Forum Home
    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Popular

    FTC 51% Attack - Case Study

    Attacks and Feathercoin Security
    11
    16
    9295
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MCBITMAN last edited by

      From my understanding, and I’m definitely no expert. Someone used a massive hashrate to control the blockchain (a 51% attack), added there own fake block/transaction with mass amounts of FTC and attempted to collect fees at the same time. Since they controlled a majority of the hashing they kept moving the coins to get them accepted or washed by the system to make them valid. If the conclusion you were looking for is whether they were successful or not, I’m not sure and would like to know as well. Please correct my understanding of this, if I’m wrong.

      1 Reply Last reply Reply Quote 0
      • M
        Max last edited by

        [quote name=“ghostlander” post=“17558” timestamp=“1372165026”]
        I guess a past tense would be more appropriate…
        [/quote]

        I would argue that it is still current, unless that user was able get rid of the coins to unsuspecting users. But let’s keep it clear that one thing is the product of fake block generation and another is the [b]attempt[/b] at double spending coins which at the lack of evidence otherwise were obtained legitimately. No news came about anyone complaining about having been defrauded in the multiple attempts at double-spending. Attacker could as well be just testing, or even naively trying to create coins out of negative fees(!)

        [quote author=Simkill link=topic=2178.msg18030#msg18030 date=1372335133]
        So, for those of us who aren’t able to grasp the document, what’s the conclusion?
        [/quote]

        My interpretation of the event has been quoted just above your post, this was meant as an exercise and I did not intend to advance it too much since was asked for objectivity. In a way I think the research is not finished and actually think that a deeper technical review would add much better insight to help the developers (any crypto) achieve a higher level of both prevention and protection.

        To the non technical inclined the message is: be careful with the heightened risk associated with adopting such a cryptocurrency, where the known vulnerabilities are not just theoretical but exploited as a matter of fact.

        More directly:
        Devs - this was the attacker methods > neutralise them > develop realtime attack detection tools > make them public
        Miners/Pools - cooperate with developers in the detection > help mitigate the attackers success by isolating its moves
        Merchants and users - beware of attacks > keep alert for its footprints > act accordingly

        Feathercoin is apparently joining forces with other cryptos, which can be very positive, but I remain skeptical until I see actual / structural improvements to crypto in general…

        “Hope for the best, plan for the worse”

        1 Reply Last reply Reply Quote 0
        • ghostlander
          ghostlander Regular Member last edited by

          [quote name=“Max” post=“18955” timestamp=“1372626189”]
          No news came about anyone complaining about having been defrauded in the multiple attempts at double-spending.
          [/quote]

          The only market which could process such large amounts of FTC at that time was BTC-e. They were very quick to act. In fact, they had increased the number of confirmations to 100 even before I and other developers started to investigate what was happening with the block chain. Even if they lost anything to double spending, they kept this information undisclosed to protect the reputation.

          1 Reply Last reply Reply Quote 0
          • K
            Kevlar Spammer last edited by

            [quote name=“ghostlander” post=“19029” timestamp=“1372654191”]
            [quote author=Max link=topic=2178.msg18955#msg18955 date=1372626189]
            No news came about anyone complaining about having been defrauded in the multiple attempts at double-spending.
            [/quote]

            The only market which could process such large amounts of FTC at that time was BTC-e. They were very quick to act. In fact, they had increased the number of confirmations to 100 even before I and other developers started to investigate what was happening with the block chain. Even if they lost anything to double spending, they kept this information undisclosed to protect the reputation.
            [/quote]

            And they still haven’t brought it back down, even though no other coin requires more than 8 confirms.

            1 Reply Last reply Reply Quote 0
            • G
              groll Regular Member last edited by

              [quote name=“Kevlar” post=“19440” timestamp=“1372828251”]
              [quote author=ghostlander link=topic=2178.msg19029#msg19029 date=1372654191]
              [quote author=Max link=topic=2178.msg18955#msg18955 date=1372626189]
              No news came about anyone complaining about having been defrauded in the multiple attempts at double-spending.
              [/quote]

              The only market which could process such large amounts of FTC at that time was BTC-e. They were very quick to act. In fact, they had increased the number of confirmations to 100 even before I and other developers started to investigate what was happening with the block chain. Even if they lost anything to double spending, they kept this information undisclosed to protect the reputation.
              [/quote]

              And they still haven’t brought it back down, even though no other coin requires more than 8 confirms.
              [/quote]

              they where probably responding to previous lost see post below for previous attack. but for sure they have not lost that much as trade size is not that big even if it seems to have some jump in size around those time on BTC-e transaction history (internal wallet to wallet exchange so not visible on the chain). previous attack was 200K last one 49999.99 so probably bellow a 50K threshold :-\. BTC-e is putting counter-measure in place to protect themself . possibly all attempt have filed so far or got just a very small amount for the attacker. But they prepare for a full attack. and probably will until we get an “acceptable” 51% mitigation with dynamic checkpointing or a constant hash rate that keep us out of trouble for 51% that seems to be around 2Gh/s (in fact the hashpower should be calculated from all block produce between 2 known legitimate block for timestamp, my previous analyse took the timestamp of the attacker that can be false as he prove in the long time attack)

              http://forum.feathercoin.com/index.php?topic=797.0

              1 Reply Last reply Reply Quote 0
              • zerodrama
                zerodrama Regular Member last edited by

                [quote name=“Max” post=“18955” timestamp=“1372626189”]
                Devs - this was the attacker methods > neutralise them > develop realtime attack detection tools > make them public
                Miners/Pools - cooperate with developers in the detection > help mitigate the attackers success by isolating its moves
                Merchants and users - beware of attacks > keep alert for its footprints > act accordingly

                Feathercoin is apparently joining forces with other cryptos, which can be very positive, but I remain skeptical until I see actual / structural improvements to crypto in general…

                “Hope for the best, plan for the worse”
                [/quote]

                The worst thing you can do in an attack is to stop mining. That’s like stopping the heart during surgery on the liver. It’s not like snake poison, where slowing the flow of blood is a good idea. That’s the wrong analogy.

                The right thing to do is encourage more miners to jump on and support. Stopping mining is the same as austerity which is causing destruction of economies all over.

                1 Reply Last reply Reply Quote 0
                • wrapper
                  wrapper Moderators last edited by

                  How do we increase our confirms if we think there is an attack as outlined by the “attack analysis paper” ? Why didn’t we do this for the current attack? as of 18th July?

                  [attachment deleted by admin]

                  1 Reply Last reply Reply Quote 0
                  • M
                    mirrax last edited by

                    Damm,

                    I read this material now for the first time!
                    I am glad ACP is working now… ::)

                    1 Reply Last reply Reply Quote 0
                    • ghostlander
                      ghostlander Regular Member last edited by

                      [quote name=“mkBit88” post=“29345” timestamp=“1380298276”]
                      Seems like this thread got zombied, but now that some time has passed and people have pondered and analyzed, can anyone give us non-techies rundown of what happened?
                      [/quote]

                      As you can see, Feathercoin is still alive, so nothing really critical happened. Lesson learned, fixes applied.

                      1 Reply Last reply Reply Quote 0
                      • H
                        HopeStillFlies Regular Member last edited by

                        The only lasting effect is that it happened at all. Whenever altercoins come up in /r/Bitcoin on reddit our 51% attack always seems to get brought up.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post