According to MotherBoard, a researcher with the pseudonym of “Alister Maclin” claims to be able to break Bitcoin on demand. The experts detailed a technique of attack dubbed malleability attack that could allow attackers to crash the Bitcoin crypto currency.
Basically the attackers fill the Bitcoin network with tiny spam transactions, an activity that theoretically would create problems for all the Bitcoin Users causing a dramatic increase of the rejected transactions.
BTC withdraws are currently experiencing issues due to the block chain malleability issue. Read more here http://t.co/ShuBJ7C5Ur
— BigVern (@cryptsy) 6 Ottobre 2015
When the journalist at MotherBoard asked for a proof, the researcher which seems to be in Russia started its attack announcing that would last for just 10 minutes.
“I will switch the stress-test on once again for a short period (~10 min) at 17:30 of your local time (there is 00:22 now in Moscow – I wanna sleep). You will see.” Alister Maclin told to MotherBoard. “Today! Now! I’ve already started it ten minutes ago :)”
The number of transactions rejected by the Bitcoin network rapidly increased (5:30 PM on Tuesday afternoon) as reported in the following graph extracted from Satoshi.info.
A few minutes later (At 5:54 PM) Maclin informed via email the journalist that the test was stopped.
“Switched off,” he wrote. “Now red lines on the third chart will return back to green.”
In the following graph it is possible to notice that the number of Bitcoin Transaction accepted returned to normal.
“Maclin isn’t the first person to try and break the Bitcoin network. An exchange called Coinwallet.eu previously threw $48,000 USD in Bitcoin to the winds in an attempt to fill the network with tiny spam transactions and slow things down for everyone. By comparison, however, Maclin’s attack was extremely cheap, simple, and effective.” states MotherBoard.
The “malleability attack” takes advantage of the time delay between when bitcoins are sent and when the transaction record is included in a block and uploaded to the blockchain, and surprising Maclin hasn’t spent a dollar to run it.
Maclin wrote a script composed nearly 100 lines of code that runs in a virtualized environment to capture transactions and re-broadcast them to the Bitcoin network with a slightly different ID. This process allows the attackers to duplicate transactions, but only one of them is effectively added to a block. As a side effect, the transaction can take hours to be confirmed instead of the usual 10 minutes.
Maclin seems to be non motivated for profit at this moment, anyway, this attack demonstrates the feasibility of a large scale offensive against the Bitcoin network, a system considered dangerous by many financial organizations.
“We do everything for living. For feeding our wifes and children.” Maclin said to the journalist Jordan Pearson.
Maclin also added its observation on the Bitcoin network explained that its system is not sustainable, he defined the virtual currency as an effect of a bubble-ponzi scheme.
“The main thing is that bitcoin network spends much more resources (electricity, hardware, human efforts) per transaction than current centralized systems,” Maclin wrote. “Bitcoin exists now, because of bubble–ponzi scheme.”
Maclin added that he will run further attacks in the future :
“Yes, I definitely switch it on in nearest future,” Maclin wrote. “May be next week. May be later. I have to check some things.”
While we are discussing the malleability attack, developers are already working to fix the issue. The works started over a year ago and recent attack could accelerate the development of a patch.
Stay Tuned and compliments to Jordan Pearson for the excellent post.
(Security Affairs – Bitcoin, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.