Bitcoin Satoshi’s Vision, the fork of another Bitcoin (BTC) fork, has for the third time in three months suffered a blockchain reorganization (reorg) attack. With a call to all stakeholders to mark the malicious network branch as invalid, Bitcoin SV (BSV) developers say the attacks have been repelled and all fraudulent chains identified.

The flurry of attacks against Bitcoin SV, though reportedly repelled, highlight the risks associated with proof-of-work (PoW) blockchains that have a low amount of hash rates backing their existence. Indeed, apart from Bitcoin SV, several chains, like Ethereum Classic (ETC) and Firo — formerly known as Zcoin — have been victims of such attempted blockchain reorg exploits.

While not all of such attacks are successful, some proceed with significant economic consequences for honest participants and the network, in general, as the rogue actors responsible for the malicious exploit on the network can double-spend “coins.” The problem has reached the extent that it is theoretically possible to launch these attacks with a few thousand dollars worth of rented hashing power.

Another blockchain reorg attack

Earlier in August, Bitcoin SV suffered a suspected 51% attack that was similar to previous incidents that occurred between the end of June and the first week of July. At the time, it was said that the malicious network exploit resulted in three versions of the main chain being mined simultaneously amid a deep blockchain reorg attack.

This type of attack occurs when a malicious actor controls 51% of the network’s hash rate and can use that hashing power majority to control and prevent block production as well as double-spend coins. The Aug. 3 incident is reportedly the largest-scale exploit against BSV since it forked from Bitcoin Cash (BCH) back in 2018.

At one point during the exploit, the attacker reportedly compromised about 10 hours’ worth of transactions on the Bitcoin SV chain, according to Nikita Zhavoronkov, lead developer at blockchain explorer Blockchair. Reacting to the event, the Bitcoin Association — a Bitcoin SV advocacy organization — advised honest node operators to mark the false chains initiated by the hacker as invalid.

Marking split chains initiated by 51% attackers as invalid is necessary to prevent the hackers from accruing any economic benefit, such as double-spending. Usually, the goal of such incidents is to send mined coins from the fake chain to the exchanges, thereby extracting monetary value from “thin air.”

In its incident update report, the Bitcoin Association stated that the hacker’s attempted 51% attacks were unsuccessful, while urging network participants to ensure that their nodes are only interacting with the chain supported by honest miners. As part of its report, the Bitcoin Association stated that all relevant stakeholders, including the Bitcoin SV Infrastructure Team, will continue to monitor the network to prevent any further attacks.

In a conversation with Cointelegraph, Steve Shadders, chief technology officer of Bitcoin SV developer nChain, stated that both stakeholders are implementing “a range of proactive and reactive measures” to prevent further attacks.

“Together with the Bitcoin Association team, we also worked with exchanges, miners and ecosystem businesses to quickly invalidate the fraudulent chain containing the illegal double-spends by using the invalidateblock command — an RPC code introduced to Bitcoin in 2014 and still part of the codebase for both BTC and BCH.”

According to Shadders, this move invalidated the attacker’s efforts, allowing honest participants to direct their hashing power to the correct chain. Shadders also stated that the attack had galvanized more hashing power to the Bitcoin SV chain to “defend the network.” Indeed, data from BitInfoCharts shows an increase in Bitcoin SV hash rate between Aug. 3 and Aug. 4, with the network’s hashing power growing by almost 15%.

Three attacks in as many months

The fact that there have been three attacks in three months, each using similar methods, has brought up talk of whether there is an agenda against Bitcoin SV. Between June 24 and July 9, Bitcoin SV suffered four separate attempted 51% attacks that resulted in double-spent coins being sent to Bitmart crypto exchange.

In July, Cointelegraph reported that Bitmark was seeking a restraining order from a New York judge to prevent the hackers responsible for the 51% attacks on Bitcoin SV from selling their double-spent coins. As of this writing, it is not apparent whether the August attacker was able to send double-spent BSV to any exchange.

In a note sent to Cointelegraph, the Bitcoin Association clarified that the existence of double-spend transactions in the June and July attacks did not have any detrimental effect on Bitcoin SV users, adding:

“It is possible that the malicious actor has been double-spending their own transactions. No losses have been incurred and nobody has had anything stolen.”

The June 24 and July 1 attacks reportedly went unnoticed, with investigations starting only after the July 6 incident. At the time, some exchanges, including Huobi, paused deposit and withdrawal services for BSV, thereby setting off inaccurate speculations that trading platforms were moving to delist the coin.

Commenting on the likelihood of the August attacks being connected with the earlier incidents, Shadders told Cointelegraph: “At this stage, while we do not have definitive proof that the same malicious actor is responsible for both these latest attacks and the earlier attempts in June and July, the similarity in attack vector and methodology would indicate that it is likely to again be the same attacker.”

The only difference between the two sets of attacks is that the June and July exploits used the pseudonym “Zulupool” — not connected to the legitimate Hathor Network miner of the same name — while the August hacker impersonated the Taal mining pool. Indeed, the June and July attacker is believed to have impersonated Zulupool and has also been linked to the block reorg exploit against Bitcoin ABC back in March.

Given the suspected links between all the attacks, Shadders told Cointelegraph that legal steps were being taken, stating:

“Bitcoin Association and its legal representatives are actively engaged with law enforcement in affected jurisdictions — a process which the Bitcoin SV Infrastructure Team is supporting on an ongoing basis by collecting and collating all of the forensic evidence that the attacker has left behind.”

Vulnerable PoW networks

PoW networks with significantly lower hash rates are vulnerable to 51% attacks since the required hashing power required to commandeer the network only costs a few thousand dollars. In some cases, a few hundred dollars worth of rented hashing power from NiceHash is enough to stage a blockchain reorg exploit on some PoW chains.

According to data from Crypto51 — a platform that tracks the theoretical cost of a 51% attack on PoW chains — it costs about $5,200 to rent the hashing power needed for a 51% attack on Bitcoin SV for one hour.

Ethereum Classic, another PoW network, also suffered multiple 51% attacks in 2019 and 2020. In one incident, an attacker reportedly siphoned over $5 million from the network while only spending $192,000 on hashing power to carry out the attack. However, it is important to note that while such attacks remain a possibility, network actors can take steps to mitigate the vulnerability.

Related: If you have a Bitcoin miner, turn it on

Indeed, in the absence of the superior network effect and massive hashing power of Bitcoin, other PoW chains need to create secondary security protocols to detect malicious blockchain reorgs. To put the hash rate disparity in stark contrast, the total Bitcoin network hashing power is currently more than 320 times greater than that of Bitcoin SV.

Crypto exchanges also need to increase the network confirmation requirement for coins whose chains do not hold sufficient hashing power. Most 51% attackers strive to double-spend their transactions via exchanges, trading their fake coins for the legitimate funds held by trading platforms often on behalf of their users.

Thus, even if the blockchain does eventually fight off the attack, the hacker can siphon value from the exploit by trading their fake coins on exchanges that fail to adopt the necessary minimum confirmation protocols.