CheapETH 51% Attack Demonstration

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

CheapETH

CheapETH is a fork of the ethereeum blockchain which features cheaper transactions due to the smaller network. A white hat hacker named Anish Agnihotri demonstrated a 51% attack. All funds were returned after the demonstration.

This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11]

About CheapETH

"Someone made cheapeth as an alternative to ETH. $CTH" "You like ethereum? You wish you could use it, BUT TRANSACTIONS ARE 100 DOLLARS?!? You need cheapETH. It's 100% compatible with eth, except 1000x cheaper!!* If you have ETH, you already have cheapETH!"

"The transaction fees on Ethereum do not scale with the amount of money moved, where if there was a way to apply different amounts of security to them, they should."

"That's where cheapETH comes in. It's just as capable of doing all the same compute and contract operations, but it's not capable of securing all the value. It's a home for fast in and out high value, lower value, or no value transactions. We estimate 99% of the Ethereum transactions require nowhere near the security of the entire Ethereum blockchain, yet they all pay for it and get it every time. cheapETH lets you not pay for it if you don't need it."

"cheapETH is a fork of the main Ethereum chain at block 11818959. Think Bitcoin Cash, but for Ethereum instead of Bitcoin. The money is cheap, the transactions are fast, and the party is still going." "Think about it. A transaction that costs $77 on ETH, is only $0.08 on cheapETH. Made possible by cheapgas. The cheap eth gang solves the gas crisis."

"A 51% attack is one of the main ways in which a blockchain can be attacked. The premise of most blockchains is that, as long as the majority of hash power is controlled by good actors, looking to support the network, then it will work normally. But if a bad actor takes control of the majority of the hash power, then they can cause some issues."

"One of the main ways that bad actors profit from a 51% attack is by performing a double spend. Using their greater amount of hash power, they secretly mine a longer alternative version of the blockchain. They will then make a deposit to a crypto exchange and see their balance go up. Then they will broadcast their alternative (and crucially, longer) chain to the network, eroding their previous transaction. This leaves them with their original money and the balance on the exchange."

On May 17th, 2021 "At 07:12 UTC, I successfully ran a 51% attack against @realGeorgeHotz's http://cheapETH.org Ethereum clone chain. With a network hash rate of 559.64Mh/s, I rented ~1.44Gh/s of miners to control ~72% of the network."

"Agnihotri chose a tiny clone of the Ethereum blockchain called CheapETH to run the experiment. It has much greater block sizes (similar to Bitcoin Cash), making it cheaper to send transactions. But unlike Ethereum’s 629 trillion hashes per second, it has just a measly 559 million hashes per second. This makes it much more vulnerable to attack."

"To carry out the attack, Agnihotri rented mining power capable of performing 1.44 billion hashes per second. This enabled him to take up about 72% of the network’s hash rate. He also rented a virtual machine to run the blockchain on. The total costs were under $100." "<$100. Largest expenses were a 16c/64gb vm for the weekend to sync geth and run scripts from and the ~$40 I spent to rent hash power for 4 hours."

"I setup a GCP instance w/ geth tracking cheapeth, open-ethereum-pool, a stratum proxy, and a few convenience scripts I wrote. Then, I rented hashing power from @miningrigrental." "I pointed the hash rate to my own pool. Disconnected from the network by blocking peers. Sent a few txs (that I wanted to double spend). Mined solo for a few minutes. And then, replaced all past blocks with my longer chain fork (ignoring any txs I sent in step 3)."

“I've never seen a 51% attack against a live network (for good reason I suppose; most folks attacking networks for monetary gain probably don't want to publicize themselves),” tweeted Anish Agnihotri today, adding: “So I recorded it for you.”

"While Agnihotri attacked the network, he did not carry out a double-spend attack at the same time. In the documentation within the video, he points out the points at which a bad actor would perform such an attack. Afterward, he said that he would airdrop tokens to any pools that were affected by his attack through loss of mining and transaction rewards."

"cETH has no value, cheapETH is not the main Ethereum network (which is infinitely harder to 51% attack), no third-party transactions were disrupted, I will airdrop to pools who's "revenue" was impacted, and this was for educational purposes only."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - CheapETH 51% Attack Demonstration
Date Event Description
May 17th, 2021 Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

No funds were lost.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

51% attacks can be prevented through a mix of increased block confirmation times and setting checkpoints to prevent large-scale reorganizations. This means the exchange will not allow withdrawals based on newly deposited funds (which could still be taken back through a 51% attack), and nodes will be prevented from accepting longer attacking chains.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. https://mobile.twitter.com/certik_io/status/1395275460087517188 (Jan 10, 2022)
  2. Hacker shows how he '51% attacked' Ethereum clone CheapETH for $100 (Jan 10, 2022)
  3. @CheapEth Twitter (Jan 10, 2022)
  4. cheapETH (Jan 10, 2022)
  5. https://coinmarketcap.com/currencies/cheapeth/ (Jan 10, 2022)
  6. The developer conducted an "educational" 51% attack on the CheapETH Ethereum clone - World Stock Market (Jan 10, 2022)
  7. CheapETH will be easy to attack with a 51% attack. If you want to play with Ethe... | Hacker News (Jan 10, 2022)
  8. 51% Attacking George Hotz's CheapETH Ethereum Clone Chain - YouTube (Jan 10, 2022)
  9. @_anishagnihotri Twitter (Jan 10, 2022)
  10. @_anishagnihotri Twitter (Jan 10, 2022)
  11. cheapETH (Jan 10, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=CheapETH_51%25_Attack_Demonstration&oldid=4035"