Reorgs on Bitcoin Gold: Counterattacks in the wild - Medium Post by James Lovejoy

The economic security of Bitcoin and other proof-of-work cryptocurrencies relies on how expensive it is to rewrite the blockchain. If a 51% attack were economically feasible, an attacker could send a transaction to a victim, launch the attack, and then double spend the same coins back to themselves. Satoshi Nakamoto assumed that this would not occur because a majority of miners would find it more lucrative to honestly follow the protocol than to attack the chain, the source of their own mining revenues.

Recent work has shown the cost of attack on a coin can vary widely. This cost depends on factors like the liquidity of hashrate, the impact on coin price, and the length of the required rewrite; under certain circumstances an attack could even be free. As of March 2020 for chains like Bitcoin, miners make large advance investments in mining equipment and are reluctant to rent any significant fraction of the chain’s hashpower, making the cost today likely quite high. Some coins, however, use proof-of-work algorithms for which there is enough new hashrate for rent to cost-effectively launch 51% attacks, and there have been double-spend attackson these coins observed in practice. Using hashrate markets like NiceHash, buyers and sellers can easily find each other. It is now commonly believed that low hashrate coins, coins that are not the largest in their proof-of-work algorithm class, and coins for which there is a liquid hashrate rental market are all susceptible to cheap 51% attacks and are insecure.

In a recent paper titled Double-Spend Counterattacks, we discuss a strategy to prevent 51% attacks in vulnerable proof-of-work based coins: the victim can counterattack. We show that the victim’s ability to rent hashrate and mine on the original chain, overtaking the attacker chain in the event of an attack, can deter the attack from happening at all in equilibrium. The results hold under the following assumptions: (1) the victim suffers a moderate reputational cost to losing that the attacker does not suffer (e.g. exchanges may suffer negative reputation cost if attacked while anonymous attackers do not), and (2) the net cost of attack increases over time (e.g. by coin value dropping or the cost of hashrate rising). While we had no evidence for double-spend counterattacks in the real world at the time we wrote the paper, we recently saw what we think are counterattacks on Bitcoin Gold…