This story is over 5 years old
Tech by VICE

We Can No Longer Ignore Bitcoin's Fatal Flaw

For the first time, one Bitcoin mining entity gained a majority of the total network, making the threat of a "51 percent attack" quite real.

by Thomas Fox-Brewster
Jun 16 2014, 3:04pm
Image: Shutterstock/Julia Zakharova

Bitcoin is no longer decentralised and the cryptocurrency needs fixing if it’s to survive. That’s the warning some cryptocurrency researchers are giving since a single entity, a Bitcoin mining pool called GHash, managed to acquire 51 percent of total network mining power for 12 hours straight at the end of last week.

Even though its monopoly was brief, this is bad news for those who were attracted to Bitcoin for its distributed foundation, designed to decentralize trust and prevent anyone from gaming or controlling the system. GHash, if it was able to consistently hold on to 51 percent or higher, could effectively act as a central Bitcoin bank if it so wished.

This power is possible because Bitcoin miners vote to verify every transaction before it's added to the blockchain, which records those transfers. But when there is a majority miner, they can rig the votes and effectively prohibit or deny any transaction.

This means they can spend coins that aren’t theirs or take other miners out of the game, either by preventing transfers or swamping their networks with fake transactions, causing denial of service conditions. They could also extort users by rendering addresses—what most call wallets—unusable unless a high mining fee is paid.

"If the FBI wants to close down the successor to Silk Road, they don't have to hack or arrest the chief pirate; they can get a court order compelling the dominant mining consortium, which we might now call ‘the Central Bank.'"

Experts argue that the future of the virtual currency now relies on GHash, which is run by an anonymous group called, acting responsibly. If it did carry out a so-called “51 percent attack,” it could undermine the cryptocurrency, send Bitcoin’s value plummeting, and undermine its own business model.  It hasn’t done anything malicious yet, but considering the opacity of its operations, no one knows its motivations. The more paranoid sectors of the community fear “Bitcoin terrorism” and attempts to kill the cryptocurrency.

When Bitcoiners flipped out over GHash’s mining dominance in January, as it crept towards the dreaded 50 percent mark, GHash said it had no intention to “execute a 51 percent attack, as it will do serious damage to the Bitcoin community.” It even said it would “take all necessary precautions to prevent reaching 51 percent of all hashing power, in order to maintain stability of the Bitcoin network.” It noted that if it did carry out attacks, it would jeopardise the whole cryptocurrency project and it saw “no benefit from having 51 percent stake in mining.”

But, it did gain 51 percent of mining power, likely in one of two ways: either GHash knowingly added new computing power or there was a reduction in the total amount of mining outside of the pool. Remember, GHash is a pool and therefore is partly controlled by its individual participants, who choose to throw their computing power into the pot to help complete the cryptopuzzles that create fresh coins. GHash has a big stake, but those running the organisation might not be the primary people responsible for acquiring it.

A GHash spokesperson told Motherboard it has “no intent to do any harm to Bitcoin through capturing 51 percent of the overall hashrate.”

"One has to understand that competition between mining pools is absolutely natural and it’s up to users which one to choose,” the spokesperson said in an emailed statement. “Moreover, 51 percent of the overall hashrate does not belong to GHash.IO directly. It is a cumulative number, spread between certain users who mine at GHash.IO."

“Finally, we’d like to say that we’ve been working hard on finding ways of decentralising Bitcoin hashrate since February. And we do believe that 51 percent threat is a highly important issue.”

But GHash has, whether intentionally or not, crossed the Rubicon, possibly signalling the end of “the Bitcoin value proposition and the main Bitcoin narrative,” according to Emin Gün Sirer, the Cornell University professor who alerted the world to GHash’s new power alongside his colleague Ittay Eyal.

“Bitcoin is attractive and different because it does not require full faith and trust in any single entity,” Sirer said. “If users are going to have to trust a single entity, we'd do away with the entire protocol, save all the energy that goes into mining, and keep all the account balances on a database administered by GHash. It'd be cheaper, faster and more convenient for everyone, and we'd call GHash a regular old bank, and all of Bitcoin's unique features would have been lost.”

There are other potentially nasty repercussions from allowing a single controlling entity, regardless of GHash’s intentions. “Another aspect is that Bitcoin is now open to legal coercion. If the FBI wants to close down the successor to Silk Road, they don't have to hack or arrest the chief pirate; they can get a court order compelling the dominant mining consortium, which we might now call ‘the Central Bank,’, to invalidate all their bitcoins,” Professor Ross Anderson, from the University of Cambridge’s Computer Laboratory, told me.

GHash's mining stake has now fallen below 50 percent again.

As for what happens next, Sirer and Eyal want to see some tweaks in the Bitcoin protocol to prevent mining monopoly players and disincentivise pools. “Small but critical changes to the cryptographic techniques used in the mining protocol can fix these problems by making public pools unattractive,” Sirer said.

GHash is hoping that doesn’t mean taking away its share. “Artificial decreasing of our market share is not a solution in this case, as any other pool can appear on our place tomorrow,” the spokesperson added.

If no changes are made, Bitcoin owners may have to get used to trusting in GHash and other large mining pools without the technical guarantees they’re used to.