By capturing more than half of the computing power of the Gold Bitcoin network, a hacker was able to carry out a "double spending" attacks repeatedly for several days.
This is one of the worst scenarios that can happen to a cryptocurrency. A black-hat-hacker managed to take control of the BitCoin Gold blockchain, a variant of the BitCoin created by the same company, capturing more than 51% of the mining computing power.
This is indeed one of the main breaches of the blockchain technology. As you might know, each transaction is written block after block in the cryptocurrency registry after being verified by minors through a cryptographic calculation. But when someone owns more than half the computing power, he gets the gavel on on this verification procedure and can then invalidate the transactions.
This scam is known as "double spending". How it works ? The hacker performs a double transaction of the same amount, at the same time: a purchase from a seller and a transfer to one of the portfolios he controls.
He concentrates its calculations on the second transaction but suspends the dissemination of verification blocks. For its part, the seller see a perfectly normal transaction arrive and can therefore accept it. The amount is exchanged for a good that the pirate repatriates as quickly as possible. Then he diffuses his own checking blocks, which he can do because he controls over 50% of the mining computing power. Bingo: the transaction to the seller is canceled in favor of the transaction to the wallet of the pirate ... who recovers his bet. In the end, the seller is fooled because he delivered a good that has not been paid.
The attack was parried ... for the moment
In this case, the seller's role has been endorsed by trading platforms on which our pirate traded his Gold Bitcoins for another currency that he quickly sent to other accounts. According to a message from the BitCoin Gold company, the pirate made this attack consecutively over several days, between May 16 and 19. In total, he was able to recover the equivalent of $ 17.5 million. It is huge.
To avoid being hacked more, the trading platforms have increased the number of verification blocks needed to validate a deposit. This increases the computing power needed to achieve the scam.
"Obviously, these trading platform actions have deterred the attacker for now", says Edward Iskra, aka MentalNomad, the communications manager at BitCoin Gold.
If this attack was possible, it is also because the total computing power of the BitCoin Gold network was relatively low, by the order of 30 million cryptographic calculations per second (30 megahash/s). For comparison, the computing power of the BitCoin network is a trillion times higher (30 exahash/s). Being able to carry out a double spending attack on BitCoin should therefore be very unlikely ...