The Trust Attack of Bitcoin and Others
Similar to how Sybil, DoS, fungibility, spam, and other attack vectors threaten Bitcoin, the Trust attack is a way for larger players, such as big banks and governments, to bring great, if not total harm to Bitcoin through destroying the public’s trust in bitcoin’s scarcity.
It centers around a relatively inexpensive attack timed to coincide with a planned hard fork. No, hard forks don’t have to be contentious, but there are, after all, ~17 Billion reasons for attackers to attempt a Trust attack.
Unfortunately, we have already created the perfect set of conditions for an attacker to execute the attack, and I’m convinced it is nearly inevitable to happen if we ever hard fork bitcoin going forward.
A matter of trust
To describe the attack, we have to clarify what it is they would be attacking, which may not sound that scary to some at first but bear with me; it is critical.
Since the beginning of recorded history, man has used different types of money as a ledger to represent value. Everyone had to trust that these ledger entries, called currency, were scarce enough to not become worthless through counterfeiting before they needed to trade them again.
From cowrie shells to gold coins, historical money was never accepted by anyone who didn’t believe that they’d be able to receive the same or better amount of goods or services with that money when they go to sell it.
All money depends on the public trusting that it will retain it’s value in the future. That includes fiat money, which is just a step removed by trusting in the issuing government to keep your money valuable.
In fact, since Bitcoin is not declared to be money by any government, it is more dependent on Trust than any other currency on Earth today.
This scarcity, and by extension the public’s confidence in it, is the very most important attribute of a currency. If we hard fork Bitcoin and another coin appears, it’ll be impossible for most everyone to feel that bitcoin is still somehow still scarce. After all, 21 million possible coins could be 42 million in a matter of hours… What’s to stop that 42 from turning to 84 million coins next week? The public won’t know or care.
Trust in a currency is the primary fight that every currency must constantly battle, especially with Bitcoin. People already have a hard time trusting bitcoins to retain value because they believe data to be intrinsically copy-able. Every person we bring to understand that bitcoin is scarce is a huge win… But the Trust attack can undo all of these victories.
Walking through a Trust attack
If any of bitcoin’s enemies, even just one out of all the banks, governments, 3-letter agencies and corporations in the world fear bitcoin’s rise and are already aware of this attack, they can do the following with a modest expenditure of only a few million dollars or less:
1. Promote division in the bitcoin community. The Reddit r/btc community is a great example of what this would look like.
2. Promote an alternative client like Bitcoin Unlimited or even Luke-jr’s latest BIP that requires a hard fork.
3. Buy up hashing power, at least enough to be able to keep a chain alive with a few percentage of the hashing power… Perhaps 3% or 5% of the total, preferably in a few different locations. Others will join in the same effort, adding to this amount.
4. Buy, start up, or influence a large bitcoin exchange like Bitfinex. You’d only need it to issue a coin and let it trade there. Preferably more than one.
5. Wait for the community to introduce a hard fork, so that a minority chain, no matter how fragile, exists long enough for them to jump on it with their mining power.
6. From the exchange(s), issue a coin within hours on the new chain. “Bitcoin B” is born.
7. Finally, send out a press release or two that bitcoin B exists and bitcoin isn’t scarce anymore. Pump bitcoin B, the more the better.
Within the course of a single day of the hard fork, the attack is complete… And devastating.
Doing it to ourselves
I don’t wish to accuse anyone of acting against bitcoin on purpose. I’m convinced that at least the majority of people with a pulse in the r/btc community and the BU devs are doing what they think will help bitcoin. The BU-signaling miners are in it to make money, as should be expected. However, all of these people are indeed acting against their own best interests and will effectively add to any Trust attack’s effectiveness.
People fighting for a hard fork of bitcoin are in the situation of being set on fire, and then reaching for a container of unknown clear liquid to pour on themselves… They assume the liquid is water, but it’s actually alcohol. They’re going to take themselves out and destroy everything, while fighting tooth and nail to ensure they do so in bitcoin’s best interest.
