An attacker carried out a re-spend attack on the Bitcoin Gold network
A malicious miner was able to successfully carry out a re-spend attack on the Bitcoin Gold network last week, CCN writes.
Bitcoin Gold’s public relations chief Edward Iskra warned users of the attack for the first time on May 18, explaining that the attacker is using a vulnerability to steal funds from cryptocurrency exchanges..
To carry out the attack, the miner took over at least 51% of the network’s computing power, which allowed him to temporarily control the blockchain. Capturing this amount of hash power, even on smaller networks like Bitcoin Gold, is very expensive, but can be monetized by re-spending transactions.
After gaining control of the network, the attacker began making BTG deposits on cryptocurrency exchanges, while simultaneously sending the same coins to his own wallet. In a normal situation, the blockchain would not accept a repeated transaction, since the transfer of these coins would have already been accounted for and recorded in the block, however, having the ability to manipulate the network, the attacker included in the final version of the blockchain only those transactions that he needed.
Thus, he made deposits on exchanges, after which he immediately withdrew funds and canceled the original transaction, accumulating cryptocurrency at a separate address. Since May 16th, this address has received over 388,000 BTG. If we assume that all the incoming transactions are related to a re-spending attack, the attacker, at the current exchange rate, could become more than $ 18 million.
The developers of Bitcoin Gold recommended that cryptocurrency exchanges increase the number of confirmations, after receiving which the deposit is credited to the client’s account. According to information from the blockchain, the organizer of the attack was able to roll back transactions, after which up to 22 blocks were mined, which is why the exchanges were recommended to set a minimum requirement of 50 blocks.
Previously, this is not the first time the Verge cryptocurrency network was attacked.