What would happen if a PoW based crypto-currency were to upset its current miners so much that a large portion of them band together and retaliate in some way? There are a number of possible outcomes depending on the specifics of the retaliation, and I’ll go over some of the top discussed strategies below.
Miners Quit
Lets say that 90% of miners just quit mining the chain in question all together. They either light their mining rigs on fire and go find a new hobby/profession/business or, more likely, they find other useful (but slightly less profitable) work to do with their hardware and they refuse to return to mining the chain they are revolting against. This is the most simple type of miner revolt and the easiest one to discuss, plus it sets the stage for other attacks.
Immediately after the fork block that miners refuse to upgrade to the total hashing power of the network would be 10% of what it was previously. This would mean that mining the next block would take 10 times as long as normal, or about 150 seconds on average if the target block time is 15 seconds. Once that block was mined the difficulty would adjust slightly and the following block may take 140 seconds on average. This would continue until the difficulty adjusted such that the remaining 10% of hashing power could mine a block every 15 seconds or so.
Those 10% of remaining miners would be making 10x as much money in block rewards as they were previously (assuming the fork in question doesn’t change the block reward), so they would be doing quite well for themselves. Due to the big profitability increase, it is likely that new miners would start showing up to mine the chain over time until an equilibrium is once again reached where block reward hovers a bit above opportunity cost.
Miners Quit (but not really)
Similar to the previous scenario, miners all leave on the fork block but as they see that the fork chain is still doing fine (despite their protest), they decide that they like money more than their principles and they return to mining. This would play out effectively the same as above, but the hashing power would reach equilibrium faster after the initial drop.
Miners Mine Unpatched Chain
The 90% of miners can all just refuse to update their client, but continue to mine the unpatched chain. This would end up working out essentially the same as the Miners Quit scenario, with the exception of there being another Ethereum chain that users could choose to follow.
Users at this point can freely choose which version of the client they can run. They can run the new version or the old version based on their preference. This is generally considered a very healthy governance opportunity where users simply choose the ruleset they want to follow.
Miners Launch a Reorg Harassment Attack
This is where things get interesting. Instead of 90% of hashing power just quitting, they could instead choose to use their hashing power to attack the chain. There are a number of possible attacks they could launch and we’ll start with the simplest one that doesn’t require any coordination.
In this attack, individual miners or mining pools simply refuse to mine on top of the latest head block and instead mine on top of the parent of the head block or a sibling chain. This type of attack would result in the chain experiencing very frequent reorgs which would greatly reduce the usability of the platform and potentially break poorly built applications. The difficulty would adjust to about 50% of what it is right now as there would always be two chains being mined, but miners wouldn’t make any additional money nor would they lose money if executed carefully (and they all execute a similar attack).
Of course, any miner that does this will make less money than miners who mine against head, so it is still sacrificing opportunity costs. Miners would also need to write custom software to do this, as the blockchain’s core devs are unlikely to write such code for them. The miners can keep this attack up as long as they want (and are willing to spend opportunity cost on it), and it is very annoying but it doesn’t actually break the chain.
Miners Launch Double Spend Attacks
This is the first of the coordinated attacks against a blockchain that miners could undertake. In this scenario, those 90% of miners band together and secretly mine a different blockchain, but don’t publish their blocks. They then trade some large amount of money on an exchange for some other currency on the main chain (the one with 10% hashing power) and then proceed to publish their secret chain, which would be longer and thus clients would switch to it.
Once this happens once or twice, centralized exchanges would likely stop allowing people to deposit that coin which would cause centralized exchanges to effectively be partitioned away from the rest of the network. Some applications that rely on off-chain integrations would also break and need to be disabled, such as layer 1 payments for goods and services.
Miners can sustain this attack as long as they want, and it is incredibly damaging to a blockchain that is suffering from such repeated attacks.
On the plus side, this attack requires strong coordination among pseudoanonymous entities which is incredibly difficult. If any of the participating miners defects and publishes the secret chain blocks then the attack fails. This attack also requires custom software to control when blocks are published, and you need a lot of complex coordination to figure out which exchanges to attack, who makes the transfer, and how to distribute earnings (which are centralized).
While this attack is incredibly damaging, it is also incredibly hard to coordinate because there is opportunity to defect anonymously and it requires a lot of central planning. This attack is much more viable if there is a single entity in control of 51% of hashing power, as they then only need to coordinate with and trust themselves.
Miners Launch Censorship Attack
That 90% of angry hashing power could instead choose to censor the 10% of calm hashpower. This scenario is particularly meaningful if the fork in question is one which adds a new optional feature. The attacking miners could still mine using mostly normal clients but with a simple modification that makes it so they consider any block where someone actually *uses* the new feature invalid and they refuse to mine on top of it.
An attack like this requires less coordination since once 51% of hashing power is on board with the attack, it becomes rational/profitable for the remaining 49% of hashing power to join you. You still need to coordinate that first 51%, but it is self sustainable after that.
This attack only works when there is a new feature that miners wish to block. It doesn’t work if the miners want to follow a different mutually exclusive ruleset. This means that even though the self reinforcing nature of this attack makes it particularly dangerous, it is limited to disabling the usage of certain features, rather than actively stealing money like in a double spend.
The worst case version of an attack like this is miners choosing to censor any blocks that have transactions in them. In such a case, the blockchain effectively stops being useful while the attack is underway. Interestingly, such an extreme version of this attack is *likely* to greatly depress the value of the currency if sustained, which will result in miners losing revenue in the end due to mining a coin that now is worth much less. Most likely miners would use this strategy to block a particular feature they don’t like, and depending on the user demand or expectation of demand for that feature it may or may not have an impact on the price.
Defense Against Miner Attacks
While some of these attacks already have defenses against them (as discussed above), ultimately miners are in a position to attack the network if they can coordinate. If they cannot coordinate, then they cannot attack. This is why people often argue in favor of decentralization, because that makes coordination harder. Unfortunately, maintaining decentralization is a pretty hard problem as economies of scale are in direct opposition to it.
Another built-in defense against these attacks is the fact that miners are paid in the native currency of the blockchain. This means that any miner attacks against the chain that cause real lasting damage are likely to decrease the value of the coin that the miners are mining. If the miners can re-use their mining equipment at comparable profitability elsewhere, then this defense is not effective. However, if their mining equipment has very little value outside of mining the chain in question then a miner decreasing the value of a coin is also decreasing their future profitability. Because of this, it is often considered a good defense to design your PoW algorithm such that someone who has hardware that is good at mining your chain cannot reasonably go mine other chains or do other profitable work with that same hardware. It helps align medium term incentives of the miner and the blockchain to some extent.
Introducing some kind of finality can also help mitigate some of these attacks. Finality on a blockchain is a hard problem and there are a number of potential solutions to it, but if you can have finality you can address the most damaging attacks like the double spend attack. You still have to deal with censorship attacks and reorg harassment, but those are not as catastrophic as a double spend in most cases.
The final defense against all of these attacks is to move away from Proof of Work to something like Proof of Stake. Other consensus systems have their own set of risks associated with it, and it isn’t a trivial switch by any means, but it makes all of these specific attacks go away by simply removing the attacker from the equation. Depending on the alternative solution, you may end up with a new attacker that can do other attacks, but those attack vectors are out of scope of this article.
Top comments (0)