Multiple reports this weekend indicate that Bitcoin Cash (BCH) is the victim of a double spend attack or 51% attack.
A double spend attack is exactly what it sounds like. You can spend “money” twice. For a good explanation of how this may occur with a 51% attack (basically once you capture more than 50% of blockchain you control it) – is available here.
Yesterday, Bitmex Research posted a long explanation of the attack pointing to a hard fork that took place on May 15 creating a vulnerability that nefarious actors exploited.
Bitmex explains:
“Bitcoin ABC, an important software implementation for Bitcoin Cash, appears to have had a bug, where the validity conditions for transactions to enter the memory pool may have been less onerous than the consensus validity conditions. This is the opposite to how Bitcoin (and presumably Bitcoin Cash) are expected to operate, consensus validity rules are supposed to be looser than memory pool ones. This is actually quite an important characteristic, since it prevents a malicious spender from creating a transaction which satisfies the conditions to be relayed across the network and get into a merchants memory pools, but fails the conditions necessary to get into valid blocks. This would make 0-confirmation double spend attacks relatively easy to pull off, without one needing to hope their original payment doesn’t make it into the blockchain. In these circumstances, an attacker can be reasonably certain that the maliciously constructed transaction never makes it into the blockchain.
An attacker appears to have spotted this bug in Bitcoin Cash ABC and then exploited it, just after the hardfork, perhaps in an attempt to cause chaos and confusion. This attack could have been executed at any time. The attacker merely had to broadcast transactions which met the mempool validity conditions but failed the consensus checks. When miners then attempted to produce blocks with these transactions, they failed. Rather than not making any blocks at all, as a fail safe, miners appear to have made empty blocks, at least in most of the cases.”
Bitmex states that the total value of the 25 double spent transactions is 3,391.7 BCH or about $1.36 million.
Bitmex said the attack was quite sophisticated and required extensive planning on the part of the hackers.
As well, yesterday Guy Swann posted a series of Tweets on the attack and the fact “no one seems to be talking about it.”
‼️#BCH /#bcash was hit by 51% attack from just 2 miners, https://t.co/gZNf6P1G3l & https://t.co/2gkV6KUcCt
– & no one seems to be talking about it. 🤨Thread 👇🏻
1/ What I’ve gathered from loose details:
First, there was an unintentional split with the recent #BCH “upgrade.”— Guy Swann⚡ (@TheCryptoconomy) May 24, 2019
Swan said that “just 2 miners, in secret & w/ no trouble, took it upon themselves to remove 2 blocks w/ another’s TXs, & replace with their own. Bizarrely, some are celebrating! Some devs are quiet, but jtoomim (#BCH dev) called it “justice,” & “punishment” for “antisocial behavior.””
The allusion to a celebration is representative of the diverse opinions regarding Bitcoin Cash which is an offshoot of Bitcoin that is attempting to solve the shortcomings of its older sibling.
Perhaps more worrisome is the fact that hacks like this impact the entire crypto community as it rips the veneer off of a value system that is unregulated and too frequently easy to exploit. Bitmex says this is “not positive news for Bitcoin” as it “shows that it may be possible in Bitcoin.”