Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Litecoin Cash (LCC) was 51% attacked

Preamble

Litecoin Cash is a Bitcoin Core clone which uses a hybrid Proof-of-Work/Proof-of-Stake consensus algorithm in an attempt to aleviate 51% attacks on its network. LCC's PoW algorithm is SHA256 but its network hashrate is many orders of magnitude smaller than Bitcoin's, making it highly vulnerable to 51% attacks, as was demonstrated last year. The LCC whitepaper describes a system they call "Hive Mining", which is effectively a PoS lottery in which users can purchase "bees" (lottery tickets) that have the potential to be eligible to propose a PoS block for each new PoW block. In the paper, the authors claim this scheme provides "protection" from 51% attacks by interlacing PoW and PoS blocks, and giving PoS blocks more relative weight than PoW blocks in the chain-work calculation for selecting the most-work block.

The Attacks

The deep reorgs are summarised below. Each event gives the time the reorg occured from our LCC full node's perspective, the number of blocks removed from the main chain in the reorg, and the number of attacker blocks that replaced them. Also provided are the high-level details of any double-spends caused by the reorg. All times are in GMT.

In each case the attacker did not mine any PoS blocks, producing their higher-work chain purely through PoW blocks. The increase in difficulty this caused while producing their alternative chain is the reason for the attacker's chain being shorter in terms of blocks than the original chain it replaced, which was interlaced with PoS blocks. Each reorg appears to have been performed in sequence, with the set of attacker blocks from the prior reorg containing the transaction to be double-spent in the subsequent reorg. It is unclear who the victim address (MKKbmesxvDY1rYbJ8GojY7azorLZyNf5Cc) belongs to, but the pattern of attacker behaviour of repeated deposits and double-spends suggests it is an attempt to drain an exchange wallet of coins.

We observe that the LCC code does not appear to include a higher relative weight for PoS blocks as described in the paper, which perhaps made the job of the attacker easier. However, there is no requirement for a certain number of PoS blocks to be generated per PoW block beyond the difficulty adjustment algorithm, and the attacker was able to simply rent more hashrate to compensate for the increased PoW difficulty, which would remain possible at any reasonable relative weighting.

@litecoincash-project
Copy link

litecoincash-project commented Sep 21, 2019

James,

Thank you for this detailed coverage, which we'll reference in our whitepaper on Hive 1.1, which aims to correct the issues which led to these reorgs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment