Originally published here.
CRITICAL MESSAGE FROM BTG TEAM TO ALL POOLS, EXCHANGES, WALLETS, SERVICES, AND COMMUNITY RUNNING NODES
Please immediately upgrade your BTG Core full nodes to version 0.17.2, published July 2, 2020.
UPDATE: if you did not upgrade prior to July 10 at 14:00 UTC, you will also want to perform the command:
HOW TO UPGRADE:
You can use the pre-compiled binaries on Github , https://github.com/BTCGPU/BTCGPU/releases/tag/v0.17.2, or use the DOWNLOADS link you see above.
Manually upgrade from the latest code on the BTCGPU Github v0.17.2 tag (on 0.17 / master branch); full release notes here. If you are still at v0.15.2 and haven’t upgraded to 0.17, we have a backport version v0.15.3 tag (on 0.15 branch) including the same changes so you can keep your current configuration files.
(Note: there were potentially breaking changes in the configuration file between v0.15 and v0.17, see notes below.)
If you cannot yet update, you can run this command in the debug console or bgold-cli to ensure you are on the honest chain:
Note: a strong majority of the honest mining pools have already upgraded their code a week ago, and they continue to mine on the honest chain.
The BTG Explorer at https://explorer.bitcoingold.org/ is on the honest chain.
You can compare your most recent blockhash with the explorer to ensure you are on the honest chain.
To ask your node for the latest blockhash, give it the command:
And compare it to the latest block on the BTG Explorer at https://explorer.bitcoingold.org/ by clicking into a block and looking at the BlockHash at the top. Example:
We have just seen an extremely long attack chain of over 1300 blocks on July 10, 2020, against the BTG network which have been mined since July 1, 2020.
We detected this illicit activity early on and sent alerts to pools and exchanges to protect them; many closed their wallets over a week ago. We also supplied them with BTG version 0.17.2, which included a checkpoint at block 640650, hash 000000059ec8884fa4fbbdbe46c09cfb4ecba281dfa2351a05084e817c1200ae from July 2 at 2am UTC, mined by MiningPoolHub, a known honest block.
With this block checkpointed, the attacker’s chain could not take over, but this information was not public, and the attacker continued to mine. The attacker mined their secret chain for nearly 10 days, renting power from NiceHash to do so. Today, on July 10, the attacker released over 1300 blocks.
Because those attacking blocks are anchored at a block mined on July 1st (before the checkpoint), the honest pools and exchanges who are running the updated code automatically rejected the attacker’s chain.
It’s time for everyone else to upgrade their nodes. If you cannot upgrade, you can push your node onto the honest chain by using the simple command:
If you use the Bitcoin Gold GUI, you can enter this command in the Debug Console. If you use the command line daemon, simply give this command to bgold-cli:
bgold-cli invalidateblock 00000000635620f22ba8694aea532d51619f8cd060f4e42e85db3cb3a5d1c29c
This tells your node that the attacker’s version of the block at height 640650 invalid, and your node will immediately switch back to the honest version of the chain (perhaps after a short recalculation delay.)
The majority of honest pool hashpower continues to mine on the honest chain.
Questions can be addressed to the BTG team:
Attack chain details
The attacking chain includes this block at height 640650:
The honest block checkpointed in version 0.17.2 at height 640650:
The attacker’s mining coinbase address was:
Their common ancestor, valid on both chains, is block 640568, hash 00000001ca8ac90d83f6f5da01ac96b7a017702a040953b93cda2e52b07385cd,
The honest chained mined publicly, mining this block 640569 on July 1st:
The attacker mined secretly and withheld their block 640569 until July 10th, even though it was mined July 1st:
If you have previously updated to BTG Core 0.17.2, you will still be on the honest chain, along with the major mining pools and exchanges.
If you have not yet updated and cannot update at this time, run the invalidateblock command as noted above to discard the attacker’s chain and put your node on the honest chain.
*These changes are aligned with the changes in Bitcoin Core v0.16 and v0.17 and include deprecated RPC commands which are now disabled by default, as well as the introduction of “sections” for testnet and regtest. If you must use deprecated RPCs that are now disabled, you can re-enable them in your config file with the appropriate deprecatedrpc flags. Commands that are not in a section for [test] or [regtest] will only apply to mainnet; see ReleaseNotes. If you use no deprecated commands and use your config file only for mainnet, there should be no breaking changes.