Pool Detective | Mining Pool Monitoring
Ever since the introduction of the first mining pool for Bitcoin in November 2010, mining pools have been used by miners to reduce the variance in rewards of Proof-of-Work cryptocurrencies. Miners connect their computational resources to a pool - and the pool is responsible for dividing the work between the miners to prevent doing duplicate work. On top of that, the pool is responsible for dividing the mining rewards amongst its participating miners.
The downside to the usage of mining pools, however, is that they introduce a centralized point of control over its participating miners. Mining pools give miners (or more specifically: their hardware) direct instructions over what they need to work on.
This control gives mining pools the ability to have its miners work on a different cryptocurrency, or to unwillingly assist in performing attacks such as block withholding or even 51% attacks. Mining hardware is generally optimized for computing proof-of-work functions as efficiently as possible (measured in calculations per joule), and therefore the hardware is generally not equipped with additional logic to verify the work it’s given.
We built a system, called PoolDetective, that actively monitors the workstream between our mining hardware and 25 mining pools across 10 different proof-of-work cryptocurrencies from 5 geographical locations. This includes the major Bitcoin mining pools, collectively responsible for over 75% of the network hashrate. On top of this, we ran (official) full nodes for each of the mined currencies, as well as monitored the peer-to-peer network using unofficial nodes for the propagation of new blocks.
We store all monitored data from mining, full nodes and block propagation and analyze this data for unexpected behavior by mining pools. Since launching the PoolDetective in November 2019 we have archived nearly 28 million mining jobs from the various pools, and have started analysis on this data. We have already seen evidence of mining pools sending work for different blockchains than expected, and are currently looking for other anomalies.
Pool Detective was a system we built at the DCI to monitor the behavior of mining pools that operate on Proof-of-Work cryptocurrencies such as Bitcoin, Litecoin and others. Mining pools have ultimate control over the work that constituent miners process and therefore their (mis)behavior can have large consequences for the security of Proof-of-Work networks. We conducted this research because we think it's important to perform detailed monitoring and analyze the behavior of pools, and no one else is doing that up to this level of detail.
What we did
Pool Detective acted as a miner on all of the mining pools we monitored. We recorded the traffic between the mining pool and our mining hardware. We also recorded data about block propagation on the peer-to-peer network, as well as validate blocks with a full node for each of the cryptocurrencies we monitored. We then looked for unexpected behavior, such as:
Selfish mining - If a mining pool asked its miners to mine on top of a particular block, but the rest of the network did not yet know about the block, this is called selfish mining. The mining pool gains an unfair advantage by exhibiting this strategy. Our systems detected selfish mining.
Work from the wrong chain - When two blockchains share the proof-of-work function, mining pools can send work from either chain and most mining hardware is unable to detect this, and will just execute the task. Our systems noticed this behavior.
Other misbehavior - We were constantly looking for additional behavior patterns in the data we observed, testing hypotheses around potential unexpected behavior and testing the gathered data for occurances of such events.
How it worked
We spent a lot of time fine tuning the Pool Detective monitoring system. Here's a few of the main components:
Mining: Cryptocurrency mining - In order to properly conduct our monitoring, we ran actual mining hardware to produce valid work for each of the pools we monitored. Meanwhile, we stored all the traffic between our miners and the pools.
Monitor P2P Network: Custom Block Observer - We wrote a modified client to the peer-to-peer networks of Bitcoin and compatible cryptocurrencies to monitor the block propagation across the network. By running this observer from multiple distinct locations across the globe, we could more precisely pinpoint when blocks were found.
Integrating: API Exposing Monitoring Data - We built an API to start exposing the data that Pool Detective gathered to third parties that wanted to use it.
People:
Gert-Jaap Glasbergen, MIT Digital Currency Initiative
Project VideosWatch the webinar from May 29th, 2020 where Director Neha, Software Developer Gert-Jaap, Phd student Daniel M. (Harvard) and recent MIT DCI MEng Graduate James discuss Proof-of-Work; and the Digital Currency Initiative’s recent projects around Proof-of-Work. Including Monitoring Pool Mining (Gert-Jaap), Double Spend Attacks (Daniel M. and Neha) and 51% Attacks (James).
On July 9, 2020, Software Developer Gert-Jaap Glasbergen presented Pool Detective in a talk titled “Detecting Attacks Against Proof-of-Work” at the Crypto Economics Security Conference 2020. The talk was presented alongside MIT DCI MEng graduate James Lovejoy's research project, Reorg Tracker, which contributed to his thesis.
Outputs
Who is Monitoring Mining Pools?
Aug 21, 2020. Mining pools control the majority of hashrate in Bitcoin and many other proof-of-work networks, making them a critical but often overlooked component of cryptocurrency security. This post introduces Pool Detective, a research project developed by the MIT Digital Currency Initiative to monitor mining pool behavior and identify potential threats such as selfish mining, hidden hashrate concentration, transaction manipulation, and other protocol risks. By collecting and analyzing data from dozens of mining pools across multiple cryptocurrencies, Pool Detective aims to improve transparency, strengthen network security, and provide the tools needed to better understand and mitigate risks within proof-of-work ecosystems.
Authors
Gert-Jaap Glasbergen, MIT Digital Currency Initiative
Neha Narula, MIT Digital Currency Initiative
Code base on Github
News:
