51% Wallet Claims

[bob]

Earlier this week Dash Core Group was made aware of claims that several Dash wallet addresses comprised around 51% of all Dash mining hashrates. We’ve spent the past few days to internally assess everything and better understand all addresses and hashrates involved.


We’ve examined the claims and they appear correct at this time. However, we don't believe the entity in control of the wallets in question plans or wants to attack because their mining activities began at least 4 months ago and their blocks have been published for all to see.


Additionally, since we were first made aware of these addresses, they have begun to remove their hashing power from NiceHash and diversify into various mining pools. This removes the risk of a malicious party renting the hashing power via NiceHash and simultaneously signals that the entity in control of the hashing power does not have negative intent. We believe the miner behind the hashing power was made aware by the same info we discovered online and quickly moved to more protected pools as they appear to be a major stakeholder of Dash.

Graph shows Nicehash available hashrate for rent has decreased dramatically over the past day.


Additionally, because of our unique InstantSend capabilities a transaction that was successfully locked via InstantSend would require a reorganization of over 24 blocks in order for a double-spend to succeed.


There are many variables that have allowed this miner to amass this much hashing power, including newer ASICS on the market and the current price decline. At this time we do not believe there is reason for concern given our position as the largest X11 project in terms of hashing power (a 51% attack of this nature would make the attackers or NiceHash miners who rent their equipment obsolete and worthless). We also believe it is clear this entity has not shown malicious intent with their public activity.


On a related note, Dash recently announced an innovation named ChainLocks that will make it even more difficult to perform a 51% percent attack on the Dash network since it would also require a 51% dominance of the masternode layer. ChainLocks will be included in a future update to the protocol. More details can be found here.


We will be monitoring this situation closely and will publish more information if it becomes available or necessary. We encourage everyone with the ability to mine Dash to do exactly that and help distribute hashing power.

 

[t0dd]

Thank you for this. Honesty in the crypto-space is a refreshing change versus the more defensive posture other projects seem to embrace.

This is definitely a concern in principle, but certainly not a panic issue for all the reasons you mentioned (a more default instantsend and, in the near future, chainlocks). With chainlocks (0.14 I believe?) the 51% attack potentiality more-or-less disappears, but we should always be looking at ways to reduce such dominant "stakes" in the project.

I.e., Dash is addressing this particular potential problem like no other chain. Dash rocks!

Again. Thank you. I rest easy at night.

 

[sawomu]

We’ve examined the claims and they appear correct at this time. However, we don't believe the entity in control of the wallets in question plans or wants to attack because their mining activities began at least 4 months ago and their blocks have been published for all to see.

You do not describe at all the way you did your investigation.
You said "I examined the claims and I discovered this" but not a single hint on how you did that.
I assume you expect us to believe you because you carry the "Dash Core Group" badge. Right?

 

[bhkien]

I am wondering if it could be possible to apply chain-locks in the next release right after 0.13.0 like i.e 0.13.1?

 

[The philosofers coin]

I am wondering if it could be possible to apply chain-locks in the next release right after 0.13.0 like i.e 0.13.1?

I think that would be interesting, but I don't think DCG should bent over backwards if 0.14 is going to be live in 3 months or less. Even more if they do so it looks weak as it a direct response on to this FUD.
IF we bring it out later we get the news affect of this FUD, and than later on we get the full credit for 0.14. Both from a technical perspective and a marketing perceptive waiting till 0.14 is the right choice from my point of view

 

[TroyDASH]

I am wondering if it could be possible to apply chain-locks in the next release right after 0.13.0 like i.e 0.13.1?

LLMQs are not until 0.14 and I believe they are a prerequisite for ChainLocks.

 

[drkrooster]

LLMQs are not until 0.14 and I believe they are a prerequisite for ChainLocks.

0.13.1 or 0.14.0 is fine, but hopefully it is not another 2.5 years

 

[camosoul]

You do not describe at all the way you did your investigation.
You said "I examined the claims and I discovered this" but not a single hint on how you did that.
I assume you expect us to believe you because you carry the "Dash Core Group" badge. Right?

No. He has stated what he has found through analysis that you are also perfectly capable of doing yourself.

