Bitcoin Cash SV (BSV), the altcoin born after the fork of Bitcoin Cash, seems not to be as secure as Craig Wright says as some hours ago a user reportedly was able to double spend his coins in a “0-conf transaction”.
The double spend is an attack in which a user manages to spend their cryptocurrencies repeatedly taking advantage of vulnerabilities inherent to the nature of consensus algorithms. Generally, the most feasible causes that can facilitate a double spend are a 51% attack or a race attack.
So far there are no records of an attack of this nature to the Bitcoin ( BTC ) network, something that is even more difficult when it is practically a habit that merchants wait for several confirmations or rely on payment processors.
However, given the nature of 0-conf transactions, an attack of this type, although difficult, is also possible and a user with the alias of “reizu” uploaded a video on Vimeo filming an effective double spend of his BSV tokens:
Reizu Explains What He Did (And How Double Spent His BSV)
The user also wrote about this vulnerability on a blog posted on Honest.cash explaining how he carried out the attack (for educational purposes).
According to his explanation, the root cause of BSV being so vulnerable is because of its centralization. Taking advantage of this situation, he sent multiple expenses through the different nodes which allowed him to prove that the danger is genuine:
Then I had an idea. What if I send each node an unique transaction? Instead of a double-spending, it would be a kind of four-hundred-and-fifty-spending, one for each node of the BSV network … By keeping a record of which node each transaction was sent to (txid), then I could see which transaction is the one that was mined in the next block. That way it would help me for identify the mining nodes.
Indeed, after a few mined blocks I discovered that the transactions that were being mined were those that were sent almost always to the same nodes. I also confirmed what we already knew, that Bitcoin SV mining is very centralized. Specifically:
- 34% of the hashrate is only 1 node.
- 59% of the hashrate are 2 nodes.
- 68% of the hashrate are 3 nodes.
- 75% of the hashrate are 4 nodes.
Therefore, if there are 450 nodes in the BSV network; transaction T1 could be sent to 446 nodes, transaction T2 sent to 4 nodes, and the odds of transaction T2 being mined would be 75%.
Reizu pointed out that from his point of view, to avoid the possibility of this attack, “nodes must communicate with each other when they receive a double-spending transaction (sending a proof), ignoring it silently does not make sense”. He explained that other solutions are simply less convenient.
After this news broke, some Twitter users wrote to Craig Wright asking for an explanation. Weight simply denied the rumors without providing further logical or technical back to his words