Hostile Chain Takeovers

(source: Roger Ver w/ modification)

This blog post was inspired by a recent long conversation with Jay, Nicola, and Jesse about value in blockchains. In a previous post, Dillon and I explored the concept of merging blockchains. In light of this, I'd like to explore another concept in blockchains: hostile chain takeovers.

For context, most proof-of-work based cryptocurrencies (being the vast majority of them right now) have miners competing for block rewards, awarded proportionally to the amount of computational power they bring to the network. Networks like Bitcoin are some of the most profitable to mine, because of the substantial competition on the network, in part due to the recent value appreciation Bitcoin has gone through (yes it's down from ATH, but still 10x on the year ;))

This reminded me of the earlier days of Bitcoin – if you wanted to add new consensus-breaking functionality without a sidechain, you would clone or fork Bitcoin with new rules. Muneeb Ali previously worked on Namecoin, a human-readable naming system, forked from the Bitcoin blockchain. A few years later, he revealed that one mining pool controlled nearly 60-70% of the hash rate of the Namecoin network, breaking network security guarantees [0]. While that mining pool didn't do anything malicious, it showed that bootstrapping a proof-of-work blockchain from scratch is *really* difficult (and one of the reasons why Ethereum started).

And this doesn't just happen to less secure altcoins – it's happened to Bitcoin as well! In 2014, GHash.io controlled 51% of Bitcoin's network power [1], causing a worldwide scare and panic, and while they didn't do anything malicious, they definitely had the potential to. The incentive to take over the network at the time was limited to none, given if the price crash, GHash.io's expected return would be minimized.

Keep in mind, this can also happen on proof-of-stake based consensus systems – they also suffer from the same network value bootstrapping problem. PoS systems such as Casper and Tendermint have designed incentives to prevent forking in the network (whether this is good or bad). However, systems like these don't require the need for cheap electricity and commodity hardware, potentially amplifying the security (or lack thereof) by directly attaching security costs to the market price of the underlying commodity (on this note, good criticisms on PoS from Mark Wilcox [2] and Paul Storzc [3] that I recommend).

Long story short, all these events have shown that it's possible to take over blockchain networks for potentially malicious reasons, and there may be a couple of reasons for doing as so.

Motives/Attacks

Why would anyone want to take over/break a blockchain? I envision a couple of reasons:

  1. Goldfinger Attacks: Some people just wanna see the world burn (see "On hostile blockchain takeovers" [4])
  2. Governance Takeovers: An imbalance in incentives lead to the Great Bitcoin Scaling Debate of 2015-2017. Different groups of actors in the system (various miners, users, wallets, etc.) wanted to control governance of the protocol to limit/move forward an upgrade. This could happen even more in the future as various blockchains stop being maintained.
  3. Double Spend Attacks: Why not double spend? I've always wanted to create money out of thin air...

  4. Competitive Chains: Chains that solve similar usecases will ultimately compete for developers, users, investors to determine value. If incentives become perverse enough (as money tends to), we could see more attacks 
  5. Forking from Middlemen: Things like founder rewards, ICOs, premines, etc. will often create an incentive for the community to fork away, if they think the value distributed away from the network isn't worth the value brought in by the developer team
  6. Traditional Attacks: Layer this on top of all the traditional blockchain attacks researchers have discovered the past several years. These include bribery attacks, selfish mining attacks, etc.

How chain takeovers materialize

  • Infinite forking
    • Drop difficulty, market token, confuse users
    • Litecoin Silver? Litecoin Cash? lol
  • Find small chains with lower hash rate, and take over 51% of the network
    • This works by either commisioning enough hardware (even easier with ASIC-resistant blockchains) or money to control voting 
    • attempt both soft and hard forks, see what miners stick with
    • Attempt double spends
  • Rally a community that wants change (politics!!!)
    • There are a ton of projects that haven't had code changes in a while. However, these networks still have value resting upon them, and shareholders that want to increase value -> hostile chain takeover time (doesn't necessarily need to be hostile, but it often is)
    • This can probably be used to pump prices (but for the love of god, please don't. This ecosystem is already crazy enough...)
    • Populism works really effectively here (see BIP148 UASF from last August)
    • Raise money to fund a rogue crack developer team to continue development on a chain, whether its abandoned or not
    • Accelerating Evolution Through Forking [5]
    • Often there's a rent premium in certain networks (as mentioned earlier), and more idealogical users don't like the idea of that
  • Introduce some black swan event
    • This one is implied, but often happens more than you'd think
    • Example: Sia team introducing new ASIC for the community, then Bitmain bring a much more powerful alternative, ruining early fixed economics for early adopters, and community largely (and brings up moral questions) [6]
    • Find a new class of attack and let it loose on a chain: Value overflow incident

For most small currencies, it's probably fairly trivial to point some computational power at the currency, and take it over, destroying the value of the underlying coins. This also brings up a larger meta question – do miners have too much power? I'll leave you with two posts ([7] [8]) that explores this question further!


Thanks to Jay Graber, Nicola Greco, Jesse Clayburgh, and Dillon Chen for conversations and/or reading drafts of this. You can follow me on twitter here or subscribe to be notified of future posts.

Disclaimer: I'm not responsible for your blockchain breaking or getting taken over because you didn't think about security enough :). As always, this should NOT be taken as investment advice or recommendations. Finally, this post does not represent the views of my employer, Polychain Capital.