Blockchain attacks and reorgs: Experiences from the past

The recent “reorg attack” attempts on the BSV blockchain continue to have consequences, with several exchanges starting to unfreeze deposits and withdrawals over the last several days. Despite the disruption and confusion as to what actually happened, it’s important to note that blockchain re-organizations have been a fairly common occurrence in blockchain history.

While it’s not necessary for most people to understand the full technical details of how such attacks on blockchain networks happen, it’s important to understand why they happen, and how they’re resolved. Wherever a malicious actor sees an exploitable opportunity they will take it, so the important factor is how quickly developers and nodes can identify and respond to any attempt.

To read more details on the mid-2021 BSV attacks, read BTC Association’s FAQ here.

Chain reorgs more often occur naturally as a result of network latency, and “re-organizing” the blockchain is a built-in feature of BTC and similar protocols, designed to keep everyone on the right track. When honest nodes restore order to the blockchain, reorgs pass unnoticed by the public. The routine and naturally occurring reorgs usually nullify (or “orphan”) just one or two invalid blocks.

Put very simply, a “reorg attack” is a deliberate attempt to rewrite history by creating an alternate legitimate chain of transactions (i.e. the chain with the most proof-of-work). It’s usually done by mining an alternate chain in secret, then broadcasting the results once that chain is longer than the legitimate one. If the motive is profit, the alternate chain would contain double-spend attempts of some kind. Even if an attack of this kind is detected and rectified by honest miners, it can cause havoc and disruption.

Even if an attacker can create a “longer” chain, it isn’t necessarily the legitimate one. There’s more explanation of what constitutes “honest nodes,” and why the mythical “51% attack” isn’t real, in this article.

Why perform a reorg attack?

Reorg attacks cost require money and electrical energy to perform, and these days there are more checks and remedies to protect against them, such as early detection mechanisms, and alerts for nodes and exchanges. So the motive for launching a reorg attack may not always be quick profit, but deliberate disruption—to inconvenience exchanges and their users who necessarily must endure longer waits (or outright suspensions) on deposits and withdrawals, and to damage a blockchain network’s reputation by making it appear unreliable, or a security risk.

Making it difficult to trade a coin may also drop its unit price in fiat, causing further pain for speculators. However, this is a lesser effect, and if the attacker’s motive is profit, it’s not in their best interest to cause the market price to fall too much. Research on past attacks on BTC Gold (BTG), Litecoin Cash (LCC), Expanse (EXP) and Vertcoin (VTC) showed that only VTC’s price dropped significantly, with most others recovering soon after.

Given the general public’s low understanding of how blockchains work, reorg and double-spend attacks—even if successful—can leave a lasting impression in the form of media headlines that forever pop up in Google searches or future news article references. Thanks to the past “wild west” nature of the digital asset industry and behavior of some of its participants, it’s already seen as a risky endeavor. A simple headline about a hack or attempted attack can have a lasting effect in people’s minds, regardless of the specific details.

Notable attacks and reorgs on other blockchain networks

BTG is perhaps the least well-known of the BTC network splits that still dare to call themselves “BTC.” It separated from the main BTC chain in October 2017 with a promise to bring back GPU mining. Its relatively small following and node network, and a BTG unit price that has never fallen below US$5 (it’s currently $36), make it an appealing target for reorg attacks.

Other notable reorg attacks on the BTG network occurred in May 2018 and January 2020—the former saw exchanges lose about US$17.5 million, given the higher value of BTG at the time. The second attempted to reverse deposits to exchanges of 1,900 BTG and 5,267 BTG.

There were two 51% attacks on BTG’s blockchain last week on January 23rd. They successfully reverted deposits to an exchange. The first reverted ~1900 BTG, the second ~5267 BTG. We do not know if they successfully extracted any value from an exchange. 1/4

— BTC Gold [BTG] (@bitcoingold) January 26, 2020

In July 2020, BTG managed to thwart a 1,300-block reorg attack attempt in which a malicious miner rented hashing power from NiceHash for 10 whole days. Unbeknownst to the attacker, however, BTG developers had detected the attempt early on, and secretly released a software update to its honest nodes with a checkpoint at the last known “good” block. When the attacker tried to reorg with the 1,300-block chain, nodes ignored them and continued to mine the honest chain—wasting a lot of the attacker’s time and money.

🚨 CRITICAL UPDATE 🚨

An attacker has been mining a failed 51% attack for 10 days (1300+ blocks!) and finally released it.

The BTG chain is fine, because our pools and exchanges have long been on version 0.17.2.

Time for all to update!https://t.co/9b7VOWe3XT pic.twitter.com/uxT6952jPz

— BTC Gold [BTG] (@bitcoingold) July 10, 2020

On January 21, 2021, someone actually succeeded at performing a double-spend on the BTC network. The now-famous double-spend was worth only US$21 and was likely more symbolic than profit-seeking. Other BTC nodes re-organized the chain by orphaning the block, leading some to deny it had happened—but it existed long enough for $21 to disappear from one wallet and appear in another.

