A 6 re-org does not mean a '51% attack' was successful. In that case, we'd see unbounded-depth re-orgs/no blocks mined by any other mining pool (assuming the adversary censors other mining pools, as this one does).
It does mean an adversary with a high amount of hash got lucky. I noted there's a discrepancy between their claimed network hashrate and pools' claimed network hash rate.
They may not be including their own hash rate in the network's, in which case they'd need to exceed it. Having 51% would only be 34% of total.
They're an unreliable narrator and I wouldn't trust any data from them. There's insufficient evidence to claim they have 51% of the network's hash power.
I am not that well versed in crypto. I understand the concept of a blockchain and what an n block reorg is, but what is the downside of a reorg? Like who can profit financially and why?
johnpaulkiser 17 hours ago [-]
You get all the money from the block rewards for those blocks if you reorg other miners blocks out.
mvdtnz 1 days ago [-]
What's a "6 re-org"?
acjohnson55 1 days ago [-]
I'm a little rusty with the terminology, but in a blockchain, the canonical current block is the one that has the greatest amount of proof of work (I think they call this the heaviest chain). Typically, each new block is the descendant of the most recent block. But it is possible to create a heavier chain from an earlier block. This invalidates any transactions on what was previously known to be the heaviest chain, and is called a reorg.
The farther back, the less likely a reorg is, so to have a reorg that invalidates is blocks is extremely unusual.
If one entity has a majority of the hash power, they gain the ability to try to force reorgs with a likelihood that increases with their advantage in hash power.
I typed all this before realizing I could have recommend you ask an LLM, and it probably would have given you a better answer.
creatonez 20 hours ago [-]
> I typed all this before realizing I could have recommend you ask an LLM, and it probably would have given you a better answer.
Please don't. This would be useless spam, and is completely rude. Do we tell people to "Just google it?" here?
I don't think that's spam at all, and I don't think I did anything special in my prompt that someone with less background knowledge could have done.
tromp 20 hours ago [-]
User skarz did indeed ask an LLM, which got [flagged] since the LLM gave a distinctly worse answer. Expand the [9 more] below to see it.
jmholla 1 days ago [-]
This was a great answer. I'm glad you spent the time on it. Though I am curious what the 6 indicates.
ningen_000 1 days ago [-]
Six blocks
skarz 1 days ago [-]
[flagged]
tromp 1 days ago [-]
No, it's not 6 blocks longer. It just needs to be 1 longer (i.e. 7 blocks since the last common block), which guarantees a higher cumulative difficulty and thus all honest miners will switch to the new branch, obsoleting 6 blocks on the old branch.
skarz 1 days ago [-]
Well, there you have it. GPT-5 failed a basic explanation lol.
uncircle 1 days ago [-]
Many such cases
1270018080 1 days ago [-]
It would be impossible to enforce, and a place that HN that has leaders who evangelize AI as a cure-all would never do it, but "I asked AI and here's what it said" comments should be against the rules.
dragonwriter 1 days ago [-]
Actually, they shouldn't, because then people will do it without announcing them, and you want them to be open.
They're almost invariably low quality and deserving of downvotes for that reason, but being open is better than them being camouflaged.
1 days ago [-]
dotancohen 1 days ago [-]
Why?
Most such comments are actually informative, and the honesty about asking an AI is an important detail. This particular one was heavily downvoted, as it should have been, because it was wrong. It was still a human writing, trying to be helpful.
dsr_ 1 days ago [-]
You shouldn't downvote entries that are wrong, you should present evidence against them. People shouldn't feel penalized for being wrong, just not rewarded for it.
However, you should downvote for doing things that hurt the community -- and "I asked ChatGPT" hurts the community almost as much as "I googled this for you" does.
aspenmayer 1 days ago [-]
Downvoted for disagreement and for mentioning voting, but I'm telling you why because you think I ought to say something if I disagree, which I'm able to do in this case.
It's fine to downvote things that you believe are wrong or simply disagree with, and I have read mods on HN say that downvoting for disagreement is okay. Asking or insisting for more from an HN user is presumptuous, and discussion of voting is largely considered off-topic and therefore not really what the guidelines suggests we should do.
> Downvoting for disagreement has always been fine on HN. People sometimes assume otherwise because they're implicitly porting the rules from a larger site, but that's a mistake.
> HN has never allowed bots or generated comments. If we have to, we'll add that explicitly to https://news.ycombinator.com/newsguidelines.html, but I'd say it already follows from the rules that are in there. We don't want canned responses from humans either!
These are quotes from dang, not my own. I'm just a HN user, which is why I found the quotes to help everyone make up their own mind what the guidelines say.
dsr_ 17 hours ago [-]
I note that the body of your comment implicitly agrees with me that providing evidence is a good thing :)
The character of a community is formed by what it does more than what it says it does.
aspenmayer 6 hours ago [-]
I would tend to agree that it usually does benefit the discussion to say why one disagrees instead of a simple drive-by downvote, but when folks have already agreed to disagree or are in the process of reaching such agreement, more rabble-rousing inclined folks tend to jump into the fraying thread to sow discord, so I understand why it’s not in the guidelines that we must specify why we downvote or flag instead of just doing so.
The whole comment is worth a read, so here’s just a taste:
> Our goal is to optimize HN for intellectual curiosity, which requires a higher signal/noise ratio. Downvotes dampen low-value comments. I know downvotes do bad things too, but that's the good thing they do, and it's big. Taking that away and/or increasing the noise with a flood of people disagreeing about their disagreements would not be an optimization.
cyanydeez 1 days ago [-]
America would be screwed if owning 51% of its value meant you could rewrite ownership.
*gestures wildly*
01HNNWZ0MV43FF 21 hours ago [-]
Good thing you need 30 percent, a larger number
leokennis 18 hours ago [-]
Didn't know ChatGPT was on HN
NooneAtAll3 2 days ago [-]
who are "they" you're talking about?
vlugorilla 2 days ago [-]
"They" refers to Qubic (by Sergey Ivancheglo), a blockchain network that uses a "Useful Proof-of-Work" system, so it is not built for traditional cryptocurrency mining that solves arbitrary puzzles. Instead, it uses the collective processing power of its miners to train an AI. Qubic's AI-training work is performed by CPUs, same as used by RandomX (Monero's mining algo).
Qubic was able to orchestrate its network of miners to temporarily halt their AI-related tasks and redirect their collective CPU power to mine on the Monero network instead.
Also, Qubic has implemented an economic strategy that involves selling the Monero it mines for a stablecoin like USDT and then using those funds to benefit its own ecosystem and attract more miners, and renting hardware to gain more hash power. The proceeds from the sale of XMR are used to buy Qubic's native token (QUBIC) from exchanges. These purchased tokens are then "burned" or permanently removed from circulation.
sidewndr46 1 days ago [-]
This seems oddly similar to the whole IRON/TITAN thing years back, but with extra steps.
greazy 2 days ago [-]
What's their objective?
treyd 1 days ago [-]
My guess would be to turn the crank of a ponzi scheme until it falls off.
However,
> Qubic's AI-training work is performed by CPUs, same as used by RandomX (Monero's mining algo).
I don't understand how this makes any sense at all.
fruitworks 1 days ago [-]
I've looked into the "source code", and it doesn't. There is no such thing as useful PoW. Qubic isn't actually a decentralized cryptocurrency. It's closed source, runs as a EFI executable, and is only accessible from their discord channel.
The attack is no different than paying miners to join a malicious pool. It works as long as money flows in.
OneDeuxTriSeiGo 1 days ago [-]
There is such a thing as useful proof of work. Qubic may not be doing it but it does exist. The linked papers [1][2] are examples of way to do it. They aren't 100% "useful" but rather achieve partial efficiency by essentially forcing miners down random paths in a manner that limits the ability to complete work ahead of time or otherwise "cheat".
Proof of useful work feels like it's one and a half steps removed from discovering seigniorage and reinventing money.
OneDeuxTriSeiGo 1 days ago [-]
I mean that's just proof of work. PoUW is just an attempt at converting some of that work into something worthwhile and not pointless hash grinding.
There's a lot of re-inventing the wheel in the cryptocurrency space but on the formal academics side of the space people are very cognizant of what they are working on and their work is focusing on improving very specific properties of consensus algorithms.
fruitworks 1 days ago [-]
I will have to read these papers then. My intuition is that it's impossible to usefully use PoW to train neural networks because you have to rely on user-submitted training data in order to work which allows you to cheat by pre-determining the solution to your own work.
It's not a terrible idea, but I've yet to see it be inplemented. Gridcoin is one typical example where it's just PoS with "useful PoW" tacked on for token distribution, and doesn't actually use PoW for security.
nullc 5 hours ago [-]
> There is such a thing as useful proof of work.
Not really-- or, rather, the security provided by proof of work is only proportional to the part of the cost above the fair value of the useful work.
One of the main idea behind POW security is that you spend energy and the thing you get for it is income in the blockchain. And so if you mine unfaithfully your work will end up on a chain of debased value or won't end up in the eventual consensus chain at all.. so your effort is burnt out.
Now imagine a POW that costs $5 in energy and does $5 in "useful work" --- well in that system you can now attack for 'free'. Or say it costs $6 in energy to mine plus due $5 in "useful work". There your security is related to the $1, the $5 is mostly coming along for a ride.
There are other problems with "useful" proof of work: e.g. A POW function should ideally be approximation free and optimization free... if an attacker invents a better version they gain an advantage. So e.g. if the miner detects that this particular work instance is 'hard' they can just discard it and try another. This makes it really hard to do much of anything 'useful' except the most contrived kinds of 'useful' without creating vulnerabilities.
