The block re-organization attack on the Bitcoin SV network is ongoing, but it appears to be under control according to the latest statements from Bitcoin Association.
The statement confirms that the attacks against the Bitcoin SV network—which started in early July—have resumed this week and are perpetrated “by a malicious actor attempting to illegally double-spend BSV coins.”
The attacks work like this: a miner accumulates hash power and creates a chain of competing BSV blocks in secret, which contain transactions written to benefit the attacker, such as by double-spending BSV by appearing to deposit it into an exchange wallet.
In general, when two versions of the same blocks are mined, the longest chain is the one accepted by the system. Therefore, if an attacker can collect enough hash power, they can create a chain at a faster rate than their honest counterparts which will also make it the longest. When the fraudulent chain is unleashed, the chain may be accepted—albeit briefly—as legitimate, along with the double-spend transactions.
The risk is that the attackers may be able to successfully deposit BSV from the attack with an exchange and then trade those for legitimate assets before the exchange is able to confirm the deposit. This apparently happened to Bitmart; it can be assumed they were targeted for having low block confirmation requirements, allowing the coins to be exchanged before the double-spend could be identified.
Though the attackers have made repeated reorg attempts—Bitcoin Association claims that they have detected three fraudulent chains so far—they are doomed to fail, as demonstrated by how the system has successfully reacted to repel them over the last month.
First off, the response from the Bitcoin SV Infrastructure Team was swift. After discovering the attack, they disseminated a command for nodes to use to invalidate the two fraudulent chains as well as a third one currently being attempted. The command—which has been a part of Bitcoin since the early days of BTC—will immediately return the node to the chain supported by honest miners, essentially freezing out the fraudulent chain.
Secondly, the honest hash power of the network is enough to consistently repel attacks like this. It has been known for a time that there are mining pools active on BSV which are ostensibly ideologically opposed to it. Given that there is an ambient threat of 51% attacks on any proof-of-work blockchain, it makes sense that these would have rallied to defend the Bitcoin SV network in this instance. A re-org or 51% attack—even if only attempted—is inconvenient for any chain looking for mass adoption.
The ecosystem has rallied and the consequences are coming
Two additional, general points seem important to note.
First, there does not yet appear to be any evidence that individual users have suffered any loss as a result of the attacks.
There seems to be some narrow scope for the attackers to have double-spent BSV accepted by exchanges.
Secondly, though it’s not clear at this stage if the latest attacks have resulted in successful double-spends, the course of action taken by the Bitcoin SV Infrastructure Team has ensured—thanks to Bitcoin—that it doesn’t matter. As the Bitcoin White Paper makes clear, invalid blocks are rejected by the system, and invalid blocks are those containing invalid transactions, such as double spends. As also assumed in the white paper, node operators are able and willing to consider the fraudulent chain as invalid and have every reason to execute the invalidateblock command released by the Bitcoin SV camp. When they do, the double spend ceases to be a part of the blockchain.
After all, this is how Satoshi Nakamoto expected Bitcoin to work. Honest nodes—the TAALs of the world—are engaged in a common enterprise with one another. They are heavily invested in the success of the system and are therefore incentivized to cooperate to identify and discard fraudulent chains.
As for recourse, Bitcoin Association has sent a strong message that the attackers will be brought to justice. While block reorganizations by themselves are not necessarily illegal—as organic block reorganizations are part of the Bitcoin system—an attack such as this will fall within a range of criminal and civil statutes in most jurisdictions. For example, the U.S. Computer Fraud and Abuse Act, violations of which are punishable by up to 20 years in prison. Hence Bitcoin Association is wasting no time in filing reports with law enforcement agencies, according to their statement on the subject.
Ultimately, the only significant permanent consequence of the attack is that there now exists on the BSV blockchain an immutable evidence trail, perfectly recording the fraudsters’ every move and—hopefully—ensuring they are brought to justice sooner rather than later.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.