Coinbase Suspends Ethereum Classic (ETC) Trading After Double-Spend Attacks (zdnet.com) 116
Cryptocurrency trading portal Coinbase delisted the Ethereum Classic (ETC) currency Monday after detecting a series of double-spend attacks over the last three days. From a report: In layman terms, double-spend attacks are when a malicious actor gains the majority computational power inside a blockchain, which they then use to enforce unauthorized transactions over legitimate ones. According to a security alert published today by Coinbase security engineer Mark Nesbitt, this is exactly what's been happening on the Ethereum Classic blockchain for the past three days, since January 5. Nesbitt says that a malicious actor has carried out 11 (at the time of writing) double-spend attacks during which he moved funds from legitimate accounts to their own. [...] According to Crypto51, it only costs $5,029 to rent enough computing powerto overwhelm the ETC blockchain with your own miners and gain 51 percent hashing power to carry out a double-spend attack.
Re:This is why we can't have nice things. (Score:5, Insightful)
Re:This is why we can't have nice things. (Score:5, Funny)
Because it's distributed, so a bad guy would have to have huge computing resources to overwhelm the good guys! That'll be so expensive it won't be worth the cost.
Oh, wait...
Re: (Score:2)
Because it's distributed, so a bad guy would have to have huge computing resources to overwhelm the good guys! That'll be so expensive it won't be worth the cost.
Oh, wait...
And one is also expected to trust at least half of those controlling the computing resources... not sure I trust a fraction of that number. Of course by trust it means you "trust" at least half of the controlling resources to not act to your detriment at the same time, but meh...
Re:This is why we can't have nice things. (Score:5, Insightful)
And one is also expected to trust at least half of those controlling the computing resources... not sure I trust a fraction of that number.
And "trust" is your only option- it's all you can do, you can't rely on law enforcement to protect you eCoins. Because eCoins are not backed by government or insured by governments, governments are less inclined to help you get your money back if stolen by thieves and hackers.
Re: (Score:2)
I agree.
Might as well file a lawsuit because someone stole your cow from FarmVille.
Re: (Score:2)
Hear Hear! Actually, I believe I've seen lawsuits regarding loss of virtual goods. Against WOW or something like that.
Re: (Score:2)
And "trust" is your only option- it's all you can do, you can't rely on law enforcement to protect you eCoins. Because eCoins are not backed by government or insured by governments, governments are less inclined to help you get your money back if stolen by thieves and hackers.
And when it is the government stealing the money? Who protects you then?
Re: (Score:2)
And when it is the government stealing the money? Who protects you then?
In all the countries I've lived it was the ballot slip.
Re: (Score:2)
And when it is the government stealing the money? Who protects you then?
In all the countries I've lived it was the ballot slip.
So you never lived in the US? Here we only get two choices and they both steal money.
Re: (Score:2)
So you never lived in the US? Here we only get two choices and they both steal money.
I voted for my kids as protest write-in candidates for most positions in the last election because I wasn't happy with my choices.
Re: (Score:2)
In hindsight, I should have given my kids shorter names.
Re: (Score:2)
that was before pooled mineing
Re: This is why we can't have nice things. (Score:2)
What's extra sad is that if you had a handful of trusted nodes, instead of a ton of untrusted ones, would have resisted this attack excellently. It would also do away with the need for all that idiotic mining.
Trusted nodes would just say, "a double spend? Nah, that's bullshit. We won't timestamp that."
If one of the trusted nodes decided to try it, the other trusted nodes would say, "a double spend? Nah, that's bullshit. We won't timestamp that." and you'd be down one trusted node, but the world would keep o
Re: This is why we can't have nice things. (Score:4, Insightful)
I find it amusing how bitcoin and its associated spin offs have replicated financial history. PhD candidates will be writing papers on this idiocy for years to come.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
We already have those. Those are called banks. This isn't to say that the trusted node concept isn't bad. However, whom do you hand over trusted nodes to?
For example, if you want to trust a node, you don't trust it over how much value it has for its good name. This can be relative since even a top bank could start trying to double-spend if people thought they would not get caught. It would take finding a number of parties whose interests do not coincide for this to work. For example, for every trusted
Re: (Score:2)
You do as we do now: you trust organizations that have something to lose.