How do we get them to smell the liquid first?
What about other cryptocurrencies?
Proof of Work is the real target of the Trust attack, but to a lesser degree, Proof of Stake and other types of cryptocurrency consensus mechanisms that looks like bitcoin to the public will be damaged greatly too.
If the value from bitcoin is very quickly sent to another single crypto like Monero or Zcash after the attack, they face the same problem there. No Proof of Work cryptocurrencies would likely survive the bitcoin attack for long, because the public will rightly feel that it could fork next. All PoW coins are at risk, and perhaps every cryptocurrency too, since the public can’t really tell the difference between them.
Again, all currency works on trust. Any crypto trying to be money will have the stigma of being forkable forevermore, so as soon as the world learns that cryptocurrency isn’t scarce, and Satoshi has “lied,” then cryptocurrencies will forever be known as game-able and useless to the public.
The Failure Scenario
If bitcoin fails, it will be because of this broken promise it to the world that digits can be scarce. The world will rightfully believe that they cannot be if a hard fork occurs and a new coin is issued. People everywhere can overlook problems like slow scaling but they will not overlook the scarcity problem. Cryptocurrencies will universally be thought of as not scarce.
Imagine what the media will say as soon as there are two coins, bitcoin A and bitcoin B… Economists like Paul Krugman will gleefully go on TV night after night and say “See, we told you bitcoins could be copied, there are now 42 Million bitcoins possible… I wonder how many there will be possible next year?”
What will happen next is sad but unavoidable.
The ‘main chain’ will be fine, but there will simply be a new chain with a new coin calling itself the ‘new and improved’ bitcoin, and their marketing will surely give the main chain’s marketing a run for our money. Since everyone who is holding bitcoin-B will now be able to sell it at an exchange, a price will quickly be derived and like ETC, likely turn into a mere echo of the original coin… But it will persist.
The bitcoin Mining, hardware wallet, physical coin, and ATM industries will be DOA overnight. Complete bankruptcy, with almost nothing salvageable.
Startups that use bitcoin to settle remittances or other use cases that have already gone to the corporate realm will be DOA too. For instance, one of Korea’s largest banks, Shinhan, now uses bitcoin to settle remittances to China. That’ll be cancelled instantly, never to be considered again. Abra, Code Valley, Yours, OpenBazaar, and tons of others will regretfully be forced to follow shortly behind, and Silicon Valley will think of Bitcoin like a bad dream to avoid talking about.
The hundreds of thousands of merchants around the world that accept bitcoin today will most definitely stop accepting it. Their trust will have been mislead and all cryptocurrency will now be tainted in their minds.
A few existing altcoin users will push their altcoins like Dash and ZEC higher, but most merchants will never consider accepting them. In general, the majority of the world will consider, for once and for all, for the cryptocurrency experiment to be concluded.
The world will rightfully know that data simply cannot remain immutable for long, and Satoshi’s brilliant solution to scarce data using Proof of Work was only temporary.
At that point, there is not even a way to duplicate all of the millions of man hours we’ve collectively made to convince those merchants back to another cryptocurrency. Not for a decade or more. They’ll be burnt out on crypto for at least that long.
Central Bank Digital Currencies will be commonplace before then; decentralized crypto issued by the state, based on Proof of Stake mining… These may be hackable, but by the time we find out, there won’t be a bitcoin to fall back on.
Since the world will have declared Proof of Work useless, the next team to come along basing a really good cryptocurreny will do so on PoS, and will spend 100% of their marketing, for many, many years, on convincing the world that their chain cannot fork.
My crystal ball just went on the fritz; I can’t tell if that will ever work or if cryptocurrencies will be dead forever at that point.
My purpose releasing this attack plan
I’m writing this page as a call to action after more than a year of worrying about the problem and asking as many people as I could find to address it. The final straw for me was earlier this week when a straw poll, recently run on several bitcoin subs in Reddit by Core developer Luke-jr, got a respectable 1,466 responses.
It clearly pointed out that 63% of bitcoiners want an immediate hard fork for bigger block sizes, and only 10% understand that hard forks are too risky to attempt. It is vitally important that we educate the other 90% about this danger, especially most of the Chinese miners holding up segwit adoption because they demand a hard fork first.
They have to be shown that they’ll lose everything if they get what they want. 90% of bitcoiners will. The rest of us will lose kicking and screaming on the way down. The Trust attack is a real and imminent threat, just waiting for us to hard fork Bitcoin for any reason.
Concern: But it’ll be unprofitable mining…
There is no need in a Trust attack to consider how miners would be mining against economic incentive, nor how the difficulty adjustment would force them out over time… The attacker’s job is complete as soon as he reaches #8.
Within the day, there would likely be no more trust in a currency named bitcoin.
While bitcoin A won’t be technically harmed, only the most zealous would feel that it is worth any value anymore after the price plummets. Even if it works better than before, it is no longer a trustworthy store of value to the world. Some other coin may rise somewhat to take it’s place, but bitcoin will most likely fall within a day to sub-$1, just a collector’s item valuation, never to rise to previous highs again.
Concern: Realistically, who would want to do this to Bitcoin?
There are uncountable large and powerful organizations, governments, their 3-letter agencies, mafias, dictators, communists, and even corporations out there that have a monopoly over things that bitcoin is threatening to take away from them.
Talking about governments who wouldn’t want to give up their ability to print money recklessly does not make you a conspiracy theorist. Satoshi built bitcoin to combat exactly this problem, so why wouldn’t we expect governments to fight back as bitcoin grows?
If you issue money, bitcoin will eventually take away your market share, and teach the world that scarcity in money is a good thing. If your corporation does payments like applepay or paypal does, then bitcoin is going to give people a way around your rent-seeking fee structure. If your job is to stop terrorists or money launderers, and you see that cutting off their fundraising & transfer methods is an effective way to fight them, then killing bitcoin looks like a juicy shortcut to you. Bitcoin has enemies everywhere.
It doesn’t take many of these people to attack bitcoin. It doesn’t take the most powerful of them to attack bitcoin. It only takes one that sees harming bitcoin as a way to increase profits. Just one.
There are dangers to bitcoin everywhere, and a hard fork would be the ultimate Achilles’ heel for those dangers to target.
Concern: Why haven’t they just bought up some miners and hard-forked with a few percentage of the hashing power anyway?
Today the consensus rules prevent such an attack until the attacker has 51% of the hashing power. This is a very expensive attack… Which is a major part of the beauty of Bitcoin. Some careful estimates place the hardware costs at over a Billion USD with 2 Million USD in electricity per day for an attempt at a 51% attack. Others have said it takes far more hashing power than 51% to accomplish one.
Unlike Bitcoin Unlimited, the Bitcoin Core client doesn’t rely on people to take action to decide which chain is the true chain. It acts to protect bitcoin from a fork automatically, but new clients running on the discarded chain may have different rules, like Bitcoin Unlimited’s client does. In this case and in others, the protections in place on bitcoin’s existing chain would not be in place on the discarded chain of a hard fork.
It can be split with far less than 51% of the hashing power, at least for as long as it takes to pull off a Trust attack.
Concern: I think the world would come around once the old chain dies off and Bitcoin A is stronger than before
While it’s impossible for anyone to guarantee that the public will decide against using Bitcoin for good after a quick Trust attack, there are things the attacker can do to prolong the attack indefinitely… But only if the community is already divided, such as it is today.
Keeping a group of people rallied around and dedicated to the offshoot version of bitcoin, (whether that be bitcoin Classic, XT, or Unlimited) will legitimize the attack, making it look to the world like the two ‘halves’ of bitcoin folks want different coins and are therefore splitting into two coins legitimately, as planned.
