I'm just saying that this might be a state sponsored actor fighting another one, given that Mirai was primarily hosting XMR miners, and given that they lost 3.5 Mio bots overnight in 2023.
It does mean an adversary with a high amount of hash got lucky. I noted there's a discrepancy between their claimed network hashrate and pools' claimed network hash rate.
They may not be including their own hash rate in the network's, in which case they'd need to exceed it. Having 51% would only be 34% of total.
They're an unreliable narrator and I wouldn't trust any data from them. There's insufficient evidence to claim they have 51% of the network's hash power.
https://miningpoolstats.stream/monero
This Qubic group claims to concentrate 3 GH/s of hashing power, yet there has been no increase in the global hash rate either:
https://www.coinwarz.com/mining/monero/hashrate-chart
Could this be just a bait?
* One actor in the space appears to have done a proof of concept takeover of 51%.
* Itβs not clear there was any malicious action nor intent in doing so.
* Performing something like this is definitely expensive.
* The potential impact of doing so is disputed.
* Whether or not it was achieved is also disputed
However, what has been known you some time is that the largest BitCoin miners have more power than the entire community of many alt-coins. Whether this is an issue is a matter for debate. Certainly, until now, no-one has chosen to flex like this.
This is how proof of work systems operate.
They are very expensive to attack but very cheap to recover from.
$75m per day is clearly unstainable.
Soon they will give up and the network will recover cheaply.
The attack is more of a nuisance than the end of Monero.
Appears to be legit, but not really a nefarious attack.
(quote starts here)
"""Writing this date here to memorize when the concept of Decentralized Artificial Intelligence (#DAI) got its final shape.
Not bullshit like "It runs on a #blockchain so it must be decentralized". In this concept each entity holds a secret know-how which modifies #IntelligentTissue (in cooperation with other know-hows owned by other entities, if needs to solve a complex task). Secrecy of each know-how ensures nobody can copy it, others can only attempt to create something similar by spending computational resources.
Each #AI is an original object, #IntelligentTissue is its hologram. #Qubic is the platform for AI creation, their convergence and intelligent tissue hosting"""
I am thinking of, for example, a nation-state. Let's say the US, EU, or China decided for some reason that it was in their national interest to blow up Bitcoin. This could happen if an adversary like Russia or its allies were using Bitcoin for funding and there was a war or a major Cold War style struggle. Such players could afford to purchase and build, in secret, a huge mining farm, and then suddenly turn it on, not caring about the cost because the goals are strategic. It would be massively expensive but it doesn't matter for this case.
Does the coin stay alive purely because people still speculate on hype or does everyone try to cash out simultaneously and send price into a death spiral?
With BTC's block reward continually being reduced, TX fees will have to increase in order to avoid reaching the point where large miners could become tempted to attack the network.
Maybe you misread, the post says this: "With its current dominance, Qubic can rewrite the blockchain, enable double-spending, and censor any transaction."
All of which are possible if someone has that level of control, and none of which involve signing with other people's keys.
(As some people seem confused about the impact of 51% attacks: Of course you can't double-spend in a single blockchain, as that is prevented. But the nature of these attacks is that there's no longer one true blockchain. You can create one fork of the blockchain where you send the money to someone, receive goods in return, and then afterwards switch to a longer fork of the blockchain where the money was never sent.)
https://en.wikipedia.org/wiki/Sybil_attack
Btw, here's the alternative link https://xcancel.com/p3b7_/status/1955173413992984988
However they do have a large enough hashrate to perform multi-block re-orgs with their selfish mining strategy.
They disabled API hashrate reporting so that they could lie about it.
Keep mining and ignore the noise.
*gestures wildly*
I bring this up because people are always asking what platforms are allowing me to short cryptocurrencies, which seems to miss that it's enough to just have a debt denominated in what you want to bet against.
See e.g. https://x.com/kayabaNerve/status/1955173552363016434
"not really a nefarious attack" is an insane summation of this article. There's zero way for someone outside of qubic to verify that they didn't do something nefarious while controlling the network. Stated another way- anyone could call their 51% attack a "stress test"
"Planned test". Planned by whom? Planned by the attackers. The reorg did happen.
Monero transactions are inherently obfuscated, which solves this problem. If you want more details, the Monero whitepaper is well written to be accessible for the common reader.
