It looks like you're new here. If you want to get involved, click one of these buttons!Sign In Register
I love the concept of Bitcoin. I believe the Internet will redefine currency as we know it. Nevertheless, I see at least 4 major ways (technical, legal, competition, community) the Bitcoin network could either be hacked by stealing BTCs, or shocked to death triggering panic and drops in BTC value. I hope this helps the Bitcoin community to develop a currency that's really resilient to attacks.
I outline here 6 attack scenarios and 4 ways to double-spend BTCs, for a total of 24 possible different attacks. Since I don’t have complete knowledge of the Bitcoin platform some of them might not be feasible in practice. Still, if just one of them is feasible, it means the Bitcoin network can be hacked right now. Also, these attack scenarios involve the ROI of such attacks to be positive. Please remember that even if the ROI of an attack was negative but the attack feasible, the scenario would be as scary: any BTC opponent/competitor such as a law enforcement agency could use their resources to exploit the Bitcoin network and steal BTCs from rightful owners. Not exactly what you expect from a “digital gold”.
BITCOIN’S WEAK SPOT, ACCORDING TO ITS CREATOR
According to its own creator, the Bitcoin p2p network is resilient to attacks only:
"As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network" (Satoshi Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System" at http://www.bitcoin.org/sites/default/files/bitcoin.pdf . "
In the same paper Nakamoto writes:
"The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes." "If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains. " "If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins." "we proposed a peer-to-peer network using proof-of-work to record a public history of transactions that quickly becomes computationally impractical for an attacker to change if honest nodes control a majority of CPU power. "
If Nakamoto is right, this means the Bitcoin network has a very clear weak spot in plain sight. In the very words of its creator, there's no doubt: Bitcoin can be hacked.
Other than being hackable by politically-driven attackers (e.g. law enforcement entities, tax collectors, anti-laundering entities, central banks, keynesian entities, etc), my fear is that any profit-driven malicious entity could soon choose to attack Bitcoin. As the FRN("USD"/BTC exchange ratio (e.g. price) grows, it becomes more and more convenient to buy computing power with FRN("USD" and then use it to hack the block chain. Buying computing power using FRN("USD" to outnumber the majority of the honest Bitcoin nodes with malicious nodes could reap a positive ROI in terms of FRN("USD".
At the current stage there are ~5M BTC out there worth ~2M FRN ("USD", distributed among ~3,000 nodes, while ~160 new blocks justify the minting of ~8,000 new BTCs every day. Around 1500 transactions take place every day.
PREPARING THE ATTACK
The first step of the attack should be for the attacker to buy 400 BTC from moneychangers. At current market prices this should cost ~160 FRN("USD".
The attacker will wait to find in advance the goods/services to buy from the providers (the specific targets of the attack) and make sure the aforementioned future recipients are ready to accept BTCs in exchange for those goods/services. Only then, when all the providers are "warm" and ready to sell, should the attack start. The providers should be 80 different ones, and they shouldn't be Bitcoin ubergeeks: they should be normal people not paying much attention to the sudden rise of total number of nodes in the network and they should not follow much the community forums/alerts, or at least not check them every time they accept a BTC payment. Responsible moneychangers should therefore not be chosen as targets, as they're likely to be closely-watching forums and the like. The attacker should choose sellers who ship goods immediately (immaterial goods deliverable over the internet such as music, movies, ebooks, virtual goods, or material goods delivered immediately or picked-up face-to-face) and possibly goods that are easy to resale. The attacker should alsa leverage professional pickup services, or people picking up stuff in his name, so that he is sure of the exact time of delivery of the good. With time, the more the Bitcoin network grows, the more stuff to be stolen will be available.
The attacker should target users who are enthusiast about Bitcoin's two main purposed strengths: anonymity and immediate p2p transactions. These targets will be happy to deliver goods/services to an anonymous party, and they will trust their Bitcoin balance without waiting too much time to verify the ''stability'' of their own balance.
Transactions should be small enough (under 500 BTC) so not to sound too suspicious to sellers.
An attacker should gather the majority of CPU power with 4,000 CPUs. Such power should outnumber the honest nodes' computing power by producing (faster) a malicious block chain where the BTCs spent by the attacker are immediately sent back to him by the recipient and then double-spent among multiple recipients. The malicious subnet should be spread across a variety of IP ranges, so that it can infect the Bitcoin network most effectively. The malicious subnet should close ~8 blocks containing ~80 transactions. The attacker should own 4000 CPUs for 1h, representing now 2/3 of the nodes, and - reasonably speaking - way more than 51% of the network's computing power.
The attack should last 1h, spending those 400 BTC for 80 times instead of just 1, paying attention to pay 80 different not-so-geek providers as mentioned above. At the current value of 1 BTC = 0.40 FRN("USD", this would mean buying 32,000 FRN ("USD) worth of goods and services. On the other hand the cost of compromising the Bitcoin network for 1h with 4000 malicious CPUs would be, at a current price of FRN("USD" 2.10/CPU/hour (Amazon Quadruple Extra Large Cluster Compute Instances), 8,400 FRN("USD", plus the initial 160 FRN("USD", for a total of FRN("USD" 8,560. Considering harvesting FRN("USD" 32,000 worth of goods and services that's a pretty good +220% ROI in just 1h. Pretty good compared to your average investment.
When the attack is finished, the malicious CPUs will disappear from the network, and the community will be left alone with a hacked block chain, where only the last 80th of the 80 payees actually owns the BTCs, while the first 79 are effectively defrauded of BTCs that were double-spent just after being received by the recipient.
A 2nd attack scenario involves less transactions, with a higher amount of BTC per transaction. Ideally the attacker could even target just 2 providers, closing 2 transactions with amount of 11,250 BTC each. This will harvest, at current ratios, FRN (“USD”) 9000 worth of goods/services, with a +5% ROI in just one hour. Obviously the attacker should target more than just 2 providers if he needs transactions to be smaller in amount. A “few but big transactions” attack is useful when the merchants need lots of confirmations from the Bitcoin network.
And that's not considering the additional ~300 BTCs minted during the 1h of the attack, which - if properly double-spent - could greatly increase the ROI of the attack.
If such computing power (4000 quad xl) were to be allocated for honest Bitcoin mining, it would have yielded ~300 BTC, equivalent now to ~120 FRN("USD", thus the ROI would have been -98.8% in 1h, instead of +220%.
In a 3rd attack scenario, the attack could last 24h-48h, close hundreds of blocks, target thousands of users, and reap a much higher ROI (up to +5,000%). On the other hand, delivery times must be properly planned in advance: the longer the delivery time, the more the attacker has to wait before double-spending. Also, care should be taken so that panic and ''currency run'' (people running to convert BTCs into something else as soon as they hear of the attack) are triggered just after the attack is completed. The other pro of a slower attack would be that providers are less likely to notice the fraud. The con of such an attack would be that providers are more likely to stumble upon alerts on the forum. You can have a fast attack "low" ROI scenario targeting fast-shipping goods and services, and a slow attack high ROI scenario targeting slow-shipping goods and services. A slow attack can target slow-shipping goods/services coming from isolated community-unaware sellers. A fast attack can target immediate-delivery goods/services making sure the interval of being alerted is smaller than the duration of the attack, so that the alert always arrives too late, after the good/service has been delivered.
4th attack scenario: like the 3rd, but targeting way less victims, with higher-value transactions. A “few but big transactions” attack is useful when the merchants need lots of confirmations from the Bitcoin network.
