This article isn't very good. Half of it is about 51% attacks, which is the one attack blockchains were always transparent about, and the other half talks about how some smart contracts are buggy. Cool.
The blockchain developers were always transparent about 51% attacks, but it turned out to be far more plausible in a scaled network than was expected. The viability of 51% attacks are a result of the business deals surrounding the ecosystem, not any technical deficiency in the code.
Personally, I think the entire concept of cryptocurrency is flawed because it punts on the governance problem. Ditto for smart contracts. People / companies like to have the ability to dispute the outcome of a transaction, and you really can’t do that without vesting authority in a governing body to overrule the technology. But then, if you have a central authority that has the power to modify transactions, do you really need blockchain?
On the other hand, the vast majority of transactions in my life don't need government-muscled dispute protection. To me it makes more sense to opt-in to that in the occasions you deliberately want it.
Our financial system is its own brand of crapshoot. As we speak, I've just issued my 6th chargeback (6th month) to Amazon more an AWS account that someone hacked and changed all my details except for my payment info. I think about this every time I see someone nit-picking some imperfection in cryptocurrencies.
Security technologies can only get better over time. I would argue that with hardware wallets, recovery seed backups well-protected & well-stored, M-of-N signatures, etc, you can get to a level of security that's already far far better than cash, and good enough for 99.99% of use cases.
All of those require me to have air-tight opsec all of the time. One screw-up and you can be totally cleaned out with no remedy other than the courts (which can take years!)
In the real world, I lose my actual wallet every 5 years or so. Worst case, I lose $40 cash and have to spend a couple hours reporting credit cards stolen.
The best feature of a bank is that you can outsource all that opsec to them in exchange for a trust relationship with the bank. The latter is far easier to manage day-to-day.
Always remember: it's not actually about removing trust, it's about shifting trust. And when you look at it in that light, most of these technologies become a lot hairier then they're worth.
One of the main selling points of cryptocurrencies is decentralization, of not needing to trust a central party in order to use the currency. But the cryptocurrency doesn't actually eliminate that trust, it simply moves it. It moves it into trusting the protocol design, trusting the implementation of the clients, trusting your local hardware and OS to not be compromised, and in the case of smart contracts, trusting the smart contract to not be buggy. What's worse is in the centralized case, as long as the government continues to function you have lots of options for what to do if a transaction goes badly. In the cryptocurrency case, for the most part you're SOL, because cryptocurrencies by design don't allow anyone to e.g. void a transaction.
> It moves it into trusting the protocol design, trusting the implementation of the clients, trusting your local hardware and OS to not be compromised
These are not central parties and they present risks with anything one does with a computer on a network.
> what to do if a transaction goes badly. In the cryptocurrency case, for the most part you're SOL, because cryptocurrencies by design don't allow anyone to e.g. void a transaction.
Transaction finality is a feature not a bug. Whatever conveniences that are enjoyed int traditional banking can be implemented in a layer on top of the base protocol.
> These are not central parties and they present risks with anything one does with a computer on a network.
If someone compromises my OS and steals my credit card details, the bank sends me a new card and handles the fraudulent charges on my behalf. I'm not out any money
If someone compromises my OS and steals my bitcoin private key, they can drain my entire wallet and I've lost everything, and have zero recourse.
If I'm a merchant and someone uses a stolen or cloned credit card, or simply performs a charge-back, they get my goods for free and I have basically zero recourse.
If I'm a merchant and someone pays me with bitcoin, I'm not out any money regardless, nor do I have to expend time/money/legal resources to ensure I keep that payment.
>People / companies like to have the ability to dispute the outcome of a transaction
Crypto currency doesn't stop this. You can dispute cash transactions and you can dispute crypto transactions. If I pay for something in crypto and it is not delivered, I can sue, complain, etc just as I would with a credit card. What you can't do with crypto is run to visa and have them magically reverse the charge (possibly screwing over the merchant). But dispute away my friend.
This is actually valid. You can absolutely dispute a crypto currency just like you can dispute a cash transaction.
Except that only holds true when you perform a crypto transaction in the same way as you do a cash transaction, for local services. The moment you do it for something remote, you will run into all sorts of issues.
