Hacker Takes Home Millions as Bitcoin Gold Suffers Double Spend Hack


Another cryptocurrency is in the spotlight for the wrong reasons as Bitcoin Gold (BTG) got hacked, leaving questions about the security of the network.

The coin, one of the many forks from the first ever cryptocurrency Bitcoin (BTC), suffered from a malicious user’s double spending and 51 percent attacks.

Ed Iskra, Bitcoin Gold’s director of communications, announced:

“An unknown party with access to very large amounts of hashpower is trying to use 51% attacks to perform double spend attacks to steal money from exchanges.”

The attack lasted until May 18 with the account involved receiving a total of more than 388,000 BTG, or roughly around US$18.6 million.

While the malicious attempts seem to have stopped, followers of Bitcoin Gold are wary that the attacker still has the necessary hardware to control more than half of the network’s mining hashrate.

| Related: US Regulatory Body Issues Advisory on Crypto Futures Trading

How to Double Spend

Double spending is an attempt to use the same coin in more than one transaction, in some ways similar to reprinting paper money.

Before the transaction, the buyer has the coin and the seller has the product. Then after transacting with one another, if the buyer double spends the coin, he retains the coin and gets the product while the seller receives a twin of the coin.

In the short run, the double spender has infinite wealth as he can get services without losing his coin. But as the number of transactions increases, the coin will eventually lose its value as the number of coins duplicated during the double spender’s transactions will cause inflation.

Hacking the Chain

While there are different ways to successfully double spend, this particular attacker used a massive amount of energy and resources to control the majority of the networks’ mining power.

User h4x3rotabm, in a forum discussion about the attack, provided a simple explanation of how the attacker double spent his BTG coins.

The attacker mined a private chain, using sufficient hashrate to produce a longer blockchain than the publicly mined blockchain. At the same time, the attacker sent his BTG coins to himself. That transaction was recorded as blocks in the private blockchain.

Simultaneously, the attacker sent the same BTG coins to a crypto exchange platform.

After the exchange verified the transaction, the attacker replaced his BTG coins for another crypto coins and then withdrew them. The transactions involving the exchange were recorded in the public blockchain. Then, he released the privately mined blockchain to the Bitcoin Gold network.

The common proof-of-work blockchain protocol, when comparing two sets of blocks, considers the longer one as the genuine set. The longer set of blocks has more proofs of work compared to the shorter set.

Since the attacker’s privately mined blocks were longer, they replaced the shorter existing blocks. The shorter blocks were then orphaned by the Bitcoin Gold blockchain.

User h4x3rotabm, developer for Bitcoin Gold, said:

“Because the private blockchain is longer than the public one, the existing blocks [were] reverted, and replaced by the privately mined blocks. The deposit to the Exchange never… happened, being replaced by the transaction to the attacker himself.”

After block replacement, the attacker now had the coins he originally held, the converted coins withdrawn from the exchange, and the coins earned from mining blocks.

The attacker repeated the process over again until exchanges were notified of the ongoing hack.

The Altcoin Anxiety

Bitcoin Gold was not the only crypto that suffered from successful hacks.

Privacy-focused cryptocurrency Verge (XVG) suffered two 51 percent attacks in the same number of months. After the first attack, Verge conducted an emergency hard fork to prevent a second attack to happen. Analysts criticized the upgrade as insignificant, even calling it a band-aid solution.

The fork obviously did not work, as someone managed to control majority of Verge’s mining power the second time around. Overall, the malicious miners got away with approximately 35 million XVG, or around US$2.8 million.

In theory, every blockchain is vulnerable to 51 percent attacks, as miners can just decide to gang up and control the network for themselves. But in practice, it is more difficult.

To control the majority networking power of a large blockchain network like Bitcoin’s would require unrealistic amounts of computing power and electricity. On the other hand, smaller blockchains like Bitcoin Gold are more vulnerable to be controlled as it would require fewer resources.

In theory, people will lose trust on a hacked system and that system’s value should go to the ground. But graphs from last week showed no conclusive signs as to whether the hack made a significant impact on Bitcoin Gold’s price, since other cryptocurrencies showed similar price movements. The altcoin, currently the 27th largest cryptocurrency based on market capitalization, is worth US$46.40 at the time of writing.

| Related: China Sees Ethereum as Best Blockchain Network, Rates Bitcoin Mediocre