But difficulties aside, the fact that outside benefits don't contribute to security (or at least don't contribute much) makes the whole idea space kind of unexciting.
fruitworks 1 days ago [-]
Gain media attention and pump their coin.
moomin 2 days ago [-]
To summarise:
* One actor in the space appears to have done a proof of concept takeover of 51%.
* It’s not clear there was any malicious action nor intent in doing so.
* Performing something like this is definitely expensive.
* The potential impact of doing so is disputed.
* Whether or not it was achieved is also disputed
However, what has been known you some time is that the largest BitCoin miners have more power than the entire community of many alt-coins. Whether this is an issue is a matter for debate. Certainly, until now, no-one has chosen to flex like this.
nickysielicki 2 days ago [-]
> Whether this is an issue is a matter for debate.
Monero uses RandomX, which is intentionally chosen to make it difficult to accelerate using hardware that is common with other coins. It’s almost certainly not what happened here.
latchkey 1 days ago [-]
CPU was a terrible choice.
pas 1 days ago [-]
why? what's better?
JKCalhoun 1 days ago [-]
It would be interesting if a "coin" were tied to protein folding prediction or something else useful.
MadnessASAP 1 days ago [-]
Proof-of-Work fails if the work has value.
ssd532 23 hours ago [-]
why?
MadnessASAP 21 hours ago [-]
In Proof-of-Work the cost of the work is what keeps the network honest. If the work has value then an attacker is free to invest as many resources as I want into subverting the network. Even a failed attack can still be profitable, just less so.
In another scenario, where the works value is less then the cost you're still hoping that at no point in the future will an attacker figure out a way to do the work at a net profit.
The only way the network can be trusted is if the work has definitely now and always, 0 value.
chipsrafferty 15 hours ago [-]
Not littering has value. However, if I don't litter, it doesn't benefit me, and I cannot profit off of it; no matter how eco-friendly I am, I get no value from it.
OldfieldFund 16 hours ago [-]
Am I wrong in saying that the work has negative value? And there are different degrees of that. Bitcoin's negative value is larger.
MadnessASAP 15 hours ago [-]
You are not wrong, the output has no value. The work then being Value Out - Value In.
4gotunameagain 22 hours ago [-]
I don't think it's true, look up Proof of Useful Work
moomin 17 hours ago [-]
Which, ironically, is used by the attacker in this case.
Since ASICs are built for mining one specific algorithm and no other, ASIC miners are invested in the survival of "their" mining algorithm.
If there are several competing coins using the same algorithm, it may be possible to incentivize ASIC miners to destroy one of them if it benefits the others, but even then it's risky.
CPUs in contrast can be used for a million different things, CPU miners are not incentivized to support any given crypto project. It's also much easier to rent large amounts of CPUs than of ASICs.
latchkey 1 days ago [-]
Disclaimer: ran a 150k GPU eth mining operation
PoS is the obvious choice now that ETH has had a bit of time to run. But, I remember when they went through the switch (before ETH PoS). Doing some sort of variation on GPU memory hard mining would have been a smart choice (ethash, progpow, etc), knowing full well that ETH would eventually go PoS. It would have given all the miners something to switch to, instead of just shutting down entirely, because there wasn't anything but ghost chains.
subsistence234 14 hours ago [-]
I'm still a fan of PoW. PoS incentivizes centralization.
latchkey 14 hours ago [-]
Hilariously posting in a thread about a 51% attack happening, because of miner centralization.
subsistence234 10 hours ago [-]
It's mainly an argument against CPU/GPU mining. If you have invested in specialized hardware that can mine only one coin, you're strongly incentivized to protect trust in that coin. An attacker like Qubic would need to pay you a lot more than they need to pay a CPU miner.
latchkey 9 hours ago [-]
So then, _centralize_ around an ASIC?
Tell me, how well did that work for Grin?
subsistence234 6 hours ago [-]
>Tell me, how well did that work for Grin?
Crypto projects succeed/fail for all kinds of reasons that are completely unrelated to de-/centralization. You'll have to be more specific about what Grin's case should teach us.
>So then, _centralize_ around an ASIC?
ASICs are commodities. For BTC (SHA-256) there are at least 8 different companies producing ASICS, and even a smaller project like KAS (kHeavyHash) has >4 competing companies. Not much centralization risk on that side, at least not for mature projects (which a hypothetical ASIC-XMR would be by now).
The main challenge for ASIC-miners is the same as for CPU- and GPU-miners: cheap electricity -- and that's not something that can easily be centralized.
lagniappe 2 days ago [-]
>until now, no-one has chosen to flex like this.
The two networks have wildly different proof-of-work algorithms, they're incompatible. A BTC ASIC will never mine Monero, ever.
soganess 1 days ago [-]
I ask this not as a gotcha (I don't know the first thing about this), but rather because I'm interested: How do you know not "ever"?
Like, trivially, it's an ASIC, so I can use it to simulate a von Neumann[*] machine, hence I can use it to run whatever algorithm I want. Would that be more efficient than using a modern OoO superscalar? Almost surely not, but that doesn't mean it can't be done, just that it shouldn't be done that way.
*: I realize that the ASICs used in Bitcoin miners don't have dram access, but that isn't a general limitation of ASICs, just those ASIC 'chips' (and maybe not even those chips, just their implementations in bitcoin miners)
EDIT: Thanks to everyone who answered! For some reason, I had it in my head that the way we implement fixed function stuff in an ASIC was basically the same as a "burn once" FPGA. Brains gonna brain.
tux3 1 days ago [-]
>Like, trivially, it's an ASIC, so I can use it to simulate a von Neumann[*] machine
No, that doesn't follow at all. An ASIC doesn't mean a general purpose CPU or FPGA. A chip that only knows how to do, say, video decoding is an example of ASIC. The video chip can't do bitcoin, the bitcoin chip can't do monero. They're not general purpose.
BoppreH 1 days ago [-]
You might be confusing ASICs with FPGAs. You can't reprogram an ASIC, the algorithm is fixed at design time, and the chip built for this single purpose.
blibble 1 days ago [-]
> Like, trivially, it's an ASIC, so I can use it to simulate a von Neumann[*] machine
asic does not mean turing complete
good luck simulating a von neumann machine on a sha256 accelerator
rokkamokka 2 days ago [-]
That's not true for all altcoins however
scyclow 2 days ago [-]
Pretty much everything other than bitcoin, monero, and dogecoin are running proof of stake these days anyhow, so it kind of doesn't matter.
subsistence234 13 hours ago [-]
KAS is PoW, at ~240 times the hash-rate of LTC, ~120 000 000 times the hash-rate of XMR, and 0.0007 times the hash-rate of BTC. Obviously not really comparable...
In fact, Litecoin has an optional privacy feature called MWEB, which is probably why Litecoin too got kicked off of being named on some conventional news sites.
yieldcrv 2 days ago [-]
Its always hilarious when someone launches an L1 with an algorithm everyone can already dominate and it gets attacked immediately
Last time I saw that was on photonics processor blockchains
idiotsecant 2 days ago [-]
That's not at all relevant to parent post's point. BTC mining is famously centralized, and continues to get more so. It is inevitable that a manufacturer of BTC asics with access to cheap power will become large enough to control 51% of the hash. It's inevitable. It's bad system design - it makes being able to manufacture your own custom silicon table stakes to run a financial system for some reason.
BTC will have to move to a proof of stake design to survive. It's unavoidable.
ifwinterco 2 days ago [-]
That is debatable, but also besides anything else, changing to PoS means changing the tokenomics (some tail emission for staking rewards, no 21m hard cap), which means it's incredibly unlikely to happen
ChadNauseam 1 days ago [-]
why would staking rewards be any more necessary than mining rewards?
ifwinterco 22 hours ago [-]
In the end state (after ~2140), mining rewards just come from TX fees. But true, it is possible you could just redistribute TX fees to stakers.
Post-merge ethereum is designed so that the gas fees and the staking rewards roughly cancel out on balance (so overall inflation is around zero), but they are decoupled so even if nobody is using the network you still get a staking yield
eurleif 22 hours ago [-]
>so overall inflation is around zero
Pedantic point: monetary inflation is around zero, not necessarily price inflation (which is what people typically mean when they just say "inflation").
ifwinterco 15 hours ago [-]
Yes sorry, important clarification.
In theory if the entire world was on an ethereum standard with a steady state population, price inflation would also average out to zero
LikesPwsh 2 days ago [-]
BTC can't move to proof of stake because religious zealots would keep their money in the old fork.
It's doomed in general, see the cash fork.
latchkey 1 days ago [-]
Tokenized bitcoin.
robocat 2 days ago [-]
> It is inevitable that a manufacturer of BTC asics with access to cheap power will become large enough to control 51% of the hash
The ASIC manufacturer would also need a backdoor. ASIC manufacturers don't control mining.
Large miners are unlikely to allow backdoors into their mining network.
passivegains 1 days ago [-]
I think they mean the manufacturer would just keep most of the stock for themselves. Reminds me of that famous Scarface quote: "You should get high on your own supply, it's a great idea that won't end horribly."
fruitworks 1 days ago [-]
ASIC miners often do control mining. They often mine with chips before they drop them in the public market
idiotsecant 1 days ago [-]
>ASIC manufacturers don't control mining.
I dont think you understand the BTC mining ecosystem
mattwilsonn888 2 days ago [-]
"Performing something like this is definitely expensive"
That is false. A 51% attack is only expensive to the degree to which the hashpower required to exceed 50% is obtained at negative margins.
If an attacker can collect the total 51% or more hashpower at what would be a profitable rate despite the attack, then the attack is not "definitely expensive" - no, the attack is definitely profitable and the expense falls sorely on the minority.
hombre_fatal 2 days ago [-]
Just because something is profitable doesn't mean it's not expensive, which only means it costs a lot of money.
