Avoiding Blockchain’s Most Nefarious Crypto Hijackings

Put yourself in the shoes of a blockchain project’s leader. You’ve designed a product, assembled a team, attracted investors, sought help from advisors and nurtured an engaged community of supporters.

The road was winding and arduous, but the speculators finally stopped asking, “when token” long ago. You’re listed on CoinMarketCap and climbed the ranks long enough to reach the front page.

What began as an idea sketched on the back of a barroom napkin blossomed into a fully-fledged crypto network.

And now, after countless hours of toil — years, even — you’re proud of the Proof-of-Work blockchain you operate.

But in one fell swoop, one (or more) of the crypto industry’s quagmire-dwelling buckets of pus gains control of your network. And with that crypto catastrophe comes a world of hurt.

First up is minting long red candles on the trading charts. Plus, loss of trust in your ability to maintain blockchain security plops your project’s image right in the toilet.

So, in addition to your bottom line taking a hit — upwards of a massive $1M in some instances — public embarrassment adds insult to financial injury.

Not too long ago, 51% attacks fell into the category of ‘possible but highly unlikely.’ Today, they’re a growing threat.

And now that this style of pickpocketing has escaped the realm of imagination to become a real-world problem, it’s time to take 51% attacks seriously.

The good news is that blockchain innovation has spawned a solution. An invention from the Komodo Platform — delayed Proof of Work — stops 51% from becoming successful.

Now, before I share more, please know this:

Disclaimer: This is not investment or financial advice. Information within this article is primarily speculative opinion, and for entertainment purposes only.

Always conduct your own research before involving yourself with any project — in or out of the blockchain industry. The author holds Komodo Platform’s $KMD cryptocurrency. Did you make it this far? Congratulations!

You’ve undoubtedly heard the adage, “what goes around, comes around.” Sadly, most of the world’s bad actors either ignore this universal truth or fail to realize that thievery is the bedrock of their ongoing financial woes.

Whether your modus operandi is giving to the universe or taking from it, you always end up with more or less than what you put in. Scammers may briefly pull ahead, but in the long run, they can’t win. But I digress.

Now, why do the morally bankrupt choose to attack blockchain networks in addition to trolling social media? The answer is simple: Because they can merely use a cloud-mining service to rent the power needed to pirate a chain.

Courtesy of Andre Mouton via Pexels

Transactional Mirroring

The ultimate goal of a 51% attack is to spend the same funds twice. These ‘double spend’ network takeovers are the blockchain equivalent of counterfeiting fiat.

And 51% crypto heists rely heavily on stealth and quickness. It goes like this:

• Rent enough computational power — aka hashrate — to gain majority control of a network.
• Covertly mine blocks (mint new coins) on a fraudulent chain running parallel to the main blockchain.
• Transmit counterfeit crypto to an exchange for liquidation (spend #1).
• Continue to quickly mine fake blocks until the fraudulent chain becomes longer than the mother chain.
• Become the mother chain by announcing the fraudulent chain’s presence to the remaining 49% of the network.
• Now that the network mistakenly considers the new chain to be legitimate, there’s no longer a record of spend #1, and the bogus transaction repeats (spend #2).

Eventually, exchanges will discover anomalies and suspend trading during a blockchain invasion. But it may be far too late by then.

Although networks with relatively low overall hashrates are easy targets, stronger chains aren’t immune to hostile takeovers.

Look no further than Ethereum Classic to find an example. In January of this year, pirates pilfered over $1M in about an hour. Before the attack, the team’s devs most likely thought it’d never happen to them. Until it did.

And here’s the kicker — the ROI for 51% attacks can be as extravagant as legitimate crypto gains.

For instance, according to this PoW 51% attack cost calculator, hijacking SmartCash — with its $17M MarCap and over $270k in daily trade volume — will set you back a paltry $29 per hour.

That makes SmartCash a tempting and potentially lucrative target for hackers. And there are plenty more chains currently ripe for the plucking.

So, what can the industry’s PoW blockchains do to protect themselves? Leverage the security of the world’s first cryptocurrency; that’s what.

Safeguarding PoW Blockchains

Spend enough time in cryptoland, and you’ll learn that it’s risky to keep significant amounts of crypto on exchanges.

Centralized versions of cryptocurrency trading houses see breaches more often than PoW networks — anyone can surmise that exchanges hold untold fortunes of coins and tokens.

Although this concept is counterintuitive to the blockchain industry’s newcomers, the crypto you hold on exchanges isn’t truly yours. Why not? Because technically, you don’t own the private keys for any of the wallets in your account dashboard; the exchange does.

