Vertcoin suffered its second 51% attack on December 1st where coins were double-spent and 603 blocks were replaced by the attacker’s transactions, raising questions about network security within the cryptocurrency space and highlighting the need for proof-of-work cryptocurrencies to employ advanced security features such as Dash’s ChainLocks.
— Crypto Briefing (@crypto_briefing) December 2, 2019
On December 1st, 603 blocks were reportedly removed from Vertcoin’s main blockchain and replaced by 553 blocks mined by an attacker, in addition to five recorded double-spends (transactions that were sent to one destination but later sent to a separate destination, overriding the original transaction) and a total of 125 VTC (valued $29) was sent to the hacker’s address. Once the attack became clear, Vertcoin’s most trafficked exchange by real volume, Bittrex, disabled withdrawals on the exchange.
Evidence points to Nicehash being utilized for the attack since rental prices for Vertcoin’s mining algorithm, Lyra2REv3, significantly increased on November 30th. James Lovejoy, leading developer for Vertcoin, said that the attacker spent between 0.5-1 BTC to perform the attack, but the attack was unprofitable since the total value of the attack was around 0.44 BTC. Lovejoy also pointed out that since “the reorg was just deeper than 600 blocks (Bittrex’s confirmation requirement for VTC), it is possible that Bittrex was the original target”.
Vertcoin is ranked 195 on CoinMarketCap and has a market cap of 12,142,411 USD at time of writing.
Economic incentives affecting cryptocurrency security
Incidents such as Vertcoin’s 51% attack draw into question older cryptocurrency security models. Cryptocurrencies that utilize proof-of-work methods rely on computers solving complex algorithms to protect the blockchain and keep the network secure against malicious hackers that want to reorganize the chain in their favor, censoring or reversing transactions and potentially stealing funds. However, the amount of computing power that honest actors dedicate towards mining a specific coin can vary based on its fiat exchange price and whether or not it is profitable based on capital investments, energy use, and opportunity costs. This dynamic is further complicated by the fact that Vertcoin pitches itself as ASIC-resistant “through regular mining algorithm changes introduced via hardfork”. This means that most of their miners are comprised of GPUs rather than ASIC machines specialized around the coin’s specific mining algorithm, which is better for decentralization and being accessible to smaller players. However, this also means that hashrate can be applied to many different algorithms, reducing the incentive for miners to safeguard the security of a single particular chain, where ASICs are mostly locked into a specific algorithm after it is built and specialized around the security of a certain coin. This significantly increases economic costs of attacking a major chain as specialized mining equipment will be rendered obsolete.
Prior research has shown that many coins are more vulnerable to 51% attacks than previously thought since any would-be miner can easily rent hashrates for different algorithms, which could give them the extra boost needed to surpass the 51% threshold. Additionally, even popular coins like Bitcoin and Litecoin have a significant concentration of mining power belonging to only a few major mining pools.
Dash’s ChainLocks presents a solution to mitigate 51% attacks
The recent Vertcoin incident emphasizes the growing need for proof-of-work cryptocurrencies to implement additional security features such as Dash’s ChainLocks. When the cryptocurrency community realized the increasing threat of 51% attacks, Dash prioritized developing a solution to better mitigate these issues, deploying 51% attack protection called ChainLocks that leverages masternodes to lock in the first seen block on the network, rendering it and its transactions irreversible. This has potentially rendered the Dash network more secure than major networks such as Bitcoin.