University Student Using ‘Geocold51’ Alias is 51% Attacking Cryptocurrency Projects
Even though blockchain promises enhanced security options, a college freshman and security researcher who goes by the online handle of “geocold51” is out to expose its Achilles heels.
A majority of small-scale cryptos are at peril from the industry's most dreaded vulnerability – the 51% attack. In this attack, a miner takes over more than half of a crypto's mining power, which then allows them to delete a past transaction and displace it with another transaction which is otherwise known as a double spend. Only small blockchain networks are vulnerable to it as massive projects a have too many miners on the network.
On October 13th, geocold51 livestreamed himself performing such an attack on Bitcoin Private (BTCP), a project with a $47 million USD market cap. He spent an estimated $100 to get near the double spending point, but he stopped as his livestream was dismissed. It is critical to keep in mind that he had no plan of actually stealing the coins. Rather, he merely aspired to prove how easy it is on these smaller networks.
To be clear. I'm not attacking any exchange. I'm just forking the blockchain. Transactions will be exclusively to wallets I own.
— GeoCold "Mischief-Maker" (@geocold51) October 13, 2018
Geocold51 insightfully says that to make a profit off a 51% attack, it would cost around $200. The money is invested in buying a few Bitcoin with Bitcoin Private, to begin with. Then overpowering an extra transaction on the longer blockchain which should nullify the initial one. This way, he would get his Bitcoin Private coins back, and the exchange would miss some tokens. He goes on to say that utilizing an exchange to execute this costs a bit extra but the process is executable because of cloud mining. The process without cloud mining would require hardware worth around $100,000.
As Geocold51 puts it: “Nicehash and the ability to rent hashing power fundamentally changes the landscape of 51% attacks. If there’s not a lot of hashing power to secure it, but there is a lot of value associated with it, that’s where you can do a 51% attack.”
The university freshman was inspired by a different hacker, geohot, who had jailbroken the first iPhone. Currently, geohot streams himself going through various systems to seek for defects.
During the day of the attack, on Twitch, geocold51 hit nearly 60,000 viewers ahead of his stream being taken down under “attempts or threats of harm.” The hacker switched to Stream.Me less than a half-hour later. Yet, a user known as “CommunityWatch” seems to have reported geocold51, as the stream went down shortly after the account posted in his chat.
When the stream was taken down, he was more than halfway through the process before the takedowns. He had submitted his first transaction to one of his wallets and had written a second transaction to a longer, offline chain connected to another one of his wallets. He had meant to send that longer chain to the main network, which is when the stream was taken down.
This news raised interest among the crypto community, even the creator of Dogecoin watched the stream.
Even though, Geocold51 successful in proving his point, he is not done yet. He said that he would try to go after some blockchains that have security protocols set up against 51% attacks, such as punishing all miners for partaking.