🌀 Attacks & Death Spirals — Issue No. 28

🗞️ News

This week saw a successful, sustained, mining attack against the once-popular altcoin called Vertcoin. A source-fork of Bitcoin, Vertcoin also uses Proof-of-Work for network security, but with a hashing algorithm explicitly aimed at preventing the development of specialized mining hardware. With the crypto market in the cellar and hashrates plummeting across all PoW assets, Vertcoin became an easy target for a so-called 51% attack. In this type of attack, a malicious 3rd party controls enough hashing power to mine blocks faster than all the honest actors combined. This allows the attacker to spend their currency, then release their secret blocks to undo that spending. Mark Nesbitt of Coinmonks has an excellent write up of this particular attack, along with the nature of 51% attacks in general. Link.

While no such attack has ever been observed on major chains like Bitcoin or Ethereum, this extended bear market has had an impact on their hashrates as well. With Bitcoin hashrates are approaching half their previous highs, some have started wondering if this poses an existential threat to Bitcoin's existence. Might the dropping price lead to a mining "death spiral", as fewer and fewer miners are able to operate profitably? This is the scenarios painted in a Bloomberg piece published this week. Link.

In reality, the "mining death spiral" narrative laid out in the Bloomberg piece is highly overstated. The Bitcoin protocol has a built-in difficulty adjustment which lowers the computing power threshold miners must achieve to produce a block. As the hashrate drops, this periodic readjustment makes it easier to mine, which should keep miners on the network and even incentivize some to turn their machines back on. Of course, even this explanation is overly simplistic, and there are some conceivable scenarios where a consensus hardfork of Bitcoin would be required due to a lack of hashpower. Arjun Balaji at The Block did a great job of breaking down these various scenarios and their relative likelihood. TL;DR: I wouldn't bet on a Bitcoin mining death spiral. Link.

While it's true that the hashrate drop isn't likely to kill Bitcoin anytime soon, it's still concerning from a security perspective. The security of a network does not change linearly with the hashrate. That's because, in practice, a would-be attacker needs a lot of capital to acquire the hardware for hashing, or to pay those who own the hardware to use it for them. For a coin like Vertcoin, which uses commodity GPUs for mining and has minimal hashpower, this has now become a trivially inexpensive endeavor. I expect we'll see more long-tail coins attacked in the coming months.

For Bitcoin, such an attack remains extremely capital intensive, but much less so than it once was. When the hashrate was at it's peak, SHA-256 mining hardware was virtually impossible to come by in anywhere near the quantities needed, and would-be mercenaries who already owned it would never rent it to you because it was profitably employed mining Bitcoin. With miners turning off their machines and liquidating their assets, it's now much easier to come by the hardware needed or to pay someone to provide hashing power needed. So while the hashrate is down less than 50% from it's peak, it might be, say, 10 times easier for a well capitalized adversary to carry out an attack against Bitcoin today.

As a developer whose interest in this space is primarily a technical one, I honestly don't get very worked up about price changes. I rarely discuss price in this newsletter, and don't intend on changing that. That said, it would be naive to pretend that price doesn't matter at all. After all, what makes this technology interesting in the first place is digital scarcity, and with scarcity comes value-- i.e. a price. These networks are all about trust and interlocking incentives. As the price changes, those incentives start to change. So as always, stay tuned!

🔮 Blog

Back in August, I wrote about A Striking Exchange From The Ethereum Core Dev Discussion Of Block Rewards. The hardfork that implements that issuance reduction has finally been rescheduled to January 2019. With scrutiny on mining security this week, it's a good time to reiterate a concern about that change I shared then. In fact, this blog post touches on exactly the practical security concerns we just covered. With both crypto and GPU prices dropping, I can't help but wonder if this issuance reduction puts Ethereum at a greater risk for attack than the Core Devs are acknowledging. Link.

📊 Statistics

-15%. Thats the change in Bitcoin mining difficulty which took place this week in light of the falling hashrate. This represents the second largest drop in difficulty ever seen on the network, with the largest (-18%) having taken place more than 7 years ago, when the network was still quite nascent. Link.