Someone could break the Bitcoin Network on demand

Pierluigi Paganini October 08, 2015

Researcher with the pseudonym of “Alister Maclin” claims to be able to break Bitcoin network on demand by running the malleability attack.

According to MotherBoard, a researcher with the pseudonym of “Alister Maclin” claims to be able to break Bitcoin on demand. The experts detailed a technique of attack dubbed malleability attack that could allow attackers to crash the Bitcoin crypto currency.

Basically the attackers fill the Bitcoin network with tiny spam transactions, an activity that theoretically would create problems for all the Bitcoin Users causing a dramatic increase of the rejected transactions.

Maclin explained that he has flooded the Bitcoin network over the last several days, causing a Bitcoin exchange to notify its customers that the attack was causing withdrawal issues.

When the journalist at MotherBoard asked for a proof, the researcher which seems to be in Russia started its attack announcing that would last for just 10 minutes.

“I will switch the stress-test on once again for a short period (~10 min) at 17:30 of your local time (there is 00:22 now in Moscow – I wanna sleep). You will see.” Alister Maclin told to MotherBoard. “Today! Now! I’ve already started it ten minutes ago :)”

The number of transactions rejected by the Bitcoin network rapidly increased (5:30 PM on Tuesday afternoon) as reported in the following graph extracted from Satoshi.info.

Bitcoin attack on demand

A few minutes later (At 5:54 PM) Maclin informed via email the journalist that the test was stopped.

“Switched off,” he wrote. “Now red lines on the third chart will return back to green.”

In the following graph it is possible to notice that the number of Bitcoin Transaction accepted returned to normal.

“Maclin isn’t the first person to try and break the Bitcoin network. An exchange called Coinwallet.eu previously threw $48,000 USD in Bitcoin to the winds in an attempt to fill the network with tiny spam transactions and slow things down for everyone. By comparison, however, Maclin’s attack was extremely cheap, simple, and effective.” states MotherBoard.

The “malleability attack” takes advantage of the time delay between when bitcoins are sent and when the transaction record is included in a block and uploaded to the blockchain, and surprising Maclin hasn’t spent a dollar to run it.

Maclin wrote a script composed nearly 100 lines of code that runs in a virtualized environment to capture transactions and re-broadcast them to the Bitcoin network with a slightly different ID. This process allows the attackers to duplicate transactions, but only one of them is effectively added to a block. As a side effect, the transaction can take hours to be confirmed instead of the usual 10 minutes.

Maclin seems to be non motivated for profit at this moment, anyway, this attack demonstrates the feasibility of a large scale offensive against the Bitcoin network, a system considered dangerous by many financial organizations.

“We do everything for living. For feeding our wifes and children.” Maclin said to the journalist Jordan Pearson.

Maclin also added its observation on the Bitcoin network explained that its system is not sustainable, he defined the virtual currency as an effect of a bubble-ponzi scheme.

“The main thing is that bitcoin network spends much more resources (electricity, hardware, human efforts) per transaction than current centralized systems,” Maclin wrote. “Bitcoin exists now, because of bubbleponzi scheme.”

Maclin added that he will run further attacks in the future :

“Yes, I definitely switch it on in nearest future,” Maclin wrote. “May be next week. May be later. I have to check some things.”

While we are discussing the malleability attack, developers are already working to fix the issue. The works started over a year ago and recent attack could accelerate the development of a patch.

Stay Tuned and compliments to Jordan Pearson for the excellent post.

Pierluigi Paganini

(Security Affairs – Bitcoin, hacking)



you might also like

leave a comment