High Risk Of Double Spend Attacks Is A HUGE Vulnerability For Bitcoin Cash - Here A Full Explanation
bitcoincash·@michiel·
0.000 HBDHigh Risk Of Double Spend Attacks Is A HUGE Vulnerability For Bitcoin Cash - Here A Full Explanation
Double spend attacks happen regularly on the Bitcoin Cash network, this means that the receiver thinks that he is paid already, but it turns out to be not the case. [HERE](https://doublespend.cash) you can find all the detected double spends, it is unknown in how many of these cases the product was already given out by the receiver. Probably many have lost money through this form of theft. Since it is relatively easy and profitable I suspect things will get worse. When BCH is shorted (leveraged) before the attack the profit can be even bigger. >In other words: A major security flaw for BCH  ## The big invention of Satoshi The hilarious fact is that Bitcoin was the first successful attempt to create digital scarcity by solving the ‘double spend’ problem. Of course a double spend attack as described here will not lead to an increased maximum supply, but it enables theft. It is actually a security flaw that doesn’t belong to Bitcoin that is praised for it’s high security level.  ## What is a double spend? A double spend happens when an attacker is broadcasting two different transactions to the network where the same funds are used. One transaction is to himself and the other one is to the merchant. The idea is that the attacker makes the merchant confident that he received the payment and ships the product, while ensuring that the transaction to himself will be included in the (longest) blockchain. Once the transaction to the attacker is permanently included, the other one to the merchant will be rejected or cancelled while the product is already shipped. The possibility or ease to double spend depends on the following factors: ### 0-confirmation transactions / amount of confirmations In Bitcoin 0-confirmation transactions are not done. A transaction needs at least 1 confirmation to be counted as received, but 6+ confirmations is seen as safe. When you want to make onchain transactions you will always have to wait at least till the next block is created (every ten minutes), for instant payments the Lightning Network is developed. Bitcoin Cash rejected Segwit and thus the Lightning Network, they use 0-confirmation transactions to enable instant payments. Also, Bitcoin Cash proponents are actively promoting the use of 0-conf transactions and claim that BCH is very useful for commerce because it is fast. >By the way: This is Satoshi’s vision about 0-conf transactions:  ### Hash rate When two diverging blocks pop up the chain will split temporarily and the side of the split that forms the longest chain will be seen as the official blockchain and the other chain will be invalidated and disappear, so also it’s transactions. Also miners can decide about transactions that they want to include when they find a block. This means that hash rate gives power to write and rewrite blocks and enables big miners to execute certain double spending attacks. Bitcoin Cash has only around 10% of the total hash rate, so a small group BTC miners can easily attack Bitcoin Cash, while BCH miners can hardly influence Bitcoin.  *Left is BTC and right is BCH* ### Block propagation time When it takes longer to propagate blocks the miner that found the last block has a bigger advantage for the next block because he can start immediately while the others are still waiting for the block information. This leads to centralisation and makes certain (double spend) attacks easier. Also, sending a different block to different nodes will take longer to be detected. Actual block size is the most relevant influencer of propagation time, the bigger the blocks the slower the propagation. I can’t find comparison between the propagation time of BCH and BTC, but since BCH blocks are very small at the moment because nobody is using it and there are less nodes to propagate to it might be some faster at the moment. As soon as blocks start to fill up it will become much slower.  *Nobody use BCH (yet), only 0.2% of the 32 MB block space is currently used* As you can see [HERE](http://bitcoinstats.com/network/propagation/), the Core devs managed to bring the time that 50% of the nodes receive the latest block back from around 5 seconds in the early years to 1.5 second now while the blocksize has grown bigger and the amount of nodes has increased. I couldn’t find any info about Bitcoin Cash, so can only speculate. In this post is the risk for BCH and BTC caused by propagation time considered even at the time, but in the future it will be much bigger for BCH when blocks get full.  ## A successful double spend of 30 BCH took place recently  This is a HUGE deal, since this means that there is a huge hole in the security model of Bitcoin Cash that allowed a thief to steal 30 k USD from probably a merchant or exchange. This means that the use of Bitcoin Cash is not safe, you can lose money directly when you get attacked or indirectly when the price drops after a big attack. Since hash rate is one of the factors to allow a double spend, a price crash could increase the amount of successful attacks because the hash power will be lower (move to BTC) and crash the price again, this could become a real dead spiral. ## Why is Bitcoin Cash much more vulnerable than Bitcoin There are multiple ways to execute a double spend attack, and all of them are way easier on Bitcoin Cash. I will go through all the on [Bitcoin Wiki](https://en.bitcoin.it/wiki/Irreversible_Transactions) described attacks and explain the difference between BTC and BCH.  ### Race Attack  This attack can only be executed when 0-conf transactions are accepted. In BTC 0-conf is not done and in BCH it is used and heavily promoted, so only BCH is vulnarable. When BCH finally get adopted by real users and blocks become filled up (or spam, can eventually be done by the attacker), this attack becomes even easier because slower block propagation will make it take longer to detect. ### Finney attack  Also here only BCH is vulnerable because the use of 0-conf transactions. Furthermore, because BTC miners can shift temporary to BCH from BTC there are much more possible attackers (add up the hate against BCH). Also, when BCH blocks become full and thus propagation time is longer the attack becomes easier because the other miners are delayed more and this will give the attacker more time to execute his attack before other miners interrupts him by finding another block. ### Vector76 attack  This attack is possible on BCH and BTC as well. However, on BCH it is way easier to execute because it cost way less to mine a block and the mining cost of one block have to be sacrificed for the attack. Furthermore, there is a way bigger pool of possible attackers because BTC miners can shift temporally to BCH to execute the attack. ### Alternative history attack  This attack requires a lot of hash power and in case of a failure the ‘work’ that is used will be lost with financial damage as result. As you can see here:  https://people.xiph.org/~greg/attack_success.html When the attacker owns 0.4% of the hash power his chance to be successful is just over 50%. Between 0.4 and 0.5% of the hash power his chance will increase from 50 to 100%. It is very hard to take control over 40 to 50% of the BTC hash rate, but only 10% of the BTC miners will own 50% of the BCH hash power when they move over temporary for the attack. This makes BCH extremely vulnerable even with transactions with more than 6 confirmations! ### Majority attack  This attack is really hard and expensive to execute on BTC and when individual miners see that a pool almost reach 50% they will leave this pool to avoid the possibility of an attack to maintain their future income. On BCH only 10% of the BTC miners have to move to BCH to execute the attack, when a part of the attackers is already on the BCH chain a way smaller part of the BTC network is needed. The existence of BCH is increasing the risk for BTC, because it is undermining the game theory as described on the Wiki, miners can move to BCH after attacking BTC so their hardware is not totally obsolete. Here more about a 51% attack: https://steemit.com/bitcoin/@michiel/bcash-is-extremely-vulnerable-for-an-51-attack-attacker-will-make-huge-gains *Note that an attacker needs 10% of the BTC hash rate to shift over to BCH instantly to own 50% of the hash rate. When the miners shift slowly they will make other miners leave because the difficulty goes up and thus the profitability goes down. In that case they need way less than 10%, some more than 5%. The downside is that a big attack will lower the value of the already minted BCH and it cannot be sold immediately. This have to be figured out by the attackers what is more profitable in the end.* Conclusion: It is very risky to use BCH, seen the profitability it is not the question if a huge attack will happen but when. I would advice all the merchants and exchanges to de-list BCH in order to avoid the attack to happen in your business. It will not only harm you, but the entire crypto ecosystem. >Imagine the mainstream media writing ‘Bitcoin security broken after major hack’. *It will be written like that because Roger spread the false narrative that it is Bitcoin* Bitcoin is a technological breakthrough because of the enormous security level, the knock off BCH is heavily flawed. Bigger blocks will give problems over time and multiple coins with the same mining algorithm is a bad idea anyway: It will destabilise both of the coins, add attack vectors to the majority coin by undermining game theory and make the minority coin extremely vulnerable. >So vulnerable that it shouldn’t even carry the name Bitcoin at all. >Thats why we better call it Bcash *Disclaimer* This is no financial advice, just my view on the market. **Never stress in a bear market anymore: Follow my [diversification protocol](https://steemit.com/bitcoin/@michiel/diversification-protocol-no-stress-in-a-bear-market-always-funds-for-living-money-on-the-sidelines-to-buy-cheap-update-every)** *Store your Bitcoins securely* [Ledger hardware wallet](https://www.ledgerwallet.com/r/93f1) [Trezor hardware wallet](https://shop.trezor.io?a=bitcoinscout.nl) *Trade Cryptocurrencies* [Binance Exchange](https://www.binance.com/?ref=16358580) *Buy Bitcoins anonymous with cash* [Localbitcoins](https://localbitcoins.com/?ch=4ein) *Protect your privacy with VPN and pay with crypto* [Torguard](https://torguard.net/aff.php?aff=3965) *Buy gold securely with Bitcoin and store in Singapore* [Bullionstar](https://www.bullionstar.com/?r=438) **Like this post? RESTEEM AND UPVOTE!** **Something to add? LEAVE A COMMENT!**
👍 anmeitheal, rishi-sayz, wave.beads, michiel, hackerzizon, skskdmlsk, r351574nc3, salty-mcgriddles, sahra-bot, targodan, execc, utks, hardwarewallet, modernprepper, therising, hotvideos, daydreams4rock, markperandin, michellectv, poweredbyweb, danile666, realseb, nate-atkins, decebal2dac, drmake, baldos, zyl, shellyduncan, pinkyblogger, azazqwe, chron, funnystuff, scandinavianlife, mangos, ilikeit, emilhoch, znnuksfe, smartsteem, animad, realestatecoach, ethercraft, cariglee, btcfabian, pablito, daniel3050, agathusia, funny3dkids2, joepee, farhan.sidiqui, xorimaxo, thanhtux92, buildawhale, travelingg, sensation, aro.steem, jgr33nwood, lulita, kenniac, kent1905, marcinszwede, jenny21c, drac59, sutda, g00dwin, alex-steem-it, jamesbrown, scrim11, flamma00, crypto-mammoth, neyong, mezmerizer9, deividluchi, cryptopie, safwan.efendi, rgodoy777, drakos, avengers1, antonvalletas, deriom, samue2013, showtime24, joesdt, kriptonik, inwas797, sudiptad, nibupraju, sulgeykarina, philabsurd, aclarkuk82, satoshibit, maczak6603, francoissagat, karakan, siraj7742175, cryptodiamond27, id1110110111101, maan144,