“[E]xchanges are the primary targets for 51% attacks,” wrote Haseeb Qureshi in a tweetstorm while considering the recent 51% attack on Ethereum Classic (ETC). Pointing out that “individual users don't even notice unless they check Twitter,” Qureshi proposed creative measures that exchanges could use to protect their assets - which would be far less costly than compensating users after the fact.
The former Airbnb software engineer and pro poker player framed 51% attacks as unfortunate realities, and essentially a “tax on exchanges” that must be paid in the cheapest way possible.
While suggesting the obvious fix - delisting Proof-of-Work (PoW) blockchains with dangerously low hashrates - he said that exchanges could actively fight back by re-mining the original chain at a much lower cost than their attackers, thus avoiding considerable losses after successful attacks.
‘Markets Basically Shrugged It Off’
Qureshi began his proposal by claiming that individual users are, in practice, hardly affected by 51% attacks, also known as a “chain reversion” or “chain reorganization.”
Indeed, between January 5 when the attack was first realized and January 10 when ETC’s community had fully reacted, the asset’s market value hardly flinched. Retail investors either weren’t aware or didn’t care, it seems - after all, as Qureshi pointed out, “[bystanders’] transactions pay fees, so why not include them in your fork?”
Attacks are effective because attackers trade soon-to-be-attacked cryptoassets for either other cryptoassets or fiat money. In this vein, Qureshi points out that “There's only one major business that sells real-world things for crypto: exchanges.”
Exchanges therefore have the biggest dog in the fight when it comes to reorg attacks. In the aftermath of the ETC attack, there has been confusion for the hardest-hit exchange, Gate.io, which did not manage to close withdrawals fast enough.
CryptoGlobe first reported that Gate.io would reimburse almost $200,000 worth of lost ETC to its customers. But it now appears that the attack may have been a white hat attack, as $100,000 worth of ETC has been returned to the exchange.
At any rate, it is clear that exchanges stand to lose big during such attacks.
Exchanges Fight Back?
The crux of Qureshi’s point lies in what exchanges can do about it. He proposes that exchanges can mine their own versions using the same weapon that attackers use: Rented hashrate on sites like Nicehash.com.
The exchange, upon [detecting an attack], rents some hashrate and starts RE-MINING on the original, shorter chain. By expending more hash rate than the attacker (they don't need to mine as far, only a few blocks back), they can re-revert the chain.
A defending exchange would only have to re-mine a few blocks, whereas attackers have to mine much further back in order to cancel out their own transactions and accomplish a double-spend. Because of this, re-mining a much more recent chain would be far less costly for an exchange than it was for the attacker to re-mine their attacking chain.
Qureshi posits that this deterrent could keep attackers from even bothering, because “if exchanges commit to doing this, the incentive to attack goes down tremendously.”