Search content
Sort by
Showing 20 of 72 results by mjdamgaard
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
And all of that ignores the fact that ETH could be attacked in a similar way. POS is not a flawless security model and in order to attack it, the attackers would not have to buy a shitload of ASICs and the network is only 1/4th of the value.
Here I will refer you back to my answer to @DaveF (sorry for the initial mistake):
Just as another thought experiment would be how much would it cost to get enough ETH while people are selling theirs to do this to launch your own 51% attack on ETH.
The fact that there is no real work involved just having enough money to buy enough of a specific coin has always been a weakness of all POS coins.
And now that there are ETH ETFs there is an incentive for people to be able to short the ETFs if they think their value will go down.
Think about it, get enough funds to buy the companies I discussed above that host a bunch of the ETH staking nodes, while simultaneously buying ETH and spinning up your own nodes and then a simple 51% attack against ETH.
-Dave
The fact that there is no real work involved just having enough money to buy enough of a specific coin has always been a weakness of all POS coins.
And now that there are ETH ETFs there is an incentive for people to be able to short the ETFs if they think their value will go down.
Think about it, get enough funds to buy the companies I discussed above that host a bunch of the ETH staking nodes, while simultaneously buying ETH and spinning up your own nodes and then a simple 51% attack against ETH.
-Dave
In theory, a 51% attack on Ethereum would cost > $300B × 50% = $150B. (Bitcoin and Ethereum have apparently just dropped 11% and 21%, respectively, in this past 24 hours.)
And a 34% attack would cost > $300B × 33.3% = $100B.
The stakers would lose that money (in a Rival Goldfinger attack), and they would only be able to gain $300B, and only when assuming that the Bitcoin investors share the costs equally. If not, it would thus take at least 33.3% of the Bitcoin investors to participate in an attack in order to break even in terms of costs and gains. (And for a 51% attack, it would require at least 50%.)
Now, if the Bitcoin investors is somehow able to keep their attack a secret, they would in theory not need to beat 33.3%, but only ~0.01% (in the current moment), which is the actual fraction of staked Ether compared to what's in circulation. But on top of the need to keep it a secret, this theory also assumes that safe guards like described in https://ethereum.org/en/developers/docs/consensus-mechanisms/pos/#finality isn't implemented or doesn't work.
(Edit: Sorry, my mistake! I mistook 33M ETH for 33M USD when I looked up the amount. The amount of staked Ether is currently 28%, not 0.01%. x))
Last but not least, in order for the steal to be finalized for good, the attackers would also need to confuse the Ethereum community of whether the reorg was malicious or not, assuming that the remaining 66.6% of the Ethereum stakeholders would otherwise just revert the attack afterwards. (Edit: Think of what happened with the Ethereum Classic fork.)
For a 51% attack, the attackers would be able to force a hard fork when the "honest" stakeholders revert the attack. But unless again the attackers can succeed in confusing the whole community, the community and investors will know which of the two chains they ought to support, if they don't want to support the chain that actively tries to undermine its own currency.
[...] If it becomes publicly known that an attack is planned, there is a chance that BTC whales will pool funds and fight back. They could approach ASICs manufacturers, miners, and they could say "if" the attack is pulled off, we will pool 10 billion dollars to defend against it in some creative way. There are many ways to raise the price for the ETH attackers and keep in mind that the ETH attackers need to liquidate in the first place.
Okay, here we are talking about potential mitigation strategies. I also think that Bitcoin investors must be able to do something. The question is just what? (I'm personally still thinking that planning a switch to PoS themselves might seem like the best option, btw.)
While I agree that one might be able to do something with $10 billion, I'm not sure that trying to pay the "honest" miners more would be a very good strategy at all. My concern is that this would just immediately incentivize all miners to try to make it seem like an attack is underway, in order to cash in on this mitigation money as a large bonus to their normal earnings.
I guess the Bitcoin investors could try to buy mining farms directly, instead of simply raising the on-chain rewards. But that would then still incentivize such mining farms to help fund the attack (which I explain in my preprint paper can seemingly be done anonymously via smart contracts).
Last but not least, one also has to ask the question of whether the Bitcoin investors are really that cohesive when all any single investor has to do to avoid the threat, and avoid paying their share of the 'mitigation money,' is to just preemptively trade their BTC for ETH (or perhaps another PoS coin). With the shear amount of BTC that is traded each day on the blockchain, even the large players (at least most of them) should be able to make this move pretty quickly.
But what do I know about the fortitude and cohesion of the Bitcoin investors as a group: not much. This is only speculation on my part. What do you think in this regard?
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
"Only require a fraction", but that fraction has to come from someone or a group of people. The bigger the group, the more likely it becomes public before the attack could be pulled off (defense could be prepared) and the guys literally have to liquidate somewhere between $6 billion and $18 billion while facing the risk of losing it all. I doubt there are a lot of Elon Musks who would be willing to spend $44 billion on a Twitter platform. Liquidating that amount would also hurt their remaining holdings. Then all the uncertainty whether it works out or not. War escalates, logistics gets worse and available resources for chip manufacturing decrease out of a sudden etc.
Yes, I agree that the attack is unlikely to come from just a few rich individuals, and if the attackers form a large group of people, then it is sure to reach the public, I also agree with that.
So the point here on which we might disagree is the question of whether it would hurt the attackers if their plans become publicly known or not.
You argue that:
Ok if we assume that they make the attack public (or not), and they destroy 50% of BTC's value, which is around $650 billion, what do you think would the backlash be from all the relevant authorities? What would the consequences be for the cryptocurrency ecosystem from the SEC, CFTC, politicians, all relevant authorities around the world? Do you think they would say "well, there is a currency war and that's awesome". I think they would rigorously regulate every cryptocurrency out there because they can finally pretend to have a good reason. The consequences would be devastating and there would be investigations for sure. Whether they would be justified or not, but investigations would take place. ASICs providers would be probed whether they knew that the equipment would be used for an attack or not. If really $650 billion go down the toilet and the planning is of that magnitude as you described with middlemen and an attack coordination, I am sure heads would be rolling in one way or another.
It is not unthinkable that all these institutions would try to search for the attackers and take them to court. But as far as I can see, I don't really think that they have much stake nor interest in this, first of all.
You argue that they would care about $650 billion. But it's not their $650 billion, and the Bitcoin investors knew the risk. (The risk of a 51% attack is described in the very Satoshi whitepaper.)
Second of all, I really don't think that they would have much of a case even if they tried. Besides what the aforementioned blog post says, consider this:
While the Bitcoin exchanges, mining farms, etc., are all subject to various laws (and have to do what they promise their customers), they have no control or authority over the blockchain protocol itself. No one has. This is the defining factor of what it means that the currency is 'decentralized.'
This means that anyone is actually free to declare what they think the Bitcoin protocol should be, at any moment. And the only reason why the Bitcoin protocol doesn't change so easily is due to the Nash equilibrium of the protocol, which means that as long as >50% of the miners agree on the same protocol, it will not be economically viable for any individual to start using a different protocol.
And that's it. The miners are not in any way obligated to follow the rules of the conventional Bitcoin protocol. Sure, mining farms are bound to follow that protocol if they have advertised that they will do so to their users. But even if they have, they can (with all likelihood) easily and quickly introduce another option to mine with a different protocol.
So this means that the attackers are just as free to declare that their protocol is actually the "right" protocol, and that the "honest miners" follow an (in their eyes) out-dated protocol. And if they do, they should, as far as I know, have just as strong case against the "honest miners," as the "honest miners" (and other institutions) have against them.
