This is good analysis. The main longitudinal aspect omitted is that the profitability of the attack goes up as long as the price of BTC doesn't double or more each halving.
In ~6 more years, Bitcoin will undergo two more halvings, so if the price of BTC is not ~400k by then, then attack will have become more feasible.
The Eyal & Sirer paper is pretty interesting - they basically point out that there is actually some game theory involved in when miners should reveal that they mined a block to compete most effectively with their fellows. If a pool can set up a situation where they mine a block and wait X seconds to reveal it, they can force other miners to waste X seconds of has power and gain an advantage.
It looks like a result with complex implications - eg, maybe making it impossible for new miners to set up unless they have a meaningful advantage in operating costs instead of just parity with the entrenched players. It is hard to tell because market reality is a mess but if there is a meaningful strategic choice to be made beyond simply announcing a block when it is mined then there is a lot of room for weird equilibriums even if the paper's specific analysis turns out to have flaws.
Isn't this the same thing as saying "if everyone just agrees that a dollar bill is actually just a piece of paper, USD becomes worthless"? Albeit at a smaller scale
Meanwhile, Hedera remains carbon negative and 7 orders of magnitude more efficient than Bitcoin.
"Today, Hedera is performing the equivalent of over 10,000,000 transactions and 788,000 transactions for the same amount of energy it takes Bitcoin and Ethereum to process 1, respectively."
What this site does not show is how much of the power used to maintain the network is waste power such as gas that's normally burned off at the well site or hydro electric that goes to waste.
Unlike AI, there's a strong incentive to find the cheapest electricity possible. Because that's what everyone else is doing. With Bitcoin, you now exactly what your costs are and what your yields are. There's a clear threshold, when power in an area becomes too expensive there's no reason left to mine.
AI, on the other hand, is a bet on the future - infinite gains. No matter how much power costs, it's worth it to keep using as much as possible. We can't know how much power AI uses. Unlike Bitcoin, there aren't any metrics from which to extrapolate. But we do know that AI uses more power than Bitcoin already. We just have no idea how much more.
> What this site does not show is how much of the power used to maintain the network is waste power such as gas that's normally burned off at the well site or hydro electric that goes to waste.
WTF? Hydro is rarely wasted because it's so dispatchable. Typically, it can only happen during high water seasons. Same for the gas power plants.
> Unlike AI, there's a strong incentive to find the cheapest electricity possible.
Top Tip: If you find the orange site's conversation on crypto to be repetitive you can change the top bar. Conversation stays the same but the colour can be changed!
Yeah, always takes me a minute when people say 'the orange site' (especially elsewhere) - it's green if I'm logged in, so I rarely see it orange, and then it's 'wuh, I'm logged out, [logs in]'.
Fortunately I'm not prone to refer to the green site.
You will probably end up in court. But you might not get convicted.
Shakeeb Ahmed was convicted of wire fraud for exploiting a smart contract bug.
Avi Eisenberg was also convicted for exploiting a smart contract bug, but he had his conviction overturned on appeal.
The Peraire-Bueno brothers were in court for exploiting a bug in the MEV mechanism but it ended in a mis-trial so we're going to have to wait to find out.
IANAL, but from my understanding, the primary law used to prosecute hacking is the CFAA's broad "without authorization" and "exceeding authorized access" clauses.
That said, authorization implies an entity with ownership rights granting some kind of limited license to others to interact with the owner's property.
For a permissionless decentralized network with no owner, where the attack is against the consensus of which chain is valid, I'd have a hard time arguing that "authorization" as a concept is even applicable or relevant.
As wmf suggested, market manipulation laws may still apply, but I'm not sure traditional CFAA "without authorization" / "exceeding authorized access" hacking charges could apply, though I'd be willing to bet a prosecutor could make a case for wire fraud - a scheme to defraud using interstate communications.
Before the AI bubble, Bitmain was only worth ~$1 billion. Now they are worth ~15, because they make chips for AI also.
Either way, you could buy bitmain for the budget mentioned in the attack if it were for sale.
Or bitmain could pull off the attack, if indeed they do "control ... all the major mining pools" as the article alleges.
But who ultimately controls Bitmain? The Chinese state.
So, by extension, bitcoin is controlled by the CCP.
What a shitshow. Crypto needs to move on from bitcoin already, pick something better... anything better. There are so many options, and bitcoin is the worst of all of them.
Too many people have a vested interest in keeping Bitcoin going for as long as possible, sadly. It's going to take a massive black swan of some kind to shake their faith.
Heck, they can embed CSAM into the Bitcoin blockchain and that won't stop anyone from using it, because above all else, line must go up.
The answer to this problem is in the original Bitcoin whitepaper itself. It gives the formula for the required number of confirmations.
The Monero PoW community has had to deal with such nonsense, as have other smaller PoW coins.
With ε=1e-3, the expected number of 6 confirmations works only so long as the largest pool size does not exceed 12%. For a pool size of 30%, at least 24 confirmations should be required in Bitcoin, but 49 in Monero with its stricter ε=1e-6. You can see the table and the math at https://gist.github.com/impredicative/0907e1699f5ff97a9fed5d... and again it's all cleanly reproducible from the whitepaper. Anyone who is still requiring only 6 confirmations then will be setting themselves up for a risk of reversal.
TFA observes that it would be disruptive and socially difficult to move systems to expect requiring 24 confirmations, and expresses relief that other responses are possible.
Perhaps this is more suitable as a response over months or years to a long-term shift in the composition of Bitcoin miners than as a short-term measure when it appears that someone has suddenly acquired 30% of mining capacity today.
This is good analysis. The main longitudinal aspect omitted is that the profitability of the attack goes up as long as the price of BTC doesn't double or more each halving.
In ~6 more years, Bitcoin will undergo two more halvings, so if the price of BTC is not ~400k by then, then attack will have become more feasible.
The Eyal & Sirer paper is pretty interesting - they basically point out that there is actually some game theory involved in when miners should reveal that they mined a block to compete most effectively with their fellows. If a pool can set up a situation where they mine a block and wait X seconds to reveal it, they can force other miners to waste X seconds of has power and gain an advantage.
It looks like a result with complex implications - eg, maybe making it impossible for new miners to set up unless they have a meaningful advantage in operating costs instead of just parity with the entrenched players. It is hard to tell because market reality is a mess but if there is a meaningful strategic choice to be made beyond simply announcing a block when it is mined then there is a lot of room for weird equilibriums even if the paper's specific analysis turns out to have flaws.
Isn't this the same thing as saying "if everyone just agrees that a dollar bill is actually just a piece of paper, USD becomes worthless"? Albeit at a smaller scale
TIL: https://ccaf.io/cbnsi/cbeci - quite horrifying!
EDIT: For comparison: https://gridwatch.co.uk/
Meanwhile, Hedera remains carbon negative and 7 orders of magnitude more efficient than Bitcoin.
"Today, Hedera is performing the equivalent of over 10,000,000 transactions and 788,000 transactions for the same amount of energy it takes Bitcoin and Ethereum to process 1, respectively."
[0]: https://hedera.com/blog/going-carbon-negative-at-hedera-hash... [1]: https://discovery.ucl.ac.uk/id/eprint/10160701/
Databases either?
What this site does not show is how much of the power used to maintain the network is waste power such as gas that's normally burned off at the well site or hydro electric that goes to waste.
Unlike AI, there's a strong incentive to find the cheapest electricity possible. Because that's what everyone else is doing. With Bitcoin, you now exactly what your costs are and what your yields are. There's a clear threshold, when power in an area becomes too expensive there's no reason left to mine.
AI, on the other hand, is a bet on the future - infinite gains. No matter how much power costs, it's worth it to keep using as much as possible. We can't know how much power AI uses. Unlike Bitcoin, there aren't any metrics from which to extrapolate. But we do know that AI uses more power than Bitcoin already. We just have no idea how much more.
> We can't know how much power AI uses.
I call shenanigans on this statement. We can and most certainly can tell how much power AI is using. The upper bound is the total datacenter usage.
> gas that's normally burned off at the well site
Funny thing about that. Civilized governments put a stop to that, by fining flare-offs to make it economical to not do that.
They still do it in North Dakota
> What this site does not show is how much of the power used to maintain the network is waste power such as gas that's normally burned off at the well site or hydro electric that goes to waste.
WTF? Hydro is rarely wasted because it's so dispatchable. Typically, it can only happen during high water seasons. Same for the gas power plants.
> Unlike AI, there's a strong incentive to find the cheapest electricity possible.
Like coal.
I look forward to more open an earnest conversation about bitcoin on the orange site.
Top Tip: If you find the orange site's conversation on crypto to be repetitive you can change the top bar. Conversation stays the same but the colour can be changed!
Readers will want to note that this delightful feature is only available to users above 251 karma, or a knack for UserCSS.
Yeah, always takes me a minute when people say 'the orange site' (especially elsewhere) - it's green if I'm logged in, so I rarely see it orange, and then it's 'wuh, I'm logged out, [logs in]'.
Fortunately I'm not prone to refer to the green site.
Is it illegal to attack cryptocurrency?
If crypto needs legal protection from attacks, I think that would invalidate most of its value proposition.
Definitely reduces the cost of consensus though.
You will probably end up in court. But you might not get convicted.
Shakeeb Ahmed was convicted of wire fraud for exploiting a smart contract bug.
Avi Eisenberg was also convicted for exploiting a smart contract bug, but he had his conviction overturned on appeal.
The Peraire-Bueno brothers were in court for exploiting a bug in the MEV mechanism but it ended in a mis-trial so we're going to have to wait to find out.
Not legal advice ;-)
Depending on the currency, it's celebrated. (Code is law, etc.)
The attack described in this article might violate CFTC market manipulation regulations.
IANAL, but from my understanding, the primary law used to prosecute hacking is the CFAA's broad "without authorization" and "exceeding authorized access" clauses.
That said, authorization implies an entity with ownership rights granting some kind of limited license to others to interact with the owner's property.
For a permissionless decentralized network with no owner, where the attack is against the consensus of which chain is valid, I'd have a hard time arguing that "authorization" as a concept is even applicable or relevant.
As wmf suggested, market manipulation laws may still apply, but I'm not sure traditional CFAA "without authorization" / "exceeding authorized access" hacking charges could apply, though I'd be willing to bet a prosecutor could make a case for wire fraud - a scheme to defraud using interstate communications.
Before the AI bubble, Bitmain was only worth ~$1 billion. Now they are worth ~15, because they make chips for AI also. Either way, you could buy bitmain for the budget mentioned in the attack if it were for sale. Or bitmain could pull off the attack, if indeed they do "control ... all the major mining pools" as the article alleges.
But who ultimately controls Bitmain? The Chinese state.
So, by extension, bitcoin is controlled by the CCP.
What a shitshow. Crypto needs to move on from bitcoin already, pick something better... anything better. There are so many options, and bitcoin is the worst of all of them.
Too many people have a vested interest in keeping Bitcoin going for as long as possible, sadly. It's going to take a massive black swan of some kind to shake their faith.
Heck, they can embed CSAM into the Bitcoin blockchain and that won't stop anyone from using it, because above all else, line must go up.
The answer to this problem is in the original Bitcoin whitepaper itself. It gives the formula for the required number of confirmations.
The Monero PoW community has had to deal with such nonsense, as have other smaller PoW coins.
With ε=1e-3, the expected number of 6 confirmations works only so long as the largest pool size does not exceed 12%. For a pool size of 30%, at least 24 confirmations should be required in Bitcoin, but 49 in Monero with its stricter ε=1e-6. You can see the table and the math at https://gist.github.com/impredicative/0907e1699f5ff97a9fed5d... and again it's all cleanly reproducible from the whitepaper. Anyone who is still requiring only 6 confirmations then will be setting themselves up for a risk of reversal.
TFA observes that it would be disruptive and socially difficult to move systems to expect requiring 24 confirmations, and expresses relief that other responses are possible.
Perhaps this is more suitable as a response over months or years to a long-term shift in the composition of Bitcoin miners than as a short-term measure when it appears that someone has suddenly acquired 30% of mining capacity today.