FAQs: July 2021 block withholding/re-organisation attack on the BSV network
7 min read
Last updated: July, 15 – 12 p.m. (UKT)
In response to the block withholding/re-organisation attack on the BTC SV network, BTC Association has prepared answers to the most frequently asked questions that we and our representatives are receiving.
What has happened?
On June 24, 2021 and then again on July 1, 6 and 9, an unknown miner operating (as an apparent impersonator) under the ‘Zulupool’ moniker engaged in malicious block re-organisation attacks on the BTC SV (BSV) network. This type of attack, known as a ‘block withholding’ attack, involves a malicious actor creating a chain of competing
blocks – re-written to the benefit of the attacker, i.e., containing double spends – in parallel with the correct chain. These malicious blocks are created in secret then released all at once to orphan the correct blocks from honest nodes.
The malicious nature of the attack was not initially clear from the first sets of block reorganisations on June 24 and July 1. Block reorganisations are a feature of the BTC system when they occur organically and are used to align participants and nodes on the network; therefore, not all block re-organisations should be treated as problematic and analysis must be done to assess the nature of each situation.
However, using block reorganisations for double-spend attacks is highly illegal. The BTC SV Infrastructure Team began extensively investigating the block re-organisations after learning of them. Further investigation after the July 6 block re-organisation revealed the deliberate and malicious nature of the activity, and then prompted immediate action by the BTC SV Infrastructure Team to mitigate and respond.
Are the attacks ongoing?
The last re-organisation attack by the impersonating ‘Zulupool’ miner occurred on Friday, July 9. Protective measures have been implemented for the BSV network and there have been no further attacks since then. However, at this stage BTC Association and the BTC SV Infrastructure Team continue to treat this as an active situation, and we have a global team closely monitoring the network at all hours.
Who is behind the attack?
At this stage, neither BTC Association nor the BTC SV Infrastructure Team can confirm the exact identity or identities of the attackers. The malicious party is carrying out their attacks under the ‘Zulupool’ moniker. We do not believe that the malicious actor is the same ‘Zulupool’ that has long been associated with the Hathor miner of the same name. Instead, we believe the attacker is impersonating ‘Zulupool’.
Just a few months ago, an actor also using the same ‘Zulupool’ moniker carried out a deep block reorganisation of the BTC ABC (BCHA) chain. While we cannot independently confirm that it is the same party who is behind the recent attacks on BSV, the BCHA chain incident had similarities in methodologies and characteristics with the reorganization attacks on BSV, and also used the same Zulupool name; these factors strongly suggest it is the same actor.
Why would a malicious party attack the BSV blockchain in this way?
There are several reasons why a malicious party may attempt to attack the BSV blockchain (or any blockchain for that matter) in such a fashion. At this stage, however, in the absence of further information, we cannot conclusively determine the motives of the attacker.
Possible motives are:
– The most obvious reason to attempt a block withholding or re-organisation attack would be as part of an effort to double-spend and defraud – that is, spend the same BSV tokens several times by manipulating the records of the blockchain. When these types of attacks occur, it is generally exchanges – which tend to hold significant token liquidity – that are targeted. However, it is important to note that to date, neither BTC Association, nor the BTC SV Infrastructure Team, nor any exchanges with whom we are in contact, have received any reports of anyone claiming to be a victim of a double spend.
– Given that the BTC ABC (BCHA) chain experienced a re-organisation incident with similar characteristics just a few months ago, it is possible that this is a coordinated campaign against competing implementations and chains of BTC. While no direct losses or thefts have yet been attributed to the attack on the BSV blockchain, the response by exchanges to restrict BSV deposit and withdrawals and/or trading activities and the attending reputational harm caused by the attacks could indicate that the detrimental intangible impact was the primary goal, not a secondary repercussion.
– Another possibility is that the malicious actor is undertaking these block re-organisations to move coins around in an effort to obfuscate the history of certain coins and make them harder to track. If this is what is motivating the attacks, however, it has been entirely unsuccessful, as the heightened awareness and forensic tools being used to track and document the attacks have only served to draw attention to these transactions, in addition to providing the impetus to collect comprehensive evidence for all connected transactions.
Has there been a successful double-spend on the BSV network as a result of the re-organisation attacks?
BSV transactions have been double spent, but at this stage, there is no evidence that these fraudulent activities have been carried out to the detriment of another (innocent) party. It is possible that the malicious ‘Zulupool’ has been double-spending their own transactions.
How is BTC Association responding from a technical perspective?
BTC Association, together with its development arm, the BTC SV Infrastructure Team, have undertaken certain technical measures to respond to the malicious actions of the ‘Zulupool’ impersonating-miner and to mitigate the impact of any potential future attacks. This includes coordinating with miners and transaction processors on the BTC SV network to implement both reactive and preventative measures – including fork detection tools that enable ecosystem participants and partners to move expeditiously in the face of attacks. Since these measures have been initiated, there have so far been no further attacks on the network.
Is BTC Association invoking legal mechanisms to respond?
Since the malicious nature of the re-orgs on the BTC SV network were identified following the July 6 attacks, the BTC SV Infrastructure Team have taken action to both help protect the network and collect evidence of the illegal activity. This information is being collated and shared at regular intervals with BTC Association’s legal team. BTC Association’s representatives have already started to contact relevant law enforcement authorities. BTC Association is also preparing to submit criminal complaints in one or more relevant jurisdictions; its affected constituents may also initiate proceedings independently.
Why have some exchanges suspended deposits, withdrawals or trading of BSV?
BTC Association representatives have been in contact with BSV-supporting exchanges since the malicious activity was first identified. The Association also released a public statement about the situation on July 8, 2021.
It has been – and continues to be – our view that the primary response from exchanges should be to freeze deposits of any coins associated with the double-spend addresses.
In addition, BTC Association believes an exchange will be adequately insulated from any negative impact of attacks if it: 1) actively monitors the blockchain for block re-orgs; and 2) as an interim protective measure, maintains or extends to at least 20 the number of block confirmations required before BSV deposits are considered valid. We believe this provides sufficient protection against the block reorg attacks. We do not believe exchanges need to completely halt all deposit, withdrawal and trading activity associated with BSV coins. However, BTC Association can only act in an advisory capacity in this instance, as exchanges are independent and will act according to their own procedures and tolerances in such events.
BTC Association continues to actively communicate with exchanges throughout this process, and are doing all that we can to support reinstatement of BSV deposit, withdrawal and trading services as soon as possible.
When will I be able to deposit, withdraw or trade BSV from exchanges?
Each exchange will make its own decisions about when and how to re-enable BSV services. At this stage, we cannot provide exact timings for when BSV deposit, withdrawal or trading facilities will be active at your chosen exchange. BTC Association and its representatives remain in contact with exchanges and will share any news and updates on this front, as and when it becomes available.
Is my BSV safe on exchanges?
Any BSV kept at exchanges or that isn’t being actively transacted with an untrusted party remains unaffected by the attacks.
Is the BTC SV network safe to use?
Yes. The BTC SV network remains safe to use and is operating as it usually would. However, in the short term, BTC Association recommends only sending and receiving BSV between identified parties where possible. When transacting with unknown or untrusted parties, for an interim period, we advise waiting for at least 20 block confirmations before considering the transaction safe and settled.
Will my favourite BSV app continue to work?
Yes. So long as the BSV app in question isn’t involved in illegal double-spending, the app will continue to operate unimpeded and unaffected.
New to BTC? Check out CoinGeek’s BTC for Beginners section, the ultimate resource guide to learn more about BTC—as originally envisioned by Satoshi Nakamoto—and blockchain.