With this in mind, do you then agree that the line between "attacking miners" and "honest miners" is actually not legally meaningful (except in cases where a miner has agreed to a contract), as miners are not obligated to follow a specific Bitcoin protocol? Or am I missing something major?
And if you do, do you then agree that the would-be attackers don't actually really have to hide their intentions from anyone?
Acquiring millions of ASICs through middlemen would again raise the price. The whole coordination, logistics, higher price per piece, timing, getting it from A to B. Involving a high number of middlemen would make things only worse for the attackers and I am still absolutely convinced that simultaneous orders of ASICs that amount to the hash power of a potential 51% attack would definitely not go undetected. Then. the question remains whether ASIC manufacturers would dig their own hole by destroying POW and essentially their own gold mine.
So do you think that the ASICs suppliers would make their costumers sign a contract not to use their ASICs in a 51% attack? And do you think that they will be able to ensure that willing miners can't get around those contracts?
By the way, can I ask what you think about existing miners joining the attack? (If the Ethereum stakeholders rewards them automatically via a smart contract (see my preprint), then it seems that anyone can join the attack at any time.)
(Let me get back to your other points in the same post in a little while.)
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
@tiCeR, thanks for a great post.
I think your point about ETH investors also owning BTC is a very good one. User @HeRetiK also brought up this point earlier:
I'm first of all afraid that I don't personally have much insight into whether ETH whales are also BTC whales, and vice versa. But I do think that this is quite likely.
My reply to @HeRetiK was, however, that if it is really true that a Goldfinger attack would only require a fraction of the Ethereum investors, namely something like 2%–6%, in order to for the attackers to start to break even in terms of costs and gains, then it could potentially be possible without these whales (of course assuming that these don't own it all).
And what's more, if there really is this potential to grow your crypto assets by something like 100% or more in this rival Goldfinger attack, then it might happen that some investors who have previously invested in both cryptocurrencies at the same time will start to trade a portion of their BTC for ETH, either because they fantasize about joining the attack, or just as a precaution if others want to do so.
But of course, at this point, this is all still just speculation.
To your point about a negative effect on ETH as a result of Bitcoin being attacked, I personally think this is one of the best arguments against the danger of a rival Goldfinger attack I have heard so far, and it is certainly a point that has been voiced by many users on this thread.
Historically it seems that the value of ETH follows the fluctuations of BTC. So a successful attack would thus require the Ethereum investors to first make an efficient campaign to communicate to the public that this attack vector only really affects PoW blockchains, like Bitcoin, and not really PoS blockchains in practice.
Now, I agree that the Ethereum and Bitcoin communities might be quite friendly at this point in time. But that doesn't mean that the Ethereum community don't already try to highlight all potential advantages of PoS over PoW to the public. And I personally find it quite unlikely that they wouldn't at some point also try to point out this potential "rival Goldfinger" threat, if the theory holds up. If nothing else, then at least in order to try to make the public feel more positively about PoS in relation to PoW.
I think you are right, but I do wonder: What can they even really do to stop customers from buying their ASICs? Even if the suppliers deny these costumers, what prevents the latter from just acquiring those ASICs through middlemen? Could they perhaps make their customers sign a contract not to participate in a 51% attack, or to sell them on to other buyers who will?
Well, since the attackers can just use a whole array of middlemen in principle, and since they can also in principle make it so that their mined blocks in an attack can't be traced back to them in the first place, it seems quite unlikely that such contracts would work, at least to me. What is your opinion on this?
I definitely think that it would indeed be very much illegal for them to change the protocol and make an attack without consent of the users. So if such mining farms are to participate in an attack, they would have to make it a choice for the individual user whether that user wants to join in the attack or not. (And they would also have to update their contract such that the participating users will also be owed their part of the spoils.)
Here's the thing, though: I don't really see why they would need to keep it a secret. I could be wrong, of course; I'm by no means an expert on legal matters. I just go by what I have read in this blog post: https://sites.duke.edu/thefinregblog/2022/12/28/legal-liability-of-a-51-goldfinger-cryptocurrency-attack, which argues that a 51% attack might not even be illegal, in the sense that it might not prosecutable in a court of law. (I definitely think that this is worth discussing more, however.)
If that is indeed the case, then it seems that the more rumors there are about the build-up of the attack, the better it would actually be for the ETH investors, as it might just make BTC investors migrate preemptively, which would only make the cost go down, in theory. (This is of course assuming that they can indeed communicate successfully to the public that PoS is still safe, and that they can thereby convince some of the now uncertain BTC investors to migrate to ETH instead).
Ha, yeah, it's all quite theoretical at this point. But your inputs are valuable.
I think your point about ETH investors also owning BTC is a very good one. User @HeRetiK also brought up this point earlier:
At the heart of the attack scenario you describe is the assumption that Bitcoin and Ethereum investors are mutually exclusive groups with purely adversarial incentives.
I don't think that's the case.
While most investors will be more exposed to one coin than the other, I'm pretty certain that almost everyone in crypto has a stake in both coins, especially whales. Accordingly I don't think any one side would have much of an incentive to strike the other, even assuming that an attack in either direction were feasible.
I don't think that's the case.
While most investors will be more exposed to one coin than the other, I'm pretty certain that almost everyone in crypto has a stake in both coins, especially whales. Accordingly I don't think any one side would have much of an incentive to strike the other, even assuming that an attack in either direction were feasible.
I'm first of all afraid that I don't personally have much insight into whether ETH whales are also BTC whales, and vice versa. But I do think that this is quite likely.
My reply to @HeRetiK was, however, that if it is really true that a Goldfinger attack would only require a fraction of the Ethereum investors, namely something like 2%–6%, in order to for the attackers to start to break even in terms of costs and gains, then it could potentially be possible without these whales (of course assuming that these don't own it all).
And what's more, if there really is this potential to grow your crypto assets by something like 100% or more in this rival Goldfinger attack, then it might happen that some investors who have previously invested in both cryptocurrencies at the same time will start to trade a portion of their BTC for ETH, either because they fantasize about joining the attack, or just as a precaution if others want to do so.
But of course, at this point, this is all still just speculation.
To your point about a negative effect on ETH as a result of Bitcoin being attacked, I personally think this is one of the best arguments against the danger of a rival Goldfinger attack I have heard so far, and it is certainly a point that has been voiced by many users on this thread.
Historically it seems that the value of ETH follows the fluctuations of BTC. So a successful attack would thus require the Ethereum investors to first make an efficient campaign to communicate to the public that this attack vector only really affects PoW blockchains, like Bitcoin, and not really PoS blockchains in practice.
Now, I agree that the Ethereum and Bitcoin communities might be quite friendly at this point in time. But that doesn't mean that the Ethereum community don't already try to highlight all potential advantages of PoS over PoW to the public. And I personally find it quite unlikely that they wouldn't at some point also try to point out this potential "rival Goldfinger" threat, if the theory holds up. If nothing else, then at least in order to try to make the public feel more positively about PoS in relation to PoW.
I think that an operation of that magnitude wouldn't come to fruition without some very important players in the market noticing and taking the opportunity to stop it. The suppliers aren't only producing ASICs for the sake of mining. But if some of the suppliers (there aren't that many) are approached with an order of that size, I doubt they wouldn't get suspicious. Actually I believe that the suppliers might be well connected with the mining industry. They would ask someone who knows someone who knows someone... If it turns out that there seems to be a group ordering a record breaking, unreal number of ASIC devices, the warning would already be out.