A 5th attack scenario involves a discontinuous use of the malicious subnet, turned on and off at phases during the attack, in order to minimize expenses leveraging the flexibility of cloud computing platforms like Amazon. In this scenario the attacker doesn’t need to control the majority of CPUs for the entire duration of the attack, but instead only when a double-spend is about to happen. This allows also for slower deliverables to be targeted by an attacker. As soon as the double-spend is about to happen the attacker turns on his malicious cloud, computes the older blocks plus the new blocks, thus creating the longest block chain. Obviously to close previous blocks lots of computing power will be needed: the attacker should balance on the one hand the bigger computing power needed, and on the other hand the smaller time of computing power needed plus the advantage to target slow-delivery goods.
6th attack scenario: like the 5th, but targeting few victims with big transactions. A “few but big transactions” attack is useful when the merchants need lots of confirmations from the Bitcoin network.
Obviously a rational attacker would try all the possible attacks, just to make sure to exploit the Bitcoin economy as much as possible.
HOW THE ATTACK WORKS
So in summary the attack works like this: the first BTCs spend happens in, say, block 105000. After the merchant acknowledges it and delivers the good/service to the attacker, the attacker's malicious network releases a new 105000 and as many blocks after it as needed to make it the longest chain. Now the whole network (honest clients included) acknowledges that the attacker holds the coin because there is no record of first the transaction according to the majority of CPUs. In this scenario the BTCs are spent but then the transaction is lost in the new malicious block chain. Then the BTCs are spent again, and the process is repeated many times. Obviously the first 79 payees watched their balances plummet before their eyes, but there's nothing they can do other than alerting other people through forums/emails/etc. As noted above, the victims of the attack are not paying attention to the forum in those 60 minutes.
OTHER WAYS TO DOUBLE-SPEND
A 2nd way to double-spend is, after the spend happened, for the malicious block chain to acknowledge the transaction, but have a different address for its recipient: instead of the victim’s address it will be one of the attacker’s addresses.
A 3rd way to double-spend is, after the spend happened, for the malicious block chain to substitute the victim’s address with the next victim’s address. So the transaction is acknowledged but its recipient is not the first victim, but the second victim. This process could be repeated just once or, if possible, multiple times.
A 4th way to double-spend is, instead of leaving no trace of the spend in the malicious block chain, to add an opposite spend, from the victim to the attacker, with the same amount. The advantage of this way to double-spend is that it will work even with a future version of Bitcoin that could let the second recipient recognize a double-spend.
HOW DOUBLE SPENDING WORKS
In summary, the steps involved in this kind of double-spending are:
Spend the BTCs. Wait for recipient’s acknowledgement and delivery of goods/services. Secretly work on another version of the block chain where the BTCs, adulterating the original transaction in one of the 4 aforementioned ways. This block chain should be longer than the honest network's chain, and since the attacker controls the majority of the CPUs it is reasonable to predict he will generate it before such a long chain is generated by the honest network. Repeat.
When the community realizes Bitcoin has been hacked, they could now revert the block chain to before the attack took place, but 32,000 FRN ("USD" worth of goods and services are now gone, so either the providers have been defrauded, or the community decides to devalue the Bitcoin purchasing power by inflating ~80,000 new BTCs (equivalent of the amount of the fraud) out of thin air and give them to the victims of the fraud.
In either cases, as soon as the news of the attack is made public, the value of BTC would quickly plummet as people start to panic: even though a panic is not the most rational response (more rational would be to wait and follow Satoshi's advices about what to do) it is reasonable to assume that people would like to convert BTCs into something real that's not hackable (e.g. gold) "before it's too late". The amount of FRN("USD" that 1 BTC can buy would plummet, so if you worked hard to earn 10,000 BTC that could buy - say - FRN ("USD" 4000 worth of goods and services, now with those same BTCs you can buy - let's say - only FRN ("USD" 2000 worth of goods and services.
Obviously as the FRN("USD"/BTC exchange ratio grows faster than the number of nodes, such attack is more likely to happen with time. If the ROI of an attack is positive now, it will be positive at any given time, since minting is not involved in such an attack scenario. Instead, given the FRN/BTC ratio is growing exponentially, the likelihood of such an attack would grow exponentially with time.
