PoW blockchains and cyber attacks

The aeternity blockchain as PoW blockchain was hacked on the December 6 and 7, 2020. The hackers were using superior computing power (hashpower dominating the overall mining power) to make a so called 51% attack on the aeternity blockchain. The main victims were several major crypto exchanges.

The normal users and assets were not the focus of this attack and they were not at risk.
Only users on the online exchanges were expose on the risk to lose their assets during the attack.

The 51% attacks on PoW blockchains have a long history and look as a natural incidents nowadays. The exchanges are known as a honey pot for hackers.
The 51% attacks allows the hackers to create a large amounts of cryptocurrency out of thin air.

The following PoW Blockchains were compromised by 51% attacks:

• ZENcash(now HoriZen) (ZEN)

• Bitcoin Gold (BTG)

• Monacoin (MONA)

• Ethereum Classic (ETC)

• Feathercoin (FTC)

• Vertcoin (VTC)

• Verge (XVG)

Often some of these blockchains have experience cyber attacks several times in a short period of time.

Applying the same pattern of attacks, hackers had earned average over almost $20 million per year in the last ten years. Naturally in order to increase their profits the hackers need to increase the number of cyber attacks over the years.

Consequence: The online exchanges are exposed on such attacks increasingly over the years.

What do we know about cyber attacks

Some information about the cyber attacks is presented below:

“According to the U.S. Department of Homeland Security, 33 percent of all cryptocurrency exchanges were hacked, and nearly half of the victims were closed between 2009 and 2016 Moreover, according to crypto asset and Blockchain technology digital media, “Coin Desk,” 5 out of 12 victims went out of business due to heists in 2017”

In comparison the U.S. Banks had experience just 1% cyber attacks at the same time.

Some more citations on cyber attacks:
“”
“Cybercriminals can get high rewards and steal lots of money by attacking small and unknown cryptocurrencies,” a Group-IB spokesperson told Hard Fork. “It is just technically easier to compromise relatively unknown cryptocurrencies, which usually do not have the capacity for the rapid response necessary to stop the attacker converting stolen funds to a more stable currency.”

“For smaller cryptocurrency projects to minimize the risk of being controlled by a 51-percent attack, Group-IB declare it necessary to use encryption algorithms different from the ones employed by those big market players.“

“This would allow to avoid the scenario where a mining pool is compromised and has negative effects on other cryptocurrencies that use the same algorithms,” a spokesperson explains.”
“”
In comparison the decentralized ledgers systems experience 32% more cyber attacks then the centralized banks.

How 51% attacks pattern worked on aeternity

The Hackers play the malicious Miners and start mining on the blockchain. Their first step is starting to reorganize the tree by creating private dominant chain, transfer assets, trade.

The next step is publishing (broadcasting) the private long chain to the public network. This leads to the invalidation of the transactions** to the exchanges **. As a result, the hackers get new tokens back and the ultimately double spending has succeeded.

The aeternity 51% attack took longer than 20 Hours and there more than 540 blocks mined on the private chain.

A detail description of the attack can be found here.

AF thanks the Chinese community for their rapid respond, the posts in the forum and the reviews of the attack.

Core and hyperchain developers were successful analyzing the attacks and implemented technical solutions for the exchanges.
AF thanks the core and hyperchain teams for working hard and bring an excellent support.

Unfortunately a long time discussion with the miners and exchanges led to significant delay of applying the developed solution.
AF wants to improve the communication between all the involved parties. A rapid respond with prepared anti-attack plan can lead to prevention of lost of assets from the exchanges.

The miners voting time for technical solution can be considerably improve by using weighted voting in urgent emergency incidents.

AF proposed a weighted voting by defining the weight of miner or mining pool as their percentage in the total mining. If a miner has n% mining power then his vote has a weight n and will be multiply by n in the decision calculation. Then the most dominant miners can lead to fast voting result.

Attack Prevention

What can we do to prevent cyber attacks is a question already posed to many PoW blockchains.

As first step the AF started improving the network monitoring in the new Release 5.6.0 rc and the overall performance of the node.
We study the solutions found by other PoW blockchains and investigate whether they can be useful for us. We can implement filter on the deposits(accounts) for the exchanges and help them set alarm tools. We can discussed with miners the security and see if we can improve the mining algorithm with the next iris hard fork.

There is a good news for aeternity: The PoW algorithm will be change by a hybrid PoW after a few months and the hyperchains will arise. Then the aeternity blockchain will be a securely guarded against 51% attacks. Hyperchains will empower completely new use cases and will provide the higher layers of security to the aeternity network for all users.

The next step is to make an anti-attack plan how to handle 51% attacks next few months.

AF will make ae currency dominant and support exchanges and miners to securely make the aeternity assets safe.

The new anti-attack plan will follow in this topic.

AF wishes a Happy New Year 2021 to the aeternity community!
Lets us make the cyber attacks being unsuccessful on aeternity!

Æternity Security Plan

Attack History

Can you elaborate a bit more how aeternity will be secured in the future?

Will aeternity become a hyperchain and use for example bitcoin as parentchain?

I haven’t read a lot about hyperchains yet but I am wondering whether aeternity hyperchain would use Proof of Stake then and how this affects the AE inflation/distribution model. Can you already share information about this or educate the community about it? Maybe this is the wrong thread to discuss this. But I am very interested in learning more about the conditions around that transition.

How does Hyperchains prevent 51 attacks? Where can I find relevant information? After Bitcoin is the parent chain, who will pay for Bitcoin miners?Please @gorbak25 @YaniUnchained help me out, thank you very much.

I think I can at least say that Bitcoin will run like before. Nothing will change for bitcoin. Aeternity would profit from the security of bitcoin. But I have no idea how this transition will be executed and what consequences that will have for AE‘s distribution and inflation as I think AE would then be used for staking on the hyperchain.

You can rest assured that no one will attack AE again. Because AE will completely return to zero!

Modifying the PoW mining consensus algorithm makes it different, which only allows hackers to rent the same algorithm for computing power, such as Grin computing power. I don’t know if there are other options that are more feasible?

AF had published the Aeternity Roadmap on the November 20, 2020.
Hyperchain consensus is in a implementation stage as one can see this in the Roadmap. The final version of the hyperchain white paper will be release soon.
AF is grateful to @gorbak25 and the whole hyperchain team for the fast and excellent development. The hyperchains will connect to the bitcoin network and make the 51% attack useless. Further details on hyperchain will be presented in the forum as soon as possible.

Presently AF is designing and developing anti-attack tracking and monitoring software systems to support the security of the exchanges and the miners. Generally the anti-attack system can be used by any PoW blockchains for tracking their reorganizations and can be considered to be the standard prevention tool for the exchanges.
A new emergency team will rapidly communicate with exchanges and miners to prevent attacks.
AF say no to stealing money from aeternity users and exchanges by cyber attacks!

We are looking forward to an exciting New Year 2021 for aeternity!

Now it’s too late to pay attention to the Chinese market, AE has become notorious in China! At the beginning, the decision of mining output was so much that a large number of Chinese coin holders were harmed! Now when it comes to AE, everyone is extremely angry!

Hello, @lydia is the roadmap still progressing as planned?

Hello, @gorbak25 I hope you can publish more information about Hyperchain as much as possible.
Thanks.

There is a lot of information about hyperchains in the forum and a (not final) whitepaper Release 1.1.0 · aeternity/hyperchains-whitepaper · GitHub

@Fee.chain
Thanks for asking.

From security point is the Aeternity Roadmap now extremely important and has to be done as plan in time. There was a small delay due to the 51% attack posted as a Release 5.6 Delay. However the core and hyperchain teams worked together hard to publish the Release 5.6 rc of the node in December 2020 and keep the Roadmap in time. AF gratefully appreciate their excellent support in hard times!

It is exciting to note that Release 5.6 node is lighter, better, secure and has a surprisingly good performance improvement. It should be a completely new experience for our user to build and use the new release of the node. There were a lot of software updates on the connected libraries too. The sync process was optimized by the high professional hyperchain developer @gorbak25 and due to that the full sync that used to take weeks, now takes only hours. Special thanks to core developer and operations expert @dincho.chain for making the release happen.

Thanks for the good words. A small correction: although I did work heavily in the P2P protocol and fixed a few bugs there, the big productivity bump came from DB improvements by @gorbak25.

I have translated it into Chinese and published it in AEChina:

@dimitar.chain Thanks for the correction!

Why don’t we just do merge mining with something like Ethereum?

I mean thats what Dogecoin did with Litecoin to secure their network.

I know technically its way more complex but it seems like using other chains would only improve security.

Why doesn’t AE just do advertisement and real big-boy and big-girl marketing people and actually sell the damn product to the world! Is the organization really that broke?

“If you build it they will come” (not Americans don’t know this line from a movie, but it goes well here) - Field of Dreams was a fantasy movie, a fairytale!! It doesn’t work this way in real life!

The funny thing is - they tried actual real-world advertisements in 2017, when they had sh*t to show - just to collect IPO money, I suppose… and now that there’s a product to deliver…

Challenges and critisism have to be many to make resilient products and we wish your team shall overcome the same in a fast track manner .

I understand , an infrastructure is a shopping mall of different applications . And only furnished products and increased customers/visitors onboarding to the mall can make it sustainable .

Some of the realworld applications are built and delivered like medicinal plant in Blockchain in Africa , Space ground station data in Blockchain in Europe , energy projects in Blockchain in China and recently secure wrapped email in Europe … And I believe many more successful projects to follow like superhero , crytotask , hyperchain etc .

We just need the network effect to increase . And from 2021 to 2025 Aeternity to be at top 30 coins .

Dreamer guy, make no sense

AE’s technology is really powerful. Now even the transfer of currency has stopped. It’s really powerful. The simplest reason for 51% of attacks is that the price is cheap and no one mines it. The founders don’t understand such a simple truth? The cheaper the price is, the more people will use AE. Are you out of your mind? Awesome, absolutely awesome!