Time warping, mining vulnerabilities, DOS attacks, and more.
Cryptoenthusiasts like to tell ordinary people about the reliability and security of the blockchain protocols that their favorite Coin work on. Indeed, the largest cryptocurrencies, such as Bitcoin or Ethereum, provide a decent level of security, and perhaps do it better than any other digital asset or payment system in history. This is a rather big achievement, considering that these cryptocurrencies are not secured and controlled by no one.
Many, however, dare to assert that the mentioned cryptocurrencies are impossible to crack in principle. This is at least a tactical miscalculation, since in some cases such statements can put a person in an awkward position. For example, if the currency is still hacked.
In such cases, if nothing else remains, it is necessary, perhaps, at least to explain.
Last month, an unidentified hacker hacked Verge, a relatively small cryptocurrency with a focus on user anonymity. Between April 4 and 6, an unknown hacker managed to take control of the Verge network three times for several hours, during which other users could not make payments. To make matters worse, during these intervals, the hacker was releasing fake Verge coins at a rate of 1 coins (roughly $ 560) per second. As a result, the hacker “minted” cryptocurrencies worth over $ 80 million.
This situation can be called catastrophic without exaggeration. Verge hacked into a big one.
But who is to blame? Was this a Verge developers mistake, a fundamental crypto protocol flaw or something else? Can this happen with larger cryptocurrencies, and if so, how to avoid it?
With this kind of hacking, many details are always unclear. However, in this case, you can identify the main vulnerabilities:
Timestamp Spoofing: Inadvertent Errors or Dangerous Lies?
At first glance, this vulnerability may seem like a bug, but in fact it is a special feature for creating “inaccurate” time stamps. In blockchain protocols, individual transactions (usually transfers between network participants) are grouped into a single unit, which is then verified. Each block has a time stamp on the date of its formation. Even if the blockchain protocol is working normally, the sequence of these marks can be broken — for example, the 100 block may have a time stamp that goes after block 101. This is due to the fact that in decentralized networks that refuse to grant rights to third parties, it is not at all easy to establish correct time synchronization.
Given the unpredictable amount of time it takes for data to propagate through a peer-to-peer network, blocks may well appear “out of order”, even if all parties conduct transactions in good faith. In other words, there is at least some flexibility in this respect; in the case of Verge (at least before the hack), the protocol allowed the nodes to "disagree" about the current time indicated in the block, and the desynchronization could take up to two hours.
The hacker began his attack with a fake time stamp. He sent the blocks as if from the past, but not going beyond the permissible 2 hours, which means that these blocks remained acceptable for the rest of the network nodes.
The reason that this could ultimately affect the security of the network lies in the nature of mining for Proof-of-Work-networks.
Mining difficulty: walls protect only if they are high
To decentralize the Verge network, you need to ensure that small devices (such as MacBooks) can run the network software. This, in turn, leads to limiting the volume of payments in the network, i.e. to setting a target time for a block (and, as a consequence, to limiting the number of transactions per second). The Verge network was running at 1 block every 30 seconds. Given that the network is decentralized, a reasonable question can be asked: what prevents participants from sending blocks at a much higher speed? This is a non-trivial problem: if each confirmed block brings a reward to the one who formed it, then it is beneficial for the miner to confirm as many blocks as possible.
In short, the solution to this problem is the solution of the proof of work protocol. In order for the network to validate a block, it must contain a solution to a cryptographically complex computational problem that comes directly from the data in the block itself. The nature of this problem is such that its complexity can be easily changed. Verge aimed to form 1 block in 30 seconds, and the mining difficulty was constantly adjusted based on the current block confirmation rate; if users decided to allocate more power to mining and generating Verge blocks, and these blocks were generated faster, then the protocol increased the difficulty of mining, and block confirmation slowed down. Conversely, as the power decreases and the time to generate a block increases, Mining became easier. Thus, when working correctly, when external factors change even in the real world - economic fluctuations, in the market prices of cryptocurrencies, in energy markets, the rise and fall of empires, etc. - the Verge network constantly reacted to changes and sought to bring the formation of blocks into unit of time to the target.
The algorithm Verge uses to calculate the current complexity of the tasks is called Dark Gravity Wave; it calculates the weighted average of the block confirmation rate over the period in 2 hours. This is a complex algorithm, and the details here are not particularly significant. It is important that the complexity of mining depends on the speed of the formation of the last blocks, and the calculation of this speed, of course, is associated with time stamps.
This is precisely the problem: if you create a sufficient number of erroneous time stamps, the balance is disturbed. This is exactly what the hacker did - the data from the blockchain show that throughout the entire time of the hacking (s), every second block was sent with a time stamp about an hour before the current time, which greatly confused the algorithm for setting the complexity of mining. If the protocol had a mind and could talk, it would have said something like, “Oh no! Something has not been forming enough blocks lately! Probably, the complexity of mining is too high - it is necessary to reduce it! ”
Since time stamps were constantly forged, the protocol continued to reduce the complexity of the tasks until the mining became ridiculously simple. For a common understanding: the average complexity of the task in hours was equal to 1393093,39131 hours, and during the attack it fell to 0,00024414, i.e., the complexity of mining decreased by 99.999999%. The smaller the complexity of the task, the more blocks can be formed and sent to the blockchain; as a result of the attack, one block was sent in just 1 a second.
The originality of the attack lies in the fact that the hacker bypassed the restriction on the complexity of mining, and did not break through it. Imagine that the security system is a wall that surrounds the network, this wall is too high and strong, you cannot break it, and you cannot climb it. Hacker also found a way to make it lower - and just stepped over it.
That this vulnerability was not obvious is alarming. Such an open attack on the protocol will lead to a deterioration in the reputation of the network. In addition, the increased rate of block creation allowed for the creation of many more Verge coins than envisioned by the protocol. If you are an economist who advocates a reliable currency with predictable stock-to-flow ratios, this situation should worry you.
However, reducing complexity is still half the trouble; in itself, this would in fact not give the attacker any advantage. With reduced complexity, the formation of blocks really became much easier for a hacker, but just as well it became easier for all the others - miners continue to compete with each other, as always. In this situation, we assume that, although the blocks are generated faster, successful miners should remain distributed and democratic, as before. To put it another way: regardless of the complexity of mining, in order to capture the network, an attacker will still need to control at least 51% of the system's power.
However, this hacker really captured the entire network and managed to do it with far fewer resources than 51% of the total hashrate. He achieved this by exploiting the second component of this vulnerability associated with the use of several mining algorithms in Verge.
To be continued ...