As the saying goes, “not your keys, not your crypto.”

And this specific need for enhanced security created a new market for crypto hardware wallets. A physical form of defense is now widely used throughout the industry.

Which means that if you’re serious about security — which should be paramount for any crypto enthusiast — you get a Ledger or Trezor or KeepKey. Or, you can make your own hardware wallet using a smartphone.

Similarly, there’s no longer a need for PoW networks to lay their blockchains bare, practically inviting hackers to invade.

Leaving a PoW network vulnerable to 51% attacks is as dangerous as keeping large amounts of crypto on a centralized exchange.

Backed by BTC Itself

There’s no stronger hashrate than what’s powering the bitcoin network. And it’s this strength — combined with decentralization — that makes bitcoin so secure.

Aside from a close call during bitcoin’s infancy, the network has never endured a successful 51% attack.

Simply put, modern hackers don’t bother trying to disrupt bitcoin because it’s a case of wasted effort — there are plenty of other chains putting up much less resistance.

So, since nobody messes with bitcoin, it’s the safest distributed ledger on which to store backups of your blockchain.

And that’s the essence of Komodo’s Blockchain Security Service — currently available to any UXTO-based chain.

10-Minute Windows

If you recall, the goal of a 51% attack is a double-spend. Not accounting for unforeseen congestion, today’s average settlement time on the bitcoin network is 10 minutes.

In other words, when you send bitcoin, it takes about 10 minutes — and sometimes an hour or more — before the recipient see the funds hit their wallet.

Now, if performing just one bitcoin transaction takes 10 minutes or more, you tell me how a fraudster will conduct two before running out of time.

So, what’s Komodo’s delayed Proof of Work do, exactly? Well, my friend, the process is a stroke of genius:

1) Every minute, the mechanism takes a snapshot to record the balance of every address on every chain utilizing Komodo’s security services.

2) Every ten minutes, snapshot information embeds into a block on KMD’s main chain.

3) The mechanism takes a snapshot of the KMD chain — like a snapshot containing a snapshot.

4) Snapshot info embeds within a block in the bitcoin network.

For a successful 51% attack to occur on Komodo-protected chains, the Dread Pirate Roberts would need to simultaneously overpower the bitcoin network, the Komodo network, as well as the targeted chain. All in the span of 10 minutes.

Now, if you’re one of the chains already using Komodo’s invention, you can feel confident knowing your chain is on constant lockdown. Conducting business without a ginormous target on your back can only help your cause.

And speaking of current customers, you may recognize a few.

Komodo Security Alliance

Multiple blockchain projects now count on Komodo’s dPoW to shelter them against 51% infiltration.

Excitingly, the tech’s already proven itself effective. The Einsteinium project recently experienced an attempted 51% attack. The crooks, thanks to Komodo’s dPoW, were unsuccessful in their quest for booty.

Projects currently using or planning to integrate dPoW into their code are:

Einsteinium ($EMC2) | GameCredits ($GAME) | GINcoin ($GIN) | HempCoin ($THC) | Hush ($HUSH) | Kreds ($KREDS) | SUQA ($SUQA) | Zaddex Exchange

Hopefully, you’re already aware of the most recent dPoW addition: RedFOX Labs, a blockchain startup that builds blockchain startups.

And in case you’re unfamiliar with Southeast Asia’s newest incubator, this article will get you up to speed:

Blockchain’s Unicorn Replicator

Please leave a comment below if you’re aware of any dPoW projects I missed!

Wrapping Up

Komodo’s security service is similar to an insurance policy for your automobile. But car insurance can’t fully protect you against the road’s surplus of bad drivers.

On the other side of the token, protection from 51% attacks keeps your blockchain away from the crypto industry’s bad actors.

And if you’re the person or group calling the shots for securing a PoW network, you must ask yourself if remaining unprotected in today’s crypto environment is worth the risk.

Between the ceaseless barrage of scammers on Telegram and Twitter to the phishers and launchers of crypto-mining malware launchers, the blockchain is far from a secure environment.

You need to stay on your toes if you expect to keep your digital assets safe.

Decision makers for any PoW project already have enough on their mind. And by using Komodo’s dPoW invention, they can cross 51% attacks off their list of crypto worries.

Shameless Plug

If you enjoyed what you just read and would like help getting your crypto message to the masses, I’d love to hear about your project.

Even if you only want to chat about crypto or your favorite blockchain innovations, you can find me here: blockchainauthor at Gmail

And, you can always reach out on Crypto Twitter

Avoiding Blockchain’s Most Nefarious Crypto Hijackings was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.