The tldr is it works atop ring signatures: https://en.m.wikipedia.org/wiki/Ring_signature
specially given its only backing is "trust" (trust that you won't get invaded or overthrown)
anonymous alt coins, real digital cash, are competition to the monetary system. there can be only one.
It's only a secure system if adversaries are either small or economically rational.
This doesn't seem like as much of an actual risk. A better way to make money would be to create a perception that the value of the coin is at risk before buying it cheap.
Actually devaluing it doesn't seem worthwhile financially.
So I'd say they're not exactly the same.
Qubic was able to orchestrate its network of miners to temporarily halt their AI-related tasks and redirect their collective CPU power to mine on the Monero network instead.
Also, Qubic has implemented an economic strategy that involves selling the Monero it mines for a stablecoin like USDT and then using those funds to benefit its own ecosystem and attract more miners, and renting hardware to gain more hash power. The proceeds from the sale of XMR are used to buy Qubic's native token (QUBIC) from exchanges. These purchased tokens are then "burned" or permanently removed from circulation.
Anyone have any context about who Qubic are, and what their deal is?
At some point, someone doing AI might amass enough GPUs to do a 51% attack on Bitcoin. You're right that it destroys confidence in the coin, so if you short Bitcoin futures before the attack, you might make money.
Monero uses RandomX, which is intentionally chosen to make it difficult to accelerate using hardware that is common with other coins. Itβs almost certainly not what happened here.
The two networks have wildly different proof-of-work algorithms, they're incompatible. A BTC ASIC will never mine Monero, ever.
That is false. A 51% attack is only expensive to the degree to which the hashpower required to exceed 50% is obtained at negative margins.
If an attacker can collect the total 51% or more hashpower at what would be a profitable rate despite the attack, then the attack is not "definitely expensive" - no, the attack is definitely profitable and the expense falls sorely on the minority.
Yesterday I was running a Monero node and looking at it, and got an unusually very high number of chain reorganization messages. I could believe a 51% attack happened.
Is this a typo or am I misunderstanding something?
This is electrically impossible for Bitcoin specifically, modern ASICs exceed 3 orders of magnitude more hashes/Joule and hashrate/chip than a RTX5090 and cost $2-40 retail per chip.
Like, trivially, it's an ASIC, so I can use it to simulate a von Neumann[*] machine, hence I can use it to run whatever algorithm I want. Would that be more efficient than using a modern OoO superscalar? Almost surely not, but that doesn't mean it can't be done, just that it shouldn't be done that way.
*: I realize that the ASICs used in Bitcoin miners don't have dram access, but that isn't a general limitation of ASICs, just those ASIC 'chips' (and maybe not even those chips, just their implementations in bitcoin miners)
EDIT: Thanks to everyone who answered! For some reason, I had it in my head that the way we implement fixed function stuff in an ASIC was basically the same as a "burn once" FPGA. Brains gonna brain.
Or, you need to spend a lot of resources to do the attack even if it's the case that you get that money back when you succeed. And the attack is not available to you if you can't front those resources (because it's expensive rather than cheap).
BTC will have to move to a proof of stake design to survive. It's unavoidable.
- The attacker can doublespend their transactions if their hashing power is high enough to create more blocks than what the recipient is waiting for. E.g. you buy a lambo, the shop waits 10 blocks after the tx is in a block and gives you the lambo, then you create a longer chain with 11 blocks to replace the other one, and don't include the original lambo tx. 51% of hashing power is enough to create new blocks, but not enough to create 11 alternative blocks. That requires more hashing power.
- The attacker can prevent other transactions from landing in a block, as long as they have majority
- But the attacker can't create fake transactions (e.g. if they only have 1k Monero, they can't create a tx with 2k Monero). Because all nodes (not only miners) still verify the transactions
- And the attacker can also not steal your money, because they don't have your private keys
Looking at that website I see that the unknown pool keeps getting a longer chain and it switches to it
The farther back, the less likely a reorg is, so to have a reorg that invalidates is blocks is extremely unusual.
If one entity has a majority of the hash power, they gain the ability to try to force reorgs with a likelihood that increases with their advantage in hash power.
I typed all this before realizing I could have recommend you ask an LLM, and it probably would have given you a better answer.
> Let's say the US, EU, or China decided for some reason that it was in their national interest to blow up Bitcoin.