Or, you need to spend a lot of resources to do the attack even if it's the case that you get that money back when you succeed. And the attack is not available to you if you can't front those resources (because it's expensive rather than cheap).
marcosdumay 1 days ago [-]
I guess the clearer term for that would be "capital intensive".
ozlikethewizard 2 days ago [-]
surely the fall in value of XMR caused by such an attack would make it unprofitable as well
jcfrei 2 days ago [-]
You could just short XMR heavily and profit that way.
loxs 1 days ago [-]
You can only do that on centralized exchanges, which would mean that you effectively doxx yourself by shorting. Also the exchange will most probably seize your funds before you are able to withdraw them.
0x457 1 days ago [-]
Not sure how are you doxxing yourself, what stopping me from YOLOing my life savings into this short after reading a few comments in this thread?
subsistence234 13 hours ago [-]
You'd have to spend $30M per day in order to control 51% of XMR, and then you'd YOLO your life savings (which would have to be another couple hundred million dollars) on centralized exchanges without anyone noticing?
0x457 12 hours ago [-]
I meant I, as someone that is aware of attempt to take over, not as an attacker.
It's only doxxing if you can, you connect that large transaction to the attacker, but you can't unless I'm missing something.
subsistence234 10 hours ago [-]
Oh yeah for sure.
blantonl 2 days ago [-]
Or, you need to spend a lot of resources to do the attack even if it's the case that you get that money back when you succeed.
There is a word for this. We call it risk.
zamadatix 2 days ago [-]
I'm not sure I'd call this risk. Risk would be "you can invest the money, but you might not get it back" however the above is referring to the "a 51% attack absolutely works but you need a shit ton of money to do it" aspect instead. This makes it capital intensive, not (necessarily) risky.
freehorse 2 days ago [-]
The fact that it succeeds does not mean that you get the money back (eg the price of monero could drop if that happens). You may also have miscalculated some parameters in all this or something unexpected happens (where human factor is involved). So there should always be risk involved imo. Otherwise I agree, even in a probability 1 success situation this would still not be called "cheap".
zamadatix 2 days ago [-]
Agreed, no such thing as a real-world investment with truly 0 risk.
IncRnd 1 days ago [-]
It is absolutely risky. Your facilities can burn down once the ASICs arrive and before they are turned on, or your employees simply steal them for their own uses. Heck, you can have a fire once they get powered-on, because a power cable was poorly made. You might get sent the wrong product, or you could be ghosted without a delivery.
Expensive is a better fit than capital intensive, because there are massive ongoing costs to actually perform the attack, electricity for one.
If you want to understand the risks for a project, pretend you are at arms length and are being asked to fund the project 100% up-front. You'll find a huge list of risks very soon.
zamadatix 17 hours ago [-]
This is why I didn't say it made the investment risk free, I said being capital intensive does not make something (inherently) risky. There is no such thing as an investment without risk, but how risky it is is largely orthogonal to how capital intensive it is, and the above was talking about the latter so using the term "risk" for that half is not a great correction.
loxs 1 days ago [-]
Having the power to deny others to mine blocks does not mean that you can obtain the tokens from their wallets. Miners can't sign transactions on users' behalf. You can rewrite all of history but then no exchange will accept your version of it to let you exchange the tokens for fiat. Also this will almost certainly crash the price of XMR substantially. And later people will be able to fork/restore the original version. The technological side of the blockchain is only part of the consensus/trust/market/popularity. People are the other part, and people will not pay the attacker for their successful attack.
MadnessASAP 1 days ago [-]
The attacker doesn't need to steal tokens. They just need to short the token while they sufficiently disrupt the network to drive down the price. They get the money and your tokens become worthless.
subsistence234 13 hours ago [-]
Controlling 51% of XMR costs ~$30M per day, you'd have to short a huge amount of XMR to make that worthwhile. Who would be the counter party and how would you do that anonymously?
The attack itself is unprofitable, the "profit" for Qubic is the publicity they get. (or at least that's what they're betting on)
MadnessASAP 11 hours ago [-]
Monero has a theoretical market cap of $4.7B USD and daily volumes >$100M USD. I wouldn't recommend taking that short position in one go but over a few days and a few exchanges I wouldn't see a problem acquiring a very large short of the token.
2 days ago [-]
dumbfounder 2 days ago [-]
Unless they drive the price into the ground.
ethagnawl 2 days ago [-]
Right? If an attack like this is successful _and_ obvious/detectable, then it _should_ drive the price into the ground.
JKCalhoun 1 days ago [-]
Shades of the Hunt brothers attempt to corner the silver market in the 80's [1].
When people say foo is expensive, they mean the gross cost not the net profit.
devmor 2 days ago [-]
If I buy a yacht for $2 millón and sell it for $4 million, it’s still an expensive yacht. Profit doesn’t make it less expensive.
apercu 2 days ago [-]
In all seriousness, can you explain why the "impact of doing so is disputed". In my laypersons understanding, if you control ~51% of the hashrate you can outpace everyone else in producing blocks, which means you can change (reorganize) your blockchain history which means the ledger isn't trustworthy. Right?
PhilippGille 2 days ago [-]
It's worth being precise here:
- The attacker can doublespend their transactions if their hashing power is high enough to create more blocks than what the recipient is waiting for. E.g. you buy a lambo, the shop waits 10 blocks after the tx is in a block and gives you the lambo, then you create a longer chain with 11 blocks to replace the other one, and don't include the original lambo tx. 51% of hashing power is enough to create new blocks, but not enough to create 11 alternative blocks. That requires more hashing power.
- The attacker can prevent other transactions from landing in a block, as long as they have majority
- But the attacker can't create fake transactions (e.g. if they only have 1k Monero, they can't create a tx with 2k Monero). Because all nodes (not only miners) still verify the transactions
- And the attacker can also not steal your money, because they don't have your private keys
apercu 2 days ago [-]
In my head I kind of simplified it - if I can reorder the blocks in my history I can "reverse" a transaction, like "erase" that I bought a lambo yesterday so today I have not only the lambo, but the money that was in my account before I bought the lambo, too. But maybe me trying to over simplify and missing the forest for the trees (this is very much not my domain).
Ekaros 20 hours ago [-]
My understanding is limited. But in addition to not making transaction "not happen". It is better to make new transaction for money. As the transaction would still be valid later and could be included later. Thus "double spend".
2 days ago [-]
corimaith 2 days ago [-]
That's the point, you can only change YOUR history. From the perspective of future merchant, that's the trivial to deal with. And for existing transactions, you'd need the value of the goods from the transactions to exceed the cost of controlling to network to be worth it. But what kind of goods that can be transferred so quickly be worth that much?
xnorswap 2 days ago [-]
Maybe there's more resilience to prevent chain swaps now, but my understanding of the original blockchain algorithm is that:
At block N someone could start to privately mine (empty) blocks.
They keep mining in private until block N+x is public, at which time the private (51%) chain is length N+x+1.
They then announce their longer chain.
By the protocol, this longer chain (technically "most work" chain) is the more trusted one, and undoes any transactions in N+1 through N+x.
SamPatt 2 days ago [-]
More or less, but the private chain doesn't need to contain empty blocks.
A more sophisticated attack would include all the legitimate transactions on the network except for their own transaction(s) which they're trying to double spend. That way the network isn't disrupted apart from the parties you're double spending against.
xnorswap 22 hours ago [-]
Indeed, but I was arguing that the parent claim that "only your transactions" could be affected was false.
It's true that you can't synthesise false transactions, but you can undo anyone's transactions, not just your own.
LikesPwsh 2 days ago [-]
That way you can also claim 100% of mining rewards with 51% hash rate.
_3u10 1 days ago [-]
How? If that were true you’d also be able to get 50% of block chain rewards with 25.1% of the hashing power. But you can’t because it isn’t true.
Sohcahtoa82 1 days ago [-]
If you control 51% of the hashing power, that means you can solve more blocks than the entire rest of the network combined. Even if other nodes on the network solve a couple blocks before you, statistically, you will eventually create a longer chain of blocks and the network will switch to your chain.
But your chain has every block solved by you, giving you all the block rewards.
That's the magic of the 51% attack. You gain control of the blocks. Because that extra 1% isn't a HUGE margin, it may take a while for your chain to become the winning chain, but theoretically, it will happen.
dbdr 1 days ago [-]
You only mine blocks on top of your previous blocks, ignoring blocks produced by the 49%. Since you have 51%, your chain is the longest over time, so you have 100% of the mining rewards.
You can't do that with 25% (or even 40%) hashrate.
the_sleaze_ 2 days ago [-]
Yes.
nomilk 2 days ago [-]
Newb question, but why's it expensive, aren't they mining the whole time and can therefore make the usual money from that mining?
treyd 2 days ago [-]
You are correct. It's expensive if you want to go rewrite history. 51% is when that becomes economically viable to do on its own.
subsistence234 10 hours ago [-]
AFAIK Qubic (the company) is paying people extra to mine XMR through Qubic (if you mine $1 worth of XMR, you get $1.50 worth of QUBIC (the coin) which you can then sell). Qubic (indirectly) loses those extra $0.50. If on average the miners sell too much (more than two thirds of the rewards), then Qubic has to buy their own coins back in order to keep the price stable. Qubic bets on their coin pumping from the publicity.
You don't mean to suggest that a scammy cryptocurrency entity that is currently bragging about attacking a competing system might ... lie to people???? Is that possible?
fruitworks 1 days ago [-]
Peek the % of unknown miners in the pie chart at the bottom
dumb question: i took a look at https://miningpoolstats.stream/ethereumclassic for ethereumclassic and f2pool.com seems to have ~64% of the total hashrate... is that a takeover as well ?
idiotsecant 2 days ago [-]
I mean, it means that eth classic's ledger is rewritable on a whim by that that pool, if it has central control.
chuckadams 2 days ago [-]
The thing about 51% attacks is they're hard to pull off in secret. And once they happen, who's going to accept the coin anymore? Plenty of potential for sheer destruction, but it seems pretty counter-productive to value.
chaboud 2 days ago [-]
If only someone offered derivatives contracts that could be used to make money from destruction...
Reminder: if you want to bet on an asset's demise (i.e. short it), you don't need a derivatives market, you just need to be able to borrow the asset and sell it. So you could accomplish the goal there by borrowing Monero and converting it to USD. A lot of smartcontract platforms let you do this -- including on other chains, where they hold a token convertible into the original chain's native unit.
I bring this up because people are always asking what platforms are allowing me to short cryptocurrencies, which seems to miss that it's enough to just have a debt denominated in what you want to bet against.
loxs 1 days ago [-]
Yeah, but the moment that happens they will confiscate/block the funds of the shorters.
dbdr 1 days ago [-]
Based on which specific law or rule?
loxs 10 hours ago [-]
Based on how the crypto world works 100% of the time.
this_user 2 days ago [-]
It's Game Theory problem. If you are getting more value out of the system by maintaining it in the long-run, it would make no sense to attack it and destroy its value. However, once you can extract more value in the short-term through the attack than by being a long-term participant, it becomes attractive.
With BTC's block reward continually being reduced, TX fees will have to increase in order to avoid reaching the point where large miners could become tempted to attack the network.
taylorius 2 days ago [-]
Maybe destruction is their goal.
seanw444 2 days ago [-]
A lot of people would like to see Monero burn.
dyauspitr 2 days ago [-]
Monero has been under constant attack from its inception. It’s one of the only truly anonymous, untraceable payment systems so there has been a huge push to make it unviable. It was unexplainably delisted from major crypto exchanges in the past and now is under direct attack.
cassonmars 1 days ago [-]
It's not inexplicable, they just don't want to explain that their asset listings are effectively beholden to banking partners in the same way that steam was forced to remove certain games because of Visa and Mastercard.
dehrmann 2 days ago [-]
Unknown crypto vulnerabilities and 51% attacks are crypto currency risks that are theoretically out there, but we mostly haven't seen play out.
At some point, someone doing AI might amass enough GPUs to do a 51% attack on Bitcoin. You're right that it destroys confidence in the coin, so if you short Bitcoin futures before the attack, you might make money.
15155 1 days ago [-]
> At some point, someone doing AI might amass enough GPUs to do a 51% attack on Bitcoin.
This is electrically impossible for Bitcoin specifically, modern ASICs exceed 3 orders of magnitude more hashes/Joule and hashrate/chip than a RTX5090 and cost $2-40 retail per chip.
Sohcahtoa82 1 days ago [-]
People haven't mined Bitcoin on GPUs in over 10 years.
Looking at that website I see that the unknown pool keeps getting a longer chain and it switches to it
subsistence234 10 hours ago [-]
What percentage of unknown miners is Qubic?
Etheryte 2 days ago [-]
Unless I'm missing something, this doesn't pass the sniff test. If a 51% attack was successful, every other miner could easily spot this and would stop mining. The fact that this has not happened is more trustworthy than a random guy on Twitter.
treyd 2 days ago [-]
Unless the attacker was actively choosing to exploit the 51% hashrate power they have then it would still make economic sense for remaining minority miners to keep mining.
immibis 2 days ago [-]
Why would every other miner stop mining, making it a 100% attack?
Yesterday I was running a Monero node and looking at it, and got an unusually very high number of chain reorganization messages. I could believe a 51% attack happened.
corimaith 2 days ago [-]
A network might collectively just fork the chain and blacklist the attacker in that fork.
jadamson 2 days ago [-]
That isn't possible - miners don't have an "identity" to blacklist.
im3w1l 2 days ago [-]
You could do it with a whitelist. If there is a fork, give disproportionate weight to blocks mined by a whitelisted participant when doing the longest-chain calculation. Ideally you should include the proof of being on the whitelist in the block itself, but if that's not possible for some reason you could always send the information off-chain.
jadamson 2 days ago [-]
That's centralization, which is the opposite of what's intended and has its own risks. Most blocks are mined by pools, so you'll have to whitelist them, and while you might trust the pool operators now, will you forever? You'll be making the cost of an attack significantly cheaper for them (or someone who steals their magic key, or tricks you into adding them to the blessed list).
im3w1l 2 days ago [-]
I agree that it is not ideal. But addressing some of the specific point brought up:
1. a) The list doesn't need to be hardcoded, it could be a configuration. b) So trust doesn't need to be permanent. c) It could be decentralized in the sense of allowing different people to have configs 2. Miners not on the list can still participate just with lower weight in the case of a fork. And they still get full reward.
jadamson 2 days ago [-]
1. A cryptocurrency requires consensus, so no, you can't have different configs for determining the validity of a chain. Making it a config variable only makes it faster to close the barn door after the horse has bolted.
2. Has no bearing on any point I made.
What will likely happen is a PoS BFT layer on top of PoW, although there are other options being considered:
As long as people eventually reach the same conclusion about which chain is the legit one it's fine that they use different reasoning to arrive at that conclusion.
If they fail to ever converge there is probably such a large disagreement in the community that a fork is for the best anyway.
jadamson 1 days ago [-]
> As long as people eventually reach the same conclusion about which chain is the legit one it's fine
What? No, it very much it isn't. Consensus needs to be ongoing, within a handful of blocks (Monero locks transfers for 10 blocks for this reason, called "confirmations").
Firstly, I think you underestimate how quickly good faith actors with slightly different configs would come to agree. A handful of blocks should be enough. Secondly, if reorgs start becoming a problem, exchanges and merchants could monitor for a situation with two competing chain and temporarily suspend processing. There is still the possibility that some one will suddenly reveal a long chain they had kept secret, but anyone doing such a thing is very suspicious.
jadamson 1 days ago [-]
Please post your suggestion in the issue I linked.
treyd 2 days ago [-]
If you're doing a whitelist of trusted parties you might as well do classical BFT without the mining.
max_ 2 days ago [-]
>Sustaining this attack is estimated to cost $75 million per day.
This is how proof of work systems operate.
They are very expensive to attack but very cheap to recover from.
$75m per day is clearly unstainable.
Soon they will give up and the network will recover cheaply.
The attack is more of a nuisance than the end of Monero.
arrowsmith 2 days ago [-]
> $75m per day is clearly sustainable.
Is this a typo or am I misunderstanding something?
transcriptase 2 days ago [-]
I’m guessing it’s implied that the return would be higher than $75m a day.
max_ 2 days ago [-]
Thanks.
"unsustainable"
m_herrlich 2 days ago [-]
now it says unstainable
Also true!
sschueller 2 days ago [-]
Depends what the goal is. A state that wants to break the anonymity of the system doesn't care about $75m per day, specifically a state that can just print that...
woah 2 days ago [-]
I'm not familiar with Monero's privacy system, so I can't say for sure, but it is very, very unlikely that a reorg could in any way break anonymity.
fruitworks 1 days ago [-]
Reorgs dont break anonyminity
idiotsecant 2 days ago [-]
The problem is not that the system is constantly under attack. It's that it can no longer be trusted to be secure. Nobody with money on chain will say 'oh well, probably nobody will steal my money today'.
do_not_redeem 2 days ago [-]
A 51% attack doesn't let you steal random people's money.
idiotsecant 1 days ago [-]
It absolutely does, just not directly. Say that you have 100k fiat equivilent in monero and I demonstrate a successful monero double-spend attack. How much do you think your monero is worth?
do_not_redeem 1 days ago [-]
My man. What do you think the word "steal" means? You can't just redefine words because you don't like new technology.
Do we need to drop down to 1st grade story problems?
---
Alice has 1 apple. Eve has 0 apples.
Eve steals Alice's apple.
Now Alice has 0 apples. Eve has 1 apple.
---
Alice has 1 XMR. Eve has 0 XMR.
Eve 51% attacks Alice's network.
How many XMR does Alice have? How many XMR does Eve have? Show your work.
idiotsecant 7 hours ago [-]
The only reason this seems like an unusual definition to you is that you haven't thought about it very hard, yet. The critical thing is not how many XMR you have. It's what value those XMR carry. If I create from thin air 1000 XMR and it's known to the market I didn't just 'make' a certain amount of value, I made myself richer by making a lot of people less so. I stole value from them and gave it to myself, just like someone stealing a ham at the market. The only difference is that instead of burning one ham of value for one ham of benefit, I burn many ham of value for one ham of benefit.
Appears to be legit, but not really a nefarious attack.
sigmar 2 days ago [-]
>Did Qubic really attack Monero ? No, according to official statements, it was a planned stress test to identify vulnerabilities in the Monero network.
"not really a nefarious attack" is an insane summation of this article. There's zero way for someone outside of qubic to verify that they didn't do something nefarious while controlling the network. Stated another way- anyone could call their 51% attack a "stress test"
Stevvo 2 days ago [-]
That entire article reads like propaganda/doublespeak.
"Planned test". Planned by whom? Planned by the attackers. The reorg did happen.
spoaceman7777 2 days ago [-]
This is a bot hoax. The only news here is that twitter still hasn't fixed its insane spam account problem
This man is a true poet, just beautiful look at this quote found on his exTwitter:
(quote starts here)
"""Writing this date here to memorize when the concept of Decentralized Artificial Intelligence (#DAI) got its final shape.
Not bullshit like "It runs on a #blockchain so it must be decentralized". In this concept each entity holds a secret know-how which modifies #IntelligentTissue (in cooperation with other know-hows owned by other entities, if needs to solve a complex task). Secrecy of each know-how ensures nobody can copy it, others can only attempt to create something similar by spending computational resources.
Each #AI is an original object, #IntelligentTissue is its hologram. #Qubic is the platform for AI creation, their convergence and intelligent tissue hosting"""
isoprophlex 1 days ago [-]
Psychosis or marketing scheme? Who can even tell the difference anymore...
typpilol 1 days ago [-]
He's a bit insane. I did the same thing to the iota Network and brought it down to 0% confirmation for a month
Trust me he did not like it
Husieandr 2 days ago [-]
[flagged]
art_vandalay 2 days ago [-]
100% a fed action. Government influence has been pushing Monero off of exchanges and now this. Why? Because Monero has true anonymity.
rootsudo 2 days ago [-]
Interesting, I don’t disagree but would like to learn more.
nickysielicki 2 days ago [-]
If you exchange Bitcoin for cash, the IRS can retroactively look at every wallet that this money originated through. If they decide that they don’t like how certain coins were earned, they can mark them and any wallet they touched as poisoned, and put you in jail if you try to exchange them further.
Monero transactions are inherently obfuscated, which solves this problem. If you want more details, the Monero whitepaper is well written to be accessible for the common reader.
> Monero transactions are inherently obfuscated, which solves this problem.
It solves the problem by making all participants culpable. The blockchain community is very good at imagining they have technical solutions to social problems.
nickysielicki 2 days ago [-]
I don’t believe US courts would see it the same way, if you use Monero for legitimate transactions you will not go to jail.
afan2k 1 days ago [-]
By your logic, anyone using cash would be culpable for illegal transactions. Same with VPNs/Tor.
vintermann 1 days ago [-]
I think speech is not the same money, and that any kind of property you expect others to respect comes with obligations. Why should I respect your property claims if you can't show me you didn't steal your property?
But that's really beside the point, because it isn't me who will come after you, it's the IRS (or equivalent). If you spend a lot of money, you're in trouble if you can't explain how you got it. And if you explain that you participated in a network which has as its only purpose to destroy evidence of how you got it, you're usually in extra big trouble.
nickysielicki 1 days ago [-]
There's a little bar in Cupertino, Paul & Eddie's Monta Vista Inn. They only accept cash. Should they be shut down and have their assets seized? After all, what possible reason could they have to operate as cash only, in Silicon Valley, other than that they want to destroy evidence of how they earned it?
vintermann 1 days ago [-]
Again, it's beside the point what they should. Small businesses have "know your customer" requirements too, and if this little bar made suspiciously much money from cash sales, the government will come looking to make sure it isn't a money laundering operation.
If you think it shouldn't be that way, you are faced with a problem. A social political problem. Which Monero does nothing to solve. Which is the point.
googlehater 1 days ago [-]
Can you elaborate?
ysofunny 2 days ago [-]
fiat money has to be a monoply
specially given its only backing is "trust" (trust that you won't get invaded or overthrown)
anonymous alt coins, real digital cash, are competition to the monetary system. there can be only one.
fnands 2 days ago [-]
I am way OOTL with crypto drama.
Anyone have any context about who Qubic are, and what their deal is?
Sidenote: IDK how is Ledger, a French company, still in business after compromising ~300k users' physical addresses[1] amongst other PII, ~5 years ago.
What is qubic offering to miners that other pools can't?
nunobrito 2 days ago [-]
Gamification. They are supposedly offered some other shitcoin in return for the monero that they mine. I've tried it myself some months ago, it is noticeable that they were lying about the number of miners on that platform.
2 days ago [-]
redwood 1 days ago [-]
Reminds me of the old IRC Channel takeover
2 days ago [-]
api 2 days ago [-]
One of the major things that has always bothered me about crypto: if an economically "irrational" large player wanted to 51% something like Bitcoin, they could.
I am thinking of, for example, a nation-state. Let's say the US, EU, or China decided for some reason that it was in their national interest to blow up Bitcoin. This could happen if an adversary like Russia or its allies were using Bitcoin for funding and there was a war or a major Cold War style struggle. Such players could afford to purchase and build, in secret, a huge mining farm, and then suddenly turn it on, not caring about the cost because the goals are strategic. It would be massively expensive but it doesn't matter for this case.
JoshTriplett 2 days ago [-]
While that's certainly possible with a large enough expenditure, they'd also have to have the miners be sufficiently indistinguishable that they couldn't easily be denylisted with an update to the official codebase.
827a 1 days ago [-]
I'm also curious about an attack vector whereby if a coin has a single reasonably well-installed mining software stack, this effectively gives the developers of that stack control over any miner, which could easily add up to 51% if there's only a few mining software options. Sneaking in a backdoor is well within the capabilities of any developer; do the mining companies compile from source?
im3w1l 2 days ago [-]
A more economical version of the same thing is to engage in honest mining through several front companies that together have 51%. Until a strategic opportunity presents itself and they start colluding.
api 2 days ago [-]
Sure, and this is well within the capabilities of any competent large intelligence agency.
It's only a secure system if adversaries are either small or economically rational.
ifwinterco 2 days ago [-]
For monero and other smaller chains maybe, but for BTC this is already at the point of being quite difficult (the intelligence agency really would have to be quite large).
The money is one thing, you also have to somehow acquire a huge % of the ASIC supply over years, and the not insignificant amount of energy to run them
giancarlostoro 2 days ago [-]
The moment anyone does this, people will notice, and the coin plummets.
Vegenoid 13 hours ago [-]
Yep. From the comment you replied to:
> Let's say the US, EU, or China decided for some reason that it was in their national interest to blow up Bitcoin.
jacooper 2 days ago [-]
Which is what they want.
giancarlostoro 2 days ago [-]
at 75 million a day what is the motive?
Paradigma11 19 hours ago [-]
They could borrow 1 Billion in Monero and sell it. Then they would only have to pay back a fraction and keep the rest.
spiderice 1 days ago [-]
> a nation-state. Let's say the US, EU, or China decided for some reason that it was in their national interest to blow up Bitcoin
Irrelevant and impossible to "know", given that it hasn't happened yet (if it ever does)
ben_w 8 hours ago [-]
Imagine if you will that the Russian economy ran on Bitcoin or whatever.
75 million a day to destroy the Russian financial system is less than half of what Ukraine currently spends on their defence budget.
corimaith 1 days ago [-]
State entities can also destroy real banks with all sorts of means if they really want. The vulnerability is real, but beyond the scope of discussion because then it's war we're talking about.
SilasX 1 days ago [-]
But states generally like having a financial system, and don't like (or are at least annoyed and worried by) cryptocurrencies, so the incentives aren't the same.
deadbabe 1 days ago [-]
What really happens to a crypto coin if trust in the ledger is shattered?
Does the coin stay alive purely because people still speculate on hype or does everyone try to cash out simultaneously and send price into a death spiral?
subsistence234 11 hours ago [-]
Shattered is the trust in transactions that happened during the time period where the attacker controlled >51%, from addresses that the attacker also controlled. AFAIK so far they haven't controlled 51% for any amount of time, though they did control more than 33% for a short while, which is enough for "selfish mining." Either way, the attack did illustrate that a government could easily take over XMR if they wanted to. The impact of that, we'll have to wait and see.
cookiengineer 2 days ago [-]
Maybe Black Owl is finishing off APT29's remaining part of the former Mirai botnet?
I'm just saying that this might be a state sponsored actor fighting another one, given that Mirai was primarily hosting XMR miners, and given that they lost 3.5 Mio bots overnight in 2023.
naikrovek 2 days ago [-]
[flagged]
JohnMakin 2 days ago [-]
let’s be clear - you read a headline of a tweet that confirmed your biases and rushed in to post this? How do you know this is a 51% attack? Did you read any more than the title of this topic? who claimed this?
cycomanic 2 days ago [-]
I don't have any beef in this game, but the previous posters message does not require that the 51% attack is confirmed.
The claim seems plausible enough that people are debating if it actually happened or not, and if it is sustainable to keep it up. That's a big difference to 51% attacks being merely theoretical (which implies that they are unrealistic in practice).
bayindirh 2 days ago [-]
[flagged]
JohnMakin 2 days ago [-]
Thanks, but how is this at all relevant to what I posted?
baby 2 days ago [-]
51% attacks against proof of work blockchains have definitely happened in the past[1]. What hasn't happened yet is an attack on proof of stake (or more generally BFT consensus) as far as I'm aware.
I mean, doesn't Ethereum, probably the most prominent proof-of-stake coin, roll back the consensus whenever something happens that they don't like? It's easy to claim you're algorithm is safe when you're not actually running it.
baby 15 hours ago [-]
As far as I'm aware they only did it when they were a proof of work chain
HelloNurse 2 days ago [-]
This might become a good example against blockchains: what is possible in theory, is possible in practice given just enough capital.
As always, estimates of the credibility of someone dismissing the risks of what they are trying to sell should start at zero and not go very far.
JumpCrisscross 2 days ago [-]
> lots of you on this site were telling me that 51% attacks on blockchains were almost entirely theoretical
We have multiple private actors in multiple countries amassing compute and networking power for AI ambitions, each of whom could single-handedly pot most cryptocurrencies outside Bitcoin and Ethereum.
That said, something being possible isn’t the same as it being true. To my knowledge, no 51% attack of consequence has ever been launched.
matja 2 days ago [-]
Depends which blockchain, exactly. Some have lower total hash rate than others.
N_Lens 2 days ago [-]
Enter me - a CBT enthusiast!
yreg 2 days ago [-]
Cognitive behavioral therapy, or the other one?
Husieandr 2 days ago [-]
What? If any party controls enough hashpower then it can be very real on a whim.
The beauty of the intrinsic feedback mechanisms in such cryptocurrencies is that this is extremely expensive and any would-be attacker stands to gain a lot more by not attacking. There is a strong financial incentive to cooperate within the ecosystem.
