Skip to content

Instantly share code, notes, and snippets.

@metalicjames
Last active March 4, 2024 08:22
Show Gist options
  • Save metalicjames/71321570a105940529e709651d0a9765 to your computer and use it in GitHub Desktop.
Save metalicjames/71321570a105940529e709651d0a9765 to your computer and use it in GitHub Desktop.
Bitcoin Gold (BTG) was 51% attacked

Bitcoin Gold (BTG) was 51% attacked

Preamble

Bitcoin Gold is a Bitcoin hard-fork that aims to be GPU-mineable by using the Equihash algorithm with parameters (144, 5) also known as "Zhash". The Bitcoin Gold website claims Zhash "uses more memory than an ASIC can muster, but runs fine on many graphics cards". Bitcoin Gold was previously 51% attacked in May 2018 when it was estimated that up to $18 million worth of BTG was double-spent.

The Attacks

Between Thursday and Friday we detected two deep reorgs on BTG, both of which contained double-spends. Their details are listed below. All times are GMT.

In both cases the attacker blocks were mined with the address GWrW5dTZf5XwGWoJuqRKdzkzZFkwtWSqaP in the coinbase transaction. We note that at the time of the attack, on Binance deposits of BTG were credited to one's account for trading after six confirmations, and were available for withdrawals after twelve confirmations. A fourteen or fifteen block reorg would thus evade both of Binance's escrow periods. Binance has since increased their withdrawal requirement for BTG to twenty confirmations. Based on Nicehash market price data for Zhash we estimate the cost of generating each reorg at around 0.2 BTC (~$1,700) and the attacker would have recouped around the same value in block rewards. Therefore, it is possible that the attacks were profitable if the double-spends succeeded at defrauding the attacker's counterparty, or break-even if the double-spends were unsuccessful. This suggests that a confirmation requirement on the order of tens of blocks for BTG is still far too few to make the budget constraint to launch an attack significant.

@MentalNomad
Copy link

I didn't have time to thank you earlier - so, thanks for the work and contribution of information.

Note, this part has an error:

1,900 BTG originally sent to GgmzUSgXrXpDxiY34bG6SxaDVi2rQ1zU8Q in TXID 3a17157994502a749a1827883a670d822f8ee95dae94064631770faeec1e8443 was redirected to GgmzUSgXrXpDxiY34bG6SxaDVi2rQ1zU8Q in TXID 6e05e8253b2ce7f1acf6f0684898e13141c0e9b893e1a5e44d215d8ebe4d28b4.

Should read:

1,900 BTG originally sent to GgmzUSgXrXpDxiY34bG6SxaDVi2rQ1zU8Q in TXID 3a17157994502a749a1827883a670d822f8ee95dae94064631770faeec1e8443 was redirected to GNH5cUEg5LZZP5HfLgaLvTE9ApKAf76aBf in TXID 6e05e8253b2ce7f1acf6f0684898e13141c0e9b893e1a5e44d215d8ebe4d28b4.

@metalicjames
Copy link
Author

@MentalNomad indeed, it has been fixed! Thanks!

@hesido
Copy link

hesido commented Jan 25, 2020

Exchanges need to dynamically set number of confirmations required based on order book depth and network difficulty.

@MentalNomad
Copy link

MentalNomad commented Jan 26, 2020 via email

@mjamin
Copy link

mjamin commented Jan 26, 2020

Exchanges need to dynamically set number of confirmations required based on order book depth and network difficulty.

Here's another idea: stop this pointless exercise. Whatever rules you tack on and workarounds you implement, Bitcoin Gold/Cash/SV/Diamond/etc. will always be fragile and never worthwhile. You will only make people lose money, either through the market or attacks like this.

@rohenaz
Copy link

rohenaz commented Jan 26, 2020

Exchanges need to dynamically set number of confirmations required based on order book depth and network difficulty.

Here's another idea: stop this pointless exercise. Whatever rules you tack on and workarounds you implement, Bitcoin Gold/Cash/SV/Diamond/etc. will always be fragile and never worthwhile. You will only make people lose money, either through the market or attacks like this.