If you don't want to believe him, don't. Do your own research.

If you are unwilling or unable to do that, that's on you.

No one owes you. You're not entitled. If you don't like or trust his work, do your own. You have the same resources available to you that he does. This is all public blockchain record.

 

[camosoul]

I think that would be interesting, but I don't think DCG should bent over backwards if 0.14 is going to be live in 3 months or less. Even more if they do so it looks weak as it a direct response on to this FUD.

I see it quite the opposite.

This is yet another opportunity for DASH to differentiate itself. Show how nimble and responsive it can be. While other project fumble for months and years, use word salad, or completely neglect problems, walk back definitions and then the ultimate development BS of calling it a feature, not a bug... DASH here has yet another opportunity to show itself to be the complete opposite of that.

Shall we let this opportunity pass us by, like so many others? Announce the concept of ChainLocks, then allow it to remain vaporware for so long that it other coins develop "close enough" versions? Like pretty much every other feature DASH has innovated?

It's become a trend in DASH to make excuses for letting opportunities pass by... I was called a troll for fighting against it, and I'm sure I'll be called a troll for continuing that fight now that the behavior is an established status quo...

DASH desperately needs to stop letting opportunities pass it by...

 

[sawomu]

No. He has stated what he has found through analysis that you are also perfectly capable of doing yourself.

If you don't want to believe him, don't. Do your own research.

If you are unwilling or unable to do that, that's on you.

No one owes you. You're not entitled. If you don't like or trust his work, do your own. You have the same resources available to you that he does. This is all public blockchain record.

He presents his conclusion without any proof! How is it possible this to be accepted by a rational individual?
I do not belong to the flat-earth society, I always expect the proves nearby the claims.

 

[f8192]

He presents his conclusion without any proof! How is it possible this to be accepted by a rational individual?
I do not belong to the flat-earth society, I always expect the proves nearby the claims.

Why do you even care? Even if 51% attack did happen, so what? Just use InstantSend, and it is not a problem. More over, IS is gonna become automatic in 2 days, so you don't need to ask an every single sender to use it. Even if a transaction did not happen to confirm instantly, just wait ~24 confirmations, which is about an hour, and it can be fully trusted just like an IS one.

 

[jimbursch]

This is a very satisfying answer. Thanks @bob !

While it is concerning when an entity controls 51%, and indicates a potential attack risk. It is, nonetheless a risk, not an attack.

The technical risk posed by 51% is mitigated by the economic self interest of the entity controlling the hash power -- a successful 51% attack would collapse the value of any gain from such an attack. Soon Dash will have chain locks, a technical mitigation that backs up the economic mitigation.

Notice that ETC was "attacked" -- it underwent several chain reorgs with double spends -- but nobody has come forward claiming losses. Surprisingly, perhaps rationally, the market is nonplussed. A chain reorg is technically interesting, but in the absence of a loss to some party, it is economically meaningless. My guess is that, in the case of ETC, someone did the reorg as an experiment -- they double spent their own ETC to themselves. Maybe they are surprised that somebody (Coinbase) noticed, or maybe they wanted to alert the community/market that it could be done.

In the case of Dash, it was discovered that someone controlled 51%, and as soon as it was discovered, the party controlling it then dispersed it -- an economically rational course of action.

This is fascinating stuff, both from the standpoint of technology and behavioral economics.

 

[TroyDASH]

Why do you even care? Even if 51% attack did happen, so what? Just use InstantSend, and it is not a problem. More over, IS is gonna become automatic in 2 days, so you don't need to ask an every single sender to use it. Even if a transaction did not happen to confirm instantly, just wait ~24 confirmations, which is about an hour, and it can be fully trusted just like an IS one.

InstantSend provides the equivalent security of 24 normal confirmations, but even having 24 confirmations does not protect against 51% PoW attacks ( a 51% attacker could start mining 100 blocks ago, and when they finally catch up on the proof of work then the whole original chain after that point would be orphaned)

 

[camosoul]

He presents his conclusion without any proof!

You have drawn the false conclusion that proof does not exist simply because it wasn't handed to you. Neither he nor I stand obligated to prove anything to you.

