February 23, 2012
FC++: Bitcoin & Gresham's Law - the economic inevitability of Collapse
The various and many anonymous authorities are moving against BitCoin, and they are taking the time-tested path: shutting down the exchange operators.
This is the modus operandi that was employed with earlier innovative money suppliers, and unfortunately it is a bit of a killer strategy. In short, someone complained, someone else then lent on the major money operators, who lent on the minor ones providing exchange facilities, who in turn then pulled their accounts with the exchangers.
Paxum Ceases Business With Bitcoin
Over the course of the last two weeks, Paxum has been in communication with our banking partners, Mastercard, and our auditors to evaluate the best interests of Paxum (and its clients) in relation to Bitcoin.
After much discussion and consideration it has been decided that, though Bitcoin's are not illegal, they are considered high risk.
Where, 'high risk' might mean that the people who we rely on to stay in business don't like it, which makes the exchange business extremely vulnerable. Or it might mean that the Bitcoin economy has fundamental problems.
Now, it turns out that honest people have good reason to be suspicious of Bitcoin, up to and including the extreme levels of rampant criminality. And, Philipp Güring and I wrote the paper to explain it:
Philipp Güring and Ian Grigg, Bitcoin & Gresham's Law - the economic inevitability of Collapse (PDF)
Abstract. The Bitcoin economy exhibits remarkable and predictable stability on the supply side based on the power costs of mining. However, that stability is challenged if cost-curve assumption is not solely expressed by the fair cost of power. As there is at least one major player, the botnets, that can operate at a power-cost-curve of zero, the result is a breach of Gresham's Law: stolen electricity will drive out honest mining. This has unfortunate effects for the stability of the Bitcoin economy, and the result is inevitable collapse.
Philipp started by modelling demand and supply for Bitcoin mining. My part was to add the economics rationale why such things cannot succeed.
It is probably a bit too late now, but we had hoped to get the paper into some relevant forum but events above have overtaken us. Hence, here it is in the style of FC++ which means we might do some tweaking, and present it somewhere in a future moment.
Posted by iang at February 23, 2012 12:35 PM
Um ... ya.
About that botnet thing. You are aware of the difference between CPU mining and GPU mining, right?
1 GPU = hundreds, or a thousand or so CPU systems. The botnets only have CPU systems so far, and even if they do try to do GPUs as well, they'll only find a tiny fraction of systems have the high-end GPUs of the kind that Bitcoin miners use. A serious miner is running multiple rigs each with 3 X graphics cards, each card having dual GPUs.
Additionally, FPGAs solutions are now arriving where GPUs are going to have a hard time competing. How many botnets will do FGPA mining? Approximately 0.0% And that won't be changing anytime soon.
Good story though.
Cheaper for the bots just to steal people's bitcoin wallets.
There are way too much simplifications in the paper. Nothing mentioned about increased botnet thermal footprint (and detectability), perhaps order or two in magnitude.
Cheaper to purchase all bitcoin in the world today.
Botnets will never work for minigng..they are to valuable and owners can make more (illegaly) using them in other areas..using them for minign would go the opposite..they would easier be to spot and to spot..no botnet owner right in his head would ever use it for mining..at 100$ per btc they maybe try lol but as long as they dont own specialised hardware that won`t happen..i have FPGA 50 gigahash in 4 weeks..and they are absolutely security hardened in 3 layers..won`t work out
Perhaps governments will attack the currency but that has little to do with your other arguments. They certainly don't need the coins to come from botnets to start attacking it.
I don't think it matters much if botnets mine coins. Mining was only really intended as a bootstrapping mechanism to initially distribute the coins.
As the coin production tails off the botnets would merely be providing a cheap transaction processing service - where security of the processed transactions is subsidized by the botnets free access to resources.
That isn't likely to cause a shutdown in bitcoin, if anything it makes it even more competitive compared to other alternatives.
I posted a reaction here:
Mafia-concentration. In your putting, that mafia would become involved and invested in BitCoin, and would act like an authority, and authorities become sooner or later interested to to keep things running. But when criticizing something, it is presumed that there is (or can be) something better out there. Today that mafia player is the financial entity that has the power to issue money, so...?
Government. A cryptocurrency is ought to pass over one's boundaries when talking about governments. If you don't think of the USA as "the world", the USA government is not almighty. Yes, the USA government + Federal Treasury controls the dollar which many would call "de facto world currency" and those two together can do pretty much everything with US currency, but that isn't valid any more with such a currency as BitCoin. They can buy/sell large amounts of money causing big fluctuations and that would make speculators happy. Speculators also involuntarily are playing a stabilizing role (as it happens on FOREX), and more of them (more of their purchasing power actually) being involved - the more stability they bring. That government move you described would simply cause a significant value injection into BitCoin, at the expense of dollar, value that they won't be able to get it back in full amount. I therefore don't think governments will get involved in stock exchange games.
