51% attack livestreamer banned while hacking Bitcoin Private

Andrew Munro 19 October 2018 NEWS

They made it look easy, until their stream was shutdown.

Last week an anonymous chap going by the handle GeoCold – a reference to George Hotz's hacking alias of "GeoHot" – decided to livestream a 51% attack on the minnow Einsteinium cryptocurrency for the sake of science.

A 51% attack is when you gain a majority of a coin's mining power, then use that to fork into your own longer chain which eventually overwrites the "real" chain.

The day came and went on 13 October, but not entirely as planned.



Change of plans

The first change was that Einsteinium was off the hook. GeoCold decided to go for a bigger target, which he had said might happen if enough donations arrived. He raised some $800 for the attacks, he said on Reddit, which was enough to go after some larger game.

In this case that game was Bitcoin Private, a moderately ill-fated-to-date cryptocurrency that has experienced a constantly declining price since its fork, events like developers running off with project funds and now a public 51% attack.

It's a quite soft target, with a few hundred bucks being enough to take control of the network for long enough to execute a successful attack.

It started off according to plan, and GeoCold managed to yank 70% of Bitcoin Private's hashing power. He was about to fork it, he said, when he was banned from the streaming platform. He was first banned from Twitch, and then another platform.

The not entirely inaccurate reason given was "attempts or threats to harm."

GeoCold shared the following step by step guide to 51% attacks with BleepingComputer. He says he got up to Step 6 before the stream went down, and then did Step 7 offline, and could have completed the demonstration but would rather have done so with an audience.

That he got that far suggests an actual exchange somewhere did fall victim to the attack, buying some of the soon-to-disappear BTCP from GeoCold.

Given how many coins are vulnerable, and how apparently easy it is to successfully pull off an attack, it really is a wonder why it doesn't happen more often.

How to 51% attack

  1. "Get two servers with the same wallet running on it.
  2. On one server setup a mining pool, we’ll call this the offline server.
  3. Disconnect that server’s wallet from all its peers on the network.
  4. Send a transaction from address A (which is on both wallets/servers) to address B which is just an arbitrary address we also own.
  5. Then, start mining with a greater hashrate than 50% the hashrate of the coin so that we can consistently (in aggregate at least) get a longer blockchain than the normal network.
  6. Next, on the online server/wallet, we send the money we just sent on the offline server to an exchange. We wait for it to deposit to go through and then exchange it for another coin like Bitcoin and withdraw that.
  7. By this point, we’ll have a longer blockchain on our offline server that contains a transaction that conflicts with the one we just sent to the exchange.
  8. We take the offline server online and then the world is told about our new, longer blockchain and they all use it because it’s longer. They go through and merge their chain with mine and in doing they see that there’s a conflicting transaction (the on to the exchange and the one from wallet A to wallet B). They pick the one from A to B because it’s part of the longer chain.
  9. Boom, you’re done, you’ve doubled your money via crypto magic."

Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VET, XLM, BTC, ADA

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Crypto explained


Latest cryptocurrency news

Picture: Shutterstock

Latest crypto guides

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Privacy & Cookies Policy and Terms of Use, Disclaimer & Privacy Policy.
Ask a question
Go to site