What would happen if one entity had control over more than half of the nodes

12 replies 215 views
mark777Member
Posts: 16 · Reputation: 141
#1Feb 4, 2019, 06:52 AM
I was just pondering this idea and thought I’d share it here. What could happen if a single individual or group with bad intentions managed to create and control over 50% of the active Bitcoin nodes? Could they perform an "eclipse attack" by preventing certain blocks from being seen by other nodes, or would using something like Bitnode, which ranks nodes, fix this issue? But I guess even the nodes listed on Bitnode could still point to those malicious nodes when new ones connect; unless I'm missing something about how Bitcoin's peer-to-peer network operates.
7 Reply Quote Share
SwiftMinerSenior Member
Posts: 259 · Reputation: 1036
#2Feb 5, 2019, 10:01 AM
Well theoretically if a single entity controls over 50% of the full and online Bitcoin nodes they could launch a 51% attack but in a scenario like this, the malicious entity should  be able to control only things like network narrative, block and kind of delay transactions, or  even double-spend coins. The 51% attack is actually based more on hash rate and not just number of node connections however for this particular question of yours it will be possible to pull off a couple of eclipse attack since they should be able to manipulate nodes and also isolate some too.
0 Reply Quote Share
mark777Member
Posts: 16 · Reputation: 141
#3Feb 7, 2019, 04:58 PM
As far as I know, double-spending requires the ability to create alternative blocks that override or fork the main blockchain. This ability comes from mining power, not from running nodes. But maybe I'm wrong. And I'm not sure what you mean by "block and kind of delay transactions".
0 Reply Quote Share
SwiftMinerSenior Member
Posts: 259 · Reputation: 1036
#4Feb 7, 2019, 07:57 PM
Well come to think of it to be able to run that amount of nodes suggests too that you have a decent amount of hash rate else you are imposing a situation where regular computers incapable of mining are fully synced with the Blockchain because if that be the case they won't be able to cause double spending since that still requires hash rate. For the case of delayed transactions that means they could just drop the broadcasted transaction meaning you would have to rebroadcast which is a waste of time. Also, For the case of just nodes excluding hashrates the network would be resistant to most attacks take for example if they try to censor transaction rebroadcasting can cancel out it's effect by the remaining 49%.
6 Reply Quote Share
stack51Hero Member
Posts: 541 · Reputation: 3218
#5Feb 8, 2019, 02:17 AM
This would cause network disruption, primarily serving as a censorship tool to block certain transactions from reaching miners' nodes. Sybil attacks are possible, but generally ineffective since Bitcoin relies on proof-of-work (PoW) for consensus. However, a Sybil attack can be somewhat effective for signaling fake support for a soft fork—something that some argue may have happened in the past (long, boring history) . On the other hand, Eclipse attacks, which differ from Sybil attacks, can be used to attempt a double-spend. However, they rely on the victim accepting zero-confirmation (0-conf) transactions. If I manage to isolate your node so that it only connects to nodes I control, I can send you a fake transaction for 1 BTC, which appears valid since all your connected nodes (mine) confirm it. Meanwhile, I can broadcast a conflicting transaction spending the same 1 BTC to another address on the real network. Obviously, this is also highly ineffective in most cases given that I can't fool you into seeing the fake transactions being part of the blockchain unless I control your node and change the code. Ultimately, Bitcoin’s strength relies on PoW. If an entity manages to control a significant portion of the hashrate with malicious intent, it could cause serious damage. Otherwise, most attacks, like Sybil and Eclipse, are virtually useless.
