Ethereum Classic ($ETC) was 51% attacked yesterday. This is the largest cryptocurrency that has ever been 51% attacked, and it has really interesting implications for the future of PoW currencies. Thread. 👇

It was once assumed that 51% attacks would kill cryptocurrencies. But we've seen several major cryptocurrencies get attacked in the last year, and we can now put that thesis safely to rest. ETC only dipped 7% after getting attacked. Markets basically shrugged it off.

Verge actually *gained* in price after being 51% attacked. This seems totally fucked—if blockchains aren't valuable for their security, what the hell makes them valuable?

Most people don't actually understand what 51% attacks let you do. So first, a primer. When you own 51% of the hash rate, you can't steal money or spend other people's coins. The only thing you can do is *revert blocks*.

You know the whole thing about the blockchain being immutable? That's what breaks when someone has 51% of the hashrate. So how do you actually cause havoc through reverting blocks?

You've got two choices. Say you're China and you want to completely destroy Bitcoin—you can mine empty blocks (and ignore everyone else's). Thus, the only blocks in the longest chain will be empty. This makes Bitcoin basically unusable for everyone else.

But this is super expensive, and the only way to make money off it is by simultaneously shorting the currency. Right now you can't short enough Bitcoin to make this attack profitable. This attack is only worrying if you're extremely well-capitalized and willing to burn money.

The more realistic attack is the feared *double spend*. Basically, you have a coin that you trade for an asset off-chain (such as a painting, or a bag full of USD). After that payment is confirmed, you receive the asset out of band.

But later, you create a longer chain in which your coin was spent in a different way (such as to yourself). Everyone accepts the new chain because it's longer, but in this new chain, your payment is now conflicting and is considered invalid.

You've now *unspent* your own coin. Hence, a double-spend. 💸 💸

So turns out, not many people are selling paintings or bags full of USD for crypto. There's only one major business that sells real-world things for crypto: exchanges.

Hence, exchanges are the primary targets for 51% attacks.

Almost every realistic 51% attack will go as follows: deposit crypto on exchange -> withdraw to other chain / USD -> revert original crypto deposit. The attacker has now 2Xed their money.

So that all makes sense in principle. So what does the average user care?

The answer: they don't.

In practice, if there's a long chain reversion, almost all of the bystander transactions will remain intact (those transactions pay fees, so why not include them in your fork?).

If you're the 51% attacker, you want to rob the bank, not some random person on the street. In crypto, that means exchanges. So 51% attacks represent a scourge to exchanges. Meanwhile, individual users don't even notice unless they check Twitter.

It's a sad state of affairs, but if you zoom out, 51% attacks simply look like a tax on exchanges. This seems to be reflected in the market.

But how was ETC, a top 20 currency, able to be 51% attacked?

Pretty easily actually. Turns out, a 51% attack against ETC costs about $5K/hr, all of which can be safely rented from your computer chair. (crypto51.app)

The attacker made ~$250K from the attack, which is a pretty good return.

Coinbase picked up on this pretty quickly and disabled withdrawals for ETC. (blog.coinbase.com/ethereum-class…)

But the target for these double spends was a lesser-known Chinese exchange called gate.io. They were probably targeted because of their weaker AML/KYC.

So what can exchanges do going forward to protect themselves? I have two answers, one standard and one more exotic.

The first is something we've known for a while: PoW is only secure for currencies with high hash rates. We could ignore that in 2018, not so much going forward.

If a currency has liquidity and low on-chain hash rate (especially if GPU-mineable), it's not secure under the PoW model.

BTC or ETH aren't at risk, but other smaller currencies definitely are. So exchanges should start delisting ETC and other PoW currencies with low hash rates.

Copycat attacks will follow soon enough.

Second, exchanges can consider start mounting active defenses against 51% attackers. This is more farfetched, but bear with me. @balajis @phildaian

Say a double spend materializes. An attacker deposits $100K in $COIN on an exchange. They withdraw to another asset, and then release a double-spend chain that cost them $20K to mine. Say it reverts 20 blocks back, but is 2 blocks longer than the longest chain.

The exchange, upon realizing this, rents some hashrate and starts RE-MINING on the original, shorter chain. By expending more hash rate than the attacker (they don't need to mine as far, only a few blocks back), they can re-revert the chain.

If they succeed, they get back the stolen $100K! So why wouldn't they do this? It should only cost them a fraction of what the attacker paid if it's only a 3-block fork, plus the attacker already had a healthy margin of profitability.

If we follow the game theory, this should lead to a wrestling match of the attacker and exchange repeatedly forking the tip of the chain to try to get their hands on that $100K of $COIN. This becomes isomorphic to a dollar auction. @bogatyy en.wikipedia.org/wiki/Dollar_au…

In other words, no one wins. The game theory says they should each keep bidding up until they've both expended around $100K and each stop. So why would exchanges want to do this?

Simple: if exchanges commit to doing this, the incentive to attack goes down tremendously.

Double spends only work if you don't expect retaliation, and exchanges are better capitalized than attackers. It's a kind of mutually assured destruction. If you attack me, I'll get you back.

An ounce of prevention and so on.

It's a wacky idea, but hey, it's crypto, right? FIN