Bitcoin at risk of network attack, say researchers

The Bitcoin virtual currency is vulnerable to a "selfish" attack that would let someone gradually take control of the digital cash system.

The theoretical attack tries to subvert the way that computers involved in Bitcoin share information.

It plays upon the fact that everyone involved in keeping track of Bitcoin assumes all participants are honest.

Such an attack could already be happening, said the US researchers who discovered the vulnerability.

"Bitcoin is broken, " wrote Prof Emin Surer, one of the Cornell University scientists who developed the attack, in a blogpost describing the work.

The weakness he and Dr Ittay Eyal uncovered is fundamental to the way that Bitcoin works, he said, and emerges from the way that people find or mint new coins.

Typically new Bitcoins are generated by getting lots of computers to tackle a complicated cryptographic puzzle. At any given moment thousands of computers are involved in tackling this puzzle.

Roughly every ten minutes one group involved in solving this puzzle is rewarded with Bitcoins. The process is known as "mining" because, like miners, those who take part have to sift a lot of dross before they find a valuable nugget. As soon as the new coins are found, the news is circulated and everyone starts working on the next puzzle. One Bitcoin is currently worth about £145.

The Cornell attack involves one large mining group that does not say when it has been rewarded with new Bitcoins. This "selfish" mining group then begins working on the cryptographic puzzle that will eventually release the next reward.

This gives it an advantage because every other mining group will still be working on a puzzle that has already been solved. By leveraging this advantage and being careful about when they release information about new Bitcoins they have mined, the group could gradually take control of the entire mining system.

"Once the system veers away from the happy mode where everyone is honest, there is no force that opposes the growth of really large pools that command control of the currency," wrote Prof Surer. The pair pointed out that there were already mining groups big enough to mount a selfish attack on the protocol.

The two researchers have also proposed updating the protocol to limit the size of mining groups and make the whole system less susceptible to a selfish attack.

Vitalik Buterin, technical editor of Bitcoin Magazine, said the attack was "highly theoretical" because no software currently existed that could turn an honest mining group into a selfish one.

At the moment Bitcoin software shares information about what different miners are doing with the entire community. For a group to become selfish they would have to change this fundamental Bitcoin software in order to manipulate this information flow.

In addition, he said, only the biggest pools could try to subvert the system and the communication demands of the network would likely stymie those attempts.

In addition, he said, the rewards of selfish behaviour were outweighed by the benefits of being honest.

"No honest (or semi-honest) miner would want to join a selfish pool," he suggested. "Even if they do have a small incentive to [join], they have an even greater incentive to not break the Bitcoin network to preserve the value of their own Bitcoins and mining hardware."