Griefing Bitcoin with a 61% attack

It’s fun and easy to make Bitcoin miserable if you have a supermajority of the hashrate.

Suppose you are a nation-state that’s has dedicated many billions of dollars to effectively ruining Bitcoin. You’ve amassed well over 51% of the hashrate. You now want to shut it down. The easiest thing to do would be simply to mine empty blocks. As Jimmy Song pointed out, the nodes aren’t just going to sit there and keep validating your empty blocks. They will use a command called invalidateblock. So what do you do?

Monopolize the blockchain and make it suck worse than any legacy alternative

This attack is two-pronged. One goal is to chase all other miners out of the arena to gain an effective monopoly. 2) The other is then to run it like an abusive capitalist — demanding excessive fees, allowing governments or big players to blacklist addresses, especially for a fee, anything you want. You’re the boss. Once you’ve controlled it, it’s not Bitcoin.

But wait, what about a soft fork in which miners are whitelisted or others blacklisted?

Now the miners, and also the nodes, will see that you’re doing this. Doing this blatantly is actually part of the strategy. One option the network could do is a User Activated Soft Fork — all nodes in the network decide to invalidate your blocks. The problem here with a decentralized network is that there is no way to tell the good blocks from the bad blocks, especially because we haven’t yet started to do nefarious things with the blocks. At this stage, we are only chasing the other miners out of the market by making all of their efforts unprofitable. Now the nodes and miners could form a cabal and choose to whitelist certain miners. This is possible, but then we’ve created a centralized entity, controlled by a designed set of people, and suddenly we no longer have Bitcoin. Maybe people won’t care — it’s just centralized Bitcoin and you just hope that the cabal remains benevolent. But this cabal, which will be a defined and finite number of entities with their own set of governance properties, will be vulnerable to more classical government attacks. In particular, since they’re no longer a moving target it should be fairly easy for the NSA to identify them and make life miserable. You also have denial-of-service attacks, for the same reason. If only whitelisted miners can mine, any process by which a miner can become whitelisted is necessarily centralized and politicized. So now you just have a blockchain with permission block-scribes. This is far from Bitcoin.

What if the nodes decide to invalidate reorgs more than k blocks deep?

This is a good question. In any of the attacks, one defense is to declare that nodes will invalidate, say any chains that fork more than 6 blocks back from what the node has seen lately. This would have a couple of advantages. First, it would give finality — 6 blocks would mean the transaction has actually confirmed. Also, this would mean that if a group of loyalist miners could get lucky and push some transactions past the 6 block mark, there would be no way for the 61% attacker to ever perform a reorg.

Karen attack



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store