Following the recent attacks on Verge, commentators and technical analysts have been considering whether or not similar attacks could be carried out against bitcoin and Bitcoin Cash. So how does a time warp attack work, and what other cryptocurrencies could be vulnerable? We’re going to take a look at what happened with Verge, as well as a few of the recent reports on what other projects may be at risk.
What is a time warp attack?
Before we get into who may be at risk next, let’s go over briefly what a time warp attack is.
In simple terms, a time warp attack is when a nefarious actor submits incorrect mining data that suggests to the network that blocks are taking too long to mine. In the case of Verge, blocks are supposed to take about 30 seconds to complete. This means that the network will constantly adjust its difficulty in order to maintain this average block rate.
In other words, if it finds the blocks are taking too long to complete, it will lower the difficulty. Conversely, if blocks are coming into quickly, then difficulty will be increased.
What’s important to note is that with Verge, this updating happens almost constantly. Other cryptocurrencies don’t all adjust difficulty quite so often. For instance, bitcoin only adjusts its difficulty about once every two weeks. Verge makes use of a technology called Dark Gravity Wave to control this difficulty adjustment process.
Verge multi-algo a double edged sword
Another reason why the attack on Verge was so successful is because it is a multi-algorithm cryptocurrency.
Most cryptocurrencies can only be mined using one specific type of hashing algorithm, like SHA-256 or Equihash. Some, however, make use of multiple different algorithms in an attempt to prevent or hinder mining centralization through ASIC manufacturing. DigiByte, for instance, uses a similar scheme of five separate mining algorithms.
Find out more about Verge in our Guide
In the case of the Verge time warp attacks, the attackers specifically targeted the Scrypt mining algorithm (the algorithm of choice for Litecoin and Dogecoin) and as such were able to lower the difficulty for Scrypt mining to laughably low levels. The end result is that during the attack, an obscene amount of blocks were mined by the attackers, netting them potentially millions of dollars.
Verge is not the only cryptocurrency to suffer a time warp attack. Recently Bitcoin Gold and Monacoin have also been successfully attacked in this way.
Bitcoin Cash at risk?
Time warp attacks are easier to pull off on proof-of-work currencies that have a lower hash rate than others. Particularly, this means newer or younger blockchain projects. Bitcoin Cash could potentially see a time warp style attack occur against it if enough mining pools (or even an ASIC manufacturer) were to attempt to do so. This is because Bitcoin Cash makes use of the same mining algorithm that bitcoin does. This means it has a potentially massive amount of ASIC hardware and hash power that could be used in such an attack.
Intentional or not, mining pools could be a powerful tool in this type of attack if they were to be compromised by an attacker. This is because the efforts of many individual and industrial miners are centralized in mining pools. This would make them an ideal target. As units of Bitcoin Cash are currently worth over $1000 each, such an attack, if successful, would indeed be a lucrative one.
So far though, such an attack on the Bitcoin Cash network is only hypothetical.
What about bitcoin?
Bitcoin is unique because it currently boasts the highest hash rate of any cryptocurrency in the world, due to its popularity and high value. Because of this, any sort of attack against it would require a nearly unbelievable amount of computing power.
But assuming that one were able to amass enough computing power to conduct a time warp attack, bitcoin’s difficulty was designed to only retarget every two weeks. This means that if such an attack were to be attempted, those who watch the network could easily see the attack coming many days in advance, and thus would have quite a long time to respond and prepare a defense.
The Verge attacks started and ended in a matter of hours each time. Although several individual attacks were successful, each one only lasted for a short period. Such an attack on bitcoin would be effectively impossible given that it would simply take too long, and give those who manage the network more than enough time to respond.
Dark Gravity Wave tech a concern
One final point of concern relates to the difficulty retargeting technology used by Verge. The technology, called Dark Gravity Wave, is in use in several other cryptocurrency projects, such as a few of those based on Dash (for which DGW was originally created). Therefore it’s safe to say that these projects may need to consider doing upgrades or even a hard fork in order to update or replace this type of difficulty retargeting.