In more specific terms, if you can mine faster than everyone else combined, then you can make a lot of money by just mining blocks... An attack, on the other hand, costs a fortune in energy while you actively destroy the market's trust in and utility of the currency - potentially even prompting the entire economy to pause - inevitably causing a collapse in its value. All to reverse or double spend a few coins?
ameliaquining 2 days ago [-]
Well, you could be a government whose goal was to destroy the cryptocurrency.
Husieandr 2 days ago [-]
I would love for that to be true:
First they ignore you, then they laugh at you, then they fight you (<-- You are here), then you win.
davidcbc 2 days ago [-]
Elizabeth Holmes loved using this quote too. She's still waiting on the winning
sroussey 2 days ago [-]
They fight you, then they kill you. You don’t win.
lan321 2 days ago [-]
Sadly, it'd go hilariously badly.
cycomanic 2 days ago [-]
Are there no markets with put options on coins? Also couldn't this be used to prop up a competitor coin.
There are probably lots of ways to make money of destroying confidence in a specific coin.
ameliaquining 1 days ago [-]
Shorting the coin wouldn't work well because you have to take a long position at least temporarily in order to execute the attack; you would have to borrow 51% of the supply and also a bunch more coins that you'd then sell short, enough to more than compensate for the cost of borrowing the 51% and the risk of failure, and that would get more-than-proportionally expensive. Seems hard to make the math pencil out.
Taking a long position in a competing coin could maybe work but you'd have to be really sure that it would go up, instead of going down due to decreased confidence in the broader altcoin ecosystem.
torium 2 days ago [-]
> Just a month ago lots of you on this site were telling me that 51% attacks on blockchains were almost entirely theoretical.
Here's another one (and changing subject): point out that GrapheneOS, which is a privacy focused mobile OS, ONLY supports Pixel, which is a phone produced by Google whose interests are surveillance. People will tell you that your concerns are theoretical.
People just don't learn.
wolrah 1 days ago [-]
Shockingly, the Google-produced operating system that GrapheneOS is based on is easiest to build targeting Google-produced devices.
Google is also as far as I'm aware one of only two mainstream vendors, and the only one making flagship-tier devices, that reliably offers bootloader unlocking as a feature so you can install alternative operating systems without having to first crack the device.
beepbooptheory 2 days ago [-]
But wouldn't the people who have the Google phone then be precisely those who could benefit from the privacy focused OS?
torium 2 days ago [-]
My point was that if the people who control X have interest that X be Y, then X will become Y over time, even if it's not Y currently.
Sure maybe the people with Google phone X but over time we should expect that Google will find a way to Y, because that's where its interests lie. (And actually, we've seen it do exactly this many times. Chrome being the most obvious example).
Here's yet another example. If voters can be bought by promising them money, then we should expect that politicians will start promising money to voters in order to be elected.
Etc etc, do you see the pattern? My point wasn't actually about privacy, or Google, or Monero.
immibis 2 days ago [-]
We can expect when Google puts surveillance chips in their Pixel phones, those will no longer be supported by Graphene. While they don't, may as well take advantage of them, right? Out of all the Android phones, Pixels are the most open (possibly because they don't have to follow Google's oppressive contracts with manufacturers).
torium 2 days ago [-]
Like I said above, people just don't learn!
llbbdd 2 days ago [-]
Seems like an easy repeat to avoid addressing his question imo
torium 2 days ago [-]
Didn't work for Chrome, so it's self-evident that it's a stupid idea. People don't learn.
ThePowerOfFuet 2 days ago [-]
>Here's another one (and changing subject): point out that GrapheneOS, which is a privacy focused mobile OS, ONLY supports Pixel, which is a phone produced by Google whose interests are surveillance.
The Google-proprietary software is entirely replaced. Why the FUD?
polotics 2 days ago [-]
I guess the FUD would be on the hardware and also on the other piece of software, a fully separate OS if I understand correctly, that runs the radio side of things on the device...
blarg-and-co 2 days ago [-]
[dead]
dboreham 2 days ago [-]
Post seems confused. A 51% attack doesn't allow the attacker to sign transactions with someone else's key.
codeflo 2 days ago [-]
You: "Post seems confused. A 51% attack doesn't allow the attacker to sign transactions with someone else's key."
Maybe you misread, the post says this: "With its current dominance, Qubic can rewrite the blockchain, enable double-spending, and censor any transaction."
All of which are possible if someone has that level of control, and none of which involve signing with other people's keys.
(As some people seem confused about the impact of 51% attacks: Of course you can't double-spend in a single blockchain, as that is prevented. But the nature of these attacks is that there's no longer one true blockchain. You can create one fork of the blockchain where you send the money to someone, receive goods in return, and then afterwards switch to a longer fork of the blockchain where the money was never sent.)
michaelmrose 2 days ago [-]
Doing this requires massive tangible infrastructure subject to seizure to pay your new bad debts as you become subject to arrest in a lot of the places one may want to spend time in.
This doesn't seem like as much of an actual risk. A better way to make money would be to create a perception that the value of the coin is at risk before buying it cheap.
Actually devaluing it doesn't seem worthwhile financially.
codeflo 2 days ago [-]
> become subject to arrest in a lot of the places
I have an idea for a much cheaper way to store and transfer money that also relies on the existence of a police.
michaelmrose 1 days ago [-]
Totally agree I just specifically doubt the virtue of stealing with extra steps which involves such obviously tangible assets.
blueprint 2 days ago [-]
A couple researchers have told me that it's not necessary to even reach 51%. It's probably something closer to 35% to maintain the ability to perform censorship etc
treyd 2 days ago [-]
Not quite. You can make selfish mining economically viable below 51%, which eats into the profitability of the majority, but it's not possible to sustain a long term censorship attack with that.
With PoS protocols, >33% is usually when you have the ability to inhibit finality, which may be what you're thinking of.
blueprint 1 days ago [-]
they ran numbers on it. Do you have any references to support what you're saying?
mistercheph 1 days ago [-]
You are not only appealing to the imaginary authority of someone that you talked to while demanding that someone else cite sources, but you also seem neither to understand the subject you're talking about nor able to accurately recall the hearsay you're offering as evidence. When you are lost in the woods, seek out a map!
kevingadd 2 days ago [-]
Replies seem to be arguing that this wasn't a 51% attack and was something else. I don't know crypto well enough to verify their claims, though.
0xbadcafebee 2 days ago [-]
The ridiculousness of cryptocurrency reminds me of the ridiculousness of the stock market. Both are absolutely batshit insane ways to maintain a global monetary system, yet people keep investing their fortunes in both.
Tiberium 2 days ago [-]
Seems to not be the case, a real 51% attack would need 10 blocks at the very least, because that's when Monero transactions get confirmed.
Going by the definition given in the wiki you’ve linked, a Sybil attack is about creating many fake identities to gain disproportionate influence in a network. A 51% attack in blockchain terms is specifically about controlling the majority of the network’s mining/staking power to override consensus.
So I'd say they're not exactly the same.
ceejayoz 2 days ago [-]
Someone amassing 51% of the network would probably want to do so under some fake identities so others don't realize what's about to happen. Not the same, but probably related.
delfinom 2 days ago [-]
Lol, there's no such thing as "fake identities" here. You just run more miners with different payout addresses for mining. But there is no "fake"
ceejayoz 2 days ago [-]
> You just run more miners with different payout addresses for mining.
That it's dramatically easier to conceal your identity doesn't mean concealing your identity isn't useful.
treyd 2 days ago [-]
It's the same failure mode as a Sybil attack, but it's called a 51% when there's the additional assumption of the hashrate being hard to obtain and evenly-enough distributed to mitigate sybiling, and that assumption is being violated.
rcxdude 1 days ago [-]
A Sybil attack is about having many identities in systems which make such identities count for something, blockchains are designed to avoid that attack by saying "identities don't matter for consensus, only raw 'work' does". a 51% attack is therefore analogous to a Sybil attack but not the same thing.
2 days ago [-]
the8472 2 days ago [-]
Byzantine Failure seems more appropriate.
Rendered at 05:37:04 GMT+0000 (Coordinated Universal Time) with Vercel.
It does mean an adversary with a high amount of hash got lucky. I noted there's a discrepancy between their claimed network hashrate and pools' claimed network hash rate.
They may not be including their own hash rate in the network's, in which case they'd need to exceed it. Having 51% would only be 34% of total.
They're an unreliable narrator and I wouldn't trust any data from them. There's insufficient evidence to claim they have 51% of the network's hash power.
(https://nitter.net/kayabaNerve/with_replies)
However they do have a large enough hashrate to perform multi-block re-orgs with their selfish mining strategy.
They disabled API hashrate reporting so that they could lie about it.
Keep mining and ignore the noise.
(https://nitter.net/tuxpizza/status/1955191610410401816#m)
The farther back, the less likely a reorg is, so to have a reorg that invalidates is blocks is extremely unusual.
If one entity has a majority of the hash power, they gain the ability to try to force reorgs with a likelihood that increases with their advantage in hash power.
I typed all this before realizing I could have recommend you ask an LLM, and it probably would have given you a better answer.
Please don't. This would be useless spam, and is completely rude. Do we tell people to "Just google it?" here?
I don't think that's spam at all, and I don't think I did anything special in my prompt that someone with less background knowledge could have done.
They're almost invariably low quality and deserving of downvotes for that reason, but being open is better than them being camouflaged.
Most such comments are actually informative, and the honesty about asking an AI is an important detail. This particular one was heavily downvoted, as it should have been, because it was wrong. It was still a human writing, trying to be helpful.
However, you should downvote for doing things that hurt the community -- and "I asked ChatGPT" hurts the community almost as much as "I googled this for you" does.
