when doing an attack to re-org the blockchain to double spend your funds. each attempt is not going to happen in minutes. i was explaining that you first need to spend the funds and get goods or things of value in  another form to then want to reset the network and remove the transactions existance to then spend it again. this will take not minutes but hours.

like i said if you want to attack the network to get double spend value of any significance services already delay things like deposits and withdrawals via things like X confirm wait or 72hour for bank withdrawals or 1 day to deliver packages. so you have to wait more then 6 blocks before resetting the tx/block

i used a 6 block min as a minimum for simple math.
but if you wanted to sell coin for fiat where its $1m involved you would have to wait 72 hours (432 blocks) and then go back 432 blocks and start from that point and then move forward.. which to then move forward and catch up would be like a 432*9 factor(3888)

by which time those participating in mining these unseen 3887 blocks before they match the honest network. those participating wont see those blocks on the network and would be more then likely prefer to jump away from the malicious pool because for 3887 blocks unseen also means not getting any rewards and also the honest network can still beat the dishonest network where the honest network may not get ahead for many other mitigating reasons.

yes the malicious pool after like 4000 blocks can then do it again. and for months respend a respend of a respend by keep repeating it for years. but again those participating unless they are seeing profits can simply jump to a honest pool in SECONDS

so while you think its a guarantee that a malicious pool with have endless power more then honest pools. what you dont realise is when the dishonest group are persuaded in the dishonest task to raid their eth stake, and buy bitcoin hardware, are more so pursuaded once invested in bitcoin to become honest, due to the lack of ongoing sat rewards per block because they are only getting possible returns of investment rarely and only if the malicious pool achieves the goal

a malicious pool wont reset the network transactions just to respend a coffee cup amount when it involves the risks of the honest network doing counter activities and also where it costs hundreds of thousands per block to do an attack which over 50-4000 blocks adds up to alot that the malicious pool would have needed to initially spend and receive goods from before trying to reset to then spend again to break even per attempt

so unless they are initially buying lambo's/mansions and ensuring the car/house is registered.. or they get $Xm's fiat in bank accounts that cant be cancelled/refunded/returned.. its not worth doing a double spend attack as its not as cheap as you think per attack
..
as for doing it to just win every block or every 2nd block to then spend the block rewards. again if you want to crash the market as a pool manager, you will find your asic workers you incited to be on your pool may want to get ROI on their hardware and instead want to save the network by jumping to honest pools now they are invested in bitcoin hardware and also help the market

..
also you lastly say white wash coins by moving them to different wallets(facepalm)
if you are re-orging blocks then any attempt to move funds gets undone when you the reset the blocks that moved the coins..
you cant just hoard coins and delete transactions because(let this sink in) the transactions is where the coins are.. they are not stored separately in wallets

your wallet does not store coins... your wallet just stores the signing key
if your resetting the transactions your resetting which addresses have the coins

I don't know if this sub-discussion is worth pursuing for much longer, unless you are actually claiming that Bitcoin doesn't need to fear a vulnerability because the value will never drop below a certain value. Is this really so?

In case truly you are claiming this, let me give a small example that will hopefully convince you that your theory is not applicable here (nor in many other cases):

Suppose that I am a car factory that produces 1000 cars at a cost of $50,000 apiece, and suppose then that it turns out that there is, say, a security flaw (faulty steering or whatever) that almost kills the demand for the car, and that people do not want to buy the cars for more than, say, $20,000. Then I can't just wait for the demand to magically increase to allow me to sell them for >$50,000 at some point. Instead I will be forced to sell them at $20,000.

The theory that you are using implicitly assumes that there is a static demand for bitcoin; that people have a need to collect them. But as User @d5000 also points out, there isn't.

You are also explicitly assuming that 'the miners can just wait for the market price to rise again.' This is simply false. If the value of Bitcoin was as sure to rise again as you claim, then EVERYONE would buy bitcoin. No. If the demand for bitcoin drops, the price drops with it (since the supply is steady, at least in periods between Bitcoin Halving dates).