2 Reply Quote Share
im_apeHero Member
Posts: 629 · Reputation: 3824
#6Feb 8, 2019, 06:00 AM
Theoretically if the attacker manages to isolate or "eclipse" another node, then that node is going to only receive what the attacker is feeding it. The biggest problem is going to be privacy related since the attacker will see all the transaction that the victim's node "generates" so it can figure out which addresses belong to it. It can also censor them by preventing it from being propagated. Technically they should be able to carry out a 51% attack with only minimum hashrate that would allow the attacker to mine at least a block. But it has to be a targeted attack and it is easily detected. It would be something like this: The attacker sends the victim a transaction paying them but creates and sends a competing tx that double spends the same coins to the rest of the network. Then the attacker has to mine a block that includes the first tx and broadcast it to the victim. The victim sees it as confirmed and for example releases the fiat or physical goods that were bought. It can be easily detected as the victim would see their node being stuck for a long time without receiving any blocks (it takes the attacker a lot of time to mine a block due to having low hashrate). And they can manually intervene and fix it by for example manually adding a peer's IP address to connect to. Bitnodes website is centralized and it could actually be used to carry out such an attack if we relied in it. In Bitcoin's P2P network, your node would first connect to a DNS seed server (there are a handful of them) that will feed them a list of most reliable bitcoin full nodes. Then it will slowly start building its own list of peers from what it receives over time. Since your node can initiate connections and it selects peers from its own list, it is very difficult to isolate it.
6 Reply Quote Share
sam.bullSenior Member
Posts: 390 · Reputation: 1323
#7Feb 8, 2019, 09:40 AM
Not really Bitnode is just a public facing node tracker It doesn't show which peers nodes actually connects to Even if a malicious entity controls 51% of public nodes it could still get listed as normal to newcomers. There have been cases on this on limited scale and dev have always find a way to improve on the system to prevent such Except on BGP based attack. Which not foolproof can be mitigated with Tor.
3 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#8Feb 8, 2019, 02:23 PM
FWIW, bitnodes website only list node that accept incoming connection. It's harder to isolate those nodes since their connection number is much higher. For such attack, you don't have to run the actual node.
0 Reply Quote Share
paul2017Senior Member
Posts: 218 · Reputation: 1426
#9Feb 8, 2019, 08:28 PM
As long as a node is connected to at least one honest node, and that node is connected to at least one honest node, and so on ..., there is no danger of an eclipse attack. The math says that if nodes are well connected and randomly connected then the odds of any node being susceptible to an eclipse is low. For example, lets assume that an honest node is connected randomly to 8 other nodes and the attacker controls 50% of the nodes. That means that the odds of the honest node being connected only to the attackers nodes is (50%)8, or 0.4%. Only a coordinated and targeted attack controlling who a node connects to has a chance of succeeding.
5 Reply Quote Share
whale_chainFull Member
Posts: 88 · Reputation: 664
#10Feb 8, 2019, 09:08 PM
In general from what I've read so far are we deducing that if an attacker node gets isolated from the rest to the network thereby controlling its own connection peers then manages to flood its victims node with Sybil nodes, those nodes will only receive blocks and transactions from the attackers node and can't be broadcasted to the real bitcoin network since it's cut off That means only a 51% mining attack can actually cause a possible rewrite on bitcoin history perform a double-spend on the main blockchain.
3 Reply Quote Share
eric.wolfFull Member
Posts: 117 · Reputation: 499
#11Feb 8, 2019, 11:29 PM
They can basically hide some transactions to say the least. If the government is saying how crypto is being used for money laundering then I think this way their money laundering would be flawless and almost completely untraceable. Whoever is behind this attack would need to be choose nodes carefully. It is not really about the amount of nodes they can control but rather how easy they can isolate a node from the honest ones.
2 Reply Quote Share
davealphaSenior Member
Posts: 257 · Reputation: 975
#12Feb 8, 2019, 11:35 PM
As far as I know, you can't be sure whether you really own 50% of nodes or not because as far as I know, there are some nodes that don't actively participate in the broadcasting process, they just watch. Such an attack would require lots of IP addresses and honest nodes will blacklist misbehaved nodes. IPs cost money. By the way, even if any attack, including 51% nodes or mining hash power happen, keep in mind that can easily be fixed very quickly. Any situation created by any kind of attack is possible to easily be fixed ASAP. That's why you don't see such attacks, they are pointless and who would spend millions or billions of dollars into doing something pointless that will not only waste you money but will ruin your personal and company's reputation forever?
0 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#13Feb 9, 2019, 12:53 AM
All full nodes broadcast data, so i think you actually talk about node that doesn't accept incoming connection. Although someone could make very rough estimation using website such as http://luke.dashjr.org/programs/bitcoin/files/charts/software.html.
3 Reply Quote Share

Related topics