Since its inception, the best known vulnerability of the bitcoin protocol has been the “51% attack”. This attack occurs when one party controls more than half of all processing power on the protocol, effectively giving them control over the entire blockchain. At this point, the majority holder could rewrite previous blocks, allowing them to double-spend bitcoins. Even though this scenario was considered unlikely (due to the downside risk it posed to bitcoin pricing), it’s exactly what happened.
As I discussed in my previous post on bitcoin, a few large players are in control of the vast majority of bitcoin hashpower. After slowly increasing their market share during the past few weeks, the largest of those players, GHash.IO, surpassed the 50% threshold for a brief period of about 12 hours.
The bitcoin community’s response was as swift as it was severe. A sustained DDOS attack against GHash miners brought their market share down to 6% at one point. Additionally, BitFury, a large bitcoin mining rig operator pulled 1PH/s off the GHash pool. At the time of publishing, GHash controlled around 35% of bitcoin hash rate.
Bitcoin Hashrate Distribution (source: Blockchain.Info)
Surprisingly, this event may actually end up showing how strong the bitcoin protocol really is. Even though GHash doesn’t have the best reputation, they don’t appear to have overwritten any blocks to allow them to double spend (or at least there’s not many accusations online). Perhaps they didn’t double-spend because they knew it would destroy the value of their remaining bitcoin. Furthermore, it seems clear that the bitcoin community will take matters into their own hands if need be. While it’s obvious that the desired state is to have pools well below the 50% threshold, we’ve seen that a short, temporary breach is survivable.
Categories
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.