Here is my theory, please read below!An attacker that controls more than 50% of the network's computing power can, for the time that he is in control, exclude and modify the ordering of transactions. This allows him to:
- Reverse transactions that he sends while he's in control
- Prevent some or all transactions from gaining any confirmations
- Prevent some or all other generators from getting any generations
The attacker can't:- Reverse other people's transactions
- Prevent transactions from being sent at all (they'll show as 0/unconfirmed)
- Change the number of coins generated per block
- Create coins out of thin air
- Send coins that never belonged to him
It's much more difficult to change historical blocks, and it becomes exponentially more difficult the further back you go.
As above, changing historical blocks only allows you to exclude and change the ordering of transactions.
It's impossible to change blocks created before the last checkpoint.
The client accepts the 'longest' chain of blocks as valid. The 'length' of the entire block chain refers to the chain with the most combined difficulty, not the one with the most blocks.
The deposited coins were created out of the genesis block. Therefore the dev is the scammer, and the 50M were never distributed.
Therefore, if the quoted above is true, the attacker mined an entirely different fork using the same genesis block (i.e. simply not updating his config to update to the current fork), allowing him to own the coins from the premine.
This entirely different chain had the most combined difficulty (not the most blocks, see quote #2), allowing it to take over the current one (which had a very low diff.)
This means he could have rented a 300mh/s rig on betarig for 0.5 BTC and mined 6 hours to take over the current chain.
This allowed him to have control over all the 50M coins, and therefore deposit coins, reverse transactions (see quote #1), and deposit again, and so on. This is pretty much the only possibility IMO.