If a merchant in my country fails to deliver on a cash/crypto transaction, the dispute process is easy.
If a merchant in another country fails to deliver on a crypto transaction (posting cash is a whole other topic that we'll avoid here), what dispute mechanism do I have? International law is a minefield.
Look at the long wake of professionals and businesses left by Trump alone, who could out litigate most to get a cheap (or outright unpaid) bill. There are countless reasons to shift trust to a programmatic contract. Plus there are projects like Agrello which seek to implement the smart contract in a way that is also legally binding. Programmable money is here to stay, and there is a sea of social, economic, and technical benefit to be had from it.
The issue isn't just that some smart contracts are buggy. After all, all software should be expected to have bugs at some point. The bigger issues are that a)the source code can be very visible, making it easier to figure out how to exploit than traditional code running in an isolated server, and b)recovering from an attack can be incredibly difficult (such as needing to create a fork of the blockchain pre-attack).
Anyone interested in a security first cryptocurrency you should check out Tezos.
Tezos uses proof of stake with a bond requirement that should solve the nothing at stake problem. The two big issues with proof of work is that it uses massive amounts of energy and unless you're the top coin or among the top 5 the chances someone will easily 51% attack your network is high.
Also Tezos uses a formal programming language for its smart contracts that should help reduce certain types of bugs.
It's an interesting project and as a disclaimer I own some.
The project had many growing pains but is on its feet now and I think that their first on chain governance vote went through recently, meaning the codebase can be updated in a decentralized manner.
1. The first vote passed successfully into stage 2 meaning a protocol upgrade has been selected and is being voted on for inclusion.
2. Smart contracts are written in Michelson, a stack based language that can be formally verified. Other user friendly languages have been built on top of it.
3. The software of Tezos is written in OCaml which can also be formally verified.
4. There have been several security audits and, as far as I know, no issues were found.
5. Tezos has never been hacked.
6. It uses a unique flavor of PoS called Liquid PoS. It is designed to be as decentralized as possible meaning the barriers for becoming a baker (equiv. to a Bitcoin miner) are very low.
7. #6 is also designed to make voting as decentralized as possible.
> Once hailed as unhackable, blockchains are now getting hacked
This might be fine if the article didn't talk at such length about majority hash rate attacks. It implies that this kind of attack is something new, which it most certainly is not.
You can think of a soft fork (one path to upgrading the network) as a coordinated majority hash rate attack. A cartel decides that they will censor blocks that don't conform to a restricted version of the protocol. Whether you call it an attack depends maybe on intent, but the mechanism is identical.
The Bitcoin white paper explains very clearly the main security assumption: an attacker does not control a majority of the hash power. It's been part of the security model from the beginning.
Most of the other attacks have been launched against Ethereum. Its scripting system is quite a bit more complex than Bitcion's, so its attack surface is larger.
I’m going to ask a controversial question. If it is too controversial, just downvote and I will keep it in mind. Feel free to reply with a throwaway with your IP spoofed and all that jazz.
Who of you have decided to hack cryptocurrencies in order to make some money? How was the journey like? How do you feel about it morally?
As for me, I obviously haven’t done it, otherwise I would ask this on a throwaway. I thought about doing it. But I don’t want to steal and a minor point is that I would find it boring.
Why am I asking this: a candid response would make for an interesting read. There was once an AMA on Reddit about a malware writer. It was fascinating!
Has anyone analyzed the effect that the next Bitcoin halving will have on the cost of a 51% attack?
It seems to me that on one hand, there will be less incentive to mine and so the global hash rate will drop. At the same time a bunch of miners would become unprofitable and therefore there would be an oversupply of mining capacity (assuming there is an efficient way to rent it.)
It seems like a perfect-storm event to me, but in my very casual interest I have not seen any attempts to analyze the effect of this on the 51% attack risk.
No that's simply supply / demand economics. Miners dump their mined Bitcoin on the market immediately after mining. When a halvening occurs, that means less BTC are dumped on the market daily. Assuming demand remains the same, prices will increase.