I think you are right, but I do wonder: What can they even really do to stop customers from buying their ASICs? Even if the suppliers deny these costumers, what prevents the latter from just acquiring those ASICs through middlemen? Could they perhaps make their customers sign a contract not to participate in a 51% attack, or to sell them on to other buyers who will?
Well, since the attackers can just use a whole array of middlemen in principle, and since they can also in principle make it so that their mined blocks in an attack can't be traced back to them in the first place, it seems quite unlikely that such contracts would work, at least to me. What is your opinion on this?
Further, if selfish miners get bribed, what is the chance that all of them would agree to perhaps destroy the entire industry as a whole? Then the big miners are mining pools. What is the legal situation when the allegation of bribery would ever come to the surface and a mining pool operator would be convicted for attacking the network in the worst interest of its users (those who provide the hash power)? It would be obvious if one of those pools attacks the network, but if it happens without the consent of its users, wouldn't there be legal consequences?
I am not sure how it would work, but convincing a pool that operates mining facilities and pools hash power on behalf of its users would probably not agree to getting bribed. But without the pools, an attack that involves bribery wouldn't get the attackers very far.
I am not sure how it would work, but convincing a pool that operates mining facilities and pools hash power on behalf of its users would probably not agree to getting bribed. But without the pools, an attack that involves bribery wouldn't get the attackers very far.
I definitely think that it would indeed be very much illegal for them to change the protocol and make an attack without consent of the users. So if such mining farms are to participate in an attack, they would have to make it a choice for the individual user whether that user wants to join in the attack or not. (And they would also have to update their contract such that the participating users will also be owed their part of the spoils.)
What if someone from the attacking group blackmails the attackers after they signed contracts with ASIC suppliers? Once the production went on for 12 months, one of the attackers could go rogue and blackmail his own group, threatening to make those plans public.
Here's the thing, though: I don't really see why they would need to keep it a secret. I could be wrong, of course; I'm by no means an expert on legal matters. I just go by what I have read in this blog post: https://sites.duke.edu/thefinregblog/2022/12/28/legal-liability-of-a-51-goldfinger-cryptocurrency-attack, which argues that a 51% attack might not even be illegal, in the sense that it might not prosecutable in a court of law. (I definitely think that this is worth discussing more, however.)
If that is indeed the case, then it seems that the more rumors there are about the build-up of the attack, the better it would actually be for the ETH investors, as it might just make BTC investors migrate preemptively, which would only make the cost go down, in theory. (This is of course assuming that they can indeed communicate successfully to the public that PoS is still safe, and that they can thereby convince some of the now uncertain BTC investors to migrate to ETH instead).
However I look at it, I don't know how such a huge operation could be pulled off. I know we are discussing theoretical scenarios, but this is really too much theory for me. 
Ha, yeah, it's all quite theoretical at this point. But your inputs are valuable.
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
again if you only want to do one re-org and then play the markets, guess what there are other whales that will arbitrage counterclockwise to then crash the ethereum market to cycle their way back to the btc-usd market to then grow the btc back after each sell off you attempt
[...]
so why are you really here talking about 51% attacking if most of your waffle is about market manipulation methods to cycle funds to then keep dipping the market.. even when (if you run your scenarios) knew your dips would then be followed by BTC whales counter arbitraging your tactics on the market
[...] and instead realise if you are not intending to do repetitive re-orgs, there is no point in you even starting with a 51% attack by wasting funds on hardware, and instead just skip to the market manipulation tactics you then discuss as your real intended attack method, by directly funding the bob-eric method without needing to waste funds on a 51% repeated blockchain attack..
[...]
so why are you really here talking about 51% attacking if most of your waffle is about market manipulation methods to cycle funds to then keep dipping the market.. even when (if you run your scenarios) knew your dips would then be followed by BTC whales counter arbitraging your tactics on the market
[...] and instead realise if you are not intending to do repetitive re-orgs, there is no point in you even starting with a 51% attack by wasting funds on hardware, and instead just skip to the market manipulation tactics you then discuss as your real intended attack method, by directly funding the bob-eric method without needing to waste funds on a 51% repeated blockchain attack..
Again, a 51% attack is not market manipulation. My Bob–Eric example is not an arbitrage cycle; the crash only happens at the end after the reorg, not during the trading. This once again shows that you are only reading my posts so superficially that you don't even really catch any of the points. I can't work with that.
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
firstly you mention not wanting to do multiple re-orgs of bitcoin ledger... (something we contested about over many posts and you now say you dont want to re-org bitcoin multiple times)
[...]
but most importantly about your last multiple posts arguing how you wont need multiple re-orgs of the btc blockchain... by you concentrating on the whole bob-eric market shuffle.. has nothing to do with blockchain manipulating, its just market manipulation
[...]
but most importantly about your last multiple posts arguing how you wont need multiple re-orgs of the btc blockchain... by you concentrating on the whole bob-eric market shuffle.. has nothing to do with blockchain manipulating, its just market manipulation
I still don't know if you are being troll on purpose, or if you are just not reading anything that I write properly, which is also poor behavior.
If Bitcoin does not crash after the first big steal using a long-range attack (1 reorg), then the attackers can just repeat the attack to steal even more.
But obviously, if the attackers can just keep coming back for seconds, this will halt the trade of Bitcoin, thereby making it useless as a currency, and it's value will drop. This is not just me saying this, but this is a standard assumption in literature.
You pretend like I have avoided some of your arguments on this thread, but I dare you to quote any of your earlier arguments, and I will quote you back a counterargument (one that I have already given on this thread).
But then you have to promise me to actually read my counterarguments this time around. (I have almost no patience left for you.)
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
you have again avoided alot of factors and then tried to debate something else yet again to then say that the new debate is not what you were talking about whilst in same sentence saying it was what you were talking about
anyway, you had your chances to learn, but instead just repeated your same mistakes
its obvious now that you only know of ethereum and a newbie to bitcoin, hense why i said several times for you to atleast play out your scenarios, playing devils advocate.. this means learn bitcoin and its mitigating factors and not just run things from the position of how ethereum can have a fantasy wet dream scenario of winning if bitcoin conditions are ignored
goodluck though, but ill leave you now to work out that your theory and method wont crash the market as a long or short term attack.. but enjoy working that out for yourself the hard way, because i know any further hints will just be met with "not convinced" or other avoidance's
so ill just leave you to it with your comedy of thinking you can steal alot of bitcoin in your fantasy, great laughs
anyway, you had your chances to learn, but instead just repeated your same mistakes
its obvious now that you only know of ethereum and a newbie to bitcoin, hense why i said several times for you to atleast play out your scenarios, playing devils advocate.. this means learn bitcoin and its mitigating factors and not just run things from the position of how ethereum can have a fantasy wet dream scenario of winning if bitcoin conditions are ignored
goodluck though, but ill leave you now to work out that your theory and method wont crash the market as a long or short term attack.. but enjoy working that out for yourself the hard way, because i know any further hints will just be met with "not convinced" or other avoidance's
so ill just leave you to it with your comedy of thinking you can steal alot of bitcoin in your fantasy, great laughs
You don't even deny that this was exactly the "delay service" you were talking about.
Bye, troll. Good riddance.
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
Just to hammer the point home, let me also mention something else, that I left out of my preprint, which is that when the attackers rewrite the ledger, they can also remove and rearrange the transactions of the any of the innocent traders in the same time frame.
