51% Wallet Claims

bob

New Member
Dash Core Team
May 31, 2018
11
57
13
50
Earlier this week Dash Core Group was made aware of claims that several Dash wallet addresses comprised around 51% of all Dash mining hashrates. We’ve spent the past few days to internally assess everything and better understand all addresses and hashrates involved.


We’ve examined the claims and they appear correct at this time. However, we don't believe the entity in control of the wallets in question plans or wants to attack because their mining activities began at least 4 months ago and their blocks have been published for all to see.


Additionally, since we were first made aware of these addresses, they have begun to remove their hashing power from NiceHash and diversify into various mining pools. This removes the risk of a malicious party renting the hashing power via NiceHash and simultaneously signals that the entity in control of the hashing power does not have negative intent. We believe the miner behind the hashing power was made aware by the same info we discovered online and quickly moved to more protected pools as they appear to be a major stakeholder of Dash.




Graph shows Nicehash available hashrate for rent has decreased dramatically over the past day.


Additionally, because of our unique InstantSend capabilities a transaction that was successfully locked via InstantSend would require a reorganization of over 24 blocks in order for a double-spend to succeed.


There are many variables that have allowed this miner to amass this much hashing power, including newer ASICS on the market and the current price decline. At this time we do not believe there is reason for concern given our position as the largest X11 project in terms of hashing power (a 51% attack of this nature would make the attackers or NiceHash miners who rent their equipment obsolete and worthless). We also believe it is clear this entity has not shown malicious intent with their public activity.


On a related note, Dash recently announced an innovation named ChainLocks that will make it even more difficult to perform a 51% percent attack on the Dash network since it would also require a 51% dominance of the masternode layer. ChainLocks will be included in a future update to the protocol. More details can be found here.


We will be monitoring this situation closely and will publish more information if it becomes available or necessary. We encourage everyone with the ability to mine Dash to do exactly that and help distribute hashing power.
 

t0dd

Active Member
Mar 21, 2016
151
132
103
keybase.io
Dash Address
XyxQq4qgp9B53QWQgSqSxJb4xddhzk5Zhh
Thank you for this. Honesty in the crypto-space is a refreshing change versus the more defensive posture other projects seem to embrace.

This is definitely a concern in principle, but certainly not a panic issue for all the reasons you mentioned (a more default instantsend and, in the near future, chainlocks). With chainlocks (0.14 I believe?) the 51% attack potentiality more-or-less disappears, but we should always be looking at ways to reduce such dominant "stakes" in the project.

I.e., Dash is addressing this particular potential problem like no other chain. Dash rocks!

Again. Thank you. I rest easy at night.
 

sawomu

New Member
Jan 6, 2019
8
0
1
29
We’ve examined the claims and they appear correct at this time. However, we don't believe the entity in control of the wallets in question plans or wants to attack because their mining activities began at least 4 months ago and their blocks have been published for all to see.

You do not describe at all the way you did your investigation.
You said "I examined the claims and I discovered this" but not a single hint on how you did that.
I assume you expect us to believe you because you carry the "Dash Core Group" badge. Right?
 
Apr 23, 2017
66
26
58
34
I am wondering if it could be possible to apply chain-locks in the next release right after 0.13.0 like i.e 0.13.1?
I think that would be interesting, but I don't think DCG should bent over backwards if 0.14 is going to be live in 3 months or less. Even more if they do so it looks weak as it a direct response on to this FUD.
IF we bring it out later we get the news affect of this FUD, and than later on we get the full credit for 0.14. Both from a technical perspective and a marketing perceptive waiting till 0.14 is the right choice from my point of view
 

TroyDASH

Well-known Member
Jul 31, 2015
1,251
794
183
I am wondering if it could be possible to apply chain-locks in the next release right after 0.13.0 like i.e 0.13.1?
LLMQs are not until 0.14 and I believe they are a prerequisite for ChainLocks.
 

camosoul

Grizzled Member
Sep 19, 2014
2,266
1,130
1,183
You do not describe at all the way you did your investigation.
You said "I examined the claims and I discovered this" but not a single hint on how you did that.
I assume you expect us to believe you because you carry the "Dash Core Group" badge. Right?
No. He has stated what he has found through analysis that you are also perfectly capable of doing yourself.

If you don't want to believe him, don't. Do your own research.

If you are unwilling or unable to do that, that's on you.

No one owes you. You're not entitled. If you don't like or trust his work, do your own. You have the same resources available to you that he does. This is all public blockchain record.
 