Botnets. This is not a sole BitCoin problem, but of all the systems (including the current one) that are relying more and more on computers. And mining is not all that important and serious as you're trying to put it. The fact that someone would come to label that some gain is not fair/legal is entirely subjective and again, it's not a sole BitCoin problem. Occupy Wall-Street is just a popular move, not necessarily justified. People did that all the time in history.
Proof-of-Work. This argument doesn't have any valid place at all. BitCoin acts like cash and can be stolen/laundered/anything else that criminal groups can get involved in the same way like cash is. We still have cash around, do we? Banks currently "make" money out of thin air by simply signing a credit contract. They are able to do so, they do so and nobody bothers to ask any "proof-of-work" (sound ammusing).
Segmentation. That would be a good thing. That would be a mark of an evolving world (of currencies). The best one will prevail in the end. Each new model bring improvements. You mentioned SolidCoin. It would be good if you'll check out why is it worth to exist at all and you might find in this way solutions for some of the problems that you thought of. Keep going, because each problem people put in light create demands for improvement, and unlike the current financial system, that "genius system" (or at least it's kind) is ready to address issues and to come up with a better version of itself.
From an academic perspective the botnet miners are no different than the "honest" miner, so I fail to see your point. That is to say as far as the bitcoin network is concerned "n" is no different than "n+1." Your point is irrelevant unless your attackers intention is to falsify the block chain, in which case you need to do more research into what the requirements of that would be.
I'd assume you are trying to attack the bitcoin idea from an academic perspective because you put your argument into a format that vaguely resembles an academic paper and you mention "
From a practical standpoint your claims that one party can benefit from the bitcoin because they have access to "free electricity" is nonsense.
Today I woke up to find my hot wallet on the backup server had all its coins stolen. As a security measure, merchant sites keep the majority of funds offline with just enough in a ‘hot wallet’ to keep operations running smoothly.
Rest assured: I am covering Linode’s mistake from my own income. That means months of my work is wasted and I’m crushed.
I am not the only person affected by this. A few hours ago another guy contacted me that his Linode machine has been attacked and his coins was moved to the same wallet, asking me if I knew what happened (because he found that the 1Mining2 address is mine). We found that our issues are the same – changed password in Manager, stolen coins & Linode staff is telling they have no security issue on their side.
More than $3,700 (£2,400) of the virtual currency Bitcoins has been illegally "mined" by a rogue employee at US games company ESEA....
Competitive video gaming community E-Sports Entertainment Association secretly updated its client software with Bitcoin-mining code that tapped players' computers to mint more than $3,600 worth of the digital currency, one of its top officials said Wednesday.
The admission by co-founder and league administrator Eric ‘lpkane’ Thunberg came amid complaints from users that their ESEA-supplied software was generating antivirus warnings, computer crashes, and other problems. On Tuesday, one user reported usage of his power-hungry graphics processor was hovering in the 90-percent range even when his PC was idle. In addition to consuming electricity, the unauthorized Bitcoin code could have placed undue strain on the user's hardware since the mining process causes GPUs to run at high temperatures.
"Turns out for the past 2 days, my computer has been farming bitcoins for someone in the esea community," the person with the screen name ENJOY ESEA SHEEP wrote. "Luckily I have family in the software forensics industry."
About five hours later, a separate user posted evidence of the ESEA software client included the Bitcoin code. The user also provided instructions showing how other ESEA players can check to see if their computers are running the secret program.
A few hours later, Thunberg published his own post disclosing that ESEA software had included the Bitcoin miner for a little over two weeks and deposited a little more than 29 BTC into three wallets under the control of ESEA officials. The digital currency was regularly converted into US dollars and netted a total of $3,602.21 as of Wednesday.
by Dan Goodin - Apr 5, 2013 5:05 pm UTC
Bitcoin mining takes a lot of computing power—so naturally someone created a piece of malware to mine on other people's computers. As the value of bitcoins skyrockets, security researchers have discovered yet another piece of malware that harnesses the processing power of compromised PCs to mint the digital currency.
BTCs, as individual bitcoin units are known, have recently traded as high as $130, about four times their value from February. In Bitcoin vernacular, BTCs are "mined" by computers that solve cryptographic proof-of-work problems. For each correct block of data submitted, contributors are collectively rewarded with 50 25 bitcoins. Legitimate participants, who typically receive a percentage of the reward based on the number of blocks processed, often use powerful systems with multiple graphics processors to streamline the process.
But scammers spreading malware on Skype are taking a decidedly more nefarious approach. Their malicious code hijacks a computer's resources to mine BTC, according to a blog post published Thursday by a researcher from Kaspersky Lab. While the bitcoin-miner.exe malware harnesses only the CPU resources, which are much slower than GPUs in BTC mining, the attackers have the benefit of infecting many computers and then chaining them together to mint the digital currency. Unlike legitimate miners, the criminals don't have to pay the purchase price of the hardware or pay for the electricity to run them.