The most famous BTC reorganization (at least, to Bitcoiners) happened in March 2013, right before the word “BTC” began to enter the mainstream consciousness. An update to the protocol (v.0.8.0) enabled miners to process block sizes that, while valid, pre-0.8.0 miners were not able to handle. The first larger block caused an unintentional hard fork. The two largest mining pools at the time (Slush and BTCGuild) downgraded to version 0.7, giving the chain without the large transaction block the most hashing power, and forcing other 0.8-using nodes to re-organize. Amid the confusion, one user performed a successful double-spend of US$9,800—though this was regarded as an experiment rather than a malicious action. This incident is also notable for Gavin Andresen’s use of the Alert Key system to notify miners, which eventually led to the key’s removal from the BTC protocol. As of today, BTC still does not have a built-in way to notify miners to take urgent action to fix an issue.

In March 2021, the BCHA (now called eCash) network saw reorg attacks that appeared to be performed (or at least strongly supported) by a group of BCH supporters called Voluntarism.dev. Posts by the group suggested it was a response to BTC ABC’s BCHA forking from the BCH network in order to implement the Infrastructure Funding Proposal (IFP) that BCH nodes had rejected. These attacks were notable as the attacker reportedly spoofed the “ZuluPool” mining network, something that also happened in the mid-2021 reorg attacks on BSV.

One network that has experienced numerous reorg attacks and double-spend attempts is ETH Classic (ETC).

ETC is notable as its situation is in some ways similar to BSV. Though it has a smaller ecosystem and is less well-known than ETH, ETC is the continuation of the original ETH protocol/blockchain, which hard-forked on July 20, 2016, as a redress to the infamous “DAO hack.”

Desperate to bail out investors who lost money to an unforeseen (by most) exploit of code in a project called “The DAO”, ETH developers took the unprecedented step of “rolling back” the blockchain a few days to erase the mishap. An action that selectively nullifies blockchain records to rescue an influential in-group of asset holders should be anathema to blockchain proponents, as it makes a mockery of the technology’s fundamental principles. Indeed it was to some, albeit a minority in ETH, and ETC continued to use the unmodified ETH chain. ETC calls itself “the original ETH,” which it is—and needless to say, supporters of the more-powerful ETH are unhappy with its presence.

In light of recent network attacks, it’s recommended that all exchanges, mining pools, and other ETC service providers significantly raise confirmation times on all deposits and incoming transactions. @okex @binance @HuobiGlobal @hitbtc @coinbase @digifinex @etherchain_org

— ETH Classic (@eth_classic) August 6, 2020

Technically, protocol developers rolling back a blockchain is itself a form of reorg “attack,” though in ETH’s case, an officially sanctioned one by their central planners. Though the “DAO hack” was an unforeseen (by its developers) exploit of The DAO’s project code, it technically wasn’t against the rules and wasn’t performed by a miner or node operator, so it wasn’t a reorg attack itself. A chain reorg erased its transactions, albeit controversially.

ETC has been the target of multiple reorg attacks and double-spend attempts in its existence, possibly due to its lower proof-of-work and therefore lower costs to attack it. It’s also possible to imagine that ETC is a target due to its status as the “original/real ETH” blockchain, as there’s plenty of motive for opponents to want to damage its reputation.

Another series of at least 15 reorg attacks occurred on ETC in January 2019. Coinbase said it identified 12 double-spend attempts, totaling 219,500 ETC (or US$1.1 million at the time), and suspended ETC deposits and withdrawals until the matter was resolved.

In the history of BCH, there have been several attempts to double-spend coins by re-broadcasting the same transaction to both the BCH and BTC networks. In May 2019, BCH mining operators such as BTC.com and BTC.top performed reorgs to undo these more obvious attempts at theft.

Double-spend attempts using reorg attacks are less common on BTC, given the expenditures required. Though double-spend attempts do occur, they tend to be for individual transactions, e.g., taking advantage of BTC’s clogged mempool and high fees, using a design flaw introduced BTC’s centrally planned protocol developer group which they called Replace-by-fee (RBF) to substitute one transaction for another.

A successful double-spend on BTC would be high-profile and disruptive, such as the $21 double-spend mentioned above. It’s worth noting, however, that influential BTC personalities did consider an ETH-style “rollback” reorg in May 2019, following a multimillion-dollar theft from Binance’s wallets. As Binance CEO Changpeng Zhao tweeted, they decided against pursuing a rollback—but only after considering it and discussing with representatives from the mining sector:

After speaking with various parties, including @JeremyRubin, @_prestwich, @bcmakes, @hasufl, @JihanWu and others, we decided NOT to pursue the re-org approach. Considerations being:

— CZ 🔶 Binance (@cz_binance) May 8, 2019

All this shows that malicious actors are out there looking for any chance they can to exploit vulnerabilities in blockchain networks, for a variety of reasons. They are rarely catastrophic, given the built-in security measures and ever-quicker detection methods. Ordinary users do not lose funds from such attacks. However deliberate attacks against blockchains are still disruptive and can damage reputations whether they’re rectified quickly or not.

New to BTC? Check out CoinGeek’s BTC for Beginners section, the ultimate resource guide to learn more about BTC—as originally envisioned by Satoshi Nakamoto—and blockchain.