Banks have a lot of power over the financial system, but if the numbers don't add up properly, they're on the hook, and they can be held accountable because they have real physical assets, directors whose names and addresses are on file, etc.
Also, banks keep an eye on each other, just like bitcoin miners are supposed to do. As far as processing transactions is concerned, there's not really that much difference between a bank and a bitc
Re: This is why we can't have nice things. (Score:2)
a bad guy would have to have huge computing resources to overwhelm the good guys
Much as I don't buy into crypto hype either, Ethereum Classic is a failed Ethereum fork that few people use so it's not that surprising it was easily hacked.
Re: (Score:1)
Tell me again why bitcoin is so much more secure than the traditional banking system.
Technically it's still secure due to the lack of popularity.
It'll be a long damn time before bitcoin or the like causes as much financial impact as the 2008 global meltdown, which created hundreds of millions (if not billions) of victims. And we've not done much to prevent 2008 from happening again. In that sense, I certainly don't exactly find traditional banking as more secure.
Re: (Score:2)
Tell me again why bitcoin is so much more secure than the traditional banking system.
Technically it's still secure due to the lack of popularity.
See, I KNEW my approach of "security by obscurity" was rock-solid!
Re: (Score:3)
... bitcoin has much much more security ...
That's because it's transmorgrified into a speculative gambling architecture. The blockchain is static in size and all that's left is to rearrange the Monopoly money.
Re: (Score:2)
Sure. Take all those phones, make them hash BTC, try to attack the network. It won't amount to squat. Thermodynamics alone mean its fundamentally impossible.
Re: (Score:2)
Because it's distributed, which not only enables an entertaining variety of new hacks, but which makes hackers who do get in a lot more difficult to find.
It has to be expensive to be secure (Score:3)
The achilles heel of bitcoin is that it has to be expensive to be secure. The cost of securing 51% needs to exceed the profitability of achieving it. Thus as the market cap of bitcoin rises, the greater the potential to engage in a profitable double spend. So the cost of the transactions has to rise. SInce the transaction reimbursement has to cover the cost of the hash confirmation and that's paid in bit coin then either the fees or the reward value has to increase. This may possibly, but not necessaril
Cost is $4700 as of January 8th (Score:3)
Re: (Score:2)
Ethereum Classic, LOL!
The BTC network is about 6 or 7 million times as powerful. And if you try such an attack, people will notice the increased hash rate, anticipate rising prices, and will end up turning their dormant miners back on (or more likely, switching from some altcoin back to BTC). Your own success of such an attack would increase the cost of performing the attack. Further, how many BTC can you transfer in your single double spend attack, or in the amount of time your attack is viable? How muc
Re: (Score:2)
Re: (Score:2)
"And who are you going to attack, exactly?"
My knowledge of BTC is pretty sketchy, but isn't the whole idea of the blockchain that it's a public ledger? So you can see exactly who has all the BTC. Or is that wrong?
Wouldn't anyone be able to see who is the most profitable person to attack? You may not be able to identify them - they may be anonymous - but the "big fish" should be readily spottable.
Or am I misunderstanding something?
Re: (Score:2)
$340 k for Bitcoin. That's couch cushion change for lots of organizations and individuals who might want to sow a little chaos.
Re: (Score:2)
Bitcoin was never about security or anonymity. It was a proof of concept that took off.
Re: (Score:2)
TFS and TFA were never about bitcoin.
Re: (Score:2)
Re: (Score:2)
This isn't bitcoin.
It's Ethereum Classic. The 51% blockchain attack won't work on bitcoin because that chain goes from here to Jupiter.
By comparison, ETC goes from here to the front porch.
Re: (Score:2)
You have no data to support that, so you're dismissed.
Survival of the fittest. (Score:1)
This is just part of the process. The best algorithms and systems will win. Ethereum Classic is what's for dinner.
CryptoCurrencyFails (Score:3)
Re:CryptoCurrencyFails (Score:5, Insightful)
When a physical bank is robbed, everyone who has dollars in their pockets still has whole dollars. The theft had zero effect on the value of your pocket or what you can buy. When a crypto-currency exchange gets hacked (aka robbed), the value of what you own can tumble. Plus, add in the shear insecurity of crypto-currency, and you have the reasons why it's a complete failure and nonsense.