This means that they can also make other traders inadvertently steal BTC in the same attack. Thus, they are able to make half the traders in the given time frame look as if they are accomplishes in the attack.
Since their ultimate goal is to cause a crash, it doesn't matter who steals the BTC, just as long as someone does, intentionally or inadvertently.
This relieves the attackers of having to trade the large quantities of BTC leading up to the long-range attack that we have just discussed on this thread, which is actually a significant improvement on this particular version of the attack vector since it then relieves them of having to make this activity appear normal, while keeping the secret that an attack is underway.
This means that they can also make other traders inadvertently steal BTC in the same attack. Thus, they are able to make half the traders in the given time frame look as if they are accomplishes in the attack.
Since their ultimate goal is to cause a crash, it doesn't matter who steals the BTC, just as long as someone does, intentionally or inadvertently.
This relieves the attackers of having to trade the large quantities of BTC leading up to the long-range attack that we have just discussed on this thread, which is actually a significant improvement on this particular version of the attack vector since it then relieves them of having to make this activity appear normal, while keeping the secret that an attack is underway.
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
@franky1, it's clear that you are not really listening.
Here in this comment:
Isn't this exactly that 'extend the confirmation time' idea I was talking about? You know that this isn't going to do anything to prevent an attack on that scale,
no.. its about YOU need to run scenarios based on the CURRENT mitigating delays services put on the deposits and withdrawals to cause a attacker to have to wait out clearing their settled other currency.. to then go backwards..
its not about asking services to change things from now on..
you are saying that "no, it isn't about extending the confirmation time," and then in the same breath you saying that it is about "delay services" instead. Unless you can somehow explain to me that "delay services" isn't about 'extending the confirmation time,' I will regard you as being dishonest.
again.. these delaying things are actually standard practice that have and are ALREADY been in practice for decades.. again ill explain, its not about services suddenly needing to implement new delays to mitigate a new attack.. its about the mitigations already in practice for decades that already mitigate the attack you want to discussHere in this comment:
[...] and services can also delay the withdrawal of the funds so the attacker wont try instigating the attack until after the withdrawal clears to ensure when they finally go backward X blocks they get to truly double spend. it then becomes unworthy of attacking the network just to get a refund, because CEX have other mitigating factors
Isn't this exactly that 'extend the confirmation time' idea I was talking about? You know that this isn't going to do anything to prevent an attack on that scale,
its not about asking services to change things from now on..
Okay, I will accept that maybe you sincerely thought that I was talking about "implementing new delays." So I'm giving you the benefit of the doubt, even though you still ought to have paid better attention.
We are both talking about exchanges (and such) delaying the confirmation time (beyond the standard 6 blocks), which is indeed a standard and well-known thing that they can do. And each individual exchange/trader is indeed able to do it independently, and temporarily, whenever they want to.
Regardless, I've explained why that wouldn't help anything in a long-range attack. Now, you both ask me to once again do the (easy) catch-up math, and you also explicitly state that an attack would require several reorgs, "otherwise they wouldn't be able to steal enough to make it affordable."
This all shows that you either don't know what a long-range attack is, or have somehow missed the point, even after this long conversation.
Okay, I'll forgive you for that, but then you better listen more carefully now:
In a normal replay attack, an attacker tries to pay for other assets/currency/etc. with BTC, then reorgs the ledger, and then quickly tries to cheat another party to sell some other assets/currency/etc. for the same BTC, before they notice that a big reorg has happened, thus "replaying" the same BTC.
If this were the kind of attack we were talking about here, then you would be right: The attacker would not be very likely at all to make this attack worth it, namely since exchanges and such would likely notice the large transfers on the blockchian and choose to temporarily require a longer confirmation time (more than 6 blocks, i.e.), until that large transfer is more sure to be finalized. (This is the "delay services" that you are also talking about; we are talking about the same thing here.)
However, this is not the kind of attack that I'm talking about. Note that in my Bob–Eric example, Alice ends up with BTC, not other assets/currency/etc. And note also that Alice is making exactly one reorg of the ledger in this attack. (And note that she could have made many more trades in principle, even in parallel rather than one at a time, and trade more BTC each time.)
This kind of attack is known as a long-range attack, where the goal is not to replay non-BTC assets/currency/etc, but to steal BTC alone.
Now, it is normally assumed that Bitcoin would crash as a result of such an attack (unless honest miners somehow manages to regain a majority of the hash rate after the attack and then soft-fork the blockchain back to the original chain), which means that long-range attacks haven't been much feared before, since they have thus also been deemed as very unlikely to be profitable for the attacker, and therefore "who would do it?"
The so-called 'Goldfinger attack,' however, gives a potential reason why attackers might do it anyway: Either they could be politically motivated, and/or act on behalf of some government/institution, or the attackers could perhaps take large short positions (I assume you know what that is). In particular, if they do the latter, this might then potentially make up for the fact that Bitcoin would crash as a result of such a long-range 51% attack (or another potent 51% attack, more on that in a minute).
Because if the attackers have a reverse stake in Bitcoin, and will thus profit from a crash, then this turns it into a win-win situation, as I have already explained: Either Bitcoin doesn't crash, in which case the attackers can now spend all their stolen BTC at will, perhaps after some whitewashing first, or they profit from the crash itself due to their reverse stake.
And as you know by now, I point to the fact that rather than trying to take such a large short position in order to make this work, the attackers might instead be (or be funded by) stakeholders in a rival blockchain, and one that does not use a PoW protocol itself, hoping to profit from the fall of the competitor.
Now, I must also add to all this: A long-range attack is not necessarily the only kind of 51% attack that could work for such a (rival) Goldfinger attack. A sustained 51% attack that DoS'es Bitcoin for months or years might also do the trick. But let's put this discussion on the shelf for now until you have shown that you now finally understand how a long-range Goldfinger attack could be profitable for the attackers (assuming that they can profit from a crash of Bitcoin in the first place, of course, and also assuming Bitcoin does not take any new steps to mitigate such an attack).
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
Besides, I don't understand why everyone is focused just on ETH, for example, another player, CZ could do this with just a fraction of his wealth, and more importantly, he already has a pool set up and can grab a lot of rented hash while playing innocent.
On second thought, maybe there is a possibility that he could stay clear of the law, if only he can successfully mask all his mining activities, both before and after the attack. (I don't know exactly how easy/hard this would be.)
The point is that attackers can also rewrite the transactions of innocent traders, thus including them (involuntarily) in the steal. (This is something that we haven't yet touched upon in this thread.)
So attackers could in principle target e.g. CZ to make him look guilty as well. And on the other hand, this possibility also gives deniability to any actual accomplices. So CZ might also be able to deny having been an accomplice.
Just a thought. However, the more attackers take part in the attack, the easier it will be for them to deny their part in it afterwards, in any case.
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
Besides, I don't understand why everyone is focused just on ETH, for example, another player, CZ could do this with just a fraction of his wealth, and more importantly, he already has a pool set up and can grab a lot of rented hash while playing innocent.
Well, unless Bitcoin somehow retains its value after the attack (in which case he could just steal, steal, steal), he would either have to be smart enough to be able to end up with other assets/products/currency that don't lose their value, and also get away with that (staying anonymous or within the bounds of the law somehow). Or he would have to take a large enough short position to cover the loss from the crash of Bitcoin, which would probably also be quite a tall order, as far as I know.
