Bitcoin Gold: We want you to know what’s going on, what we’re doing, and what’s going to happen next.
Via Bitcoin Gold Blog:
We have recently sent a detailed memo to the Exchanges who carry Bitcoin Gold, but we also wanted to be transparent and share information with the public. (If you’re with an Exchange that has not received the memo, please get in touch via the usual channels or This email address is being protected from spambots. You need JavaScript enabled to view it..)
Background
As anyone watching our Twitter or Forum posts was aware, there have been recent “51% Attacks” done using the Bitcoin Gold blockchain to attack Exchanges with something called a “Double Spend.”
This is not due to some flaw in blockchain technology; any blockchain – even Bitcoin – can theoretically be attacked by a malicious actor who can control more hashing (computing) power than all the honest miners. Of course, the biggest risk is to a smaller network in the shadow of a bigger one. Bitcoin has an order of magnitude more hashpower than some other coins mined with the same SHA256 algorithm, like Bitcoin Cash and Digibyte, so Bitcoin is relatively safe. Likewise, Zcash has an order of magnitude more hashpower than other coins mined with Equihash, like Bitcoin Gold, ZenCash, and Komodo, so Zcash is relatively safe.
So, why target us, and not another Equihash-based coin? Frankly, it’s likely because we are on more large Exchanges, with significant liquidity and fairly deep order books – these are necessary for an attacker to be able to profit from such an attack. And, as news reports show, we’re neither the first nor the last coin to be attacked this May.
Risks
Ordinary users aren’t at risk, funds held as BTG aren’t at risk, and any trades with known partners aren’t a risk, either. The only real danger is to anyone who unknowingly trades directly with the attackers for very large sums on an automated system. In other words, Exchanges.
The power to perform such an attack is expensive – the attackers need to control a huge wave of mining power. So mounting an attack is costly and, if it fails, will lose money. Attempting such attacks to steal $100 or $1000 can’t be profitable, but attacks for much larger dollar values will tempt criminals to attack Exchanges, and so they did. You can read more about how a Double-Spend attack works here.
While this problem isn’t unique to Bitcoin Gold and doesn’t represent a flaw, we consider our Exchanges to be critical partners in our Ecosystem, so in a theoretical sense, attacks on Exchanges are attacks on us all. And even when the attacker fails to steal BTC or some other currency from an Exchange after their double-spend, their 51% attack causes a “reorganization” on the blockchain, which is disruptive to honest users and steals mining revenue from honest miners… this means they literally are an attack on us all.
We can see how many attacks were made, but we can’t tell how many were fully successful against the Exchanges, nor can we be certain which Exchanges were attacked.
Response
To help them protect themselves, we’re monitoring the situation carefully in a variety of ways to rapidly alert the Exchanges when we can tell an attack is in progress. (The last known attempt was on May 19th.) This is why many Exchanges dramatically increased their confirmation requirements, or else closed their deposit wallets entirely. Of course, we need to be in close contact to be able to alert them promptly – any Exchange that has not yet joined our emergency communications channels should reach out to the team immediately!
Most of you also know that we were already planning a major upgrade soon, near the end of June. This was to change our Proof of Work algorithm so that BTG could not be mined on upcoming ASIC hardware – we expect ASIC hardware to ship from Bitmain around then, potentially delivering a huge wave of mining power, and we don’t want that to impact our existing miners.
This algorithm change has a second effect. Right now, we share our Proof of Work algorithm (Equihash) with many other coins, so collectively, the pool of Equihash power out there is much bigger than our individual network’s hashpower. But when we change our Proof of Work, we’ll be on a different algo which doesn’t have such a large amount of power out there which some entity could try to control. This means our blockchain will become dramatically safer from a 51% attack immediately when we fork to the new network… and which is why we’ve moved up the date to be As Soon As Possible.
Network Upgrade with new Proof of Work
We’ve been working at an incredible pace the past days to put the plan and pieces together, and we expect to upgrade our mainnet approximately seven days after the necessary software is up and running on our testnet. This upgrade will require some software updates on the part of Exchanges, Wallets, Pools, Explorers… While it would be better to give all our partners more than seven days to test and deploy to avoid disruption, these attacks have already forced disruption on us all, so we feel it’s best to get the upgrade completed as soon as we possibly can.
We’ll provide another update with a progress report on the testnet status within another three days, or sooner if it’s ready; we aim to be able to give a firm date for the actual mainnet upgrade at that time.
The Community considers these attacks on Exchanges to be attacks on us all, but we and our Community are resilient and remain dedicated to decentralized solutions.
We’re encouraged by and grateful for the responses and support we’ve been receiving from our Community, as well as the communities of other coin developers we’ve been in touch with, the developers of mining software, and even academics and industry researchers who work in hardware – it’s heartwarming to receive encouragement and advice from so many of you, and we deeply appreciate it. Thank you, all. We know that many are looking to us to lead the way, and it’s our intention to serve as an example to other projects in the community that are dealing with these sorts of malicious attacks from centralized mining power. In the end, decentralization is the answer.
We’ll continue working hard to get this out as soon as we can.