UPDATED on 9th January at 18:11 (GMT)
Bitcoin miners around the world are starting to leave the Ghash.io bitcoin pool following a significant increase in the pool’s hash share.
The fact that a single pool has such a high share has prompted some bitcoin miners to voice their concerns on social media and the mining community is starting to take notice. If a single entity ends up controlling more than 50% of the network’s computing power, it could – theoretically – wreak havoc on the whole network.
A so-called “51% attack” could, in theory, allow the attacker to reverse transactions, make double-spend transactions, prevent confirmations or even prevent other miners from mining valid blocks. It would corrupt the blockchain and render the whole system unsafe. However, this it is all speculative – as it has never been done before.
In theory, the potential attack would work if the attacker managed to gain control of more than 50% of the network’s computing power. However, even with 40%, an attacker would stand a good chance of overcoming 6-deep confirmed transactions.
If such an attack was to be carried out, the damage would be irreparable.
CEX.io moves to reassure community
CEX.io, the owner of Ghash.io, has come under criticism for its failure to address the concerns. Many miners and bitcoin enthusiasts are urging fellow miners to leave the pool, but so far it does not appear that many of them are ready to heed the warning. Ghash.io has a somewhat chequered track record, as it was used in a double-spend attack last year. However, CEX.io insists that it had no affiliation with the attack and that it condemns such actions, as they harm the bitcoin network.
CEX.io rewrote the Ghash.io engine after it gained control of the platform. Earlier this year CEX.io said it would do “everything possible to prevent pool capacity manipulation in the future.”
This afternoon CEX.io issued a statement in an effort to reassure miners and investors:
“Although the increase of hash-power in the pool is considered to be a good thing, reaching 51% of all hashing power is serious threat to the bitcoin community. Ghash.io will take all necessary precautions to prevent reaching 51% of all hashing power, in order to maintain stability of the bitcoin network.”
Ghash.io insists that it has put in place a plan to ensure that it never crosses the 51% mark. It will temporarily stop accepting new independent mining facilities to the pool and it will implement a feature allowing existing users to mine bitcoins from other pools, allowing them to use CEX.io hardware in the pool of their choosing.
Ghash.io insists that it does not have any intentions of executing a 51% attack, as it would do serious damage to the Bitcoin community, and the company itself. To the contrary, they want to expand bitcoin community and utilise the hashing power to develop a greater bitcoin economic structure. Ghash.io goes on to say that it “sees no benefit” in having a 51% stake in mining.
Preventing 51% attacks
There are a number of ways to eliminate threat of 51% attacks, although technically speaking they should be called 50%+1 attacks. Miner boycotts are proven to work, but they cannot be relied upon all the time. Calls to pull out of Ghash.io seem to be working and it is already back to 38%, down from 42% less than a day ago.
Bitcoin developer Vitalik Buterin told CoinDesk:
“We don’t need a public service announcement warning people not to join CEX.io; we need a PSA telling CEX.io to solo mine. No one with over 5% hashpower (arguably even 1%) should be doing anything but solo mining.”
Buterin argues that the best way of going about it would be to create a one-click application that installs a miner, then installs the peer-to-peer mining pool and a simple user interface. The application should be cross-platform, covering Windows, Mac and major Linux distributions.
Following this, a simple software package that would allow users to create their own mining pools should be developed and released as an open-source project. This way, anyone would be able to start a centralized mining pool capable of competing with big pools like Ghash.io.
People should then contribute bounties to both, Buterin argues. “If I see a credible effort, I would throw in a few hundred dollars myself,” he added.
Buterin is not alone. Quite a few miners seem to believe that a true cross-platform open-source executable that allows peer-to-peer mining is the way to go. One Reddit user is offering 10 BTC to anyone who develops such a solution, or an open-source pool that allows connections to existing mining platforms, with a peer-to-peer backend system.
Mining Image via Shutterstock