But rather than taking a large short position, he could also invest in ETH instead, and hope that a fall of PoW will elevate Ethereum by a large enough factor to cover his costs (and future loss of revenue from his ASICs).
Now, the thing about this latter option is that if it succeeds, it will also make all other Ethereum investors besides him have their ETH grow in value by a similar factor. So by e.g. creating a smart contract like the one described in my preprint, he might be able to get some of these other Ethereum investors to help fund the attack, thus lowering his own costs and risk associated with it.
If enough Ethereum investors joins in, the risk of losing $6B–$16B might be worth the potential gains (of upwards of a trillion dollars) if the plan succeeds.
But yeah, not saying that investing in ETH is the only option (let alone paying the miners in ETH).
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
@franky1, it's clear that you are not really listening.
Here in this comment:
Isn't this exactly that 'extend the confirmation time' idea I was talking about? You know that this isn't going to do anything to prevent an attack on that scale,
no.. its about YOU need to run scenarios based on the CURRENT mitigating delays services put on the deposits and withdrawals to cause a attacker to have to wait out clearing their settled other currency.. to then go backwards..
its not about asking services to change things from now on..
you are saying that "no, it isn't about extending the confirmation time," and then in the same breath you saying that it is about "delay services" instead. Unless you can somehow explain to me that "delay services" isn't about 'extending the confirmation time,' I will regard you as being dishonest.
You also give me a "hint" that:
As for your whole tactic of avoiding argument by pretending that you know something that I don't while being unwilling to say what that is, and at the same time pretending that I'm the one not listening to your arguments while hardly doing anything to point us back to whatever arguments that would be... Well, I don't think I'm the only one who sees through that tactic.
Please stop that behavior, or just leave the thread.
Here in this comment:
[...] and services can also delay the withdrawal of the funds so the attacker wont try instigating the attack until after the withdrawal clears to ensure when they finally go backward X blocks they get to truly double spend. it then becomes unworthy of attacking the network just to get a refund, because CEX have other mitigating factors
Isn't this exactly that 'extend the confirmation time' idea I was talking about? You know that this isn't going to do anything to prevent an attack on that scale,
its not about asking services to change things from now on..
You also give me a "hint" that:
but here is a hint which i did mention already
if a large value transaction got undone. services can red flag a utxo that got undone and if any exchange then got a deposit of that same utxo spend a second time then they can just ban the user from doing any market orderbook trades, (there are other things too but.. before you can run through those factors you need to first walk through the basics factors discussed already and not bypass them
This either assumes that attackers need to do several reorgs in order for the attack to work, or that the attackers are somehow reliant on being accepted by specific crypto exchanges after the attack. If you had paid attention (i.e. to me explaining about the long-range attack above, or the fact that the ultimate goal is to crash the market), you would know that neither of these things are relevant. So either you are not paying attention or you are being dishonest.if a large value transaction got undone. services can red flag a utxo that got undone and if any exchange then got a deposit of that same utxo spend a second time then they can just ban the user from doing any market orderbook trades, (there are other things too but.. before you can run through those factors you need to first walk through the basics factors discussed already and not bypass them
As for your whole tactic of avoiding argument by pretending that you know something that I don't while being unwilling to say what that is, and at the same time pretending that I'm the one not listening to your arguments while hardly doing anything to point us back to whatever arguments that would be... Well, I don't think I'm the only one who sees through that tactic.
Please stop that behavior, or just leave the thread.
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
you dont need to extend the confirmation periods,, for over a decade now services have always followed the guidelines that if someone is spending $millions to wait 6+confirms to deem it settled. because if you DO THE MATH(said many times)
to go back certain amount of blocks to rewrite those blocks and then catch up and over take the network with a certain amount of competing hashrate takes alot of that hashrate cost to achieve. [...]
to go back certain amount of blocks to rewrite those blocks and then catch up and over take the network with a certain amount of competing hashrate takes alot of that hashrate cost to achieve. [...]
You know that I already did that exact math:
With 55% of the hash power, it will take, let's do some math: 55% × (6 blocks/hour) × t > 45% × (6 blocks/hour) × t + 6 blocks <=> t × (6 blocks/hour) × (55% - 45%) > 6 blocks <=> t > 6 blocks / (6 blocks/hour × 10%) = 10 hours.
In an earlier reply, you agreed that a 51% attack from Ethereum could last for several months in principle. (And in fact, if they go absolutely all in on the attack, then it could even be many years, at least in theory, as mentioned in my preprint.)
In an earlier reply, you agreed that a 51% attack from Ethereum could last for several months in principle. (And in fact, if they go absolutely all in on the attack, then it could even be many years, at least in theory, as mentioned in my preprint.)
[...] and services can also delay the withdrawal of the funds so the attacker wont try instigating the attack until after the withdrawal clears to ensure when they finally go backward X blocks they get to truly double spend. it then becomes unworthy of attacking the network just to get a refund, because CEX have other mitigating factors
Isn't this exactly that 'extend the confirmation time' idea I was talking about? You know that this isn't going to do anything to prevent an attack on that scale, as I've already made clear:
You seem to be hung up on the confirmation time. But even if the attackers exchange their BTC back and forth for USD (rather than trade them perhaps more quickly for tokens or ETH), you still agree that it only takes a few days at max for each confirmation. Now, whatever confirmation period there is, this is something that all traders have to deal with. Yet there are still being traded BTC worth billions of dollars each day, despite these long confirmation times! You must agree that with enough money and backing, there is nothing stopping the attackers from trading many millions each day on average (and in principle, it seems that they might be able to trade upwards of billions).
So do you see that we don't really have to discuss the current confirmation time here; not when we are talking about a long-range attack that could rewrite months of the ledger?
Or what exactly are those "other mitigation factors" that you are talking about? So do you see that we don't really have to discuss the current confirmation time here; not when we are talking about a long-range attack that could rewrite months of the ledger?
as for manipulating the market price.. the market price is based on centralised exchange market orders on THEIR databases.. not the blockchain. so run some scenarios nd realise the separation between blockchain attacks vs market manipulation and realise if your end goal is "market crash", that there are easier methods that could have better success rates at less cost, compared to your un-thought-out scenario of thinking a 51% attack will affect the market as much as you assumed without thinking
run some scenarios. and try thing out. learn how bitcoin works, learn the mechanics and economics of bitcoin and what affects what
run some scenarios. and try thing out. learn how bitcoin works, learn the mechanics and economics of bitcoin and what affects what
Just saying that "I know some much better ways to target Bitcoin than your un-thought-out one" gets us exactly nowhere. If you sit on some arguments why the 'Rival Goldfinger attack' wouldn't work that you haven't yet divulged, then do so. Or if you know of another way that is sure to make Bitcoin crash... Well, I guess make another thread about it.
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
YOUR whole premiss was that you want to manipulate the market purely by changing blockchain data.. [...]
It's not really 'market manipulation' in any way. It's more like an 'adversarial exposure of a security flaw in the technology of a competitor,' and arguably 'sabotage' if they really go through with a full attack.
[...] but you have avoided, ignored, dissmissed and been not convinced of all the mitigations of the blockchain attack vectors you discussed.
Name one mitigation strategy that you have mentioned above on this thread that isn't either 'extending the confirmation period,' which as I've explained doesn't really seem to help much since it cannot be done retrospectively, or would mean a departure from pure PoW, which would be a remarkable option as it would go against Bitcoin's protocol as is.
Also if you like, feel free to mention any other interesting ones that you can think of, as this discussion was the main intention behind this thread.