  • Like
Reactions: Vlax

camosoul

Grizzled Member
Sep 19, 2014
2,266
1,130
1,183
I think that would be interesting, but I don't think DCG should bent over backwards if 0.14 is going to be live in 3 months or less. Even more if they do so it looks weak as it a direct response on to this FUD.
I see it quite the opposite.

This is yet another opportunity for DASH to differentiate itself. Show how nimble and responsive it can be. While other project fumble for months and years, use word salad, or completely neglect problems, walk back definitions and then the ultimate development BS of calling it a feature, not a bug... DASH here has yet another opportunity to show itself to be the complete opposite of that.

Shall we let this opportunity pass us by, like so many others? Announce the concept of ChainLocks, then allow it to remain vaporware for so long that it other coins develop "close enough" versions? Like pretty much every other feature DASH has innovated?

It's become a trend in DASH to make excuses for letting opportunities pass by... I was called a troll for fighting against it, and I'm sure I'll be called a troll for continuing that fight now that the behavior is an established status quo...

DASH desperately needs to stop letting opportunities pass it by...
 

sawomu

New Member
Jan 6, 2019
8
0
1
29
No. He has stated what he has found through analysis that you are also perfectly capable of doing yourself.

If you don't want to believe him, don't. Do your own research.

If you are unwilling or unable to do that, that's on you.

No one owes you. You're not entitled. If you don't like or trust his work, do your own. You have the same resources available to you that he does. This is all public blockchain record.
He presents his conclusion without any proof! How is it possible this to be accepted by a rational individual?
I do not belong to the flat-earth society, I always expect the proves nearby the claims.
 

f8192

New Member
Dec 17, 2017
27
4
3
30
He presents his conclusion without any proof! How is it possible this to be accepted by a rational individual?
I do not belong to the flat-earth society, I always expect the proves nearby the claims.
Why do you even care? Even if 51% attack did happen, so what? Just use InstantSend, and it is not a problem. More over, IS is gonna become automatic in 2 days, so you don't need to ask an every single sender to use it. Even if a transaction did not happen to confirm instantly, just wait ~24 confirmations, which is about an hour, and it can be fully trusted just like an IS one.
 

jimbursch

Active Member
Mar 5, 2017
837
499
133
55
This is a very satisfying answer. Thanks @bob !

While it is concerning when an entity controls 51%, and indicates a potential attack risk. It is, nonetheless a risk, not an attack.

The technical risk posed by 51% is mitigated by the economic self interest of the entity controlling the hash power -- a successful 51% attack would collapse the value of any gain from such an attack. Soon Dash will have chain locks, a technical mitigation that backs up the economic mitigation.

Notice that ETC was "attacked" -- it underwent several chain reorgs with double spends -- but nobody has come forward claiming losses. Surprisingly, perhaps rationally, the market is nonplussed. A chain reorg is technically interesting, but in the absence of a loss to some party, it is economically meaningless. My guess is that, in the case of ETC, someone did the reorg as an experiment -- they double spent their own ETC to themselves. Maybe they are surprised that somebody (Coinbase) noticed, or maybe they wanted to alert the community/market that it could be done.

In the case of Dash, it was discovered that someone controlled 51%, and as soon as it was discovered, the party controlling it then dispersed it -- an economically rational course of action.

This is fascinating stuff, both from the standpoint of technology and behavioral economics.
 

TroyDASH

Well-known Member
Jul 31, 2015
1,251
794
183
Why do you even care? Even if 51% attack did happen, so what? Just use InstantSend, and it is not a problem. More over, IS is gonna become automatic in 2 days, so you don't need to ask an every single sender to use it. Even if a transaction did not happen to confirm instantly, just wait ~24 confirmations, which is about an hour, and it can be fully trusted just like an IS one.
InstantSend provides the equivalent security of 24 normal confirmations, but even having 24 confirmations does not protect against 51% PoW attacks ( a 51% attacker could start mining 100 blocks ago, and when they finally catch up on the proof of work then the whole original chain after that point would be orphaned)
 

camosoul

Grizzled Member
Sep 19, 2014
2,266
1,130
1,183
He presents his conclusion without any proof!
You have drawn the false conclusion that proof does not exist simply because it wasn't handed to you. Neither he nor I stand obligated to prove anything to you.
I always expect the proves nearby the claims.
Careful, your snowflake entitlement is showing. Your expectations (a.k.a. lazy demands) need not be met by anyone.

