Skip to content

Instantly share code, notes, and snippets.


James Lovejoy metalicjames

View GitHub Profile
View btg_attack_output.txt
Reorg 0 at 2020-01-23T18:01:32 db ID: 85779
Depth 14
Length 13
Est attacker chain duration 2:13:28
Est attacker hashrate 2.53 MH/s
Nicehash hashrate 3.41 MH/s
Nicehash price 0.86 BTC/MH/s/Day
Est Nicehash cost 0.2013653 BTC
Reorg Blocks

January 23 - February 5 reorgs (no defense)

We call the addresses of the miners who receive the mining rewards in a reorg the “attacker” and the addresses double spent are the “victim.” The receipt timestamps are when our reorg tracker observed the blocks of a new chain become the most-work chain. “Depth” is the number of blocks that were removed from the most-work chain as a result of the reorg and “length” is the number of blocks that replaced the existing blocks in order to cause a reorg. The attacker had an expected 2.53 MH/s of hashrate to conduct one of the attacks. The overall BTG hashrate was between 2-2.5 MH/s in the days before the attack.

Time Attacker Depth Length Amount (BTG) Expected Hashrate* (MH/s) Expected Nicehash* Cost (BTC)
2020-01-23 18:01:32 GWrW5dT 14 13 1900 2.53
metalicjames /
Last active Apr 11, 2021
Bitcoin Gold (BTG) was 51% attacked

Bitcoin Gold (BTG) was 51% attacked


Bitcoin Gold is a Bitcoin hard-fork that aims to be GPU-mineable by using the Equihash algorithm with parameters (144, 5) also known as "Zhash". The Bitcoin Gold website claims Zhash "uses more memory than an ASIC can muster, but runs fine on many graphics cards". Bitcoin Gold was previously 51% attacked in May 2018 when it was estimated that up to $18 million worth of BTG was double-spent.

The Attacks

Between Thursday and Friday we detected two deep reorgs on BTG, both of which contained double-spends. Their details are listed below. All times are GMT.


Vertcoin (VTC) was 51% attacked


Vertcoin is a Bitcoin clone that aims to be ASIC-resistant by hard forking to new mining algorithms whenever ASICs are deployed on the network. Vertcoin was previously 51% attacked in Dec 2018 and has since changed its proof-of-work algorithm to Lyra2REv3. On Nov 30th 2019, a Vertcoin miner noticed a large upswing in hashrate rental prices for Lyra2REv3 on Nicehash. This was combined with workers connected to Nicehash's stratum server being sent work for unknown (non-public) Vertcoin blocks. I contacted Bittrex, Vertcoin's most prominent exchange, to recommend they disable the Vertcoin wallet on their platform once it became clear an attack was in progress, which they subsequently did.

The Attack

On Sunday, 1 December 2019 15:19:47 GMT 603 blocks were removed from the VTC main chain and replaced by 553 attacker blocks. We


Expanse (EXP) was 51% attacked


Expanse is a go-ethereum clone that uses Ethash (DaggerHashimoto), the proof-of-work mining algorithm used by upstream Ethereum. It is thus highly succeptible to rental mining attacks with over 70x Expanse's network hashrate available for purchase on Nicehash.

The Attack

On Monday, 29 Jul 2019 08:05:12 GMT, 63 blocks were removed from the EXP main chain and replaced by 64 attacker blocks. There was one double-spent account/nonce pair in which 200 EXP (~$12) was redirected.


Litecoin Cash (LCC) was 51% attacked


Litecoin Cash is a Bitcoin Core clone which uses a hybrid Proof-of-Work/Proof-of-Stake consensus algorithm in an attempt to aleviate 51% attacks on its network. LCC's PoW algorithm is SHA256 but its network hashrate is many orders of magnitude smaller than Bitcoin's, making it highly vulnerable to 51% attacks, as was demonstrated last year. The LCC whitepaper describes a system they call "Hive Mining", which is effectively a PoS lottery in which users can purchase "bees" (lottery tickets) that have the potential to be eligible to propose a PoS block for each new PoW block. In the paper, the authors claim this scheme provides "protection" from 51% attacks by interlacing PoW and PoS blocks, and giving PoS blocks more relative weight than PoW blocks in the chain-work calculation for selecting the most-work block.

The Attac


Using Lit

Downloading Lit

Unzip the archive to a directory on your computer. You will need to find a terminal to use Lit. If you are unsure how to open a terminal on your computer, your favourite search engine can help you.