Someone’s planning to livestream a crypto 51% attack on Einsteineum
Einsteineum (EMC2) has been involuntarily nominated for a science experiment.
Someone has announced their intention to live stream a 51% attack against a minnow cryptocurrency called Einsteineum.
A 51% attack is when someone uses a sizable amount of hashpower, and money, to launch a specific type of cryptocurrency attack. It's called a 51% attack because it typically depends on the attacker having control of at least 51% of the coin's network hashing power.
This hashing power can be bought, rented and stolen in various ways. Getting 51% hashing power on many networks is extremely easy. The only question is whether you can afford it, and whether the benefits will be worth the cost.
Where, when, why and how?
The how of the attack might be fairly self explanatory.
Einsteineum uses the Scrypt mining algorithm (the same as Litecoin, Dogecoin and many others), but due to its low price only commands a tiny fraction of the total Scrypt hash power market.
Basically, if someone has a Scrypt miner they make more money using it for Litecoin, Dogecoin or another coin than they do for Einsteineum, so that's what they mine instead. The end result is that Einsteineum has an extremely low hash rate, which means anyone can just rent some power on Nicehash to get the requisite 51%. In this case, it's estimated to cost about $20 an hour.
The attacker will probably just be using a bit of rented hashing power to pull it off.
Einsteineum, the intended attacker said, is "the biggest, most established coin I can afford to attack".
Its market cap is currently $17.5 million, ranking it number 246 according to CoinMarketCap. It's relatively unknown, but might still be a little too big and valuable to be running around as vulnerable as it is. But it's unlikely that the attacker will profit from this attack though, except through donations from curious stream-viewers.
This is because the real moneymaker in a 51% attack comes from targeting exchanges. This is how someone managed to pull about $18 million in the Bitcoin Gold 51% attack.
The idea is that with enough hashing power an attacker can carry out the old "coin on a string" trick, where you put a string on a coin, spend that coin in a vending machine and then use the string to pull it back out. Except in this case the coin is cryptocurrency, the vending machine is an exchange and the string is a lot of hashing power.
Majority control of hashing power doesn't let someone just create coins out of thin air, but it does let them reverse or undo certain transactions by independently forking the network.
So when attacking exchanges, the attack involves selling funds on the exchange (typically in exchange for bitcoin), then pocketing the bitcoin, then forking the network to recover one's coins. Now the attack has both the bitcoin and the original coins, at the expense of the exchange.
But word travels fast, and it's unlikely that someone can pull this off too many times before exchanges catch on. At this point, they can increase the number of confirmations required for deposits. This is analogous to increasing the size of the vending machine so you need a longer string.
This is probably also why Poloniex delisted Einsteineum recently, and increased the number of confirmations required before they did; they realised Einsteineum was bait for an inevitable 51% attack and didn't want to risk it.
In this case, with only a small handful of exchanges still trading Einsteineum and the attack being live streamed, it's safe to say no one's going to be falling for it. The real "why" here is apparently just idle curiosity, it seems, and any profit they have leftover from donations. The wallet address the attacker gave seems to have received a couple of donations already.
Where and when?
The attack is scheduled for Saturday 13 October 4am EDT, and will be streamed on https://www.twitch.tv/geocold.
That's coming right up, so it might be unlikely that Einsteineum will be able to fork quickly enough away from Scrypt to prevent it.
If it's any consolation to future victims, the self-proclaimed goal of Einsteineum is to generate funds for scientific research through network fees and promote education. It might not pass an ethics board, but being the guinea pig in a public 51% attack sounds right up Einsteineum's alley.
Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VET, XLM, BTC, ADA