An infamous weakness in the structure of any blockchain, the 51% attack has been a recurring theme ever since bitcoin came to the fore and experts started analyzing the system’s weaknesses. Many would say that a 51% attack, which basically involves controlling the majority of the network’s power in order to ‘legitimize’ double spending, is merely theoretical. This could be an accurate characterization of the threat, if the blockchain in question has enough hashing power. Nevertheless many smaller cryptocurrency and blockchain projects that have been emerging lately, could be vulnerable to such an attack. Krypton is one of them, and it was the victim of a 51% attack and various subsequent attempts.
Profitability of 51% Attacks on small Blockchains is extremely low
For the attackers that succeeded in giving Krypton a headache, there was not a lot to gain financially from the attack. The hacker’s proceeds from this attack according to bitcoinist.net were around 5BTC. This sum doesn’t justify the efforts involved in the attack, unless it is a ‘practice’ attack to target either a bigger blockchain, or many small blockchains simultaneously.
The Architecture of the Attack
The attack on Krypton effectively proved that the concept of the attack works. The attack consisted of 2 parts: 1. acquiring enough hashing power by buying it online, in order to achieve a 51% control on the blockchain 2. Setting off a DDoS attack on multiple nodes on the network in order to be able to validate the double spending. In essence, despite the fact that Krypton was the network under attack, it was Bittrex – an exchange on which Krypton can be traded – that bore the losses when it was tricked into paying for tokens that were already spent.
Ever since the attack, the founder of Krypton, Stephanie Kent, has been actively engaging in social media to inform everyone about the attack and what is being done to protect the network from any further harm. Her LinkedIn updates have been especially candid, with posts and articles laying out the details of the attacks and how subsequent attacks have failed as a result of the lessons learned from the first one.
Kent’s LinkedIn post from August 27th, 2016, presents the following solutions:
- Working with Bittrex to increase KR withdrawal times to 1,000 confirmations (a later post by Kent suggests going further and increasing to 3,000 confirmations).
- The purchase of additional hash power by the Krypton community.
- An upgrade of the Krypton client to version 1.3.3 that eliminates a caching bug that allowed orphaned transactions in memory to appear as valid.
- Reaching out to the media and social networks to report the attack as quickly as possible and alert everyone out there – an action that many organizations outside the realm of blockchain should incorporate to their responses when they are hacked as well.
All these actions have succeeded in mitigating the damages of the attack and preventing future attacks of this sort. This case has also served to warn other crypto-communities and make them revise the security of their own networks. Additionally, the attack and Kent’s response have put Krypton on the map.
What is Krypton?
Due to the way in which Krypton responded to the attack, its profile rose. More people are reading about the objectives of this blockchain project. According to Kent’s LinkedIn profile, Krypton is a blockchain project that will allow its users to do basically everything Ethereum allows users to do but with fewer coins, faster speed and lower inflation. Krypton allows for the development of all the decentralized technology that includes dApps and the development of Decentralized Autonomous Organizations. Now, this network will go down in history as one of the only known cases in which a blockchain faced a 51% attack, survived it and taught everyone else about its experience in dealing with such a threat.
In a growing constellation of competing blockchain projects, it is safe to assume that more attacks and more sophisticated attacks will come. In this case the financial gain of the hackers was negligible, while serving to raise Krypton’s profile and forcing the project to secure the network against future attacks. Any potential conspiracy theories that may arise as a result – and they probably will – should not diminish the value of the lessons that Kent has put forth for everyone else to see. Hopefully other blockchain projects will incorporate these lessons into their operations, but at this point it doesn’t seem like the attack could reach the scale necessary to threaten the biggest blockchain projects out there.
Click here to read Stephanie Kent’s post on LinkedIn.