These days when a physical bank is robbed, they have insurance backing up their virtual dollars, as well as tracking that can get back stolen (digital) money in many cases (from what I've been told, not an expert). So while the government can track your transactions through banks, the bank also provides more security. All depends on what you value most.
Re: (Score:2)
You are just misinformed. Search /. for references to bank thefts and you will find numerous cases where millions were stolen and no one is able to recover anything, even with all the fancy insurance and tracking that you are waving around.
https://news.slashdot.org/story/18/05/15/2032203/hackers-steal-millions-from-mexican-banks-in-transfer-heist
https://news.slashdot.org/stor... [slashdot.org]
And now countries are ruling that losses can be passed to customers if they have any fault in the loss.
https://slashdot.org/story/06/... [slashdot.org]
https://yro.slashdot.org/story... [slashdot.org]
It's cool though, keep your head in the sand and tell yourself that you are safe. I've always found self delusion to be fantastic for your blood pressure.
Most of what you are talking about is an error by the banker, not by the bank itself. That becomes a very grey area but most failures I hear of with crypto currency are with the algorithm itself or with an exchange it seems like. If a bank screws up their security and loses money, they (or likely their insurance) should be held responsible (at least to insured levels), but I haven't heard much about crypto thefts being repaid, though maybe they just don't publish it much.
Regardless, from two of your examp
Re: (Score:1)
A physical bank is small fish. If one of the U.S. Mint printing factories gets hijacked by bad guys, then the value of money in your pocket can tumble. Maybe that would be the correct analogy?
Re: (Score:2, Interesting)
Actually, the dollar is very resistant to that. The North Korean government printed "superdollars", almost undetectable forgeries for a decade and had no significant impact on the value of the dollar. There was also another source, probably Iranian, that was printing them in the 80's and early 90's and again, didn't have a huge impact on the value of the dollar.
Re: (Score:1)
If I recall correctly, this was basically because they couldn't *physically* print very many super-dollars. IIRC, it was a situation where 1% of the money in circulation was fraudulent and 100+ Government agents were both tracking the money and the bad actors to remove it/them from the system. The basic problem was that ~1 of the 100+ money-printing systems was a bad actor.
ETH works differently. Someone with 51% of the network controls the *whole network*, and can very conceivably give themselves *all* o
Re: (Score:2)
Perhaps you did not pay attention to the decline of the dollar since 1970 ... AFAIK it is now worth a quarter of the value at that time.
Re: (Score:2)
which is fine, the 4% average inflation from 1970 to now is expected for healthy economy.
Re: (Score:2)
I was not talking about the inflation loss, but the loss versus other currencies like Euro, former DM e.g.
Re: (Score:2)
Re: (Score:2)
also can't spend it with out tracking.
Re: (Score:2, Interesting)
When a physical bank is robbed, everyone who has dollars in their pockets still has whole dollars. The theft had zero effect on the value of your pocket or what you can buy.
When a crypto-currency exchange gets hacked (aka robbed), the value of what you own can tumble. Plus, add in the shear insecurity of crypto-currency, and you have the reasons why it's a complete failure and nonsense.
That is incorrect. When a physical bank is robbed you lose your money. The only reason you are protected in the US is because the accounts are insured by FDIC up to $250K. The government (your taxes) foots the robbery loss. And if your safe deposit box is robbed your grandmother's ring is gone for ever.
Crypto Exchanges also have insurance. So if coinbase is "robbed", insurance kicks in - just like your physical bank. Might not be as good as FDIC but then your taxes are not funding it.
As for you second poin
Re: (Score:2)
The FDIC does not insure a bank for robberies, it insures depositors against a bank failure. Also, the FDIC does not get any tax money, the money comes from premiums paid by the member banks (and income from investments made by the FDIC).
Re: (Score:2)
That is incorrect. When a physical bank is robbed you lose your money.
No, you don't. The bank branch that is robbed loses a bit of its inventory in bills, that is all.
If yo have bad luck and they open the lockers in the bank and you have unregistered jewelry that will get stolen and probably not replaced. But your bank account as in balance is not touched at all.
Re: CryptoCurrencyFails (Score:2)
Re: (Score:3)
This is not a case of the exchange getting robbed though, it is the currency itself that got attacked. The problem with proof-of-work is that if someone manages to control over half the mining power, they get to decide which transactions happen and which do not. The theory was that there would never be a single party in that position, but apparently that theory doesn't apply to the less popular coins.
