ 47 million of market capitalization (at the time of writing).

Speaking to CoinDesk, he said geocold51, if a cryptocurrency can be attacked so easily, "iIt is a kind of devaluation of a certain currency by different investors. "

Geocold51 estimates that he spent $ 100 to get to the point where he could have double demonstration spending on private bitcoins, but stopped because his livestream was pulled.

Just to be clear, geocold51 he was not interested in theftand so he organized the demonstration in which he would send the private bitcoin he owned to two different portfolios he owned. In this way, no user or exchange service provider is robbed.

For him, it is a matter of showing that many coins are vulnerable and, therefore, perhaps widely overestimated.

That said, he calculates that to get a profit from a 51% attack, a damaging attacker would have to double about – so about $ 200 – to buy some bitcoins in an exchange with his private bitcoin and then make another transaction on the longer chain that invalidates the first transaction, returning it to its private bitcoin coins and letting the exchange run out.

While the cost of the exchange process increases, the 51% attack is still quite cheap due to the increase in cloud computing. According to geocold51, without access to cloud mining, an attack like it did on private bitcoins would have cost him about $ 100,000 in hardware.

"Nicehash and the possibility to hire hashing power radically changes the scene of 51% attacks" geocold51 told to CoinDesk, adding:

"If there's not a lot of hashing power to protect it, but there's a lot of value associated with it, that's where you can make a 51% attack."

Since geocold51 announced the livestream on Reddit (the post got 1500 upvotes and 60,000 views, he said), the attempt to attack aroused a bit of attention – even the creator of dogecoin Jackson Palmer tweeted about looking

However, the livestream did not work exactly as expected, and for this reason, geocold51 said it would perform a full attack later. He told CoinDesk he will do it without a stream this week and will post a recording of his demonstration on YouTube shortly thereafter.

L & # 39; inspiration

The young security researcher's handle could remind another security guru.

According to geocold51, he was inspired by one of the most legendary hackers of recent years: geohot, who famously jailbreaked the original iPhone, which means that restrictions on carriers and apps have been removed.

These days, geohot loves livestream himself looking for vulnerabilities.

And geocold51 imagined that he could start doing the same within the cryptocurrency ecosystem.

Geocold51 has a good understanding of cryptography. When the GPU hardware was still profitable for hobby miners, geocold51 put a lot of bitcoins into it. He then began to exchange money with Cryptsy, before the CEO of the exchange allegedly went away with millions of dollars in the user's money.

In this, he lost almost all his bitcoin.

But he still remained interested in space and continued to study how everything worked. And since the industry was divided into hundreds and thousands of different cryptocurrencies, geocold51 thought it could be able to shed light on the dangers of security.

And others were interested in this too. His post on Reddit on the challenge picked up 1500 positive votes and over Twitch, he received $ 888 in donations.

The day of the attack

The interesting thing is that Bitcoin Private was not his first goal.

Instead, geocold51 intended to go after einsteinio, a litecoin fork managed by volunteers with a capitalization of 19 million dollars and 598,000 dollars in volume of exchanges per day, at the time of writing this article.

He announced his intentions publicly and, as he was preparing for the attack, commentators from his Twitch feed noted that the hashish rate of the cryptocurrency was increasing.

Because he had announced the early attack, the einstein community increased the hash rate because he was worried that such an attack would cause a rift in the chain and create a second blockchain on which people could get stuck, according to Ben Kurland, one of the projects members of the board of directors. At that time, einsteinio was in the middle of a portfolio update. If users or exchanges have not updated their portfolios in time, the blockchain division may have caused a loss of ownership.

Seeing the increase in hash power, geocold51 decided to attack private bitcoins instead.

According to geocold51, he got over 600 views during the Twitch livestream, before Twitch shut down the flow. The Twitch team, he said, temporarily suspended under the "threat of damage" section of its community guidelines.

He got another livestream on Stream.Me half hour later.

Once transmitted there, he was able to hire the miners through Nicehash for my private bitcoin. In fact, he basically pulled out a block. And in a very short time, he was controlling over 50% of the hash power on the blockchain.

Very soon an account called "CommunityWatch" appeared in the stream and wrote: "Just a quick question: am I assuming that all we are doing here is legal?"

A few minutes later, the geocold51 video feed on Stream.Me was cut.

Geocold51 told CoinDesk that it had already obtained about two-thirds of the private bitcoin hash rate. He had transmitted his first transaction to a second portfolio that he controlled. And he had written another transaction on an offline chain that went to a third portfolio that he controlled.

He was about to send this longer chain to the network, but since the point was to show people that the attack could be done easily, it stopped once the live sets went out.

Protected in another way

However, geocold51 is determined to carry out its mission by registering the next attack to be shared on YouTube soon.

And while this vulnerability risks being worrying for many in the community, geocold51 noted that there is another way in which these coins are protected based on the theory of cryptocurrency games.

If someone tried to sell a significant volume of coins, their price would probably have collapsed, as the community is not robust enough and has no huge amount of liquidity. As such, he claimed geocold51, although it is easy to buy hash power and detect a network, it may not be feasible to make a lot of money from an attack.

However, geocold51 agrees to continue, using the donations received for perhaps even trying to attack 51% of other cryptocurrencies.

In fact, he told CoinDesk, that he could intentionally attack some cryptocurrencies that have prepared preventive measures for 51% of the attacks, to test them in production. For example, the team that develops Horizen (formerly zencash) believes it has found a way to discourage attacks by 51% by introducing some penalties for miners.

Geocold51 said he would be happy to fail against some of these measures.

Performing the demonstrations privately and adding some production value to the final recording will probably make the content more edifying, according to geocold51, but it's still a bit disappointed that his original plan did not come to fruition.

At CoinDesk, he concluded:

"There's something nice about it being alive."

Twitch, Stream.Me and private bitcoin teams did not respond to a comment request for this story.

UPDATE (October 25th 14:46 UTC): This story corrected the number of views on the Twitch stream.

Shadows on the hand on the keyboard image using Shutterstock

[ad_2]Source link