I always expect the proves nearby the claims.

Careful, your snowflake entitlement is showing. Your expectations (a.k.a. lazy demands) need not be met by anyone.

This is not a doctoral thesis. It is a signpost.

I'll say it again; nobody owes you a damned thing. If you can't/won't sort it out for yourself, demands that someone else hand it to you on a silver platter will not get you anywhere.

We are not the Fact Welfare.

No one is forcing you to be here. No one is expecting or demanding that you be believed or accommodated in any way.

In other words, feel free to screw off at any time if all this free stuff isn't good enough for you.

It's worth exactly what you paid for it...

 

[f8192]

InstantSend provides the equivalent security of 24 normal confirmations, but even having 24 confirmations does not protect against 51% PoW attacks ( a 51% attacker could start mining 100 blocks ago, and when they finally catch up on the proof of work then the whole original chain after that point would be orphaned)

I believe that the more hashrate percentage you have, the more blocks you are able to override, isn't this true?

 

[camosoul]

Why do you even care? Even if 51% attack did happen, so what? Just use InstantSend, and it is not a problem. More over, IS is gonna become automatic in 2 days, so you don't need to ask an every single sender to use it. Even if a transaction did not happen to confirm instantly, just wait ~24 confirmations, which is about an hour, and it can be fully trusted just like an IS one.

Eh, not necessarily. Secret miners, if they exist, could wait more than an hour. maybe a whole day...

But since DASH is the chief X11 coin, the only thing such an attacker could do is destroy his own half-billion dollar investment... I wouldn't put it past the US or Chinese governments to do something like that. They have no problem wasting and squandering their citizens' own money on aggression towards their own citizens... They'll just point a gun at everyone and extort more money. They don't care. They're more interested in being evil the old fashioned way; spreading propaganda about "those people" as an excuse to invent new laws, as an excuse to commit violence against "those people."

But, we have no evidence that they're smart enough to figure out how, much less actually do it.

Anyone who actually paid for those hashing machines certainly isn't going to do such a thing.

 

[camosoul]

I believe that the more hashrate percentage you have, the more blocks you are able to override, isn't this true?

No.

As long as you hold 51% or more, you can do it. A larger percentage only means you are more likely to maintain that hold.

A secret miner might be able to issue more blocks in the same temporal window. This miner is clearly no secret.

 

[sawomu]

In other words, feel free to screw off at any time if all this free stuff isn't good enough for you.

It is not free stuff.
As long as it remains a simple quote without any proof provided, it can also be considered as a speculation that is presented as fact.
"extraordinary claims require extraordinary evidence" , as people use to say.

 

[bob]

Dash is in the best position to significantly reduce risks of 51% attacks compared to all other coins through ChainLocks. Leveraging our unique Masternode network and the upcoming Long Living Masternode Quorum (LLMQ) feature, ChainLocks add another dimension to proof of work. This innovation was unveiled less than 2 months ago in DIP8 (https://github.com/dashpay/dips/blob/master/dip-0008.md) and explained in more detail in Alexander Block’s blog post (https://blog.dash.org/mitigating-51-attacks-with-llmq-based-chainlocks-7266aa648ec9). ChainLocks is slated as part of our next major release, version 0.14.0.

 

[camosoul]

"extraordinary claims require extraordinary evidence"

There are no extraordinary claims present. Only the plainly observable.

Sane Person: "The sky is blue. A few small clouds, but no big deal."

Typical a-hole on the Internet: "PROVE IT! HOW CAN YOU SAY SUCH FANCIFUL THINGS WITHOUT PROOF?!?!"

Sane person: "Uhm, look out the window."

Typical a-hole on the Internet: "THAT DOESNT PROOVE ANYTHING! HOW DARE YOU SUGGEST IT ISN'T RAINING! I WANT PROOF THAT IT ISN'T RAINING! I'M ENTITLED! I DEMAND! YOU'RE A LIAR IF YOU DONT FOLLOW MY ORDERS!"

Sane Person: "Whatever you say, man. Can't prove a negative anyway. Bye."

Typical a-hole on the Internet: [probably saying a bunch more useless, entitled crap, but no one is listening]