A little more than a week ago, a researcher hiding under the nicknames team-periwinkle and GeoCold (in honor of the famous hacker George "geohot" Hotz), promised on Reddit that he would attack 51% on the cryptocurrency Einsteinium (EMC2) and will broadcast what is happening live. GeoCold kept his promise, although he did not attack Einsteinium, but the bitcoin Private cryptocurrency (BTCP), but the hacker warned about a possible change of the victim token in advance. As planned, the researcher demonstrated his attack live, first via Twitch, then via StreamMe. Eventually, it was banned on both platforms. Update on the stream. Got banned from two streaming platforms fairly quickly. I'm going to try to find a platform where I can be assured report spamming won't work. If not I'll just post a video on youtube. But attack wise: We got ~70% of BTCP's network and I was about to fork it — GeoCold "Mischief-Maker" (@geocold51) October 13, 2018 However, the attack failed and GeoCold proved its point – to carry out a 51% attack on a crypto currency with a small market capitalization is not so difficult. The hacker told BleepingComputer that this is not the first such attack on His account, and listed nine steps necessary to implement such a scheme: you will Need two servers with one wallet running on them. On one of the servers we set up a mining pool, let's call this server offline. We will disconnect a purse of this server from all peers in a network. Let's make a transaction from address A (which is relevant for both wallets/servers) to address B – any arbitrary address that also belongs to us. Now we start mining with a hashrate above 50% of the total hashrate of the coin, so that we can consistently receive a longer blockchain than the normal network. Now to the online wallet / server, we send the money we just transferred from the offline server to the exchanger. Wait until they arrive at the Deposit, exchange for any other cryptocurrency, for example, Bitcoin, and withdraw them. At this point, we will have a longer blockchain on our offline server that contains a transaction that conflicts with the one we just sent to the exchanger. We bring an offline server online, and the world will know about our new, longer blockchain, and everyone starts using it because it's longer. They merge their chains with ours and find conflicting transactions (the one we sent from address A to address B and the one that was addressed to the exchanger). They choose a transaction from address A to address B because it is part of a longer chain. Boom! Ready, you have doubled your money with the help of cryptomeria. Attacking BTCP, GeoCold managed to carry out the first six steps from this list in front of the audience of his streams. The seventh step he completed offline, but did not bring the attack to end without viewers, after all, the idea was to demonstrate the problem, not the mindless implementation of financial fraud. "I think the world should know how easy it is to pull it off. When you tell people about the attack 51%, they say that it is impossible for reasons X,Y, Z, and I wanted to show them that it is possible, and developers need to fix their coin", — says GeoCold. To protect against such attacks, according to the researcher, is not so difficult. It is enough to use a checkpointing or hybrid Proof of Stake, which will allow to carry out transaction validation and mining, based on the number of coins available to the user
Hi @serfis, I'm @checky ! While checking the mentions made in this post I noticed that @geocold51 doesn't exist on Steem. Maybe you made a typo ?
If you found this comment useful, consider upvoting it to help keep this bot running. You can see a list of all available commands by replying with
!help.