An attacker could basically play god until the payees realize they've been defrauded: they realize too late that the BTCs the anonymous/pseudonymous attacker paid them in exchange for their goods/services/FRN("USD" are now gone.
The attacker may do this even without hiding from law enforcement agencies, given I'm not sure such attacks on the Bitcoin network would be considered illegal in every legislation of the world. In fact, many legislations could morally approve and cheer such an attacker, as soon as they realize Bitcoin is a threat to them.
The strength of the Bitcoin concept are that it's anonymous, and transactions are immediate: unfortunately this can render the attacker untraceable, and the purposed speed and resilience of transactions could actually harm merchants.
Am I missing something ?
Is the relatively low amount of FRN("USD" needed to hack the Bitcoin network at this stage the reason why Nakamoto suggested against advertising Bitcoin too much at this stage ?
Is accepting little BTCs or no BTCs at all the only way to prevent such attacks ?
Bitcoin is a perfect tool for so-called "money laundering", given its pseudonymous nature. Also, Bitcoin makes the core business of a national government near to impossible, because psudonymous transactions mean the national tax agency is unable to know how much taxes a citizen has to pay. It is reasonable to assume that BTC will represent a deadly threat for a national state, and that they would react accordingly first exploiting Bitcoin's point of failure to bring it down (see question 1 above), and then - if still needed - using their full moral, legal, judiciary, police, military, PR, press powers to shut down such a threat. This has already happened in China when people started to migrate from using PBOC RMB notes towards using Tencent's QQ coins. It is reasonable that it will become illegal to download BTC, install it, have it on a computer, run it, and in a very short time. It will become illegal to accept it in exchange for your own goods and services. The entire Bitcoin economy would suffer incredibly: moneychangers not able to operate, Bitcoin banks and brokers not being able to serve people not running a client, law-abiding providers of goods and services not being able to accept it. Hackers and crypto-activists would still continue to use it, but how much would this legal challenges affect the value of 1 BTC in terms of FRN("USD" ? -10%, -30%, -50% ?
If I now accept Bitcoins in exchange for my work, how much of the purchasing power of my hard-earned Bitcoins will evaporate overnight, and how much will be saved ?
Can Bitcoin be considered a reliable store of value ("digital gold" then ?
Given there's no redeemable good/service backing the emission of BTC, BTC is redeemable only as long as people accept it in exchange of their goods/services (like central banks' currencies). Unfortunately it has no intrinsic value either (unlike precious metals, and like central banks' currencies), and no violent entity forcing you to accept it in exchange for your goods/services (like precious metals and unlike central banks' currencies). This said, the lock-in power of such network is extremely low, and the entry barrier for competitors is also very low given Bitcoin is an open source software project, and there are more than 230K projects just on Sourceforge. Look at the history of P2P after Napster. What will happen to the value of someone's BTCs when a new, better, P2P currency comes along ? A powerful hook could be a P2P currency where “mining” (CPU-work) is rewarded way more than in Bitcoin, making it actually profitable to buy computing power in order to mine (in this scenario the computing power could be the backing of the currency: it’s got an intrinsic value when it is used for real-world purposes). What happens to the value of your BTCs if people stop accepting BTC and start accepting the new currency instead ? Would this create a sort of “currency run" similar to a bank run, where every individual - driven by fear more than reason - is trying to be the first to convert the old currency into the new one, instead of watching value evaporate in his hands ? Obviously competition is good, but is it also good to keep the value of my work in BTC, or will it evaporate ? -10%, -30%, -50% ?
Can Bitcoin be considered a reliable store of value ("digital gold" then ?
Given the project is open-source, what would prevent central banks, governments, keynesians, and other BTC competitors/enemies to infiltrate the community of developers in order to push their own agendas ? One of the possible infiltration attacks could be to push for minting more than 21M BTC and stop the deflationary process built-in in the concept of BTC: lots of economical and political arguments could be used to support this idea in a very rational fashion. Many other infiltration attacks are possible and just up to your imagination.