Bitcoin Attacks that Might be a problem - Discussion

Welcome to this discussion thread. Feel free to ask questions or discuss things related to this section.

Hi everyone,

I have a question regarding Sybil attacks. @ivan, you mentioned in your video at 1:30 that someone could surround a node. But can someone choose which node they are connecting with? If so, can a node choose how many neighboring nodes it connects to?

Thanks in advance for the additional info!

Hi again,
I wanted to bump my previous question and I also have an additional question:
For Segmentation, you mentioned that whenever that segmentation/barrier goes down, the group that was cut-off will have their blockchain replaced by the outside blockchain.

That being said, we’ve learned in your other courses that “the longest chain wins”. So what happens in a case where a small group of nodes happens to mine blocks at a slightly faster rate than the outside chain? In the case of Segmentation, if the group that’s cut off from the internet maintains a chain that’s slightly longer (due to decreased difficulty and some luck), why would this chain not replace the outside “global” chain?

Edit: The 51% attack video addressed my question above by explaining that you’d need 30-51% of the hashpower to be able to create a longer chain. This makes sense given that network difficulty adjusts every 2016 block (or 2 weeks). By the time it adjusts to this new “fake chain”, the global chain will be much longer and too difficult to catch up to. Even if mining difficulty decreases within this “fake chain” it would only adjust to so that blocks are solved within ~10 minutes on average, so it would never really have the opportunity to catch up to the main chain’s length. Is this the correct response?

Thanks for your insight!

Hi,
Depends on the Bitcoin daemon sw we are talking about.
Include ‘connect’ and ‘maxconnections’ options to config file or to daemon cli options can be used to control the things you are asking for.
Play with other bitcoin options at: https://jlopp.github.io/bitcoin-core-config-generator/

# Connect only to the specified node(s); can be set multiple times.
connect=123.4.5.1
connect=123.4.5.2
connect=123.4.5.3
connect=123.4.5.4
connect=123.4.5.5`
# Maintain at most N connections to peers.
maxconnections=5

Hi,
to say “the longest chain wins” is a simplification, “the chain with more work wins” is more like the true statement.

I would expect to find some chapter about generating Bitcoin address and ‘man-in-middle’ attack, or lower or hacked deterministic ‘random-seed’ used in the past at paper-wallet and other online web wallets risks, like example shown in this article: https://www.finder.com.au/did-you-use-walletgenerator-net-you-should-change-your-keys
This hack was fixed meanwhile, but nevertheless it is important to students of this lessons to know that this Bitcoin attack was in place for sometime until someone noticed and warned the ‘public’ about this vulnerability hacked at that ‘legit’ website …

Hi @ivan,
In terms of the ‘Packet Sniffing’ section and the suggestion to use TOR browser to protect from snoopers potentially mapping your IP address to your bitcoin address(es). Wouldn’t a VPN service (that didn’t keep activity logs and with a kill switch to prevent leakage) be equally as good at protecting against such IP to bitcoin address mapping?

Or is there some difference that I’m not seeing?

Hello sir, by using a TOR network, you will add an extra layer of security from snoopers, also if add to that a VPN, you will get another extra layer (so now you have 2 layers of security).

The TOR network will use the network to send your packets through a tunneling system of nodes on that network, also the VPN will add an extra layer since it will “hide” your real address.

Hope this gives you a clear view of the subject, keep learning!
If you have any doubt, please let us know so we can help you!

Carlos Z.

Carlos, you’re amazing. The way you’re explaining things , makes it very easy to understand. You have a lot of knowledge in this field.

Thank you
Best regards

My concern, which I will ask about after having watch this video series, is regarding the power that one country is developing where they are buying mining farms from Russia to Texas as well as being the manufacture of the world’s most efficient and profitable mining equipment. Is there a backdoor to the equipment? This question is regardless of who made the equipment. Maybe I’m just drinking the cool-aide but I really believe that Bitcoin, other digital assets and protocol will change who has the balance of power in this world. It isn’t that expensive for a country to be buying power now, so to position themselves for a later date. Many are quick to say…its too expensive to take 51% and fight off all the other miners, but my question is: what would be gained from taking control? I mean gains not just financially but ruling power as well. I just feel this honest and concerning question is too easily brushed off as if the need to keep everyone confident in crypto and to stay invested is more important that looking and discussing this potentially devastating change in the new ecosystem.

I agree @scottbonge - just started this course, & wonder the same things.

This “new Emperor” called Blockchain-cryptocurrency-Bitcoin"
is just so AWESOMELY Mesmerizing & Distracting, eh?

… but wait – could it be that sometimes the Emperor really has no clothes?

… yeah, we’ll see …

Hi, community,
I have a question about the packet sniffing. I don’t quite understand why is it a threat when an attacker is able to map your IP address and your Bitcoin address??

The attacker could mirror your network and sent package on your name, get personal data from your network traffic (hard skills but possible), packet sniffing is in few words “try to read data that is being sent in and outside your network”, like passwords, emails, off course there could be encrypted, but what if the hacker already have a strategy to un-encrypt those packets? … Is a risk to have someone tracking what you do in your own network.

If you have any more questions, please let us know so we can help you!

Carlos Z.

If China is the manufacturer of the mining processors, what if they decide to export inferior processors and keep premium?
Can they select just to mine transactions from chinese wallets?
If they control enough miners to make a 51% attack, forcing all BTC to end up in “the right wallet”?

I don’t think they would do that, competitors could get an advantage over that.

On a filtered pool, is probably to do it, because you have filter which transactions can be mine based on their address broadcasting.

I guess not to 1 “right address” because even by having the 51% of the hash power could end up in a split of the community, a fork like Bcash for example. It could send the funds to multiple addresses that belong the same person.

If you have any more questions, please let us know so we can help you!

Carlos Z.

Hi Ivan,

I have a question about " Packet sniffing". In your video you mentioned that using " Tor" services will prevent IP - BTC Address mapping. Will using a VPN also do this, or should " Tor" always be used?

Hi @Whipper156, hope you are ok.

Both methods can be used to secure your identity, also if you use both methods at the same time you have 2 layer of security making it really hard to sniff your packets successfully.

Carlos Z

This might be a naive question, but here goes:
In the packet sniffing lecture you talk about how a sniffer might be able to link you IP address and your public key - why would this be a problem? What would they be able to do with this info?

@scottbonge I agree with 100%. There is so much Digital Marketing of Crypto going on in the news, that organisations are just rushing to create Crypto Networks without following proper security-due-diligence. The gold-rush mentality in Crypto Mining Farms, and the procurement of mining equipments is really without sounding traditional need to be slightly regulated. A mining equipment with a backdoor to it gives power to the manufacturer not the mining farm. Now imagine when the Fed’s finally decide to roll out there own US Central Bank Digital Currency(CBDC) and they buy a mining equipment that has a backdoor to it, who do you really think is in control, the Fed’s or the equipment manufacturer. This is a food for thought as we move forward with this great Decentralized-Finance Architecture of the future.

I see almost no chance of a CBDC being run on a Proof of Work network, as it is a system made to decentralize the network, and a central bank is the pinnacle of centralization.