You seem to assume here again, at least during these few paragraphs, that the attackers try to steal a larger share of the newly minted coins (as miners). This is not their objective. Their objective is to steal a lot more than that via trades that they then rewrite afterwards, keeping only their ingoing transactions. (And their ultimate objective is actually to cause a crash of the cryptocurrency, assuming that this is what will happen.)

Think of it as the Key and Peele sketch that User @HeRetiK mentioned above, but instead of their "plot" being to earn a salary, their plot is rather to sabotage the bank from within, causing it to crash, and then get a much greater reward from a competitor.

As a side note, if we dive deeper into this metaphor, then the competitor probably wouldn't try this in real life if it can be traced back to them. This has also been a point that we have discussed a little in this discussion thread: Would the Ethereum stakeholders not ruin their reputation if they did this to Bitcoin? I think it is worth noting here, however, that the attack will in theory only require a fraction of the stakeholders to make it profitable for them, and they can reward the attack anonymously, as I point out in my preprint. So it will be almost impossible to prosecute, first of all, and the majority of the Ethereum community might even be seen as innocent.

This is assuming that the Ethereum community wants to be seen as innocent. But with enough campaign money, and enough time, both of which they have, I personally think that they will be able to convince a large part of the public that a switch to PoS is better; both for security, for reduced operational costs, which the users and investors ultimately have to pay, and not least for the planet, which is a topic that seems to generally be efficient in swaying a large part of the public.

if they keep only their own tx. they cant do double spends..
remember they can only double spend their own value they control so if they are not reversing their own transactions then they cant double spend
also by reversing other peoples transactions they cant then take control of other peoples. because the malicious side does not have the key to sign the fund of other people. so in no way can a malicious side steal funds by reversing other peoples transactions.
emphasis a double spend is only able to happen by the malicious side reversing its own transaction and then re-spending their own value

to which i explained to achieve that the people in the attack need to convert their btc to goods/services/other currency. receive those goods/services/other currency in a settled final manner.. and THEN they can undo the blocks containing the transactions they want to reverse knowing they already have the value settled in another form(goods/fiat/altcoin). to then know when the btc transaction is reversed they can then respend the btc again to a different recipient.. to double spend that same btc


its not about "crashing" its about the method to double spend btc successfully via block re-orgs

you keep avoiding one point by presenting another point to attempt to evade running scenarios to find out your first point falls flat. you have done this many times now.. evaded one scenario by trying to play dumb and try to raise another scenario to then evade that scenario by taking it in context of another scenario

so lets make it clear

if your only scenario result you want is a market crash attempt, lets fully delve into that scenario
firstly when adding another 50% of network hashrate. it means the honest network has double the competition. AND EMPHASIS: half as much reward and double the cost of mining due to higher difficulty due to the competition..
this pushes up the basic value:premium window which then causes all those assessing the acquisition methods of btc to then have a higher speculative price expectation which means all those wanting btc would be more willing to buy higher and the sellers wont sell for less but instead only willing to sell for more.. this would cause the market to go UP

as for you saying about re-orging blocks to then mess with the market to crash it.
to be successful with that when the malicious pools deposits coin into an exchange. it has to wait for the exchange to deem the funds are settled with them (6 confirms for any significant amount deposited) the malicious users would then have to waste their deposit balance on orders to force a crash. and then remove the other currency to then re-org the blockchain to undo the deposit. so they can then do it again
however exchanges will notice these tactics of re-using a utxo thats was previously spent, and just block/ban users thus avoiding users abusing their balance database and market orders
also as said to do this, they cant just respend the same utxo every block by doing re-orgs every block. as i explained they would need to go through a process of delaying a 51% blockchain attack by ~50-4000 blocks to play each round out to then re-do it again.. by which time even the invited people to the malicious pool whom bought into bitcoin hardware will see the negative affects actually hurt their investment and they can within seconds jump to honest pools. where by it takes a malicious pool multiple hours/days per attack round