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
But why would it do that? I believe that in my 6+ years of investing and looking at both markets closely I can safely say that these two cryptocurrencies and their communities are both hand-in-hand keeping the entire cryptocurrency industry alive, cause big as it may seem the crypto world is pretty infantile compared to tried and tested investment tactics, and they badly need bitcoin and ethereum's support at this stage to keep the whole thing afloat and make sure that no one's caving in. Ethereum undermines bitcoin or the other way around? We're going to see a massive collapse in price, value, and purpose for cryptocurrency as a whole, may even be the cause of its death for all I know.
This is a good point. If your wisdom is well-founded, then Bitcoin might not have anything to fear.
I guess we really ought to hear out the Ethereum community of their opinion(s): Would a fall of PoW be good for Ethereum or not?
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
@franky1, I'm very sorry if I misunderstood you. But you first of all start your reply by saying "here's the thing," which already seems to imply at least that you don't necessarily disagree with my point. Then you go on to write that there is in fact an even better way for attackers to target Bitcoin and make a lot of money. You follow that up with to comparative statements, saying that you way is better than the 'Rival Goldfinger attack,' and that the latter is more costly, slower, etc., than your way.
This is a complete change of the conversation. Now we are not talking about the feasibility of the 'Rival Goldfinger attack,' but of its efficiency compared to some arbitrage venture, that you have by the way only brought up in the same post. (You have talked about arbitrage before, but as I recall, you have never stated that it is a more lucrative way to target Bitcoin as part of this discussion.)
Why do you even bring up this arbitrage venture as a better way to target Bitcoin if you are still not agreeing (against the conventional wisdom) that a 51% attack would be severely harmful to Bitcoin?
But oh well, apparently bringing up your arbitrage venture idea was only a somewhat unrelated tangent to the discussion (?), and you still think that a 51% attack can't be profitable (given that the value of Bitcoin doesn't crash).
You seem to be hung up on the confirmation time. But even if the attackers exchange their BTC back and forth for USD (rather than trade them perhaps more quickly for tokens or ETH), you still agree that it only takes a few days at max for each confirmation. Now, whatever confirmation period there is, this is something that all traders have to deal with. Yet there are still being traded BTC worth billions of dollars each day, despite these long confirmation times! You must agree that with enough money and backing, there is nothing stopping the attackers from trading many millions each day on average (and in principle, it seems that they might be able to trade upwards of billions).
So do you see that we don't really have to discuss the current confirmation time here; not when we are talking about a long-range attack that could rewrite months of the ledger?
Also, you seem to want me to research your arbitrage venture idea, which I definitely want to do if it indeed only takes 10 minutes, and constitutes a business that completely blows all other investment options out of the water, which, you must admit, you make it sound like. I'm sure more people on this forum would love to hear more about this idea, even if it is only half as good as you make it out to be. (But maybe you should create another discussion thread for it, though, if it is not directly related to this one?)
This is a complete change of the conversation. Now we are not talking about the feasibility of the 'Rival Goldfinger attack,' but of its efficiency compared to some arbitrage venture, that you have by the way only brought up in the same post. (You have talked about arbitrage before, but as I recall, you have never stated that it is a more lucrative way to target Bitcoin as part of this discussion.)
Why do you even bring up this arbitrage venture as a better way to target Bitcoin if you are still not agreeing (against the conventional wisdom) that a 51% attack would be severely harmful to Bitcoin?
But oh well, apparently bringing up your arbitrage venture idea was only a somewhat unrelated tangent to the discussion (?), and you still think that a 51% attack can't be profitable (given that the value of Bitcoin doesn't crash).
You seem to be hung up on the confirmation time. But even if the attackers exchange their BTC back and forth for USD (rather than trade them perhaps more quickly for tokens or ETH), you still agree that it only takes a few days at max for each confirmation. Now, whatever confirmation period there is, this is something that all traders have to deal with. Yet there are still being traded BTC worth billions of dollars each day, despite these long confirmation times! You must agree that with enough money and backing, there is nothing stopping the attackers from trading many millions each day on average (and in principle, it seems that they might be able to trade upwards of billions).
So do you see that we don't really have to discuss the current confirmation time here; not when we are talking about a long-range attack that could rewrite months of the ledger?
Also, you seem to want me to research your arbitrage venture idea, which I definitely want to do if it indeed only takes 10 minutes, and constitutes a business that completely blows all other investment options out of the water, which, you must admit, you make it sound like. I'm sure more people on this forum would love to hear more about this idea, even if it is only half as good as you make it out to be. (But maybe you should create another discussion thread for it, though, if it is not directly related to this one?)
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
The preparation, the sheer breadth of collusion -- word would get out before they could put the resources in place, and the moral Ethereum devs and nodes would ensure a quick abortion.
I'm not sure that the Ethereum devs would necessarily try to prevent something which might force Bitcoin to switch to PoS. And even if a majority of them will want to abort/revert an attack, doing so will undermine Ethereum's own purpose, since Ethereum has no agreed-upon obligation to save Bitcoin in case of an attack. So even though they could abort/revert a smart contract rewarding a Goldfinger attack if a majority of the stakeholders also agree (otherwise the devs are powerless), unless they are required to do so by law, it would undermine the freedom of Ethereum.I wasn't at all suggesting that devs would respond to prevent Bitcoin from switching. I was only saving devs would respond on moral conscience -- to simply attack another network using Ethereum resources (selling Ether as you said remember?) is not a coonscienable action.
Ah, I see. You are saying that the devs wouldn't try to support an attack, not that they necessarily would try actively to prevent it? In that case, I think you're probably right.
P.P.S. I would actually really much like to see your theory put into practice to prove/disprove us all. Have a feeling we would see so many things happen in wildly different paths to what's been predicted. It would be fun, and we can dream, can we not?
Ha, yeah, I'm sure it would shake things up somehow...
(But in all seriousness, I would personally rather see a good, broad discussion of the risk first, such that no investors are caught unaware of it.)
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
here the thing, if they were to have enough incentivised people to buy 2,500,000 asics at $6.3k each ($16b)
.. then there is no point doing a 51% attack if the only aim is market manipulation... they can just market manipulate using the $16b without wasting money on hardware
did you know you can produce billions of market trade volume without needing billions of dollars to trade with
think about it
if you swap ETH->BTC and then sell BTC->USD and then buy USD->ETH
you can get back to ETH and if timed right only cost you some small % los in trade fee's and still have 9X% of funds back as ETH to then repeat
whilst the very act of doing it you can crash the bitcoin price(and raise the eth price) by the selling btc to USD and by the act of buying ETH with said USD.. and not need to throw $16b as a deposit into the market.. by instead depositing $200m and repeating that circle(arbitrage) many times(80x) and then deposit another $200m the next day
again please run the scenarios and realise how there are better ways to crash a market far cheaper than a 51% attack and far faster
again please run the scenarios and realise doing a 51% attack is more costly, slower and less market affecting, and less guaranteed to work
...
i know you want others to run through all the scenarios for you and give you the conclusions.. but sometimes when people act like they are unable to feed themselves and want to be spoonfed, and they reject what they are fed,, its time you learn to feed yourself and if you truly wanted a real answer you would take the time to work things out for yourself in about 10 minutes, rather then waiting multiple days for people to tell you things you dont want to hear
.. then there is no point doing a 51% attack if the only aim is market manipulation... they can just market manipulate using the $16b without wasting money on hardware
did you know you can produce billions of market trade volume without needing billions of dollars to trade with
think about it
if you swap ETH->BTC and then sell BTC->USD and then buy USD->ETH
you can get back to ETH and if timed right only cost you some small % los in trade fee's and still have 9X% of funds back as ETH to then repeat
whilst the very act of doing it you can crash the bitcoin price(and raise the eth price) by the selling btc to USD and by the act of buying ETH with said USD.. and not need to throw $16b as a deposit into the market.. by instead depositing $200m and repeating that circle(arbitrage) many times(80x) and then deposit another $200m the next day
again please run the scenarios and realise how there are better ways to crash a market far cheaper than a 51% attack and far faster
again please run the scenarios and realise doing a 51% attack is more costly, slower and less market affecting, and less guaranteed to work
...
i know you want others to run through all the scenarios for you and give you the conclusions.. but sometimes when people act like they are unable to feed themselves and want to be spoonfed, and they reject what they are fed,, its time you learn to feed yourself and if you truly wanted a real answer you would take the time to work things out for yourself in about 10 minutes, rather then waiting multiple days for people to tell you things you dont want to hear
This is a turn of events.
