Bitcoin Gold (BTG) was 51% attacked
Bitcoin Gold is a Bitcoin hard-fork that aims to be GPU-mineable by using the Equihash algorithm with parameters (144, 5) also known as "Zhash". The Bitcoin Gold website claims Zhash "uses more memory than an ASIC can muster, but runs fine on many graphics cards". Bitcoin Gold was previously 51% attacked in May 2018 when it was estimated that up to $18 million worth of BTG was double-spent.
Between Thursday and Friday we detected two deep reorgs on BTG, both of which contained double-spends. Their details are listed below. All times are GMT.
- Thu, 23 Jan 2020 18:01:32 - 14 blocks removed, 13 blocks added
- 1,900 BTG double-spent (~$19,000).
- 1,900 BTG originally sent to
GgmzUSgXrXpDxiY34bG6SxaDVi2rQ1zU8Qin TXID 3a17157994502a749a1827883a670d822f8ee95dae94064631770faeec1e8443 was redirected to
GNH5cUEg5LZZP5HfLgaLvTE9ApKAf76aBfin TXID 6e05e8253b2ce7f1acf6f0684898e13141c0e9b893e1a5e44d215d8ebe4d28b4.
- The majority of the coins were sent from an output owned by the address
- Fri, 24 Jan 2020 00:24:08 - 15 blocks removed, 16 blocks added
- ~5,267 BTG double-spent (~$53,000).
- ~1,947 BTG originally sent to
Gg4YDMrMuqit6eJAYKaBxmK17zPFnpLt5w, 1,850 BTG to
GfRdNzHJan8sfW9wxozAYhRPL9fFLD9A9min TXID 481d608591f4d6a7013ac1b879c2caf1e2c0a2bb30b5346b2c876deb43873b2b and 1,470 BTG to
GfWUNAdW3aEXfQWshApFLf2ZNtMV9MC6VQin TXID 37c8a8d59f61879cc0da9fa197ed72dbc967c796800d4015cafd47c7be467201 was redirected to
GPTH48Z3diz4zwBGchXmzW3kDnmHVxyX2Vin TXID a0dc721fff0948732679638f4b4bb713686786826971c3f9a30eb15f5694a0ea.
- The majority of the coins were sent from outputs owned by the address
In both cases the attacker blocks were mined with the address
GWrW5dTZf5XwGWoJuqRKdzkzZFkwtWSqaP in the coinbase transaction. We note that at the time of the attack, on Binance deposits of BTG were credited to one's account for trading after six confirmations, and were available for withdrawals after twelve confirmations. A fourteen or fifteen block reorg would thus evade both of Binance's escrow periods. Binance has since increased their withdrawal requirement for BTG to twenty confirmations. Based on Nicehash market price data for Zhash we estimate the cost of generating each reorg at around 0.2 BTC (~$1,700) and the attacker would have recouped around the same value in block rewards. Therefore, it is possible that the attacks were profitable if the double-spends succeeded at defrauding the attacker's counterparty, or break-even if the double-spends were unsuccessful. This suggests that a confirmation requirement on the order of tens of blocks for BTG is still far too few to make the budget constraint to launch an attack significant.