Bitcoin security guarantee shattered by anonymous miner with 51% network power

Cornering the Bitcoin market may be easier than cornering orange juice futures.
Paramount Pictures / Aurich Lawson

For the first time in Bitcoin's five-year history, a single entity has repeatedly provided more than half of the total computational power required to mine new digital coins, in some cases for sustained periods of time. It's an event that, if it persists, signals the end of the crypto currency's decentralized structure.

Researchers from Cornell University say that on multiple occasions, a single mining pool repeatedly contributed more than 51 percent of Bitcoin's total cryptographic hashing output for spans as long as 12 hours. The contributor was GHash, which bills itself as the "#1 Crypto & Bitcoin Mining Pool." During these periods, the GHash operators had unprecedented powers that circumvented the decentralization that is often held up as a salient advantage Bitcoin has over traditional currencies. So-called 51 percenters, for instance, have the ability to spend the same coins twice, reject competing miners' transactions, or extort higher fees from people with large holdings. Even worse, a malicious player with a majority holding could wage a denial-of-service attack against the entire Bitcoin network.

Like tremblers before a major earthquake, most of GHash's 51-percent spans were relatively short. Few people paid much attention, since shortly after a miner loses the majority position, it also loses its extraordinary control. Then, on June 12, GHash produced a majority of the power for 12 hours straight, a sustained status that enables precisely the type of doomsday scenario some researchers have warned was possible.

Read 8 remaining paragraphs | Comments

Listen to the results of our Internet spy project

In conjunction with penetration testing firm Pwnie Express, our own Sean Gallagher spent a week tapping the Internet traffic of National Public Radio (NPR) tech reporter Steve Henn, hoping to learn what passive surveillance can glean in the post-Snowden world. It turns out that, despite more encryption, personal data still leaks like crazy from apps, services, and websites, as we detailed in our 5,000 word report on the experiment.

This week, NPR aired a series of four radio pieces on Morning Edition that ran through the experiment and its results with an eye toward more mainstream Internet users. Henn did a terrific job making the project accessible and interesting. Together, the pieces form a nice 30-minute primer on just how much data all of us are leaking in the clear on a daily basis. If you haven't had a chance to check out the series, which concluded on Friday, take a listen—and then pass the links along to any friends and family who could use an education in online privacy (and the lack thereof).

Listen to NPR's "Project Eavesdrop"

Read on Ars Technica | Comments