You now seem to finally accept that a 51% attack could cause severe damage to the value of Bitcoin, thus ending our long discussion on this thread.
And not only that, you even claim that there are other, more efficient ways of doing this, and for someone (e.g. an investment fund) to easily and rather quickly make billions, at a low risk, starting with $16B in capital.
In fact, these ways are so trivial that someone like me (with a background in physics and computer science, by the way) should only spend 10 minutes in order to figure them out.
Maybe I'm blind, but I'm not too convinced about these latter claims myself quite yet. Feel free to elaborate. Also, I wonder what other people on this forum thinks about them?
However, I'm glad we finally seem to agree that a 51% attack could cause severe damage to Bitcoin.
Perhaps you (and others) would be interested, then, in discussing what Bitcoin could do, if anything, to mitigate such an attack?
User @d5000 has already given some suggestions above in this regard.
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
Here you are ignoring/not considering this earlier reply:
[...] But in fact they can make several replays per reorg:
Suppose Alice trades 1 bitcoin with Bob for some tokens or some USD, then trades that for "another" bitcoin from Claire (meaning that Claire's ownership of the coin isn't dependent on the first transaction with Bob), then trades that bitcoin away again to Doris, then buys "another" bitcoin from Eric. And suppose that Alice is then able to rewrite this recent part of the ledger afterwards. Then Alice can keep the transactions with Claire and Eric, i.e. where a bitcoin is transferred to a wallet of Alice's, but replace the transactions with Bob and Doris with two other transactions where the bitcoins are instead transferred to two other wallets of Alice's. At the end of this, she will have 3 bitcoin in 3 separate wallets: the one she started with and the ones from Claire and Eric.
And she could in principle have kept repeating this process (before rewriting the ledger) as many times as she can find traders whose ownership over the traded bitcoin isn't dependent on earlier trades with herself (i.e. she can only replay each single bitcoin once).
Now turn this example into Alice instead being a great number of people, who are backed by billions of dollars in total to do this attack.
And furthermore consider the fact that it is typical to see around $15B being traded each day. (And again, you agreed that Ethereum investors could in theory afford an attack lasting for several months, once they've paid the CapEx.)
And like I've said: the confirmation period unfortunately cannot be changed retrospectively, at least not with pure PoW.
And you are ignoring/not considering my earlier point that when the attackers profit from (or believe that they are profiting from) a crash, they don't have an incentive to keep any other assets/products, but can keep their stolen bitcoin after the attack. (It's a win-win: Either bitcoin keeps its value, and they get rich, or it crashes, which is what their benefactors is trying to reward.)Suppose Alice trades 1 bitcoin with Bob for some tokens or some USD, then trades that for "another" bitcoin from Claire (meaning that Claire's ownership of the coin isn't dependent on the first transaction with Bob), then trades that bitcoin away again to Doris, then buys "another" bitcoin from Eric. And suppose that Alice is then able to rewrite this recent part of the ledger afterwards. Then Alice can keep the transactions with Claire and Eric, i.e. where a bitcoin is transferred to a wallet of Alice's, but replace the transactions with Bob and Doris with two other transactions where the bitcoins are instead transferred to two other wallets of Alice's. At the end of this, she will have 3 bitcoin in 3 separate wallets: the one she started with and the ones from Claire and Eric.
And she could in principle have kept repeating this process (before rewriting the ledger) as many times as she can find traders whose ownership over the traded bitcoin isn't dependent on earlier trades with herself (i.e. she can only replay each single bitcoin once).
Now turn this example into Alice instead being a great number of people, who are backed by billions of dollars in total to do this attack.
And furthermore consider the fact that it is typical to see around $15B being traded each day. (And again, you agreed that Ethereum investors could in theory afford an attack lasting for several months, once they've paid the CapEx.)
And like I've said: the confirmation period unfortunately cannot be changed retrospectively, at least not with pure PoW.
i did address it
i already said the mitigating factors YOU missed
EG before alice trades with bob on the market, alices deposit goes into an exchange (so i presume you are calling the exchange bob) and needs X confirms (significant amount is usually 6confirms)
so the exchange(bob) would then have the coin
now alice then exchanges the usd in another exchange for more bitcoin
but that involves moving stablecoin of usd to a different exchange(claire) so that your held value is safe from not being drawn back by bob(no longer in bobs exchange database balance)
this again means waiting time for funds to clear for clair to then trade
repeat a couple times with a few more exchanges(doris, eric)
and then you want to re-org a old block where you deposited with bob(exchange) to make that A->B transaction disappear
well you are now going to have to go backward many many blocks. re-do that block. and then have to catch up with the network again and over take it and hope the other nodes accept your new list
even with a 10% advantage(55% attack) and only re-winding 6 blocks, it would take like ~50 blocks to catch up
so play out your time frame to just do a bob, claire, doris, eric trades.. and realise you would then need to go back a heck of alot more blocks and edit the block containing the alice-bob trade
so run the scenario and do the math
..
also you state the $1.5B traded each day
you can rewind a block and that makes YOUR transaction ge undone so you can re-spend YOUR funds to a different destination.. but yo dont have the keys for the other users transactions to change their destinations to you. you cant steal other peoples funds so you cant control the other $1.5b transactions
like i said if you wanted to perform an attack then you need to run the scenario out properly and consider the mitigting circumstances and whats actually going to happen based on real things, not the fantasy results you made up and hope people will agree with
if you made a transaction where you deposited $1b and traded it for USD and then withdrew it via wire transfer, you would have to wait 72 hours atleast for the banks to clear it meaning a minimum re-wind time of ~450 blocks and the a catchup and over-take time of THOUSANDS of blocks
Well, I think you are still forgetting about this part:
Now turn this example into Alice instead being a great number of people, who are backed by billions of dollars in total to do this attack.
In reality, "Alice" could be a great number of people, all making these kinds of trades at once. Since the transaction volume can easily reach $15B (not just $1.5B) on a normal day, they would seemingly be able to trade a billion each day, in principle, without raising major suspicions.
Not that they need to trade that much each day, by the way: Buying and selling something like $100M worth of bitcoin would also be enough if they just reverse enough blocks, as this would make them close to $100M for each day of the ledger that they rewrite. More precisely, they would earn $100M worth of bitcoin (using the pre-attack rates, of course), minus the mining costs of the attacking miners, plus the mined bitcoin.