It's fine to downvote things that you believe are wrong or simply disagree with, and I have read mods on HN say that downvoting for disagreement is okay. Asking or insisting for more from an HN user is presumptuous, and discussion of voting is largely considered off-topic and therefore not really what the guidelines suggests we should do.
https://news.ycombinator.com/item?id=43560543
> Downvoting for disagreement has always been fine on HN. People sometimes assume otherwise because they're implicitly porting the rules from a larger site, but that's a mistake.
> https://news.ycombinator.com/item?id=16131314
More to the upthread point, generated comments are against guidelines:
https://news.ycombinator.com/item?id=33950747
> HN has never allowed bots or generated comments. If we have to, we'll add that explicitly to https://news.ycombinator.com/newsguidelines.html, but I'd say it already follows from the rules that are in there. We don't want canned responses from humans either!
These are quotes from dang, not my own. I'm just a HN user, which is why I found the quotes to help everyone make up their own mind what the guidelines say.
The character of a community is formed by what it does more than what it says it does.
More from dang on this topic here:
https://news.ycombinator.com/item?id=12334384
The whole comment is worth a read, so here’s just a taste:
> Our goal is to optimize HN for intellectual curiosity, which requires a higher signal/noise ratio. Downvotes dampen low-value comments. I know downvotes do bad things too, but that's the good thing they do, and it's big. Taking that away and/or increasing the noise with a flood of people disagreeing about their disagreements would not be an optimization.
*gestures wildly*
Qubic was able to orchestrate its network of miners to temporarily halt their AI-related tasks and redirect their collective CPU power to mine on the Monero network instead.
Also, Qubic has implemented an economic strategy that involves selling the Monero it mines for a stablecoin like USDT and then using those funds to benefit its own ecosystem and attract more miners, and renting hardware to gain more hash power. The proceeds from the sale of XMR are used to buy Qubic's native token (QUBIC) from exchanges. These purchased tokens are then "burned" or permanently removed from circulation.
However,
> Qubic's AI-training work is performed by CPUs, same as used by RandomX (Monero's mining algo).
I don't understand how this makes any sense at all.
The attack is no different than paying miners to join a malicious pool. It works as long as money flows in.
1. https://eprint.iacr.org/2021/1379
2. https://eprint.iacr.org/2023/1059
There's a lot of re-inventing the wheel in the cryptocurrency space but on the formal academics side of the space people are very cognizant of what they are working on and their work is focusing on improving very specific properties of consensus algorithms.
It's not a terrible idea, but I've yet to see it be inplemented. Gridcoin is one typical example where it's just PoS with "useful PoW" tacked on for token distribution, and doesn't actually use PoW for security.
Not really-- or, rather, the security provided by proof of work is only proportional to the part of the cost above the fair value of the useful work.
One of the main idea behind POW security is that you spend energy and the thing you get for it is income in the blockchain. And so if you mine unfaithfully your work will end up on a chain of debased value or won't end up in the eventual consensus chain at all.. so your effort is burnt out.
Now imagine a POW that costs $5 in energy and does $5 in "useful work" --- well in that system you can now attack for 'free'. Or say it costs $6 in energy to mine plus due $5 in "useful work". There your security is related to the $1, the $5 is mostly coming along for a ride.
There are other problems with "useful" proof of work: e.g. A POW function should ideally be approximation free and optimization free... if an attacker invents a better version they gain an advantage. So e.g. if the miner detects that this particular work instance is 'hard' they can just discard it and try another. This makes it really hard to do much of anything 'useful' except the most contrived kinds of 'useful' without creating vulnerabilities.
But difficulties aside, the fact that outside benefits don't contribute to security (or at least don't contribute much) makes the whole idea space kind of unexciting.
* One actor in the space appears to have done a proof of concept takeover of 51%.
* It’s not clear there was any malicious action nor intent in doing so.
* Performing something like this is definitely expensive.
* The potential impact of doing so is disputed.
* Whether or not it was achieved is also disputed
However, what has been known you some time is that the largest BitCoin miners have more power than the entire community of many alt-coins. Whether this is an issue is a matter for debate. Certainly, until now, no-one has chosen to flex like this.
Monero uses RandomX, which is intentionally chosen to make it difficult to accelerate using hardware that is common with other coins. It’s almost certainly not what happened here.
In another scenario, where the works value is less then the cost you're still hoping that at no point in the future will an attacker figure out a way to do the work at a net profit.
The only way the network can be trusted is if the work has definitely now and always, 0 value.
https://gridcoin.us/
If there are several competing coins using the same algorithm, it may be possible to incentivize ASIC miners to destroy one of them if it benefits the others, but even then it's risky.
CPUs in contrast can be used for a million different things, CPU miners are not incentivized to support any given crypto project. It's also much easier to rent large amounts of CPUs than of ASICs.
PoS is the obvious choice now that ETH has had a bit of time to run. But, I remember when they went through the switch (before ETH PoS). Doing some sort of variation on GPU memory hard mining would have been a smart choice (ethash, progpow, etc), knowing full well that ETH would eventually go PoS. It would have given all the miners something to switch to, instead of just shutting down entirely, because there wasn't anything but ghost chains.
Tell me, how well did that work for Grin?
Crypto projects succeed/fail for all kinds of reasons that are completely unrelated to de-/centralization. You'll have to be more specific about what Grin's case should teach us.
>So then, _centralize_ around an ASIC?
ASICs are commodities. For BTC (SHA-256) there are at least 8 different companies producing ASICS, and even a smaller project like KAS (kHeavyHash) has >4 competing companies. Not much centralization risk on that side, at least not for mature projects (which a hypothetical ASIC-XMR would be by now).
The main challenge for ASIC-miners is the same as for CPU- and GPU-miners: cheap electricity -- and that's not something that can easily be centralized.
The two networks have wildly different proof-of-work algorithms, they're incompatible. A BTC ASIC will never mine Monero, ever.
Like, trivially, it's an ASIC, so I can use it to simulate a von Neumann[*] machine, hence I can use it to run whatever algorithm I want. Would that be more efficient than using a modern OoO superscalar? Almost surely not, but that doesn't mean it can't be done, just that it shouldn't be done that way.
*: I realize that the ASICs used in Bitcoin miners don't have dram access, but that isn't a general limitation of ASICs, just those ASIC 'chips' (and maybe not even those chips, just their implementations in bitcoin miners)
EDIT: Thanks to everyone who answered! For some reason, I had it in my head that the way we implement fixed function stuff in an ASIC was basically the same as a "burn once" FPGA. Brains gonna brain.
No, that doesn't follow at all. An ASIC doesn't mean a general purpose CPU or FPGA. A chip that only knows how to do, say, video decoding is an example of ASIC. The video chip can't do bitcoin, the bitcoin chip can't do monero. They're not general purpose.
asic does not mean turing complete
good luck simulating a von neumann machine on a sha256 accelerator
https://poolbay.io/coins
In fact, Litecoin has an optional privacy feature called MWEB, which is probably why Litecoin too got kicked off of being named on some conventional news sites.
Last time I saw that was on photonics processor blockchains
BTC will have to move to a proof of stake design to survive. It's unavoidable.
Post-merge ethereum is designed so that the gas fees and the staking rewards roughly cancel out on balance (so overall inflation is around zero), but they are decoupled so even if nobody is using the network you still get a staking yield
Pedantic point: monetary inflation is around zero, not necessarily price inflation (which is what people typically mean when they just say "inflation").
In theory if the entire world was on an ethereum standard with a steady state population, price inflation would also average out to zero
It's doomed in general, see the cash fork.
The ASIC manufacturer would also need a backdoor. ASIC manufacturers don't control mining.
Large miners are unlikely to allow backdoors into their mining network.
I dont think you understand the BTC mining ecosystem
That is false. A 51% attack is only expensive to the degree to which the hashpower required to exceed 50% is obtained at negative margins.
If an attacker can collect the total 51% or more hashpower at what would be a profitable rate despite the attack, then the attack is not "definitely expensive" - no, the attack is definitely profitable and the expense falls sorely on the minority.
Or, you need to spend a lot of resources to do the attack even if it's the case that you get that money back when you succeed. And the attack is not available to you if you can't front those resources (because it's expensive rather than cheap).
It's only doxxing if you can, you connect that large transaction to the attacker, but you can't unless I'm missing something.
There is a word for this. We call it risk.
Expensive is a better fit than capital intensive, because there are massive ongoing costs to actually perform the attack, electricity for one.
If you want to understand the risks for a project, pretend you are at arms length and are being asked to fund the project 100% up-front. You'll find a huge list of risks very soon.
The attack itself is unprofitable, the "profit" for Qubic is the publicity they get. (or at least that's what they're betting on)
[1] https://en.wikipedia.org/wiki/Silver_Thursday
- The attacker can doublespend their transactions if their hashing power is high enough to create more blocks than what the recipient is waiting for. E.g. you buy a lambo, the shop waits 10 blocks after the tx is in a block and gives you the lambo, then you create a longer chain with 11 blocks to replace the other one, and don't include the original lambo tx. 51% of hashing power is enough to create new blocks, but not enough to create 11 alternative blocks. That requires more hashing power.
- The attacker can prevent other transactions from landing in a block, as long as they have majority
- But the attacker can't create fake transactions (e.g. if they only have 1k Monero, they can't create a tx with 2k Monero). Because all nodes (not only miners) still verify the transactions
- And the attacker can also not steal your money, because they don't have your private keys
At block N someone could start to privately mine (empty) blocks.
They keep mining in private until block N+x is public, at which time the private (51%) chain is length N+x+1.
They then announce their longer chain.
By the protocol, this longer chain (technically "most work" chain) is the more trusted one, and undoes any transactions in N+1 through N+x.
A more sophisticated attack would include all the legitimate transactions on the network except for their own transaction(s) which they're trying to double spend. That way the network isn't disrupted apart from the parties you're double spending against.