You're conflating Gold/Diamon (airdrops with different POW) with valid forks stemming from contentious protocol changes (Cash/SV).

@mjamin
Copy link

mjamin commented Jan 26, 2020

You're conflating Gold/Diamon (airdrops with different POW) with valid forks stemming from contentious protocol changes (Cash/SV).

An utterly meaningless distinction.

@mpapec
Copy link

mpapec commented Jan 26, 2020

You're conflating Gold/Diamon (airdrops with different POW) with valid forks stemming from contentious protocol changes (Cash/SV).

An utterly meaningless distinction.

Attackers may actually use risk/reward assessment before picking a target, so there could also be a reason why bgold has horrible record so far, while others do not.

@buralux
Copy link

buralux commented Jan 27, 2020

That’s a second attack, don’t understand what do you waiting to protect yourself with Komodo’s delayed Proof of Work (dPoW)???

@hesido
Copy link

hesido commented Jan 27, 2020

Exchanges need to dynamically set number of confirmations required based on order book depth and network difficulty.

Here's another idea: stop this pointless exercise. Whatever rules you tack on and workarounds you implement, Bitcoin Gold/Cash/SV/Diamond/etc. will always be fragile and never worthwhile. You will only make people lose money, either through the market or attacks like this.

The idea is valid for any PoW coin. There are a lot of vulnerable coins in the same way. Order book depth / Incoming total deposits at any given time / network difficulty based confirmation requirements can be determined for any coin, and it protects the exchange and the customers. If you have a statistical model to decide which coins are not worth the time, you also have a statistical model to prevent these attacks by dynamically adjusting confirmation requirements.

@mjamin
Copy link

mjamin commented Jan 27, 2020

Forking off from bitcoin is either economically motivated (read: scam), or at best a vote of no confidence in the current development process. So far, any such vote ended in a landslide victory for bitcoin developers (for good reason).

Starting a coin from scratch is also either economically motivated (read: scam), or at best technologically justified. As in: building something that's fundamentally better than bitcoin. If it's the latter, projects borrowing 99% of bitcoin's codebases should immediately raise a red flag. Also, most of the time these kinds of projects are trying to get rid of PoW as their main selling point.

So yes, the idea is valid for any PoW coin that tries to compete with BTC: they're a waste of everyone's time and money.

@Cryptobeetle
Copy link

I think the solution to the “51% attack” problem can be found in this thread: https://bitcointalk.org/index.php?topic=5215111.0

@MentalNomad
Copy link

OK, but BTG didn't "fork off from bitcoin."

BTG stood up a completely independent network with new nodes and new miners. It was impossible (by design) for Bitcoin miners to follow the BTG fork, which required entirely different hardware. There was exactly zero contention within Bitcoin as to whether to support Bitcoin or BTG.

BTG did fork Bitcoin's blockchain history as a fair basis for the initial distribution of 16.5 million BTG, true. But there was never contention or competition with Bitcoin, so there is no "landslide victory" or loss.

There was even a 20-day pause between the blockchain snapshot and the first BTG block. I don't see how this can be viewed as a competition.

Snapshot of BTC blockchain: October 23, 2017, block 491407
First BTG block mined: Nov 12, 2017, block 491408

@ireneidan
Copy link

Now I read the comments of 2019, when many did not take seriously and did not think that bitcoin would reach the price of 40 k dollars, not to mention 64 k)) Times have changed and now cryptocurrencies have caught up with the authorities very quickly and very well. Elon Musk and other millionaires, billionaires have started to invest very large amounts of money in cryptocurrencies, and this leads to higher prices. I personally invested on https://yuanpaygroup.com platform 10 k dollars in several cryptocurrencies and now I am waiting for growth. I have expectations of a minimum profit of $ 20k, but I hope it will be more. I am waiting ))

@amureborn
Copy link

I didn't have time to thank you earlier - so, thanks for the work and contribution of information. by The way Twisting is possible in Cyrptocurrsy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment