edicted Blog Banner

edicted

Bitcoin: Too Big Too Fail?

https://img.inleo.io/DQmetj9KeZm5bsVWc9vSfYeVdjWjWt56ag5Msa5hCTRCj2Q/Hack%20pirate%20flag.png

Back in November 2023...

I wrote this long-winded 2000 word post about why it's impossible to 51% attack Bitcoin on a practical level within the current economic climate. This is something that even the most hardcore crypto enthusiasts and even career developers essentially fail to understand. So many of us live in this little bubble of what can happen in theory rather than what can happen in actual reality.

Recently I've been getting into debates within this vein, and not a single person I talk to seems to even understand what I'm talking about, which is disturbing on a certain level. I very much feel like so many of us in crypto have completely lost the plot in many respects. The technical knowledge of knowing what can go wrong does not sync up with how the world actually operates.

Take the Steem hostile takeover as the perfect example.

Look at what happened there. We got attacked in the most obvious way we couldn't have gotten attacked: a money-attack on a stake-based chain using a premine. It doesn't get any more obvious than that.

What wasn't obvious was the end result. Hive was created; we took away all the power of the entities attacking the chain. This was perfectly legal; a new token; a new brand. But even more interesting is that Steem copied our code and performed the same action right back at us. This was completely illegal and they lost a court case to prove it. That's the difference between WEB2 and WEB3 rulesets.

The exact same piece of code used in a slightly different context became a felony offense.

This is quite relevant to the concept of double-spend attacks. Reorganizing the BTC chain is not illegal, but leveraging it for theft is.

https://img.inleo.io/DQmR6WaXYemLwFkqobV2QU7j7ZMERbgttTNnPbFEHTby3UT/example.jpg


With the halving event in the rearview mirror and BTC fees spiking to the moon due to Rune Etchings: many are using this as an excuse to jump on the "Bitcoin is centralized" bandwagon. I not here to argue that point either way in this thought experiment. I'm only making the claim that double-spending is not possible even with majority hashrate.

Rather than go on another long-winded diatribe explaining all the reasons why a 51% POW attack is impossible... I will instead resort to the basic rules of science. All anyone has to do is prove me wrong. My hypothesis is simple: it is impossible to profitably perform this kind of attack within the modern environment. At this point I'm so confident of this assessment that I'll give $100 to anyone who can even come up with a relevant example to the contrary.

Think you can do it?

Who wants a free $100? Totally up for grabs.

All you have to do is answer some 'easy' questions:

1. Who is performing the attack?

The most obvious choice here would be a mining pool or a coalition of pools that join forces to attack the chain. But who knows: maybe you've got some wild theory about how Blackrock could pull it off or even a government agency.

2. Who is the victim?

Shouldn't be too hard to answer, right? Who is the entity that loses resources due to the attack?

3. What type of asset is stolen?

When Bitcoin is double-spent it has to be traded for something of value, otherwise the attack is completely worthless. So, which asset was stolen with the fake vaporous Bitcoin?

4. How much was stolen?

What's the dollar value of the theft?

5. Why does the victim have no recourse?

The victim has lost a certain resource to the attacker. Why can't they get that resource back? Why can't they sue the entity that blatantly robbed them?

6. How is the attack repeatable?

Is this something that can only happen once before everyone wises up to it? If so it's not a real threat unless the amount of money stolen is in the billions (or at least 9 figures). One-and-done smash-and-grabs need to reflect a much higher payload.

7. What does the attacker lose?

The perpetrator of this theft has pulled off a heist of epic proportions. Do we know who did it? Do they have a business (like a mining company)? Did they have a high standing and reputation within the community? Do they have to drop off the grid and look over their shoulder until the statute of limitations kicks in? Or did they get away with it like a ninja? Explain.

https://img.inleo.io/DQmfTFoYw3MJwQGXF4ARf2tY5s3DCQBoGp6TnQQjyhDNVEs/image.png

What's in the box, man?

Seven questions

Should be easy enough, amirite? I will give $100 to the first person who can convincingly answer these questions. Wow me. I would be shocked if anyone could convince me they've found the solution... or any solution that's even close to plausible for that matter.

Self assessment

After the questions are answered I'd like to see a self-assessment that answers two additional follow-up questions:

What's the chance of this happening?

Do you think the chance of this version of events happening in the order described has a good chance of happening vs other theories?

Do you think you could convince anyone that this is the most likely attack vector?

Say you went onto Crypto Twitter with this theory. Would you be able to convince anyone there that this is a reasonable attack vector? Or would they just look at you like a crazy person?

https://img.inleo.io/DQmccy4aKJMMdqAHfxFms921NbMzQ5ykaFgnvpfewV56jqq/question%20confusion.png

Why are these questions important?

The one unified standard between everyone that talks about the potential for an attack of this nature is that they NEVER answer any of these questions. Never. Ever. They will always keep it as vague and generic as possible because once they start getting into specifics the entire concept completely falls apart.

Here is how it goes every single time:

Mining is centralized so therefore Bitcoin can be 51% attacked.

That is where it begins, and that is where it ends. This is a zero-thought argument. Any type of follow up questions like the ones I just posed render it completely and utterly ridiculous.

For example:

If the attack is a doxxed entity like a mining company, hedge fund, or government... these people can't openly break the law like this and get away with it. They will be sued, and they will lose. Guaranteed.

The chance that a non-doxxed entity could acquire this level of hashrate is so close to zero we might as well call it zero. Was this true in in 2010 when we could mine a block on our laptop? Of course not. This is why I use terms like "in the modern economic climate". The passage of time has changed the ecosystem completely.

https://img.inleo.io/DQmX6KA1h7Bb1ugC25S9HvokA6F8dPcuz4U4BxK7CPDCF5k/no%20victim%20no%20crime.jpeg

Who is the victim?

Imagine the person double-spending Bitcoin wants to steal 20 Lambos. Well that's going to be tricky because how are you going to pay for 20 Lambos with Bitcoin and then reorganize the chain to take back your Bitcoin within the span of 30 minutes? Block reorganizations past one or two blocks are extremely unlikely, which is why all exchanges require a minimum of three confirmations.

Given these technical limitations it becomes obvious that the only possible victim of a chain reorganization is going to be an exchange, and the only asset that can be stolen is some other cryptocurrency who's operations aren't going to get reversed. In almost every other case the attack simply isn't going to make any sense whatsoever.

And even in the case of an exchange getting attacked it makes no sense. Imagine being an exchange and someone sends you millions upon millions of dollars in Bitcoin to a non-doxxed account. Then immediately after 3 block confirmations they dump it all for alts and instantly initiate a cash out to other chains.

Does anyone actually believe that this type of behavior isn't going to raise multiple red flags and get that account frozen? Any exchange that gets tricked by a move like this is simply incompetent. It's not a real threat, and at best it happens one time and every exchange immediately beefs up their security as a result. Consider it a hard-learned lesson at worst... and a completely ridiculous plan on the average since it would almost certainly fail and be incredibly expensive to even attempt.

What does the attacker lose?

Again a question that never gets asked, let alone answered. An attack like this is almost certainly going to tarnish the reputation of BTC. If the attacker has a bunch of BTC... then they are attacking themselves. If the attacker has a mining company: they are attacking themselves. If the attacker loses their business or reputation: they are attacking themselves. Make it make sense.

Conclusion

I hope I have more adequately explained this issue. For anyone who believes I don't have this completely figured out go ahead and try to answer my questions. There's potentially $100 in it for you. Putting my money where my mouth is on this one. Profitable block-reorganizations on Bitcoin have become an impossible feat. Bitcoin has reached "too big to fail" mode in this regard. It still has many other problems to work through but this isn't one of them.

Even if a single entity had 90% of the Bitcoin hashrate it would not matter within the context of double-spend attacks. Not only would this entity be doxxed, but also the Bitcoin network itself would simply fork to not allow reorganizations longer than a certain length (say 5-10 blocks). Bitcoin has much bigger problems to worry about other than this tired and outdated Byzantine Fault Tolerance debate.


Return from Bitcoin: Too Big Too Fail? to edicted's Web3 Blog

Bitcoin: Too Big Too Fail? was published on and last updated on 21 Apr 2024.