Bitcoin-mining malware has been circulating for almost two years now. Some versions actually tap infected computers' GPUs and can even run on OS X Macs.
Majority is not Enough: Bitcoin Mining is Vulnerable
Ittay Eyal, Emin Gun Sirer
(Submitted on 1 Nov 2013 (v1), last revised 5 Nov 2013 (this version, v3))
The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the protocol is incentive-compatible and secure against colluding minority groups, i.e., it incentivizes miners to follow the protocol as prescribed.
We show that the Bitcoin protocol is not incentive-compatible. We present an attack with which colluding miners obtain a revenue larger than their fair share. This attack can have significant consequences for Bitcoin: Rational miners will prefer to join the selfish miners, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency.
Selfish mining is feasible for any group size of colluding miners. We propose a practical modification to the Bitcoin protocol that protects against selfish mining pools that command less than 1/4 of the resources. This threshold is lower than the wrongly assumed 1/2 bound, but better than the current reality where a group of any size can compromise the system.
...we are taking a look at a PUP that installs a Bitcoin miner on the user system, not just for a quick buck but actually written into the software’s EULA. This type of system hijacking is just another way for advertising based software to exploit a user into getting even more cash.
On Nov 22, we received a request for assistance from one of our users about a file that was taking up 50 percent of the system resources on their system. After trying to remove it by deleting it, he found that it kept coming back, the filename was “jh1d.exe”.
The state of New Jersey recently announced a $1 million settlement with E-Sports Entertainment, LLC over allegations that the company installed malware on its customers’ computers. The Attorney General claimed that E-Sports’ software allowed the company to use its customer’s computers to mine for Bitcoins without the user’s knowledge, generating thousands of dollars in Bitcoin value for E-Sports (and no value for the users) after numerous reports of unusually high CPU usage by their customers. E-Sports released a statement apologizing and clarifying that this was the behavior of a rogue programmer. They also announced that they are donating the value of the bitcoins ($3,713) to the American Cancer Society plus doubling the donation from their own funds.
According to Light Cyber, a security research firm which warned Yahoo of the attacks in late December, one of the malware programs delivered in the attack turned the victim's computer into a bitcoin miner. The computer is set to work performing the calculations required to make the bitcoin network run, but the rewards for doing so accrue to the malware writer.
Fox IT, the Dutch cybersecurity firm which first disclosed the vulnerability to the public, estimated that there were around 27,000 infections every hour the malware was live on the site. If the malware was being served consistently for the three days, it may be the case that almost 2 million computers were infected.
Miscreants are using hacked digital video recorders in a somewhat misguided attempt to mine cryptocurrency BitCoins.
Hackers have created custom code to infect devices normally used for recording footage from security cameras. After getting in, likely to taking advantage of weak default passwords, a common security mistake with embedded devices, the ne'er-do-wells plant malicious code. This malware scans for vulnerable Synology Disk Stations as well as attempting to mine BitCoins.
Security researchers at the SANS Institute's Internet Storm Center spotted the attacks after investigating devices scanning its honeypot, discovering to their surprise that they were actually infected DVRs (digital video recorders). The malware is compiled for ARM CPUs, so it's a specialist nasty.
"The malware is an ARM binary, indicating that it is targeting devices, not your typical x86 Linux server," explains SANS Institute researcher Johannes Ullrich in a write-up. The malicious code is only scanning for vulnerable Synology Disk Stations and not doing anything on these insecure networks attached storage devices, at least for now.
Security researchers at the SANS Institute have since discovered that the Synology scanner is also running on routers.
Mining BitCoins these days requires a specialist rig featuring graphic cards so using low-powered embedded systems is not terribly practical.
"Kudos to camera DVRs hackers for finding something worse (ie, very ineffective cryptocurrency mining) to use them for than surveillance," said Martijn Grooten, Virus Bulletin's anti-spam test director.
Chris Wysopal, co-founder and chief technology officer at code review firm Veracode, was even more dismissive: "Seriously, this is just wasting electricity," he said. ®
An unknown hacker has reaped an estimated 500 million dogecoins – worth nearly $200,000 at today’s prices – by hacking into a series of data storage hubs for computer networks, according to SecureWorks, an information services subsidiary of personal computing giant Dell.
The SecureWorks report revealed that the hacker targeted network attached storage (NAS) boxes made by Taiwan-based Synology Inc. and used its computing power to mine dogecoin through a private pool. The action caused problems for Synology’s customers, some of whom reported poor performance on Facebook in February. ...
If you recently installed or updated uTorrent on your PC, you may have have picked up an unwanted passenger: a Bitcoin miner called Epic Scale. That piece of code can be inadvertently installed with the latest uTorrent build (version 3.4.2) and uses your computer as part of a Bitcoin farm to generate revenue for third parties. Users first reported the situation on uTorrent's forums, and it was quickly confirmed by a senior support manager. He said that the app "cannot be installed without permission," but one user claimed that there was "never a warning about it," even though he opted out of other bundled software.