Do you now see the potential severity of a successful a 51% attack?
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
yes if there was a fatal flaw that explodes engines or makes miners defunct to cause hashrate to drop. then yes this can also cause the underlying value to drop and thus the market price to go down when the public stop demanding bitcoin
Good, at least we agree on that, then.
however a ethereum group cant change the network just by having control of blocks. they still have to obide by the design of the network, if they tried to design a new algo that had a flaw. they would just create a new altcoin. and it would be that altcoin that fails(explodes)
We are not talking about them changing the algorithm. We are talking about replay attacks (steals).
bitcoin has had 15 years of safety checks of the main safety features, heck even satoshi himself left a p2pk address with some bitcoin on it that is in a re-used address thus leaving some data leakage of keys. and no one has been able to steal satoshis coins from the known address he send coins to hal and sent coins back as change
so trying to imply that a ethereum group can steal other peoples coins is a sign you have not researched bitcoin nor its risk mitigations [...]
so trying to imply that a ethereum group can steal other peoples coins is a sign you have not researched bitcoin nor its risk mitigations [...]
This is simply false. It is not only widely accepted that replay attacks can happen (as long as the attacker has the money/power to do it), but they have also happened in reality to smaller PoW coins.
Somebody else, please back me up on this.
you need to realise in the many many months pre-atack the ethereum group shift over to bitcoin they would work as honest miners whilst they wait for leadership announcement. and then even when ethereum leadership announce an attack date. the result would be that the attackers would be working on a blocklist that is not visible to the honest network for multiple blocks and is not guaranteed to take over the honest network and pursist
also the attempt to re-spend old confirmed funds would only be worthy if the value involved was significant, to which services would log which funds are being undone and mitigate the user re-spending those funds
also the attempt to re-spend old confirmed funds would only be worthy if the value involved was significant, to which services would log which funds are being undone and mitigate the user re-spending those funds
Here you are ignoring/not considering this earlier reply:
[...] But in fact they can make several replays per reorg:
Suppose Alice trades 1 bitcoin with Bob for some tokens or some USD, then trades that for "another" bitcoin from Claire (meaning that Claire's ownership of the coin isn't dependent on the first transaction with Bob), then trades that bitcoin away again to Doris, then buys "another" bitcoin from Eric. And suppose that Alice is then able to rewrite this recent part of the ledger afterwards. Then Alice can keep the transactions with Claire and Eric, i.e. where a bitcoin is transferred to a wallet of Alice's, but replace the transactions with Bob and Doris with two other transactions where the bitcoins are instead transferred to two other wallets of Alice's. At the end of this, she will have 3 bitcoin in 3 separate wallets: the one she started with and the ones from Claire and Eric.
And she could in principle have kept repeating this process (before rewriting the ledger) as many times as she can find traders whose ownership over the traded bitcoin isn't dependent on earlier trades with herself (i.e. she can only replay each single bitcoin once).
Now turn this example into Alice instead being a great number of people, who are backed by billions of dollars in total to do this attack.
And furthermore consider the fact that it is typical to see around $15B being traded each day. (And again, you agreed that Ethereum investors could in theory afford an attack lasting for several months, once they've paid the CapEx.)
And like I've said: the confirmation period unfortunately cannot be changed retrospectively, at least not with pure PoW.
And you are ignoring/not considering my earlier point that when the attackers profit from (or believe that they are profiting from) a crash, they don't have an incentive to keep any other assets/products, but can keep their stolen bitcoin after the attack. (It's a win-win: Either bitcoin keeps its value, and they get rich, or it crashes, which is what their benefactors is trying to reward.)Suppose Alice trades 1 bitcoin with Bob for some tokens or some USD, then trades that for "another" bitcoin from Claire (meaning that Claire's ownership of the coin isn't dependent on the first transaction with Bob), then trades that bitcoin away again to Doris, then buys "another" bitcoin from Eric. And suppose that Alice is then able to rewrite this recent part of the ledger afterwards. Then Alice can keep the transactions with Claire and Eric, i.e. where a bitcoin is transferred to a wallet of Alice's, but replace the transactions with Bob and Doris with two other transactions where the bitcoins are instead transferred to two other wallets of Alice's. At the end of this, she will have 3 bitcoin in 3 separate wallets: the one she started with and the ones from Claire and Eric.
And she could in principle have kept repeating this process (before rewriting the ledger) as many times as she can find traders whose ownership over the traded bitcoin isn't dependent on earlier trades with herself (i.e. she can only replay each single bitcoin once).
Now turn this example into Alice instead being a great number of people, who are backed by billions of dollars in total to do this attack.
And furthermore consider the fact that it is typical to see around $15B being traded each day. (And again, you agreed that Ethereum investors could in theory afford an attack lasting for several months, once they've paid the CapEx.)
And like I've said: the confirmation period unfortunately cannot be changed retrospectively, at least not with pure PoW.
there are many mitigating circumstances and features and economics at play, even things like a pool needs to have their block visible and unorphaned for 100blocks before they can spend the rewards. however the honest network can reject the malicious pools blocks by simply not accepting the blocks that dont have the previous hashID of the blockheight
EG
if malicious pool started a (backward 1 block re-org) attack at block 850,000(editing 849999) but only got to catch up at block 850,070,
(meaning honest networks hash ID chain of 849,999->850,070 wont match the malicious pools hash chain of 849,999-850,070)
the block 850,071 that gets ahead and is published to the network from malicious pool wont have the 'previous hash id' of the honest networks version of 850,070 so the honest network would reject the malicious pools 850,071
EG
if malicious pool started a (backward 1 block re-org) attack at block 850,000(editing 849999) but only got to catch up at block 850,070,
(meaning honest networks hash ID chain of 849,999->850,070 wont match the malicious pools hash chain of 849,999-850,070)
the block 850,071 that gets ahead and is published to the network from malicious pool wont have the 'previous hash id' of the honest networks version of 850,070 so the honest network would reject the malicious pools 850,071
This idea goes against the principles of PoW. Somebody else, please back me up on this.
Re: Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it
But yes -- even if they succeeded, as many people have already considered (I remember Antonoupoulos describing the aftermath of a potential attack very well many years ago) -- a reorganisation would undo the attack. Remember, success isn't one single 51% attack to create an altcoin. Success means also convincing everyone else the altcoin is the one everyone would follow. Colussion also involves conversion.
2) Specific measure against a "rival blockchain attack": Identify a third blockchain directly competing with the attack blockchain (in the case of Ethereum being the attack chain, for example Solana, Cardano or Avalanche). So those invested both in the attacked and the attacker blockchain can dump their stakes on the attacker blockchain buying the third chain's coins, reducing the attacker blockchain's value and increasing the third blockchain's value. The third blockchain's whales will very likely not participate in the attack, because they will benefit much more if the attack blockchain crashes and they can get the market share.
Now that I've thought about it, I think it might be dangerous for Bitcoin investors to switch to a third PoS coin (fully or partially) as a solution. The danger is that if they are not extremely coordinated, the first investors to buy the third altcoin might get them for cheap whereas the last ones to move will have to pay a lot more BTC for them. This could cause a great shift in the wealth between the individual Bitcoin investors.
It would probably be much better to them create a brand new PoS coin and simply copy all the wallets and balances from Bitcoin to that one. Note that this is similar to making a PoS hard fork of Bitcoin in practice. Afterward the investors can trade the new coin in order to establish its value compared to Bitcoin (the PoW version) via the normal market forces.
What do you think of that?