A 51% Attack Exposes Vertcoin’s Greatest Strength as a Fatal Flaw

Vertcoin is a project with a laudable mission. It’s described as a “decentralized peer-to-peer cryptocurrency,” which you might think already exists in the form of bitcoin and, well, just about every other cryptocurrency out there.

But while bitcoin is peer-to-peer, and supports decentralization in principle, in practice the vast majority of the mining power that maintains the network is concentrated among a small group of giant mining pools. To maximize returns, these pools invest their profits into custom-built hardware—application-specific integrated circuits, or ASICs—which are optimized to do nothing other than mine bitcoin.

This was the rationale for creating Vertcoin. The hashing algorithm is intentionally optimized for graphics cards (GPUs), which are reasonably efficient at performing cryptographic hash functions but also widely available, commonly used for the kind of high-performance processing needed for gaming, video rendering, and, increasingly, A.I. systems.

The logic behind this was that being able to mine profitably with consumer-grade hardware would keep Vertcoin mining decentralized, perhaps even more true to the original vision of cryptocurrency. But a recent attack on the Vertcoin network has exposed a critical flaw with this decentralized, non-professional mining, and as some have argued, with ASIC-resistant coins as a whole.

A 51% attack occurs when a miner manages to accumulate a majority of the hash power in a cryptocurrency network, and uses this to rewrite the blockchain, which it can now unilaterally alter. In theory an attacker with more than half the network hash power can block any new transactions, and also reverse transactions that were previously confirmed by the network, allowing them to double spend coins.

The latter is what has happened in the case of Vertcoin, where attackers managed to steal approximately $100,000 by double spending transactions through a carefully planned series of attacks in October, November, and December of this year.

The attacks were brought to light by Mark Nesbitt, a security engineer at Coinbase. In a Medium post Nesbitt provided an analysis of the attack, including this helpful graphic:

Nesbitt’s analysis shows that once it controlled the majority hash power, the attacker performed chain reorganizations, or “reorgs,” where an alternative version of the blockchain is created in secret starting from a previously mined block, and then switched for the current chain at a crucial point (such as when a large transaction has been made).

In an email to BREAKER, Vertcoin developer Gert-Jaap Glasbergen said that the main enabling factor for the attack was the availability of cheaply available hashing power through the cloud mining marketplace Nicehash, and the relatively recent development of ASIC machines for the Lyra2REv2 algorithm used by Vertcoin.

Essentially, buying and installing the hardware necessary to carry out such an attack would be laborious and involve a lot of overhead cost, but temporarily renting the hash power is a much more viable proposition for would-be cybercriminals.

According to Crypto51, a website that estimates the theoretical cost of a 51% attack against a range of cryptocurrencies, the cost of launching a 51% attack on Vertcoin would be only $200 per hour at time of press, a trivial sum compared to the potential rewards. (For comparison, to mount one hour of a 51% attack on bitcoin would cost more than $300,000, although in practice no cloud mining marketplace could supply the necessary hash power.)

Glasbergen also emphasized that the main risk from the 51% attacks Vertcoin has suffered is from double spending, writing:

“Transactions in blocks that get reorg’d out that weren’t double spent are still valid, and they can be included in future blocks (usually attackers even include them still in the privately mined blocks because it earns them the transaction fees too). Double spending can only be done by the original sender of the coins—so an attacker can only double spend his own coins, not someone else’s. So the main risk of 51% attacks and blockchain reorgs is with people [who] accept the blockchain’s asset; and mostly when they do so in large amounts in exchange for virtual goods or services that are non-reversible.”

Glasbergen and Nesbitt were both in agreement that those with the greatest exposure to losses from double spending are exchanges, where large sums of one cryptocurrency are traded for another. Reversing the transaction that made a deposit into the exchange’s account after a trade was made would mean that the attacker effectively received the second currency for free.

As someone responsible for the security of a large exchange, Nesbitt makes a deeply critical assessment of the Vertcoin attack (and ASIC-resistant coins in general) in his Medium post:

“Unless the dominant application of the underlying hardware used to mine a cryptocurrency is actually to mine the cryptocurrency, there will always be a significant risk of a 51% double spending attack,” he writes. “[T]he observations above strongly suggest that pursuit of ASIC-resistance in a coin is counterproductive to the coin’s security. “

While conceding that the attack had made the Vertcoin blockchain unreliable, Glasbergen said the development team was implementing two network upgrades to combat the problem: First, switching the hashing algorithm to Lyra2REv3, making ASICs specialized for the previous algorithm redundant, and later introducing an entirely new algorithm designed to eliminate the possibility of mining bursts with rented hash power.

Despite the attack, the team was still committed to mining with commodity hardware and trying to resist centralization, Glasbergen said. But with confidence in Vertcoin damaged, it remains to be seen whether exchanges and the general user base will share in that goal.