The malicious miner was able to successfully carry out a re-use attack on the Bitcoin Gold network last week, CCN writes.
Bitcoin Gold Communications Manager Edward Iskra for the first time warned users about the attack on May 18, explaining that the attacker is exploiting a vulnerability to steal funds from cryptocurrency exchange.
To carry out the attack, the miner captured at least 51% of the computing power of the network, which allowed him to temporarily control the blockchain. Capturing such a volume of hash-capacity, even in smaller networks, such as Bitcoin Gold, is very expensive, but it can be monetized by re-spending transactions.
Having gained control over the network, the attacker began making deposits in BTG to the exchange of cryptocurrencies, while sending the same coins to his own wallet. In a normal situation, the blockchain company would not accept a second transaction, since the transfer of these coins would already be accounted for and recorded in the block, however, having the ability to manipulate the network, the attack organizer included only those transactions that he needed to the final version of the blockchain.
Thus, he made deposits to exchanges, then immediately withdrew funds and canceled the original transaction, accumulating the cryptocurrency at a separate address. Since May 16, this address has received over 388,000 BTG. Assuming that all incoming transactions are associated with a re-use attack, an attacker could, at the current exchange rate, be more than $18 million.
The developers of Bitcoin Gold recommended that exchanges of cryptocurrencies increase the number of confirmations, after receipt of which the deposit is credited to the client’s account. According to the information from the detachment, the attack organizer managed to roll back the transactions, after which it was extracted up to 22 blocks, which is why the exchanges are recommended to set a minimum requirement of 50 blocks.
Earlier, the attack, not the first time, was subjected to a network of Verge cryptocurrencies.