however in a ethereum attack the custodian of stake can manipulate blocks whereby the stakers wont counter it, because the stakers funds are at risk(the penalty) and the stakers cant simply jump to a honest custodian in seconds because it takes a day to de-stake. so the risk of a dishonest custodian on ethereum is far more harmful to ethereum users than a bitcoin attack is to bitcoin

if you want to delve dep into a blockchain attack to effect a CEX market you really need to learn the difference between the blockchain transactions which are not the market price orders vs the CEX balance and market order databases which are not the blockchain
then run scenarios on whats actually involved in doing an attack and how things operate

dont just side step things simply because it doesnt appease you hopes that people simply dont say ethereum is king
instead learn the mitigating factors of reality and realise bitcoin has alot more strengths than ethereum does

like i said if you are attempting to re-org the blockchain in a 51% attack to double spend funds to continually crash the market. you need to learn how the delay of the confirms. the length of "catch up" time and also the mitigating factors a CEX can put inplace in regards to its balance and market order database and services decisions all are factors
its very easy for a CEX to keep a log of the UTXO's being spend as deposits. and then ban users that try re-using the same UTXO even in a block -reorg situation

aswell as if those now highly invested in bitcoin hardware wont want to lose their investment. they would soon realise that being malicious harms themselves more, they would quickly jump away from the malicious pool and join the honest side to protect their own value now invested in bitcoin
...


heres where you go wrong
if there is a real world physical limit of material cost across the globe that the cheapest new car on the planet can be built for is $50k in q3 of 2024
it doesnt matter that people prefer to want a new car for $20k.. they wont get it. car dealerships wont sell a car at $30k less than material cost.. thats just bad business
what you find is that there is across the globe a different material cost of manufacturing cars of $50k-$300k dependant on region and so if there is a low demand for new cars or where people want to pay the least possible.. the MARKET price will be around the $60k-$75k for most of the period and occassionally try to test the bottom of $50k where only those in the special regions willing to sell AT COST of lowest COST are still selling
when demand rises then the price can go premium upto $300k

yes if no one buys any cars, then the manufacturing gets affected and slowsdown(hashrate drop) where the material cost could go down due to less demands of materials(less asics) thus the cost can go down, which could then cause the dealership(market) bottom to go down. but this is a lengthy process in of itself

but there would need to be some fatal flaw that stops all trades and causes manufacturing to drop its material cost competition

Can't really add anything so belatedly, franky1's response, while not exactly the scenario I had in mind, describes just how complex it would be to even mount such an attack. The preparation, the sheer breadth of collusion -- word would get out before they could put the resources in place, and the moral Ethereum devs and nodes would ensure a quick abortion.

But yes -- even if they succeeded, as many people have already considered (I remember Antonoupoulos describing the aftermath of a potential attack very well many years ago) -- a reorganisation would undo the attack. Remember, success isn't one single 51% attack to create an altcoin. Success means also convincing everyone else the altcoin is the one everyone would follow. Colussion also involves conversion.

Economically non-feasible is vastly underestimated.

I like these points a lot.

I find your second point particularly interesting; that's a very creative idea. If the Bitcoin investors can truly identify who's behind the attack, then they can in principle choose, if there's enough cohesion, to just migrate to a third coin, rather than to the attacking one (Ethereum most likely). I think you're right.

And you are also absolutely right about your third point; this might very well help deter an attack.

It's not fair of you at all to say that I'm evading this economic discussion of the supposed lower threshold when we have discussed this very topic for quite a while now, and you are even quoting my latest reply in this discussion in your very same post. (!) How on earth is that fair even one bit?

I've been very keen to try to answer all your points, and I'm not trying to evade them. If you at any point that you feel like I've skipped one of your arguments, please just point that out (e.g. by posting that I've missed that point and just quote yourself), and I will answer it.



Well, this is exactly what we are talking about in this topic: If it turns out that Bitcoin has a fatal or near-fatal flaw that makes it vulnerable to a particular kind of 51% attack, then its price will drop severely.

Maybe I went to low with the prices in my example, so to really underline the point, imagine instead that the cars cost $190k to make, and it turns out that their motors have a risk of exploding, or something like that.

