Double-spending attack that only costs several thousand dollars in order to empty out your wallet has returned! How do you keep your money secure?
During the bear market early this year, a lot of miners have gone out of business and thus led to the double-spending attack of Ethereum Classic. Most recently, on December 1st, Vertcoin (VTC) that uses Proof of Work and anti-ASIC algorithm, has been double-spend attacked again after several attacks in the past. Its total loss in asset has amounted to over 100000 USD.
The main developer of the VTC project, James Lovejoy, expresses on Github that this breach has let the 603 blocks of the main net be replaced by the 553 blocks of the attacker. He also expressed that he has sufficient proof that this attack has been conducted using Nichhash, a hash power lending platform, through which the attacker purchased and rented out hash power to carry out the attack.
Hash power- as-a-service has lowered the hurdle for 51% attack
At present, most consensus algorithms of blockchain are using Proof of Work (PoW). Such algorithm has been used for over 10 years in which each miner solves a hashing mathematical problem. The probability to solve the problem successfully is proportional to the ratio of the miner’s hash power to the total hash power of mainnet. Attacking PoW is simple and easy to understand: such attack, also known as double-spending attack, takes place when an attacker possesses 51% of the overall hash power. The attacker can roll back any blocks in the blockchain by creating a longer and more difficult chain and as a result, modify the transaction information.
In recent years, with the fluctuation in hash power that tails the market movement, several PoW double-spending attacks took place. For example, Bitcoin Gold’s attack in May 2018 with over $ 17.5 million lost. Now such misfortune befell Vertcoin.
The emergence of hash power farm such as Nice Hash provided the breeding ground for double-forking attack to take place. Hackers can rent hashpower to facilitate their attacks. The ETH Classic attack in January and the recent Vercoin incidents were both attacked by rented hash power.
The diagram above shows the price of hash power on the day that the attack occurred. We can see that since the hacker was purchasing a lot of hash power, since Nov 30 the hash power price has been increasing and only reverted after the attack finished.
The ability to migrate hash power and renting the power out signifies that hackers can divert hash power from the competitive Bitcoin and Ethereum network to attack projects with weaker hash power such as Ethereum Classic. The security of one network is no longer limited by whether miners within the main net take more than 51% of the total hash power, rather it is determined by whether the benevolent (non-hackers) miners takes up more than 51% of the total hash power from the pool of projects that use similar consensus algorithm. For example, the hash power of Ethereum is 176 TH/s and that of Ethereum Classic is 9 TH/s. In this way, if one diverts some hash power from the 176 TH/s of Ethereum to Ethereum Classic, then one can easily launch a double-spending attack. Such hash power ratio between the two project is 9/176 = 5.2%, which is a tiny number.
Since hash power can be rented to launch attacks, some top 30 projects have suffered from such attacks. So we can imagine small and medium-sized projects and up-and-coming projects are even more prone to attack with smaller hash power within its network to begin with.
Proof of Stake (PoS) can prevent 51% attack but with problems of its own
Besides PoW consensus, another popular consensus algorithm is Proof of Stake (PoS). The core concept is that the right to create the block belongs to one that owns more tokens, similar to shareholders with more number of shares in the stock market. If one holds more tokens, he/she will receive more rewards. Its advantages lie in that on one hand the algorithm avoids wasting energy like that in PoW calculation. On the other hand, its design determines that the PoS will be not subjected to 51% hash power attack since the algorithm requires the miner to possess tokens in order to modify the ledger. In this way, 51% attack become costly and meaningless.
In terms of disadvantages, the node faces problem of accessibility. PoS requires permission to enter and nodes cannot enter and exit easily and lacks openness. It can easily be forked and short of decentralization. In the long run, the algorithm leads to Matthew effect of accumulated advantages whereby miners with more tokens will receive more rewards and perpetuate the cycle.
Importantly, the current PoS consensus has not been verified for long-term reliability; whether it can be as stable as the PoW system is yet to be verified. For some of the PoW public chains that are already launched, if they want to switch consensus, they need to do hard fork, a process which divides communities and carries out a long consensus upgrade and through which and Ethereum is undergoing. Is there a safer and better solution?
QuarkChain Provide THE Solution: High TPS Protection + PoSW Consensus
For new-born projects, and some small or medium-sized projects, they are facing the problem of power attack. PoW-based chains are bound to have fewer chains with lower hash power than others (ETC vs. ETH, BCH vs BTC), thus increasing the risk of attack. In addition, the interoperability between chains, such as cross-chain operation, is also a problem. In response, QuarkChain has designed a series of mechanisms to solve this problem. This can be summed up as a double-chain structure with a calculation power allocation and PoSW.
First of all, there is a layer of sharding, which can be considered as some parallel chains of which each chain handles the relative independence of the transaction. Such design forms the basis for ensuring the performance of the entire system. To avoid security issues caused by the dilution of the hash power, we also have a root chain; the root chain block does not contain transactions, but is responsible for verifying the transaction for each shard. Relying on the hash power distribution algorithm, the hash power of the root chain will always account for 51% of the net. Each shard, on the other hand, packages their transactions according to their own consensus and transaction model.
Moreover, QuarkChain relies on flexibility that allow each shard to have different consensus and transaction model. Someone who wants to launch a double-spending attack on a shard that already contained in the root chain must attack the block above the root chain, which requires calling the 51% hash power of the root chain. That is, if there are vertical field projects that open new shards on QuarkChain, in case of insufficient hash power , an attacker must first attack the root chain if he or she wants to attack a new shard. The root chain has maintained more than 51% of the network’s hash power, which makes the attack very difficult.
As illustrated in the diagram above, if the attacker wants to attack QuarkChain network, one would need to attack the shard and the root chain simultaneously.
PoW has achieved high level of decentralization and has been verified for its stability for a long time. Combing PoW with the staking capability for PoS wouldt make use of the advantages of both consensus mechanism. That is what QuarkChain’s PoSW achieves exactly.
PoSW, which is Proof of Staked Work, is exclusively developed by QuarkChain and run on shards. PoSW allows miners to enjoy the benefits of lower the mining difficulty by staking original tokens (currently it’s 20 times lower). Conversely, if someone malicious with a high hash power and does not stake token on QuarkChain, he will be punishable by receiving 20 times the difficulty of the hash power, which increases the cost of attack. And if the attacker stake tokens in order to reduce the cost of staking, he need to stake corresponding token, which will cost more.
Take Ethereum Classics (ETC) as an example, if ETC uses the PoSW consensus, if there is another double-spending attack similar to the one in January, the attacker will need at least 110Th/s hash power or 650320 ETC (worth $3.2 million, and 8 TH/s hash power), which is far greater than the cost of the current attack on the network (8Th/s hash power) and revenue (219500 ETC).
Relying on multiple sets of security mechanism, QuarkChain ensures its own security, while providing security for new shards and small and medium-sized projects. Its high level of flexibility also allows the project to support different types of ledger models, transaction models, virtual machines, and token economics.Such great degree of security and flexibility will facilitate the blockchain ecosystem to accelerate growth of innovative blockchain applications.