This is not a doctoral thesis. It is a signpost.

I'll say it again; nobody owes you a damned thing. If you can't/won't sort it out for yourself, demands that someone else hand it to you on a silver platter will not get you anywhere.

We are not the Fact Welfare.

No one is forcing you to be here. No one is expecting or demanding that you be believed or accommodated in any way.

In other words, feel free to screw off at any time if all this free stuff isn't good enough for you.

It's worth exactly what you paid for it...
 
Last edited:

f8192

New Member
Dec 17, 2017
27
4
3
30
InstantSend provides the equivalent security of 24 normal confirmations, but even having 24 confirmations does not protect against 51% PoW attacks ( a 51% attacker could start mining 100 blocks ago, and when they finally catch up on the proof of work then the whole original chain after that point would be orphaned)
I believe that the more hashrate percentage you have, the more blocks you are able to override, isn't this true?
 

camosoul

Grizzled Member
Sep 19, 2014
2,266
1,130
1,183
Why do you even care? Even if 51% attack did happen, so what? Just use InstantSend, and it is not a problem. More over, IS is gonna become automatic in 2 days, so you don't need to ask an every single sender to use it. Even if a transaction did not happen to confirm instantly, just wait ~24 confirmations, which is about an hour, and it can be fully trusted just like an IS one.
Eh, not necessarily. Secret miners, if they exist, could wait more than an hour. maybe a whole day...

But since DASH is the chief X11 coin, the only thing such an attacker could do is destroy his own half-billion dollar investment... I wouldn't put it past the US or Chinese governments to do something like that. They have no problem wasting and squandering their citizens' own money on aggression towards their own citizens... They'll just point a gun at everyone and extort more money. They don't care. They're more interested in being evil the old fashioned way; spreading propaganda about "those people" as an excuse to invent new laws, as an excuse to commit violence against "those people."

But, we have no evidence that they're smart enough to figure out how, much less actually do it.

Anyone who actually paid for those hashing machines certainly isn't going to do such a thing.
 
Last edited:

camosoul

Grizzled Member
Sep 19, 2014
2,266
1,130
1,183
I believe that the more hashrate percentage you have, the more blocks you are able to override, isn't this true?
No.

As long as you hold 51% or more, you can do it. A larger percentage only means you are more likely to maintain that hold.

A secret miner might be able to issue more blocks in the same temporal window. This miner is clearly no secret.
 

sawomu

New Member
Jan 6, 2019
8
0
1
29
In other words, feel free to screw off at any time if all this free stuff isn't good enough for you.
It is not free stuff.
As long as it remains a simple quote without any proof provided, it can also be considered as a speculation that is presented as fact.
"extraordinary claims require extraordinary evidence" , as people use to say.
 

bob

New Member
Dash Core Team
May 31, 2018
11
57
13
50
Dash is in the best position to significantly reduce risks of 51% attacks compared to all other coins through ChainLocks. Leveraging our unique Masternode network and the upcoming Long Living Masternode Quorum (LLMQ) feature, ChainLocks add another dimension to proof of work. This innovation was unveiled less than 2 months ago in DIP8 (https://github.com/dashpay/dips/blob/master/dip-0008.md) and explained in more detail in Alexander Block’s blog post (https://blog.dash.org/mitigating-51-attacks-with-llmq-based-chainlocks-7266aa648ec9). ChainLocks is slated as part of our next major release, version 0.14.0.
 

camosoul

Grizzled Member
Sep 19, 2014
2,266
1,130
1,183
"extraordinary claims require extraordinary evidence"
There are no extraordinary claims present. Only the plainly observable.

Sane Person: "The sky is blue. A few small clouds, but no big deal."

Typical a-hole on the Internet: "PROVE IT! HOW CAN YOU SAY SUCH FANCIFUL THINGS WITHOUT PROOF?!?!"

Sane person: "Uhm, look out the window."

Typical a-hole on the Internet: "THAT DOESNT PROOVE ANYTHING! HOW DARE YOU SUGGEST IT ISN'T RAINING! I WANT PROOF THAT IT ISN'T RAINING! I'M ENTITLED! I DEMAND! YOU'RE A LIAR IF YOU DONT FOLLOW MY ORDERS!"

Sane Person: "Whatever you say, man. Can't prove a negative anyway. Bye."

