BTC.top and BTC.com Execute 51% Attack On Bitcoin Cash Amid Upgrade Confusion

The Bitcoin Cash 51% attack has been entwined with complexities relating to an upgrade and bug exploitation. 3,796 BCH was double spent as a result of the attack with evidence indicating that the upgrade and bug are not necessarily related. Reactions regarding the event have so far been mixed.

Quick take;

  • A 51% attack was coordinated by the BTC.top and BTC.com mining pools which resulted in 3,796 BCH being double spent
  • Prior to the 51% attack, a bug was exploited during an upgrade of the network that caused the production of six empty blocks but this event is not necessarily related to the attack
  • Reactions regarding the event have been mixed with some applauding it and others viewing it as undermining a key property of decentralized payment networks

Herein, Bitcoin Cash will be used to refer to the decentralized payment network. BCH will be used to refer to the cryptocurrency which operates on the Bitcoin Cash network.

A 51% attack successfully coordinated on the Bitcoin Cash network has quickly been brushed past. The 51% attack was successfully coordinated by the BTC.top and BTC.com mining pools.

Prior to the 51% attack, a bug was exploited during a Bitcoin Cash network upgrade which resulted in both a chain split and the mining of empty blocks. This served to spark much confusion and uncertainty and may be one of the reasons why the 51% attack was quickly forgotten.

The Bitcoin Cash 15th May Upgrade

The upgrade of the Bitcoin Cash network was scheduled to take place at 12 pm UTC on the 15th of May. This upgrade is part of Bitcoin Cash’s policy to upgrade the network via a hard fork every six months. As part of this particular scheduled upgrade, a rule known as CLEANSTACK was scheduled to be removed. CLEANSTACK makes BCH which has been sent to SegWit P2SH addresses unspendable. The removal of CLEANSTACK would make them spendable again.

With the BCH which had been sent to SegWit P2SH addresses becoming spendable again, these funds would be in the control of miners after the upgrade. Whoever mines the first block which allows spending of these funds would have discretion over where the funds are sent. The funds would not be spendable for several hours after the upgrade due to specifics of the Bitcoin Cash upgrade.  It is believed that a consensus was reached on Reddit that these coins would be returned to their rightful owners (those who initially sent the funds) by miners but there is a lot of uncertainty regarding this issue. It is clear now after all of these events have happened that the majority of stakeholders were unaware of the plans of the mining pools to distribute the BCH sent to SegWit P2SH back to owners.

The upgrade occurred between block number 582,679 and 582,680.  A bug present in the Bitcoin Cash protocol prior to the upgrade was exploited by an attacker. The exploitation of the bug catalyzed a chain split and confusion among network users.

The bug enabled an attacker to place transactions in the mempool which did not meet the criteria of the consensus rules of the network. This resulted in miners not being able to process transactions and six empty blocks were mined on the upgraded network. A new block was also appended to the non-upgraded chain which added to the confusion. It is speculated by BitMEX research that some miners may have reverted back to the pre-upgrade chain amid the uncertainty. Although the attacker could have exploited the bug long before the upgrade, the choice to do so while the upgrade was taking place served to exacerbate the issue.

Several hours later, at block height 582,698, a miner with the Coinbase text transaction “unknown” mined a block which included transactions that spent BCH from 1,000 SegWit P2SH addresses. Block number 582,699 was appended on top of this block by a miner with the Coinbase text description of “Prohashing”.

The 51% Attack

After both blocks were appended to the blockchain, BTC.top and BTC.com coordinated a two-block reorg where the blocks mined by “unknown” and “Prohashing” were orphaned and blocks 582,698 through to 582,701 were mined by BTC.top and BTC.com resulting in their chain becoming the network representing the most proof-of-work.

In a typical reorg, all of the transactions of the orphaned blocks eventually become included in the new longest proof-of-work chain. This was the case in the recent 3-block and 6-block reorganizations observed in the Bitcoin Cash SV chain.

However, in this case, only 111 and of the 137 transactions in the orphaned 582,698 block managed to make it into the reorganized blockchain. It is estimated that 3,796 BCH was double spent in total. Coinbase stated that their research has led them to conclude that the BCH which was double spent has been sent to the original intended recipients.

Post-Analysis of the Attack and Reactions

The exploitation of the bug which catalyzed the chain split and empty blocks is not necessarily related to the unknown miner claiming the BCH which became available as a result of the removal of CLEANSTACK. It has been speculated that the empty blocks served as confusion providing the unknown miner with an increased possibility to claim the BCH but there is no way to ascertain this. This viewpoint also does not hold much logic. The bug simply served to delay the competition to mine the block where the SegWit P2SH BCH became spendable.

It is also not clear whether the attacker that exploited the bug is the same entity as the unknown miner that produced the orphaned block 582,698. What is clear is that the plans of the mining pools to distribute the SegWit P2SH BCH back to owners was unknown to most.

The reaction after the event has been mixed. Many are applauding BTC.top and BTC.com for preventing the unknown miner from claiming the BCH and returning the funds to the original holders. One Reddit user stated that they “stopped an action which was objectively identifiable as theft”. One Bitcoin Cash developer wrote a blog post with an opposing outlook on the attack:

“This is a 51% attack. The absolutely worst attack possible. It’s there in the whitepaper. What about (miner and developer) decentralized and uncensorable cash? Only when convenient?”

The team at BitMEX Research believes that transaction finality is one of the important properties of a decentralized payment network and the ability for large mining pools to reverse transactions “undermines the premise of the whole system”.

BitMEX Research also views this event as setting a bad precedent for decentralized payment networks and state that it may even be a phenomenon that could be considered on Bitcoin. The recent reorg considered by Binance CEO Changpeng Zhao highlighted how difficult a reorg would be to execute on the Bitcoin blockchain but it is theoretically possible nonetheless.

Coinbase considered the event in a positive light and viewed it as a demonstration of the competency of Bitcoin Cash miners. They concluded a blog post they published regarding the 51% attack by stating the following.

“We find it remarkable that BTC.top derived the technical solution to recover BCH funds mistakenly lost by users, choosing to send the coins to their intended recipients rather than claiming the funds for themselves.”

There may be mixed reactions from developers, businesses, and users but the reaction from the market is indisputable. The price did undergo a brief decline in the days following the 51% attack but a quick recovery followed. This indicates that the market does not hold much weight to the event. Research suggests that the cryptocurrency market is still mostly trend-driven. As it develops into a more fundamentals-driven market, 51% attacks may very likely be followed by significant adjustments in price.