Trust me he did not like it
The money is one thing, you also have to somehow acquire a huge % of the ASIC supply over years, and the not insignificant amount of energy to run them
With PoS protocols, >33% is usually when you have the ability to inhibit finality, which may be what you're thinking of.
It solves the problem by making all participants culpable. The blockchain community is very good at imagining they have technical solutions to social problems.
I have an idea for a much cheaper way to store and transfer money that also relies on the existence of a police.
Last time I saw that was on photonics processor blockchains
No, that doesn't follow at all. An ASIC doesn't mean a general purpose CPU or FPGA. A chip that only knows how to do, say, video decoding is an example of ASIC. The video chip can't do bitcoin, the bitcoin chip can't do monero. They're not general purpose.
asic does not mean turing complete
good luck simulating a von neumann machine on a sha256 accelerator
Also true!
Irrelevant and impossible to "know", given that it hasn't happened yet (if it ever does)
However,
> Qubic's AI-training work is performed by CPUs, same as used by RandomX (Monero's mining algo).
I don't understand how this makes any sense at all.
There is a word for this. We call it risk.
It's doomed in general, see the cash fork.
The ASIC manufacturer would also need a backdoor. ASIC manufacturers don't control mining.
Large miners are unlikely to allow backdoors into their mining network.
At block N someone could start to privately mine (empty) blocks.
They keep mining in private until block N+x is public, at which time the private (51%) chain is length N+x+1.
They then announce their longer chain.
By the protocol, this longer chain (technically "most work" chain) is the more trusted one, and undoes any transactions in N+1 through N+x.
That it's dramatically easier to conceal your identity doesn't mean concealing your identity isn't useful.
75 million a day to destroy the Russian financial system is less than half of what Ukraine currently spends on their defence budget.
In fact, Litecoin has an optional privacy feature called MWEB, which is probably why Litecoin too got kicked off of being named on some conventional news sites.
A more sophisticated attack would include all the legitimate transactions on the network except for their own transaction(s) which they're trying to double spend. That way the network isn't disrupted apart from the parties you're double spending against.
But that's really beside the point, because it isn't me who will come after you, it's the IRS (or equivalent). If you spend a lot of money, you're in trouble if you can't explain how you got it. And if you explain that you participated in a network which has as its only purpose to destroy evidence of how you got it, you're usually in extra big trouble.
The attack is no different than paying miners to join a malicious pool. It works as long as money flows in.
Please don't. This would be useless spam, and is completely rude. Do we tell people to "Just google it?" here?
If there are several competing coins using the same algorithm, it may be possible to incentivize ASIC miners to destroy one of them if it benefits the others, but even then it's risky.
CPUs in contrast can be used for a million different things, CPU miners are not incentivized to support any given crypto project. It's also much easier to rent large amounts of CPUs than of ASICs.
I dont think you understand the BTC mining ecosystem
PoS is the obvious choice now that ETH has had a bit of time to run. But, I remember when they went through the switch (before ETH PoS). Doing some sort of variation on GPU memory hard mining would have been a smart choice (ethash, progpow, etc), knowing full well that ETH would eventually go PoS. It would have given all the miners something to switch to, instead of just shutting down entirely, because there wasn't anything but ghost chains.
It's not a terrible idea, but I've yet to see it be inplemented. Gridcoin is one typical example where it's just PoS with "useful PoW" tacked on for token distribution, and doesn't actually use PoW for security.
Reasonably creditable studies put 30-40% of social media having some sort of AI or automation. This is just the low hanging fruit.
I don't think that's spam at all, and I don't think I did anything special in my prompt that someone with less background knowledge could have done.
It's true that you can't synthesise false transactions, but you can undo anyone's transactions, not just your own.
1. a) The list doesn't need to be hardcoded, it could be a configuration. b) So trust doesn't need to be permanent. c) It could be decentralized in the sense of allowing different people to have configs 2. Miners not on the list can still participate just with lower weight in the case of a fork. And they still get full reward.
Do we need to drop down to 1st grade story problems?
---
Alice has 1 apple. Eve has 0 apples.
Eve steals Alice's apple.
Now Alice has 0 apples. Eve has 1 apple.
---
Alice has 1 XMR. Eve has 0 XMR.
Eve 51% attacks Alice's network.
How many XMR does Alice have? How many XMR does Eve have? Show your work.
Expensive is a better fit than capital intensive, because there are massive ongoing costs to actually perform the attack, electricity for one.
If you want to understand the risks for a project, pretend you are at arms length and are being asked to fund the project 100% up-front. You'll find a huge list of risks very soon.
Post-merge ethereum is designed so that the gas fees and the staking rewards roughly cancel out on balance (so overall inflation is around zero), but they are decoupled so even if nobody is using the network you still get a staking yield
What will likely happen is a PoS BFT layer on top of PoW, although there are other options being considered:
Not really-- or, rather, the security provided by proof of work is only proportional to the part of the cost above the fair value of the useful work.
One of the main idea behind POW security is that you spend energy and the thing you get for it is income in the blockchain. And so if you mine unfaithfully your work will end up on a chain of debased value or won't end up in the eventual consensus chain at all.. so your effort is burnt out.
Now imagine a POW that costs $5 in energy and does $5 in "useful work" --- well in that system you can now attack for 'free'. Or say it costs $6 in energy to mine plus due $5 in "useful work". There your security is related to the $1, the $5 is mostly coming along for a ride.
There are other problems with "useful" proof of work: e.g. A POW function should ideally be approximation free and optimization free... if an attacker invents a better version they gain an advantage. So e.g. if the miner detects that this particular work instance is 'hard' they can just discard it and try another. This makes it really hard to do much of anything 'useful' except the most contrived kinds of 'useful' without creating vulnerabilities.
But difficulties aside, the fact that outside benefits don't contribute to security (or at least don't contribute much) makes the whole idea space kind of unexciting.
If you think it shouldn't be that way, you are faced with a problem. A social political problem. Which Monero does nothing to solve. Which is the point.
You can't do that with 25% (or even 40%) hashrate.
But your chain has every block solved by you, giving you all the block rewards.
That's the magic of the 51% attack. You gain control of the blocks. Because that extra 1% isn't a HUGE margin, it may take a while for your chain to become the winning chain, but theoretically, it will happen.
There's a lot of re-inventing the wheel in the cryptocurrency space but on the formal academics side of the space people are very cognizant of what they are working on and their work is focusing on improving very specific properties of consensus algorithms.
If they fail to ever converge there is probably such a large disagreement in the community that a fork is for the best anyway.
Pedantic point: monetary inflation is around zero, not necessarily price inflation (which is what people typically mean when they just say "inflation").
What? No, it very much it isn't. Consensus needs to be ongoing, within a handful of blocks (Monero locks transfers for 10 blocks for this reason, called "confirmations").
https://en.wikipedia.org/wiki/Double-spending#Decentralized_...
This is only partially true for a number of reasons.
> Now imagine a POW that costs $5 in energy and does $5 in "useful work" --- well in that system you can now attack for 'free'. Or say it costs $6 in energy to mine plus due $5 in "useful work". There your security is related to the $1, the $5 is mostly coming along for a ride.
This is one aspect however you make assumptions about the rewards that are not necessarily true. If rewards only payout on a cycle or if the rewards have a locking/"vesting" schedule before they become accessible. There's a lot of ways to make attacks more expensive/nonviable but without the "useful work" aspect, they've not provided meaningful benefits to the protocol and therefore haven't been integrated.
> There are other problems with "useful" proof of work: e.g. A POW function should ideally be approximation free and optimization free... if an attacker invents a better version they gain an advantage. So e.g. if the miner detects that this particular work instance is 'hard' they can just discard it and try another. This makes it really hard to do much of anything 'useful' except the most contrived kinds of 'useful' without creating vulnerabilities.
Now with this you'd see that the research papers explicitly were tackling this problem. The one is implementing an SMT solver/optimizer for large, expensive problems. It uses random walks (forcing the miner to bias their choices in specific random ways) based on a VRF or their results are invalid. The efficiency is only 50% of course however that doesn't mean the price is 50%, just that the energy efficiency is 50%. The market on problems to be solved of course will still be priced on supply/demand (give or take parameters) and if there is insufficient utilization, mining falls back to a traditional PoW algorithm.
So in a sense what PoUW is attempting to do is to supplement the valuation of the underlying tokens via production/cash inflow rather than purely relying on demand for tokens to pay the transaction fees.
Also I do want to point out that those papers aren't just making claims, they include a lot of verification and proofs to demonstrate the functionality of the systems in question.
> But difficulties aside, the fact that outside benefits don't contribute to security (or at least don't contribute much) makes the whole idea space kind of unexciting.
