An unknown party with access to very large amounts of hashpower is trying to use “51% attacks” to perform “double spend” attacks to steal money from Exchanges. We have been advising all exchanges to increase confirmations and carefully review large deposits.
There is no risk to typical users or to existing funds being held. The only parties at risk are those currently accepting large payments directly from the attacker. Exchanges are the primary targets.
The cost of mounting an ongoing attack is high. Because the cost is high, the attacker can only profit if they can quickly get something of high value from a fake deposit. A party like an Exchange may accept large deposits automatically, allow the user to trade into a different coin quickly, and then withdraw automatically. This is why they are targeting Exchanges.
Requiring more confirmations greatly increases safety. Until now, some Exchanges were operating with less than five confirmations required. We have been urging higher limits to prevent such an attack, and urging manual review of large deposits of BTG before clearing the funds for trading.
It appears that actions on the part of the exchanges have deterred the attacker, for now.
One of the targeted Exchanges reported that they strongly believe this attacker attempted to hit them with a double-spend of BTC in the past. In their words, “we are 100% sure that it is the same person, we found many associations between the accounts.”
This post will be periodically updated and extended while this event goes on.
Updates
How to prevent being attacked: post #21
20 confirmations are no longer enough to defend the attack: post #18
The attacker’s addresses:
- Funds: GTNjvCGssb2rbLnDV1xxsHmunQdvXnY2Ft
- Receive mined coins: GXXjRkdquAkyHeJ6ReW3v4FY3QbgPfugTx
Known reverted blocks: post #15
First and Last attacks: as of this time (EDIT: updated May 24) the first attack happened against bock 528735 from May 16, 2018 10:37:54 PM UTC, and the last attack ended after block 529048 at May 19, 2018 5:25:40 AM UTC.
(EDIT May 24) please read our Blog Post, Responding to Attacks for additional information regarding our upcoming fork.