It's true that you can't synthesise false transactions, but you can undo anyone's transactions, not just your own.
But your chain has every block solved by you, giving you all the block rewards.
That's the magic of the 51% attack. You gain control of the blocks. Because that extra 1% isn't a HUGE margin, it may take a while for your chain to become the winning chain, but theoretically, it will happen.
You can't do that with 25% (or even 40%) hashrate.
https://miningpoolstats.stream/monero
This Qubic group claims to concentrate 3 GH/s of hashing power, yet there has been no increase in the global hash rate either:
https://www.coinwarz.com/mining/monero/hashrate-chart
Could this be just a bait?
Also https://moneroconsensus.info/
https://www.kraken.com/en-ca/features/derivatives/monero
I bring this up because people are always asking what platforms are allowing me to short cryptocurrencies, which seems to miss that it's enough to just have a debt denominated in what you want to bet against.
With BTC's block reward continually being reduced, TX fees will have to increase in order to avoid reaching the point where large miners could become tempted to attack the network.
At some point, someone doing AI might amass enough GPUs to do a 51% attack on Bitcoin. You're right that it destroys confidence in the coin, so if you short Bitcoin futures before the attack, you might make money.
This is electrically impossible for Bitcoin specifically, modern ASICs exceed 3 orders of magnitude more hashes/Joule and hashrate/chip than a RTX5090 and cost $2-40 retail per chip.
Looking at that website I see that the unknown pool keeps getting a longer chain and it switches to it
Yesterday I was running a Monero node and looking at it, and got an unusually very high number of chain reorganization messages. I could believe a 51% attack happened.
1. a) The list doesn't need to be hardcoded, it could be a configuration. b) So trust doesn't need to be permanent. c) It could be decentralized in the sense of allowing different people to have configs 2. Miners not on the list can still participate just with lower weight in the case of a fork. And they still get full reward.
What will likely happen is a PoS BFT layer on top of PoW, although there are other options being considered:
https://github.com/monero-project/research-lab/issues/136
If they fail to ever converge there is probably such a large disagreement in the community that a fork is for the best anyway.
What? No, it very much it isn't. Consensus needs to be ongoing, within a handful of blocks (Monero locks transfers for 10 blocks for this reason, called "confirmations").
https://en.wikipedia.org/wiki/Double-spending#Decentralized_...
https://www.getmonero.org/get-started/accepting/
This is how proof of work systems operate.
They are very expensive to attack but very cheap to recover from.
$75m per day is clearly unstainable.
Soon they will give up and the network will recover cheaply.
The attack is more of a nuisance than the end of Monero.
Is this a typo or am I misunderstanding something?
"unsustainable"
Also true!
Do we need to drop down to 1st grade story problems?
---
Alice has 1 apple. Eve has 0 apples.
Eve steals Alice's apple.
Now Alice has 0 apples. Eve has 1 apple.
---
Alice has 1 XMR. Eve has 0 XMR.
Eve 51% attacks Alice's network.
How many XMR does Alice have? How many XMR does Eve have? Show your work.
Appears to be legit, but not really a nefarious attack.
"not really a nefarious attack" is an insane summation of this article. There's zero way for someone outside of qubic to verify that they didn't do something nefarious while controlling the network. Stated another way- anyone could call their 51% attack a "stress test"
"Planned test". Planned by whom? Planned by the attackers. The reorg did happen.
https://x.com/c___f___b/status/1955158154213220492
(quote starts here)
"""Writing this date here to memorize when the concept of Decentralized Artificial Intelligence (#DAI) got its final shape.
Not bullshit like "It runs on a #blockchain so it must be decentralized". In this concept each entity holds a secret know-how which modifies #IntelligentTissue (in cooperation with other know-hows owned by other entities, if needs to solve a complex task). Secrecy of each know-how ensures nobody can copy it, others can only attempt to create something similar by spending computational resources.
Each #AI is an original object, #IntelligentTissue is its hologram. #Qubic is the platform for AI creation, their convergence and intelligent tissue hosting"""
Trust me he did not like it
Monero transactions are inherently obfuscated, which solves this problem. If you want more details, the Monero whitepaper is well written to be accessible for the common reader.
The tldr is it works atop ring signatures: https://en.m.wikipedia.org/wiki/Ring_signature
It solves the problem by making all participants culpable. The blockchain community is very good at imagining they have technical solutions to social problems.
But that's really beside the point, because it isn't me who will come after you, it's the IRS (or equivalent). If you spend a lot of money, you're in trouble if you can't explain how you got it. And if you explain that you participated in a network which has as its only purpose to destroy evidence of how you got it, you're usually in extra big trouble.
If you think it shouldn't be that way, you are faced with a problem. A social political problem. Which Monero does nothing to solve. Which is the point.
specially given its only backing is "trust" (trust that you won't get invaded or overthrown)
anonymous alt coins, real digital cash, are competition to the monetary system. there can be only one.
Anyone have any context about who Qubic are, and what their deal is?
[1]: https://www.reddit.com/r/ledgerwalletleak/
I am thinking of, for example, a nation-state. Let's say the US, EU, or China decided for some reason that it was in their national interest to blow up Bitcoin. This could happen if an adversary like Russia or its allies were using Bitcoin for funding and there was a war or a major Cold War style struggle. Such players could afford to purchase and build, in secret, a huge mining farm, and then suddenly turn it on, not caring about the cost because the goals are strategic. It would be massively expensive but it doesn't matter for this case.
It's only a secure system if adversaries are either small or economically rational.
The money is one thing, you also have to somehow acquire a huge % of the ASIC supply over years, and the not insignificant amount of energy to run them
> Let's say the US, EU, or China decided for some reason that it was in their national interest to blow up Bitcoin.
Irrelevant and impossible to "know", given that it hasn't happened yet (if it ever does)
75 million a day to destroy the Russian financial system is less than half of what Ukraine currently spends on their defence budget.
Does the coin stay alive purely because people still speculate on hype or does everyone try to cash out simultaneously and send price into a death spiral?
I'm just saying that this might be a state sponsored actor fighting another one, given that Mirai was primarily hosting XMR miners, and given that they lost 3.5 Mio bots overnight in 2023.
The claim seems plausible enough that people are debating if it actually happened or not, and if it is sustainable to keep it up. That's a big difference to 51% attacks being merely theoretical (which implies that they are unrealistic in practice).
[1]: https://news.ycombinator.com/item?id=18849961
As always, estimates of the credibility of someone dismissing the risks of what they are trying to sell should start at zero and not go very far.
We have multiple private actors in multiple countries amassing compute and networking power for AI ambitions, each of whom could single-handedly pot most cryptocurrencies outside Bitcoin and Ethereum.
That said, something being possible isn’t the same as it being true. To my knowledge, no 51% attack of consequence has ever been launched.
The beauty of the intrinsic feedback mechanisms in such cryptocurrencies is that this is extremely expensive and any would-be attacker stands to gain a lot more by not attacking. There is a strong financial incentive to cooperate within the ecosystem.
In more specific terms, if you can mine faster than everyone else combined, then you can make a lot of money by just mining blocks... An attack, on the other hand, costs a fortune in energy while you actively destroy the market's trust in and utility of the currency - potentially even prompting the entire economy to pause - inevitably causing a collapse in its value. All to reverse or double spend a few coins?
First they ignore you, then they laugh at you, then they fight you (<-- You are here), then you win.
There are probably lots of ways to make money of destroying confidence in a specific coin.
Taking a long position in a competing coin could maybe work but you'd have to be really sure that it would go up, instead of going down due to decreased confidence in the broader altcoin ecosystem.
Here's another one (and changing subject): point out that GrapheneOS, which is a privacy focused mobile OS, ONLY supports Pixel, which is a phone produced by Google whose interests are surveillance. People will tell you that your concerns are theoretical.
People just don't learn.
Google is also as far as I'm aware one of only two mainstream vendors, and the only one making flagship-tier devices, that reliably offers bootloader unlocking as a feature so you can install alternative operating systems without having to first crack the device.
Sure maybe the people with Google phone X but over time we should expect that Google will find a way to Y, because that's where its interests lie. (And actually, we've seen it do exactly this many times. Chrome being the most obvious example).
Here's yet another example. If voters can be bought by promising them money, then we should expect that politicians will start promising money to voters in order to be elected.
Etc etc, do you see the pattern? My point wasn't actually about privacy, or Google, or Monero.
The Google-proprietary software is entirely replaced. Why the FUD?
Maybe you misread, the post says this: "With its current dominance, Qubic can rewrite the blockchain, enable double-spending, and censor any transaction."
All of which are possible if someone has that level of control, and none of which involve signing with other people's keys.
(As some people seem confused about the impact of 51% attacks: Of course you can't double-spend in a single blockchain, as that is prevented. But the nature of these attacks is that there's no longer one true blockchain. You can create one fork of the blockchain where you send the money to someone, receive goods in return, and then afterwards switch to a longer fork of the blockchain where the money was never sent.)
This doesn't seem like as much of an actual risk. A better way to make money would be to create a perception that the value of the coin is at risk before buying it cheap.
Actually devaluing it doesn't seem worthwhile financially.
I have an idea for a much cheaper way to store and transfer money that also relies on the existence of a police.
With PoS protocols, >33% is usually when you have the ability to inhibit finality, which may be what you're thinking of.
See e.g. https://x.com/kayabaNerve/status/1955173552363016434
https://x.com/kayabaNerve/status/1955228805598966258
https://en.wikipedia.org/wiki/Sybil_attack
Btw, here's the alternative link https://xcancel.com/p3b7_/status/1955173413992984988
So I'd say they're not exactly the same.
That it's dramatically easier to conceal your identity doesn't mean concealing your identity isn't useful.