Cryptocurrency Nescience

A successful 51% attack on Ethereum Classic (ETC) occurred 6 days ago.

Every ETC owner in their right mind should have gotten rid of it by now, yet there have been 3 days in which the opposite occurred. WHY?

Possible Explanations

  1. Too busy to notice
  2. Too rich and don’t care
  3. Don’t think it matters

Likely Answers

It’s likely a combination of #1 and #3.

And it boils down to a lack of understanding.

Cryptocurrency is more volatile in nature than most other assets we might own. That being so, it behooves us to understand what can cause our holdings to depreciate rapidly in value.

Rather than bore you with technical details and excerpts from a white paper let’s talk about what you, I or any greedy person can do to take somebody else’s ETC and put it in our pockets.

Crypto51.app

Cryptot51.app is a scary little web site that shows us how much we’d have to pay nicehash.com to perform an hour’s worth of a 51% attack on various cryptocurrencies.

See the NiceHashable column? Anything 100% or above means that we are able to rent compute resources on NiceHash to rewrite that cryptocurrency’s transactions. An hours worth of time for ETC will cost us $4,179.

That should have scared all ETC-owning dummies enough to lose confidence in the security of ETC, but it hasn’t.

We’ll continue our ETC horror story after discussing NiceHash.

NiceHash.com

This is another nifty web site where we can rent (or sell) some computer time to perform cryptographic hashing functions.

Various Hash alogrithms are used by different cryptocurrencies to perform various cryptographic functions, e.g., Bitcoin uses SHA256 to solve the POW puzzle mentioned in the Bitcoin whitepaper.

Rewards vary per cryptocurrency as does the level of effort to perform the hashing functions (and the compute power of various computer makes and models). There’s a market for both buyers and sellers of compute resources. Those metrics change constantly, but relatively slowly.

NiceHash has a calculator that will tell us how much money we can make by renting out our computer’s computation capability.

Enough digression… back to our horrific tale of our fictitious, under educated ETC owner, Peter.

The Mechanics of a Double Spend Attack

Right now (at this moment for an investment of $4,179) we can have our way with transactions occurring on ETC blockchain. Six days ago the attackers made off with about $1M. How’s that for a return on investment (ROI)?

Suppose Peter buys a peck of pickled peppers with his ETC…

… from an online merchant using their Guaranteed SAFE checkout cart:

As Peter spends his ETC, we can divert the money Peter intended to send to Merchant (C) into our ETC wallet (A2), see diagram below.

The merchant must wait for the requisite number of confirmations before collecting their “guaranteed safe” money.

But, by that time, with the compute power we rented from NiceHash, we’ve re-written that block to send Peter’s money to our ETC address instead.

This image was authored by coinbase.com

Once we have Peter’s ETC, we immediately trade it for something of value, e.g., Bitcoin or USD.

Looking at the table below, we see that ETC takes 24 minutes (120 confirmations) before the merchant will consider the transaction “safe” to accept.

We have at least 36 minutes to manipulate ETC transactions as we wish or until the astute team at Coinbase sees what we’re up to. Coinbase can freeze our account and stop all ETC trades on their exchange, but we’re too smart to register with the Know Your Customer (KYC) program there. We use an exchange that does not verify our identity and allows us to trade in large amounts. We’re anonymous, we’ve cashed out and we’re rich! (And might stay that way.)

Can we re-write historical transactions and take even more ETC?

Yes, but that will take more compute power and we can only take ETC up until the last checkpoint. (A checkpoint is where the current, last block hash is written into the code that the miners run, making it impossible to overwrite the chain prior to the checkpoint.)

An argument can be made that checkpoints don’t add security, “If checkpoints make a difference then the blockchain is already compromised.” But in the case of ETC it doesn’t matter because it has no checkpoints.

We can short ETC and then attack it. The ETC price should plummet and we’ve made money coming and going. Now,we’re a multi-millionaires, but likely going straight to hell. ¯\_(ツ)_/¯

Credits

In case you haven’t heard, Laura Shin hosts what I believe is simply the best podcast series about cryptocurrencies and blockchain technology on the planet. The original one Unchained takes a deep dive into the guest’s background or single topic. The new podcast, Unconfirmed is shorter and discusses news of the week.

The following Unconfirmed podcast motivated me to write this article:

Conclusion

If you don’t have time to learn the fundamentals of how your cryptocurrency holdings work, sell; if you do then take my course.

Look it. You can read all the Medium articles about blockchain technology and watch all the YouTube videos on the planet and still feel uncertain about how this it works.

If you’re like me, you need to see things work. Better yet, build it, stop it, start it, break it and fix it again….then you will finally “get it”.

Introducing my Cryptocurrencies Developers Class

It’s an all day course on Saturday, Feb. 2.

Want to learn how blockchain technology works?

Part 1 — Learn the fundamentals of blockchain technology, how Bitcoin works, what makes Ethereum different, how Smart Contracts work.

Part 2 — Implement the components of a Blockchain we learned in Part 1 to to create your own cryptocurrency. Code an Ethereum smart contract.

Register here: https://www.eventbrite.com/e/cryptocurrencies-developers-class-tickets-54789982312

B.S. in Computer Science (minor: Business) from Auburn University