Between May 13th and 15th, Monacoin, a cryptocurrency developed in Japan, appears to have suffered from a network attack that caused roughly $90,000 in damages.
The attack appears to have been a selfish mining attack, where one miner successfully mines a block on the blockchain but does not broadcast the new block to other miners. If the secret miner can then find a second block before the rest of the miners find any new blocks, then the secret miner has now effectively created a branch in the chain that is longer than the chain everyone else is working on.
As is standard in most blockchain protocols, the chain with more blocks is considered by the mining network to be the correct chain, as it has the most “proof of work.” So, when the secret miner makes their longer chain public, it invalidates any and all of the blocks discovered by other miners during the time the secret chain was hidden.
A selfish mining attack can be pure vandalism, destroying blocks that become “orphaned” when the selfish miner broadcasts their chain on the network. Or, it’s possible that someone in possession of a hidden chain could profit from the attack. If the selfish miner makes transactions on the soon to be destroyed chain and receive their purchase in some form or another before the transaction is invalidated, then they have effectively never paid.
In this case, it seems the attacker tried sending Monacoin to exchanges outside of Japan, such as Livecoin, to swap them for other currencies before the hidden chains were revealed. The miner, still unknown at this point, had enough computing power to take as much as 57% of the hashrate at one point in order to execute on this attack.
It appears the attacker had been trying for half a year to attempt to exploit a weakness in the way Monacoin adjusts its difficulty.
On the developer’s official Twitter, they said on May 18th that they “grasped the attack”, but have not posted since then a clear statement on proposed solutions. However other sources indicate that developers are currently working with exchanges on a plan to roll back the Monacoin blockchain to a point before the attack occurred.
As of May 19th, Japan time, the attack is no longer occurring, but most exchanges have halted all deposits while they work on fixes to prevent possible future similar attacks. Monacoin balances held in wallets are considered safe.
Every blockchain, including Bitcoin, is constantly readjusting how difficult it is to mine blocks so that it is neither too easy nor too hard, depending on the number of miners working on blocks. However, sizable blockchains like Bitcoin may be less vulnerable because of the scale of their blockchain and the networks that work on them.
While Monacoin may be more vulnerable because of either its size or its particular algorithms, in theory, many cryptocurrencies could be vulnerable to similar attacks. Many cryptocurrency communities are watching to see how the attack on Monacoin plays out to see what can be learned so as to strengthen their own networks.
Featured Image from Shutterstock
Last modified: July 3, 2020 9:20 AM UTC