Hi folks, today I want to show you how cheap it is to get in control of some Proof of Work (PoW) cryptocurrencies and how to avoid getting damaged by such an attack.
How can I attack a PoW-Cryptocurrency?
If you are in control of over 50% of the network hashrate you will find block nonces faster than anyone else, so you can create more blocks than anyone else. With that advantage you can compromise the network, make double spendings for example, and the network will still accept it as valid, because the nodes always trust the longest chain.
How does a double spending attack work?
If I have over 50% of the network hashing power I can start to fork the blockchain silently. While this happens I make a transaction to an exchange on the main chain, but at the same time I also make a transaction to another wallet, that is under my control, on the forked copy of the chain. The nodes only see my transaction on the main chain and mark it as valid, the money goes to the exchange and I can start trading. After that I reveal my forked copy of the chain to the nodes and because my chain is longer (my latest block number is bigger) these nodes will accept my copy of the chain as valid. So my previous transaction to the exchange no longer exists, only the transaction to my other wallet exists, and I have successfully screwed the exchange or any other person that is affected by this.
Popular PoW-Coins, like BTC or ETH, have so much hashing power that you would need to invest multiple M$ in GPUs or ASICS to try an attack.
But there are other coins which are listed on exchanges, use known PoW-algorithms and have low hashing power compared to the first coin that implemented this PoW-algorithm.
A nice example for this situation is Bitcoin Gold (BTG), which uses Equihash as PoW-algo (same algo as Zcash), but the network hashing power is way slower than Zcashs (25MH/s vs. 550MH/s).
So a big Zcash miner could easily switch for a couple of hours to BTG and start to make double spendings, which sadly happened last month with a estimated damage of around 18M$!
How can I protect myself?
If you want to invest in a PoW-cryptocurrency you should check if these types of attacks are possible. For that reason a user started this website, where you can look up some PoW-Coins and check how much it would cost to attack them via nicehash and if nicehash is even able to sell that much hashing power that is needed for the attack.
To attack BTG again you would need to pay atm around 3k$/h, which isnt that much compared to the damage you could cause. Other coins are way cheaper to attack, Gulden (NLG) for example can be attacked for under 200$/h... The easiest and safest way is to just avoid these coins.
Ofcourse coins which use other consensus-algorithms or coins which are build on top of other coins (e.g. mineable ERC20-Tokens like 0xBitcoin) are not affected by this problem.
If you still want or need to make transations on a vulnerable blockchain, you should only accept a transaction after alot of confirmations (wait multiply hours to be sure). Thats also what the exchanges are doing now with BTG and other vulnerable PoW-Coins.
I hope you could learn something!