That’s the image to fear the most; if it is upheld over time, the image of cryptocurrency being untrustworthy money will keep being reinforced.
The current blocksize debate gives attackers exactly what they need to create that imagine in the world’s mind permanently. Even if the attacker is behind 100% of the contentious mining, the attacker can blame 100% of the split on the alternative client’s camp. The public will find the story of two groups of people at odds very easily digestible and the truth will sound conspiratorial and too complicated to swallow.
Concern: Ethereum’s split is not a fair comparison because Ethereum isn’t Bitcoin
You’re right. Ethereum is very different, because Ether never needed the trust. It’s immune to the Trust attack.
Ethereum is a very useful tool for developers to use smart contracts with. I’ve got no beef against Ethereum, but it’s ‘fuel,’ ether, is simply not trying to be a currency. Has anyone started a campaign to get ether accepted at stores and gas stations?
Ethereum’s first fork resulting in ETC coins didn’t hurt ethereum’s geek-centric userbase too much, simply because ETH was never intended to be money. Eth is just a token fee to power the network, not a way to buy a latte. It’s certainly not stable enough store of value to stash your life savings in for long-term storage, and everyone seems to understand that already.
Bitcoin has a very different goal; it relies on the public’s trust to grow in usefulness, by adding peers for a network effect. Ethereum’s network is as big as it needs to be already to do their main purpose.
Concern: But Bitcoin has hard forked in the past already
Indeed, one or arguably two hard forks to bitcoin have occurred in the past. Each time, however, there was no contention in the community. It was also early enough that bitcoin wasn’t likely to be conceived as a threat to many.
Today there is far more threat and far more ‘cover’ to pull off a Trust attack. I don’t see how the threat will ever go away, at least until bitcoin has already removed all of the powerful entities in the world that are threatened now.
Are you willing to bet all of your bitcoin on a chance that there might not be enough contention or a bigger interest this time?
We simply should not dare risk it!
Concern: But the Difficulty adjustment!…
When the new coin is created and sold on an exchange within a few hours of the split, mining at a loss isn’t a concern. Since they’re doing it to destroy bitcoin, they don’t care. Their goal is to kill the public’s trust in the currency of bitcoin, so really, 99% of the job was done the very second that new coin was issued and sold at an exchange.
That’ll be all it takes for the press to have a field day ensuring the world knows that bitcoin is no longer scarce.
Concern: But Bitcoiners can show the world that forks are normal…
Sure, the comparatively tiny population of bitcoin supporters will claim that the new coin is a different coin, and we can even say it was attacked but we’re all sticking with “Bitcoin A.” However, the media, and people like economists and fund traders who will come on TV will tell them that it was like a “stock split,” and there are now two bitcoins. That will be the truth and this prediction does not even assume that some will say worse things than that.
From the public’s standpoint, Bitcoin was split into two coins, just like a stock split, and the value is now in two different places. It doesn’t matter one bit if 99% of the value is on one and no one uses the other… That will be their understanding… And it doesn’t sound like scarcity, does it?
It will feel to the vast majority of the world like a dollar bill in their wallet has physically split into two dollar bills, and some developers somewhere believe that one of them is more important that the other and that they are saying they have been unfairly attacked and this wasn’t supposed to happen…
Doesn’t exactly inspire confidence in the currency, does it? How is this a good secure source of value? Do you want to secure your life savings in this investment?
Such a split will be an unmendable loss of trust of bitcoin’s primary promise as a currency to the world.
It would also result in the world deciding that Satoshi was a failure because his solution to digital scarcity was too flawed to be useful.
Concern: Aren’t you giving Bitcoin’s enemies an attack plan here?
This worry added months to my delay. However, the community is headed directly for the worst possible outcome without me doing anything. At least by writing this, informing the developers, and helping educate the community at least I can try to make a difference.
By Luke Parker