Japanese Cryptocurrency Monacoin Hit by Selfish Mining Attack

north korea crypto hack
Source: Shutterstock
PHNjcmlwdCBhc3luYyBzcmM9Imh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2pzL2Fkc2J5Z29vZ2xlLmpzIj48L3NjcmlwdD4KPCEtLSBUb3AgQXJ0aWNsZSBDQ04gLS0+CjxpbnMgY2xhc3M9ImFkc2J5Z29vZ2xlIgogICAgIHN0eWxlPSJkaXNwbGF5OmJsb2NrIgogICAgIGRhdGEtYWQtY2xpZW50PSJjYS1wdWItNjQ3MjA2OTY5MzY1NzE0MyIKICAgICBkYXRhLWFkLXNsb3Q9IjU4NDY0ODIyMjMiCiAgICAgZGF0YS1hZC1mb3JtYXQ9ImF1dG8iCiAgICAgZGF0YS1mdWxsLXdpZHRoLXJlc3BvbnNpdmU9InRydWUiPjwvaW5zPgo8c2NyaXB0PgogICAgIChhZHNieWdvb2dsZSA9IHdpbmRvdy5hZHNieWdvb2dsZSB8fCBbXSkucHVzaCh7fSk7Cjwvc2NyaXB0Pg==

Between May 13th and 15th, Monacoin, a cryptocurrency developed in Japan, appears to have suffered from a network attack that caused roughly $90,000 in damages.

The attack appears to have been a selfish mining attack, where one miner successfully mines a block on the blockchain but does not broadcast the new block to other miners. If the secret miner can then find a second block before the rest of the miners find any new blocks, then the secret miner has now effectively created a branch in the chain that is longer than the chain everyone else is working on.

As is standard in most blockchain protocols, the chain with more blocks is considered by the mining network to be the correct chain, as it has the most “proof of work.” So, when the secret miner makes their longer chain public, it invalidates any and all of the blocks discovered by other miners during the time the secret chain was hidden.

monacoin
Source: Reddit

A selfish mining attack can be pure vandalism, destroying blocks that become “orphaned” when the selfish miner broadcasts their chain on the network. Or, it’s possible that someone in possession of a hidden chain could profit from the attack. If the selfish miner makes transactions on the soon to be destroyed chain and receive their purchase in some form or another before the transaction is invalidated, then they have effectively never paid.

In this case, it seems the attacker tried sending Monacoin to exchanges outside of Japan, such as Livecoin, to swap them for other currencies before the hidden chains were revealed. The miner, still unknown at this point, had enough computing power to take as much as 57% of the hashrate at one point in order to execute on this attack.

It appears the attacker had been trying for half a year to attempt to exploit a weakness in the way Monacoin adjusts its difficulty.

On the developer’s official Twitter, they said on May 18th that they “grasped the attack”, but have not posted since then a clear statement on proposed solutions. However other sources indicate that developers are currently working with exchanges on a plan to roll back the Monacoin blockchain to a point before the attack occurred.

Twitter

By loading the tweet, you agree to Twitter’s privacy policy.
Learn more

Load tweet

PGJsb2NrcXVvdGUgY2xhc3M9InR3aXR0ZXItdHdlZXQiIGRhdGEtd2lkdGg9IjU1MCIgZGF0YS1kbnQ9InRydWUiPjxwIGxhbmc9ImphIiBkaXI9Imx0ciI+5pS75pKD44Gr44Gk44GE44Gm44Gv5oqK5o+h44GX44G+44GX44Gf44CCPC9wPiZtZGFzaDsgbW9uYWNvaW5wcm9qZWN0IChAdGNlam9ycG5pb2Nhbm9tKSA8YSBocmVmPSJodHRwczovL3R3aXR0ZXIuY29tL3RjZWpvcnBuaW9jYW5vbS9zdGF0dXMvOTk3MTQxNDU5Nzc3MTEwMDE3P3JlZl9zcmM9dHdzcmMlNUV0ZnciPk1heSAxNywgMjAxODwvYT48L2Jsb2NrcXVvdGU+PHNjcmlwdCBhc3luYyBzcmM9Imh0dHBzOi8vcGxhdGZvcm0udHdpdHRlci5jb20vd2lkZ2V0cy5qcyIgY2hhcnNldD0idXRmLTgiPjwvc2NyaXB0Pg==

As of May 19th, Japan time, the attack is no longer occurring, but most exchanges have halted all deposits while they work on fixes to prevent possible future similar attacks. Monacoin balances held in wallets are considered safe.

Every blockchain, including Bitcoin, is constantly readjusting how difficult it is to mine blocks so that it is neither too easy nor too hard, depending on the number of miners working on blocks. However, sizable blockchains like Bitcoin may be less vulnerable because of the scale of their blockchain and the networks that work on them.

While Monacoin may be more vulnerable because of either its size or its particular algorithms, in theory, many cryptocurrencies could be vulnerable to similar attacks. Many cryptocurrency communities are watching to see how the attack on Monacoin plays out to see what can be learned so as to strengthen their own networks.

Featured Image from Shutterstock

PHNjcmlwdCBhc3luYyBzcmM9Imh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2pzL2Fkc2J5Z29vZ2xlLmpzIj48L3NjcmlwdD4KPCEtLSBCb3R0b20gQ0NOIEFydGljbGUgLS0+CjxpbnMgY2xhc3M9ImFkc2J5Z29vZ2xlIgogICAgIHN0eWxlPSJkaXNwbGF5OmJsb2NrIgogICAgIGRhdGEtYWQtY2xpZW50PSJjYS1wdWItNjQ3MjA2OTY5MzY1NzE0MyIKICAgICBkYXRhLWFkLXNsb3Q9IjI5MjA0MTkwNjkiCiAgICAgZGF0YS1hZC1mb3JtYXQ9ImF1dG8iCiAgICAgZGF0YS1mdWxsLXdpZHRoLXJlc3BvbnNpdmU9InRydWUiPjwvaW5zPgo8c2NyaXB0PgogICAgIChhZHNieWdvb2dsZSA9IHdpbmRvdy5hZHNieWdvb2dsZSB8fCBbXSkucHVzaCh7fSk7Cjwvc2NyaXB0Pg==
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
PHNjcmlwdCBhc3luYyBzcmM9Imh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2pzL2Fkc2J5Z29vZ2xlLmpzIj48L3NjcmlwdD4KPCEtLSBSZWNvbW1lbmRlZCBwb3N0cyBBZCBDQ04gLS0+CjxpbnMgY2xhc3M9ImFkc2J5Z29vZ2xlIgogICAgIHN0eWxlPSJkaXNwbGF5OmJsb2NrIgogICAgIGRhdGEtYWQtY2xpZW50PSJjYS1wdWItNjQ3MjA2OTY5MzY1NzE0MyIKICAgICBkYXRhLWFkLXNsb3Q9IjI3MzY1ODYyMzUiCiAgICAgZGF0YS1hZC1mb3JtYXQ9ImF1dG8iCiAgICAgZGF0YS1mdWxsLXdpZHRoLXJlc3BvbnNpdmU9InRydWUiPjwvaW5zPgo8c2NyaXB0PgogICAgIChhZHNieWdvb2dsZSA9IHdpbmRvdy5hZHNieWdvb2dsZSB8fCBbXSkucHVzaCh7fSk7Cjwvc2NyaXB0Pg==