If it turns out that there is an attack vector on Bitcoin where attackers can keep stealing money and profiting as long as its price doesn't crash, then Bitcoin will crash (i.e. unless the attack vector is mitigated). You have to agree with this, don't you?

(And if you do, then we don't really need to discuss this specific topic anymore in relation to the overall topic of this thread, even if we still disagree on some points: We could do that in another thread.)

Thank you, and thanks for your post.

You are right that all that would probably be infeasible, especially when you are assuming that the miners have to be anonymous.

But first of all, in order for the Bitcoin devs to respond, they need to find a way to respond. They can't exclude the attacking miners, so it seems that they would have to hard-fork to PoS, or something to that effect. (There is currently a discussion about what steps they could take to mitigate an attack on this thread.)

The also don't have to fear being discovered for legal reasons, it seems, since they are not doing anything legal in the lead-up to the attack, and not in carrying out the attack itself, arguably (see the discussion above about this topic).

Now, they might not want to reveal their intentions to their suppliers, as you point out. That is a good point. But at the end of the day, how can the suppliers really know what their buyers are up to and/or who they sell their ASICs to? Will they really make their customers sign a contract not to participate in a 51% attack, and would that even work?

Also, let me just quickly point out again, that the Ethereum stakeholders can buy/bribe existing mining farms. This proposition has apparently been dismissed so far in this discussion thread, almost as if 'honest' is a predicate that "sticks" to you as a miner, which seems odd to me, especially when the whole concept behind PoW blockchains is that the miners 'behave selfishly.'

Now that I've thought about it, I think it might be dangerous for Bitcoin investors to switch to a third PoS coin (fully or partially) as a solution. The danger is that if they are not extremely coordinated, the first investors to buy the third altcoin might get them for cheap whereas the last ones to move will have to pay a lot more BTC for them. This could cause a great shift in the wealth between the individual Bitcoin investors.

It would probably be much better to them create a brand new PoS coin and simply copy all the wallets and balances from Bitcoin to that one. Note that this is similar to making a PoS hard fork of Bitcoin in practice. Afterward the investors can trade the new coin in order to establish its value compared to Bitcoin (the PoW version) via the normal market forces.

What do you think of that?

i did address it
i already said the mitigating factors YOU missed
EG before alice trades with bob on the market, alices deposit goes into an exchange (so i presume you are calling the exchange bob) and needs X confirms (significant amount is usually 6confirms)

so the exchange(bob) would then have the coin
now alice then exchanges the usd in another exchange for more bitcoin
but that involves moving stablecoin of usd to a different exchange(claire) so that your held value is safe from not being drawn back by bob(no longer in bobs exchange database balance)
this again means waiting time for funds to clear for clair to then trade
repeat a couple times with a few more exchanges(doris, eric)

and then you want to re-org a old block where you deposited with bob(exchange) to make that A->B transaction disappear

well you are now going to have to go backward many many blocks. re-do that block. and then have to catch up with the network again and over take it and hope the other nodes accept your new list
even with a 10% advantage(55% attack) and only re-winding 6 blocks, it would take like ~50 blocks to catch up
so play out your time frame to just do a bob, claire, doris, eric trades.. and realise you would then need to go back a heck of alot more blocks and edit the block containing the alice-bob trade

so run the scenario and do the math

..
also you state the $1.5B traded each day
you can rewind a block and that makes YOUR transaction ge undone so you can re-spend YOUR funds to a different destination.. but yo dont have the keys for the other users transactions to change their destinations to you. you cant steal other peoples funds so you cant control the other $1.5b transactions
like i said if you wanted to perform an attack then you need to run the scenario out properly and consider the mitigting circumstances and whats actually going to happen based on real things, not the fantasy results you made up and hope people will agree with

if you made a transaction where you deposited $1b and traded it for USD and then withdrew it via wire transfer, you would have to wait 72 hours atleast for the banks to clear it meaning a minimum re-wind time of ~450 blocks and the a catchup and over-take time of THOUSANDS of blocks