UPDATE: Read the press release by Ghash.io here.
This is a WARNING to all Bitcoin Miners. We sincerely request that miners using Ghash.io leave the pool for other smaller pools to create a more decentralized Bitcoin hash distribution. The Bitcoin pool Ghash.io has in the last 24 hours had more than 42% of the entire Bitcoin mining power making them the biggest Bitcoin mining pool in the world. If they receive more than 50% of the mining power they will be able to double spend their Bitcoins and possibly destroy the Bitcoin value (so called 51% attack).
View the recent hash distribution pie chart from Blockchain.info for the last 24 hours below:
We recently wrote about Ghash.io closing in to the 51% mark in the post “The Biggest Flaw with Bitcoin that Could Crash the Entire System” where we explained what a 51% attack is:
What Bitcoin threat?
The Bitcoin threat that we all should be aware of is what’s called a 51% attack on the Bitcoin-system. Once a network or a group of people, like GHash.io, gets more than 50% of the Bitcoin hashing rate/power (means that they mine 50% or more of the Bitcoins at a present time), they receive advantages in the network which they might misuse for personal gain and profit. We posted an excerpt from the Bitcoin Wiki “Weaknesses” about what an 51% attack is this summer:
An attacker that controls more than 50% of the network’s computing power can, for the time that he is in control, exclude and modify the ordering of transactions. This allows him to:
- Reverse transactions that he sends while he’s in control
- Prevent some or all transactions from gaining any confirmations
- Prevent some or all other generators from getting any generations
- Double spend Bitcoins
The attacker can’t:
- Reverse other people’s transactions
- Prevent transactions from being sent at all (they’ll show as 0/unconfirmed)
- Change the number of coins generated per block
- Create coins out of thin air
- Send coins that never belonged to him
Ghash.io had “only” 32% of the hashing power at that time. Now they got 42%! See live for yourself here.
OK, they just got 42%
I just changed my title to reflect the urgency…
It looks like a comet crashing on earth.
Even Reddit users have issued warning after warning asking Bitcoin miners to leave the Bitcoin Mining Pool Ghash.io:
CEX.io, that now is the legal owner of ghash.io, tries to calm the skeptics about ghash.io previously double spend attacks by informing users on Bitcointalk with the following statement:
The team worked hard to completely rewrite the whole GHash.IO engine, as well as perform other stability and responsiveness improvements, which you all may have noticed.
We have also removed the 3% fee and released merged-mining alt coins to the miners.
We would like to state that CEX.IO does not have any affiliation with the double-spending attack.
As a part of the bitcoin community we condemn such actions, which harm the bitcoin network.
We have conducted an internal investigation and can confirm, that from the 25th to 27th of September, the GHash.IO pool was mining on the address:
to which we do not have any access or connection.
However, the rewards for mined blocks on the above mentioned address were paid out from the GHash.IO wallet as per usual.
Following further investigation and server log analysis we have noticed that several private keys were imported to the GHash.IO wallet within that time period. (exact date could not be determined). This was done to conceal the missing bitcoins, since there was no direct deposit transaction.
We haven’t found any signs of the system being compromised, but we believe that the attack was made from within the former development team.
Our team at CEX.IO LTD. will do everything possible to prevent pool capacity manipulation in the future.
We understand the communities’ concern about the misconduct of such great computing power at our pool (since recently we have become the #1 pool), and we will gladly take into consideration any comments or suggestions to improve the pool’s security and overall quality of service.
In the interest of Bitcoin’s future: I will give 10btc for either: A. a cross-platform, open-source executable (like cgminer) that allows P2P mining B. an open-source pool that allows cgminer/bitminter/etc connections, like existing pools, but on the back-end it’s P2P
UPDATE: The community is taking action against Ghash.io and on Reddit there is 7 posts about the threat on top. This is amazing to watch.
What do you think of this situation? Write in the comment section below.