Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Topic OP
How to extract profit from cryptocurrency exploits
by
GingerAle
on 26/05/2016, 00:19:30 UTC
I'm generally curious what everyone's thoughts are on this. Say, for instance, you find a flaw / bug / exploit in a cryptocurrency. Instead of notifying the developers and / or modifying the code yourself, you think "Hey, I could profit from this!".

How would one go about profiting from this?

A lot of this probably depends on the type of bug or exploit. I'm just going to throw some things against the wall here and see what sticks. I'll try to update the OP as more suggestions or modifications are made.

1. Double Spend Exploit
This is probably the simplest of the exploits, and depending on the extent of the flaw, could have a range of profitability. So you could obtain Currency X, then send it to multiple exchanges and sell the same coin multiple times.

2. Consensus exploit
This is probably a variant of the above, because you would shard the network. Different blockchains, same coins. So you'd have to masterfully shard the network to isolate the major exchanges and then profit.

3. p2p exploit
This would behave like a denial of service - the currency network would just shut down and stop working as intended. Profiteering from this isn't as direct as 1 or 2.

4. de-anonymizing exploit
If privacy is the main selling point of a currency, then this exploit would destroy that. Profiteering from this isn't as direct as 1 or 2.


-----

Now, interestingly, profit taking from items 3 and 4 is unique from items 1 and 2. 1 and 2 can be though of as "sneaky" - you can only profit directly if you manage to make your move while the exploit goes undetected. This is a microeconomics exploit profit extraction.

In order to extract profit from items 3 and 4, you need to depend on the market. This is a macroeconomics exploit profit extraction, because the only way to profit from a currency network facing an existential threat (as in, the exploit challenges the fundamental existence of the currency network) is to use financial betting instruments like shorting. In fact, I can not think of a way to directly extract profit from items 3 and 4 that don't involve macroeconomics and the involvement of markets.

Furthermore, a macroeconomics exploit profit extraction can be done in two ways.

A. Be sneaky
Here, you disrupt the network to the point where confidence in the coin is shaken, and people divest from the coin. Before you attack the network and expose these flaws, you don't tell anyone about the flaws and short the market, BIG. After the coin recovers and the exchanges unfreeze the coin, you can sit back and watch the money roll in as everyone dumps the coin back to oblivion.

B. Be loud
Here, you make the markets aware of your discovered exploits after you short the coin. So first you short BIG, then you try to break confidence in the coin by advertising your exploits. You then have the choice of actually attacking the network or not. The benefits here are that the exchanges don't freeze the network.

Now, items 1 and 2 are very different, in that item 1 is a sure bet. In other words, you can make a LOT of money by killing a network and causing mass hysteria. Item 2 is a chance bet - you hope that people believe you damage the network.

-----

In conclusion, due to the nature of exploits 1 - 4, anyone announcing exploits prior to using the exploits is using approach B. And in my humble opinion, of the macroeconomic exploit profit extraction approaches, A is the more profitable. Therefore, I conclude that if approach A was not used, the possibility of the exploit not actually existing is relatively high.

Unmoderated thread, have a field day.