Bitcoin Gold, Verge and Monacoin were all hacked in a single week. The wave of attacks left cryptocurrency exchanges $20 million lighter in customer funds. The biggest attack was on Bitcoin Gold, which led to roughly $18.6 million in losses. The Monacoin attack resulted in about $90,000 in damages, while the Verge attack saw losses of approximately $1.7 million.
The attacks reveal issues with the Proof of Work consensus. Malicious miners are able to game the system by secretly mining new blocks without broadcasting them to other miners. Known as a 51 percent attack, the secret miner forges a new and fraudulent branch of the official blockchain and overtakes it by replicating a fork. Miners can then dupe unsuspecting merchants, for example, into completing transactions on the forged branch.
Reports Motherboard, “To execute the Bitcoin Gold 51 percent attack, the hacker created their own private Bitcoin Gold blockchain and kept the coins mined on this chain in their own wallet. At the same time, on the public Bitcoin Gold blockchain they sent the mined coins to a cryptocurrency exchange, sold them for a different cryptocurrency, and then made a withdrawal.”
Verge tweeted that the attack lasted for six hours before a patch was underway. Monacoin is reportedly working to resolve its issue. Bitcoin Gold is planning a major upgrade to its network near the end of June to change their PoW algorithm.
The Bitcoin Gold Team issued a statement explaining why smaller blockchains are more vulnerable than Bitcoin.
“This is not due to some flaw in blockchain technology; any blockchain – even Bitcoin – can theoretically be attacked by a malicious actor who can control more hashing (computing) power than all the honest miners. Of course, the biggest risk is to a smaller network in the shadow of a bigger one. Bitcoin has an order of magnitude more hashpower than some other coins mined with the same SHA256 algorithm, like Bitcoin Cash and Digibyte, so Bitcoin is relatively safe. Likewise, Zcash has an order of magnitude more hashpower than other coins mined with Equihash, like Bitcoin Gold, ZenCash, and Komodo, so Zcash is relatively safe.
So, why target us, and not another Equihash-based coin? Frankly, it’s likely because we are on more large Exchanges, with significant liquidity and fairly deep order books – these are necessary for an attacker to be able to profit from such an attack. And, as news reports show, we’re neither the first nor the last coin to be attacked this May.”
Meanwhile, in the non-blockchain world, Eventbrite’s Ticketfly, an events ticketing company, took its site down in the wake of a cyber attack. The hacker demanded one Bitcoin in exchange for details on security vulnerabilities of a database allegedly containing personal information, including names, home addresses, email addresses and phone numbers of music industry professionals.
At time of publishing, Ticketfly remains offline.