Typical a-hole on the Internet: [probably saying a bunch more useless, entitled crap, but no one is listening]
 

sawomu

New Member
Jan 6, 2019
8
0
1
29
There are no extraordinary claims present. Only the plainly observable.

Sane Person: "The sky is blue. A few small clouds, but no big deal."

Typical a-hole on the Internet: "PROVE IT! HOW CAN YOU SAY SUCH FANCIFUL THINGS WITHOUT PROOF?!?!"

Sane person: "Uhm, look out the window."

Typical a-hole on the Internet: "THAT DOESNT PROOVE ANYTHING! HOW DARE YOU SUGGEST IT ISN'T RAINING! I WANT PROOF THAT IT ISN'T RAINING! I'M ENTITLED! I DEMAND! YOU'RE A LIAR IF YOU DONT FOLLOW MY ORDERS!"

Sane Person: "Whatever you say, man. Can't prove a negative anyway. Bye."

Typical a-hole on the Internet: [probably saying a bunch more useless, entitled crap, but no one is listening]
@bob should release the code he used, in order to drew his conclusions.
It is that simple.
 

mage00000

Member
Oct 27, 2017
48
5
48
56
Thailand
Dash Address
Xpfu8DXjeG7i6bsWcm25mXb27T2e7t3Su8
When is 0.14 planned ? When testnet? When mainnet?
As the code is written, the requisites are on mainnet and testnet is free, I would say: "what are we waiting for?"
Package it up and deploy!
 

tungfa

Administrator
Dash Core Team
Moderator
Foundation Member
Masternode Owner/Operator
Apr 9, 2014
8,967
6,739
1,283
When is 0.14 planned ? When testnet? When mainnet?
As the code is written, the requisites are on mainnet and testnet is free, I would say: "what are we waiting for?"
Package it up and deploy!
first 13 has to be live
14 is already on testnet and ready to roll
 

mage00000

Member
Oct 27, 2017
48
5
48
56
Thailand
Dash Address
Xpfu8DXjeG7i6bsWcm25mXb27T2e7t3Su8
Excellent!
The reason why a 51% attack would be unlikely on the Dash network, that their miner investment would be lost, is not true as mining power can be rented. But there is another reason.
To profit from such an attack one would need a significant amount of dash to double spend. Also it requires some expertise and swift action.
If you have a lot of dash, instead of figuring out this one-of scheme, it would be much easier and in the long run more profitable to set up a masternode.
Yet, all things considered I am quite happy to know that a permanent solution is on its way!
 

camosoul

Grizzled Member
Sep 19, 2014
2,266
1,130
1,183
mining power can be rented.
...but the needle is already pegged on proper mining. I don't think enough X11 miners even exist... Someone would have to secretly manufacture more than that total number of currently existing X11 ASIC rigs, and continue producing more to keep up... You'd essentially have to be your own silicon foundry. The investment needed to accomplish this is greater than DASH's market cap. Not to mention, a successful attack would guarantee 0 profit... they'd be in the hole for over a $1,000,000,000 USD and have noting to show for it... Only a government would do something like. China, USA... I can't think of any other government with the motivation, power, and resources to do that. Of these two, china seems the more likely, and we have absolutely zero evidence that either is actually doing so.
 

mage00000

Member
Oct 27, 2017
48
5
48
56
Thailand
Dash Address
Xpfu8DXjeG7i6bsWcm25mXb27T2e7t3Su8
O RLY!?!

Then color me "Shut the hell up Camosoul, you're such a dick."
Mmmm, interestin.
Leaving those paintball games aside for a moment, is there a more or less trustless way to verify the status of the coming releases and testnet?
 

qwizzie

Well-known Member
Aug 6, 2014
1,546
726
183
Mmmm, interestin.
Leaving those paintball games aside for a moment, is there a more or less trustless way to verify the status of the coming releases and testnet?
https://github.com/dashpay/dash/pulls

pull 2643 (Implement LLMQ based ChainLocks) handles ChainLocks, which as you can see is still being worked on (changes requested)
pull 2638 ([WIP] Translations201902) is also something to keep an eye on, its often the final step in an update process (currently at 1 of 19)

The work on v0.14 can be followed here : https://github.com/dashpay/dash/tree/develop
The commits (https://github.com/dashpay/dash/commits/develop) show which pulls have been approved and implemented into the development branche of v0.14

Once testing of v0.14 has been concluded and its ready for release on mainnet, the approved commits will move from the developer branche into the master branche.
 
Last edited: