Someone’s planning to livestream a crypto 51% attack on Einsteineum

Andrew Munro 8 October 2018 NEWS

Einsteineum (EMC2) has been involuntarily nominated for a science experiment.

Someone has announced their intention to live stream a 51% attack against a minnow cryptocurrency called Einsteineum.

A 51% attack is when someone uses a sizable amount of hashpower, and money, to launch a specific type of cryptocurrency attack. It's called a 51% attack because it typically depends on the attacker having control of at least 51% of the coin's network hashing power.

This hashing power can be bought, rented and stolen in various ways. Getting 51% hashing power on many networks is extremely easy. The only question is whether you can afford it, and whether the benefits will be worth the cost.



Where, when, why and how?

How

The how of the attack might be fairly self explanatory.

Einsteineum uses the Scrypt mining algorithm (the same as Litecoin, Dogecoin and many others), but due to its low price only commands a tiny fraction of the total Scrypt hash power market.

Basically, if someone has a Scrypt miner they make more money using it for Litecoin, Dogecoin or another coin than they do for Einsteineum, so that's what they mine instead. The end result is that Einsteineum has an extremely low hash rate, which means anyone can just rent some power on Nicehash to get the requisite 51%. In this case, it's estimated to cost about $20 an hour.

The attacker will probably just be using a bit of rented hashing power to pull it off.

Why?

Einsteineum, the intended attacker said, is "the biggest, most established coin I can afford to attack".

Its market cap is currently $17.5 million, ranking it number 246 according to CoinMarketCap. It's relatively unknown, but might still be a little too big and valuable to be running around as vulnerable as it is. But it's unlikely that the attacker will profit from this attack though, except through donations from curious stream-viewers.

This is because the real moneymaker in a 51% attack comes from targeting exchanges. This is how someone managed to pull about $18 million in the Bitcoin Gold 51% attack.

juicy crypto words

The idea is that with enough hashing power an attacker can carry out the old "coin on a string" trick, where you put a string on a coin, spend that coin in a vending machine and then use the string to pull it back out. Except in this case the coin is cryptocurrency, the vending machine is an exchange and the string is a lot of hashing power.

Majority control of hashing power doesn't let someone just create coins out of thin air, but it does let them reverse or undo certain transactions by independently forking the network.

So when attacking exchanges, the attack involves selling funds on the exchange (typically in exchange for bitcoin), then pocketing the bitcoin, then forking the network to recover one's coins. Now the attack has both the bitcoin and the original coins, at the expense of the exchange.

But word travels fast, and it's unlikely that someone can pull this off too many times before exchanges catch on. At this point, they can increase the number of confirmations required for deposits. This is analogous to increasing the size of the vending machine so you need a longer string.

This is probably also why Poloniex delisted Einsteineum recently, and increased the number of confirmations required before they did; they realised Einsteineum was bait for an inevitable 51% attack and didn't want to risk it.

In this case, with only a small handful of exchanges still trading Einsteineum and the attack being live streamed, it's safe to say no one's going to be falling for it. The real "why" here is apparently just idle curiosity, it seems, and any profit they have leftover from donations. The wallet address the attacker gave seems to have received a couple of donations already.

Where and when?

The attack is scheduled for Saturday 13 October 4am EDT, and will be streamed on https://www.twitch.tv/geocold.

That's coming right up, so it might be unlikely that Einsteineum will be able to fork quickly enough away from Scrypt to prevent it.

If it's any consolation to future victims, the self-proclaimed goal of Einsteineum is to generate funds for scientific research through network fees and promote education. It might not pass an ethics board, but being the guinea pig in a public 51% attack sounds right up Einsteineum's alley.


Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VET, XLM, BTC, ADA

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Crypto explained


Latest cryptocurrency news

Picture: Shutterstock

Latest crypto guides

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Ask a question
Go to site