‣Reddit user says a single wallet on NiceHash controls 51%+ of the hashrate of Dash
‣NiceHash responds: Lease more hash power from us to shore up against a 51% attack
‣You could also shore up with used ASIC miners for a bargain discount these days
‣NiceHash could make it impossible for hashrate buyers to coordinate an attack
‣Or, you could be the next one to join the bank run on your small alt coin and hodl btc
“Let me proof this first. I stumbled over it when researching the ETC 51% attack and the discussions about other PoW coins and its ‘nicehash-ability’. Nicehash currently holds >70% of DASHs total hashrate, see: https://www.nicehash.com/algorithm/x11 (1390TH/s nicehash vs. 1790TH/s total). This is the first problem, and it is uncommon. Usually nicehash holds around 10 – 20% of PoW coins nethash and it is only dangerous for smaller forks of the PoW coin.”
DASH is an altcoin currently worth $500 million in total. It was launched in January 2014 as a fork off the Bitcoin blockchain, and designed for fast, untraceable payments.
Many commentators in the threads that followed Flenst’s post found it disconcerting that a coin with so much invested in it could be so vulnerable to a 51% attack.
If NiceHash wanted to get dishonest and hostile, it would seem that the company might be in a position to hijack the DASH blockchain and double spend a lot of money.
But why would a company with a good reputation that is already making good profits from high brokerage fees cook the goose that lays the golden eggs by going to war?
Well maybe NiceHash wouldn’t, but what if someone used it to lease enough hash power from miners around the world to fork a cryptocoin and double spend a bunch of money?
According to Flenst, three large, unknown addresses that seemed to be under the control of the same user, had breached 50% of DASH’s hashrate:
“This nice website show which addresses are collecting the mining rewards: https://chainz.cryptoid.info/dash/#!extraction Here you actually see 4 unknown, large addresses gathering all this unknown hashrate. I was able to connect 3 of them via the block explorer: https://dashradar.com/explorer/tx/31de30b48c9263544724c0e607a9cb1f7bf05dc2961119827c52571334506172”
“This particular transaction has three of the four top addresses as inputs meaning one entity controls all three. These three alone gather 53% and more.”
In order to draw more attention to the potential vulnerabilities of proof of work blockchains to 51% attacks using leased hash power, a website was set up at Crypto51.app with a list of major PoW cryptocurrencies and an estimate of the cost to lease enough hash power from NiceHash to solve over 50% of the blockchain’s hash problems for one hour.
It’s already been done before. In October as a proof of concept, an ethical hacker going by the alias, GeoCold, did exactly what Flenst pointed out could be done with DASH.
According to News.Bitcoin.com:
“On Oct. 13, ethical hacker ‘Geocold’ followed through on his promise to 51 percent attack an altcoin. He eventually settled on Bitcoin Private (BTCP), and quickly gained majority hashrate control, but the spectacle was fraught with setbacks, including censorship from two streaming services that pulled the plug.”
He later talked about it on the Bull Pen Podcast:
DASH does have built-in safeguards against a 51% attack, such as the “chain locks” update that has added another requirement to the consensus protocol to limit a 51% attack.
But NiceHash said in a statement Wednesday that leasing hash power from its miners could be used to quickly shore up a cryptocurrency against a 51% attack just as well as it could be used to execute such an attack:
“NiceHash is giving everyone with smaller and less secure blockchain projects the option to make them more secure by leasing hash power. If you think your network is under attack (although such an attempt is extremely complicated and requires a very high level of skills and resources), you can mitigate such attacks and further secure the network by using NiceHash!”
Is that like bankers encouraging two parties to go to war to lend money to both sides? (I kid.)
Another solution might be for NiceHash to redesign its software platform in such a way so as to prevent hash power buyers from dictating to miners’ computers so that it is impossible to manipulate their work. Though it’s a different question of whether NiceHash has the will or incentive for such an undertaking.
Interestingly enough /u/Flents concludes from their findings that “ASICs are cancer.” ASICs are Application Specific Integrated Circuits, designed for the sole purpose of solving hash problems on PoW blockchains as fast as computer-ly possible.
Leasing hash power might be a good way for a beginner to do some mining without any of the technical expertise or the upfront investment in the equipment, but for people invested in a cryptocurrency and trying to defend its blockchain, the current crypto winter has put a lot of used mining hardware on the market for a bargain.
But if you’re really worried about a 51% attack, there is indisputably one cryptocurrency that would be best defended against such an attack by its own sheer economic power and incentives, and by the disincentives of the scale of costs to mount such an offensive.