Hacking Cryptos: Part 1
I want to shed some light on a different, darker aspect to this world of cryptocurrencies. I want to go over why this space is so rich with hackers and the different ways they’ve successfully infiltrated this space. Some may consider this a necessary evil, if you’re not sure how hackers could be considered good, I’m happy to show you that different perspective as well.
So let’s get into it.
It shouldn’t come as that big of a surprise to learn that this world of cryptocurrency is like an ocean teeming with sharks, except those sharks are hackers who are always looking for ways to capitalize on weak security practices.
This space was created by geniuses who are some of the best coders in the world.
Not everyone who is involved with cryptocurrencies went the way of the “good”.
Some saw a more lucrative future in:
- finding holes in the code of the actual cryptocurrency
- finding ways to manipulate these popular centralized exchanges
- preying on the new users who didn’t know or chose not to take strong security measures for storing their cryptocurrencies.
First I want to address why hackers could be viewed in a way as a positive thing.
It’s pretty basic actually, hackers find ways that cryptocurrencies are weak. They find what are called attack vectors and they capitalize on them, literally.
Even though these attacks often result in monetary losses and delays in development (which sucks), the fact that they reveal how different networks or code is weak is a good thing.
They show the development teams what has previously been overlooked or underestimated.
If the dev team is qualified to meet the challenge, it ultimately strengthens the code and brings awareness to needed improvements, resulting in a stronger project that is less likely to fail in the future.
On the flip side, if an attacker takes advantage of a weak project and that project can’t recover due to a weak dev team, it should be seen as a positive that that particular project has been weeded out.
Welcome to the free market, where projects will fail, and there is always room for improvement.
There are different aspects to a cryptocurrency:
- There is the actual code which dictates everything from the algorithms used to produce blocks, to how many coins will be created, to how the wallets will function.
- There is the network which ultimately supports the cryptocurrency.
The network is made up of individuals or companies who own the computers which process the transactions, create new blocks for the blockchain and also double check that the transactions are legitimate to prevent things like double spending. These are the nodes, and the miners that you’re always hearing about. If you want to learn more and more specifically how these work to secure the networks of cryptocurrencies, go ahead and check out the links I’ve posted down below, there you’ll find some different videos I’ve created that cover those more in-depth.
Today we’re going to learn about a type of attack that is brought up a lot in this space and that is the 51% attack.
VIEW VIDEO HERE^^^
This type of attack can happen to a cryptocurrency’s network.
And as the name suggests, it refers to the occasion where one single entity gains control of over 50% of the network.
They’ve gained control of the majority of the network. This pretty much gives them the ability to control transactions. They would be able to deny transactions, double spend coins, and fork whenever and for what ever reason they’d want.
It’s centralization at its finest and it’s something that networks should do their best to avoid.
This has actually happened to the Bitcoin network back in 2014 when one mining pool called Ghash.io found itself in control of more than 50% of the network. Lucky for us they immediately scaled back their operation and vowed never again to surpass 39% of the network.
Of course nowadays we’re all seeing the massive Bitcoin mining pools in China and how that’s an ever present source for FUD for Bitcoin and rightfully so.
The reality is that 51% attacks are extremely expensive to support. For a network the size of Bitcoin, the cost of controlling the amount of computing power needed to overtake the network would be astronomical. For other, smaller networks, 51% attacks are relatively easier and more affordable to execute.
In fact we’ve seen this recently with projects like Shift, ZenCash, Bitcoin Gold, and Verge.
There are some ways to stop 51% attacks, but many of them are reactionary. For example, according to ccn.com: “…the attacking entity can be boycotted or more drastically the attacking entity can theoretically itself be attacked via a Distributed Denial of service attack or there can be coding changes at the protocol level.”
Additionally, when a network is experiencing a 51% attack and it’s publicly known, you’d better believe the price of that coin is going to drop, so much so that the attack itself quickly becomes unprofitable. So this in itself keeps these types of attacks from lasting very long.
Some argue that cryptocurrencies using Proof of Stake are immune to these types of attacks. It is still technically possible for Proof of Stake blockchains to be victims of a 51% attack but depending on the size of the network and the price of the coin required to stake, an attack of this nature on a Proof of Stake blockchain would prove to be extremely expensive.
There’s really not much you can do in this situation as an average user or investor of that cryptocurrency other than stopping from making any transactions. However, if you find yourself in the position of running a node that is securing this network at the time of a 51% attack, it’s in your best interest to get informed of any updates on how to boycott that particular entity, and also stay informed on any updates to protocols so you might help discourage the attacker from continuing his mission.
It’s important to understand how different attacks on cryptocurrencies can happen because if you want to protect your own cryptocurrency investment, it’s a great idea to know how to prevent yourself from being a victim of one, or at the very least, you should be aware of what can go wrong.
Like I said in the beginning of this video, there are attacks that target the code of a cryptocurrency, attacks that target the network of that cryptocurrency and there are the attacks that target specific wallets, like the honeypots found on centralized exchanges.
By the end of this little series you’ll be better equipped with the knowledge it takes to analyze different cryptocurrencies and see in which ways they might become susceptible to hacks and you’ll also have the foresight to realize what kind of pressure the respective dev teams are capable of handling.
Additional Reading/Links:
Attack vectors defined and explained
Video on Nodes
Video on Miners
How to defend against 51% attacks
Coolest girl in crypto ever.
Wow what a day, what a night. Stay safe.
stay safe
sharing permission ..!
a very useful enlightenment to anticipate hacking attacks.
This type of attack has always been my fear with Bitcoin. Since the majority of Bitcoin miners are in China and the Chinese government is Communist, at any time, the government "owns" the miners that are running in it's country.
So ... if over 50% of the miners reside in China, then effectively, a single entity (the Chinese Government) has control of over 50% of the network.
I know, I know, it's a conspiracy theory ... but it still occasionally worries me.
very useful this information ! too important to be very careful when cinchos!
This is some good reads!! Resteemed for future reference!
https://www.crypto51.app/
This is a collection of coins and the theoretical cost of a 51% attack on each network.
Interesting page you should check it out!
None of these hackers ever seem to get caught i wonder how many are teenagers
hacking is always a interesting thing in the internet world but hacking of crypto somewhere scares you but now a days security of every blockchain become so high that hacking become very hard ; ) hope for positive
This might be a little off topic but I'm not a developer and would appreciate your opinion. What are your thoughts on quantstamp or similar projects? Do you think automated smart contract auditing will be a likely solution to security issues?