FTC 51% Attack - Case Study
-
[quote]There exists a Feathercoin user holding about a fifth of all coins with the intent and capability to execute a highly damaging attack to the network and its users.
Recipients of Feathercoin when the network shows signs of being under attack should increase their confirmation requirements before accepting any payments.[/quote]
I guess a past tense would be more appropriate. We cannot be sure he still owns a large share of FTC. His ability of executing such an attack on the network currently is also doubtful as certain precautions have been taken, more in development now, and the network hash rate is much higher than 3 weeks ago. Although I’m sure Feathercoin to experience more attacks in the not so distant future. Many people out there want us to lay down and die. [i]Si vis pacem, para bellum.[/i]
-
From my understanding, and I’m definitely no expert. Someone used a massive hashrate to control the blockchain (a 51% attack), added there own fake block/transaction with mass amounts of FTC and attempted to collect fees at the same time. Since they controlled a majority of the hashing they kept moving the coins to get them accepted or washed by the system to make them valid. If the conclusion you were looking for is whether they were successful or not, I’m not sure and would like to know as well. Please correct my understanding of this, if I’m wrong.
-
[quote name=“ghostlander” post=“17558” timestamp=“1372165026”]
I guess a past tense would be more appropriate…
[/quote]I would argue that it is still current, unless that user was able get rid of the coins to unsuspecting users. But let’s keep it clear that one thing is the product of fake block generation and another is the [b]attempt[/b] at double spending coins which at the lack of evidence otherwise were obtained legitimately. No news came about anyone complaining about having been defrauded in the multiple attempts at double-spending. Attacker could as well be just testing, or even naively trying to create coins out of negative fees(!)
[quote author=Simkill link=topic=2178.msg18030#msg18030 date=1372335133]
So, for those of us who aren’t able to grasp the document, what’s the conclusion?
[/quote]My interpretation of the event has been quoted just above your post, this was meant as an exercise and I did not intend to advance it too much since was asked for objectivity. In a way I think the research is not finished and actually think that a deeper technical review would add much better insight to help the developers (any crypto) achieve a higher level of both prevention and protection.
To the non technical inclined the message is: be careful with the heightened risk associated with adopting such a cryptocurrency, where the known vulnerabilities are not just theoretical but exploited as a matter of fact.
More directly:
Devs - this was the attacker methods > neutralise them > develop realtime attack detection tools > make them public
Miners/Pools - cooperate with developers in the detection > help mitigate the attackers success by isolating its moves
Merchants and users - beware of attacks > keep alert for its footprints > act accordinglyFeathercoin is apparently joining forces with other cryptos, which can be very positive, but I remain skeptical until I see actual / structural improvements to crypto in general…
“Hope for the best, plan for the worse”
-
[quote name=“Max” post=“18955” timestamp=“1372626189”]
No news came about anyone complaining about having been defrauded in the multiple attempts at double-spending.
[/quote]The only market which could process such large amounts of FTC at that time was BTC-e. They were very quick to act. In fact, they had increased the number of confirmations to 100 even before I and other developers started to investigate what was happening with the block chain. Even if they lost anything to double spending, they kept this information undisclosed to protect the reputation.
-
[quote name=“ghostlander” post=“19029” timestamp=“1372654191”]
[quote author=Max link=topic=2178.msg18955#msg18955 date=1372626189]
No news came about anyone complaining about having been defrauded in the multiple attempts at double-spending.
[/quote]The only market which could process such large amounts of FTC at that time was BTC-e. They were very quick to act. In fact, they had increased the number of confirmations to 100 even before I and other developers started to investigate what was happening with the block chain. Even if they lost anything to double spending, they kept this information undisclosed to protect the reputation.
[/quote]And they still haven’t brought it back down, even though no other coin requires more than 8 confirms.
-
[quote name=“Kevlar” post=“19440” timestamp=“1372828251”]
[quote author=ghostlander link=topic=2178.msg19029#msg19029 date=1372654191]
[quote author=Max link=topic=2178.msg18955#msg18955 date=1372626189]
No news came about anyone complaining about having been defrauded in the multiple attempts at double-spending.
[/quote]The only market which could process such large amounts of FTC at that time was BTC-e. They were very quick to act. In fact, they had increased the number of confirmations to 100 even before I and other developers started to investigate what was happening with the block chain. Even if they lost anything to double spending, they kept this information undisclosed to protect the reputation.
[/quote]And they still haven’t brought it back down, even though no other coin requires more than 8 confirms.
[/quote]they where probably responding to previous lost see post below for previous attack. but for sure they have not lost that much as trade size is not that big even if it seems to have some jump in size around those time on BTC-e transaction history (internal wallet to wallet exchange so not visible on the chain). previous attack was 200K last one 49999.99 so probably bellow a 50K threshold :-\. BTC-e is putting counter-measure in place to protect themself . possibly all attempt have filed so far or got just a very small amount for the attacker. But they prepare for a full attack. and probably will until we get an “acceptable” 51% mitigation with dynamic checkpointing or a constant hash rate that keep us out of trouble for 51% that seems to be around 2Gh/s (in fact the hashpower should be calculated from all block produce between 2 known legitimate block for timestamp, my previous analyse took the timestamp of the attacker that can be false as he prove in the long time attack)
-
[quote name=“Max” post=“18955” timestamp=“1372626189”]
Devs - this was the attacker methods > neutralise them > develop realtime attack detection tools > make them public
Miners/Pools - cooperate with developers in the detection > help mitigate the attackers success by isolating its moves
Merchants and users - beware of attacks > keep alert for its footprints > act accordinglyFeathercoin is apparently joining forces with other cryptos, which can be very positive, but I remain skeptical until I see actual / structural improvements to crypto in general…
“Hope for the best, plan for the worse”
[/quote]The worst thing you can do in an attack is to stop mining. That’s like stopping the heart during surgery on the liver. It’s not like snake poison, where slowing the flow of blood is a good idea. That’s the wrong analogy.
The right thing to do is encourage more miners to jump on and support. Stopping mining is the same as austerity which is causing destruction of economies all over.
-
How do we increase our confirms if we think there is an attack as outlined by the “attack analysis paper” ? Why didn’t we do this for the current attack? as of 18th July?
[attachment deleted by admin]
-
Damm,
I read this material now for the first time!
I am glad ACP is working now… ::) -
[quote name=“mkBit88” post=“29345” timestamp=“1380298276”]
Seems like this thread got zombied, but now that some time has passed and people have pondered and analyzed, can anyone give us non-techies rundown of what happened?
[/quote]As you can see, Feathercoin is still alive, so nothing really critical happened. Lesson learned, fixes applied.
-
The only lasting effect is that it happened at all. Whenever altercoins come up in /r/Bitcoin on reddit our 51% attack always seems to get brought up.