Re: (Score:2)
This is less like a physical bank robbery and more like counterfeiting. When a counterfeiter successfully passes bogus cash in large amounts, he affects tha value of the real money, and it *does* have an effect on the value in your pocket.
Re: (Score:2)
Nowadays, yeah. It's happened in the past, though. Currencies with much smaller float than the US dollar are still vulnerable, as well.
Re: (Score:2)
The theft had zero effect on the value of your pocket or what you can buy. When a crypto-currency exchange gets hacked (aka robbed), the value of what you own can tumble.
This isn't to do with the nature of the crypto-currency as much as it is to do with the supply and demand curve in terms of total trading volume for crypto currencies. If they were used as much as the dollar is then any hack wouldn't have any effect on the price either, .... and the currency wouldn't be as volatile either.
Re: (Score:2)
When a physical bank is robbed, everyone who has dollars in their pockets still has whole dollars. The theft had zero effect on the value of your pocket or what you can buy. When a crypto-currency exchange gets hacked (aka robbed), the value of what you own can tumble. Plus, add in the shear insecurity of crypto-currency, and you have the reasons why it's a complete failure and nonsense.
This depends on how much is taken in the robbery. Governments can take so much as to devalue the currency taking from everybody in proportional to how much they had.
Re: (Score:2)
and you have the reasons why it's a complete failure and nonsense
Hasn't stopped religion, and -- I predict -- it won't stop cryptocurrencies.
Blockchain generally? (Score:2)
Is this specific to currencies or is it a fundamental flaw in blockchains?
Re: (Score:1)
this is specific to shitcoins - no security because nobody is interested and nobody mines it - the blockchain is insecure with >50% hashpower controlled by attacker - no problem renting a little bit hashpower to attack insecure networks. you can't really attack this way Bitcoin - you can but that would be extremely costly - and you won't be able to find that much hashpower to rent anyway.
Btw, ETC is a minority fork of ETH, so nobody cares about ETC and it has near zero use
Re: (Score:2)
Your answer isn't completely clear - if 50% is what's needed then that's a fundamental flaw and Bitcoin is only safe while it's heavily used, not through any special design, so it's not "specific to shitcoins", then?
Re: (Score:1)
But if you have majority mining power then you can do what you want seems just natural. Similarly - If you convince enough voters to vote for Trump then is democracy flawed? It's a philosophical question I guess :)
Re: (Score:2)
It's a feature of all "trustless" blockchains. "Feature" meaning a characteristic, which you may regard as negative or positive, depending on who you are.
A basic blockchain is just a special case of a hash tree, which is a pretty pedestrian linked list except that it's got a set of hashes that make it easy to verify integrity. Git uses a hash tree.
If you don't want to have some kind of central, trusted authentication then you have to figure out who's allowed to modify the list. Most use a system where inte
Re: (Score:2, Insightful)
Btw, ETC is a minority fork of ETH, so nobody cares about ETC and it has near zero use
Somebody cared enough to marshall enough computing power to overwhelm the network, which is why we are discussing this.
Re: (Score:1)
Re: (Score:1)
The definition of a shitcoin is one which isn't heavily used. So all you're saying is that Bitcoin is immune to problems specific to shitcoins so long as it doesn't become a shitcoin. But the potential for it to become one certainly exists.
Re: (Score:2)
Except that he didn't get 51% of the vote.
Re: (Score:2)
Sure he did. You're just mistaking the "popular vote" for the actual vote. The US electoral college system has some similarities to the way most cryptocurrencies work. You've got individuals with computers who group together into mining pools. The individuals with computers express a desire (that bitcoin transactions obey the rules) but it's the people who run the mining cooperatives who actually get to vote.
Re: (Score:2, Interesting)
China controls 80% of the hashpower for Bitcoin, between 4 major pools that it controls. China sets the price of Bitcoin and consequently most other cryptocurrencies.
it is no coincidence that the crash in crypto roughly coincided with the Cheeto-in-Chief declaring TradeWars on China.
sounds like democracy! (Score:2)
Clearly e-coins are the currency of the future. (Score:1)
Will they never learn?