The interest is in being able to produce a digital resource (that can be used for consensus) from a physically hard task while actually producing something of value as a side effect.
Gold and other metals were valuable as currency because they were difficult to mine however their value increased because practical uses for the metals increased demand beyond the synthetic demand as a currency. That increased incentives for mining which led to more mining. Eventually it reached equilibrium.
Also notably outside of a given PoUW algorithm's viability as a PoW, it's still important research because every PoUW algorithm that is game theoretically sound is viable as a decentralised market for computation/work where cheating is effectively non-viable.
At the height of the attack, Qubic (the company) paid people up to $3 in QUBIC for every $1 of XMR they mined through QUBIC, and they achieved around 33% of XMR's hashrate which was sufficient to mine the majority of blocks for a few hours.
If they were forced to buy back all those QUBICs they paid out, this might have cost them ~$100k/day. But thanks to the media attention it's likely that they didn't need to buy anything back and actually were able to emit more than they otherwise could have.
XMR needs to adapt -- switch to PoS, or ASICs-based POW, or a hybrid of both.
The attack itself is unprofitable, the "profit" for Qubic is the publicity they get. (or at least that's what they're betting on)
Otherwise you're making money that way, and the value of the coin is tied to the work that you did.
until recently gold was a pretty but mostly useless metal. too heavy for practical uses, too melty for industrial uses, too soft for weapons, etc. but it didn't rust and was a good medium of exchange because it had no other real value. once it has value outside of being currency it's less useful in that capacity, since now its value is tied to how much you can get for it by utilizing it in computers, chemical reactions, etc.... same basic idea with PoW
In another scenario, where the works value is less then the cost you're still hoping that at no point in the future will an attacker figure out a way to do the work at a net profit.
The only way the network can be trusted is if the work has definitely now and always, 0 value.
In theory if the entire world was on an ethereum standard with a steady state population, price inflation would also average out to zero
It's only doxxing if you can, you connect that large transaction to the attacker, but you can't unless I'm missing something.
At the height of the attack, Qubic (the company) paid people up to $3 in QUBIC for every $1 of XMR they mined through QUBIC, and they achieved around 33% of XMR's hashrate which was sufficient to mine the majority of blocks for a few hours.
If they were forced to buy back all those QUBICs they paid out, this might have cost them ~$100k/day. But thanks to the media attention it's likely that they didn't need to buy anything back and actually were able to emit more than they otherwise could have.
XMR needs to adapt -- switch to PoS, or ASICs-based POW, or a hybrid of both.
Tell me, how well did that work for Grin?
1. Their paper has not been accepted by any conference or journal.
2. Neither author on their paper is an academic (or practicing engineer or researcher) in the fields of computer science, economics, game theory, or cryptography (or any maths in general). The one is a C-level exec with what seems to be minimal CS experience and the other is a psychology professor. Neither author appears to have qualifications to be able to assume some level of rigor (before looking at the underlying work).
3. The paper is a bunch of text and buzzwords about AI and AGI intermixed with some academic history and some discussions on psychology. Of the 47 pages of the paper, only about 1-2 pages are semi-technical in major with an additional ~3 pages of code included to show their algorithm. There are two graphs relevant to the protocol on those 1-2 pages and neither one addresses any security aspects, instead showing it's performance at doing the "useful" part. So again to reiterate, their "academic paper" on the security of their PoUW algorithm includes no rigorous analysis of the protocol.
TLDR They aren't doing PoUW. They are doing cooperative compute with a centralised or federated coordinator dishing out rewards.
Proofs of Useful Work do actually exist and are an interesting field but they take a lot of rigor and analysis to be accepted and not immediately ripped to shreds. What the attacker claims is not even close to meeting that bar.
Crypto projects succeed/fail for all kinds of reasons that are completely unrelated to de-/centralization. You'll have to be more specific about what Grin's case should teach us.
>So then, _centralize_ around an ASIC?
ASICs are commodities. For BTC (SHA-256) there are at least 8 different companies producing ASICS, and even a smaller project like KAS (kHeavyHash) has >4 competing companies. Not much centralization risk on that side, at least not for mature projects (which a hypothetical ASIC-XMR would be by now).
The main challenge for ASIC-miners is the same as for CPU- and GPU-miners: cheap electricity -- and that's not something that can easily be centralized.