The cryptocurrency world, especially social media, has been abuzz with speculations about the malicious attacks on the BSV network. Some are reveling in their assumptions that BSV is collapsing and dying, while some are saying a 51% attack has engendered exchanges to abandon BSV. However, these are all just speculations and assumptions.
Yes, none of these are true. What is true is that there was a series of malicious attacks on the BSV network. But everything is under control and Bitcoin Association, the nonprofit global industry organization supporting the enterprise adoption of the BSV blockchain, has released a statement to set the record straight by answering frequently asked questions about the attacks.
So, what really transpired?
First off, it was not a 51% attack, and neither is BSV dying. What happened was a series of block withholding or reorganization attacks on June 24 and on July 1, 6 and 9, 2021. An extensive investigation was immediately conducted by Bitcoin Association and its development branch, the BSV Infrastructure Team, as soon as the threats were detected; and additional investigation after the July 6 attack confirmed and identified the block reorganization attacks.
“This type of attack, known as a ‘block withholding’ attack, involves a malicious actor creating a chain of competing blocks—re-written to the benefit of the attacker, i.e., containing double spends—in parallel with the correct chain. These malicious blocks are created in secret then released all at once to orphan the correct blocks from honest nodes,” the Association stated in the recently released FAQs.
The first two attacks on the BSV network were not immediately recognized as malicious because, according to Bitcoin Association, “block reorganizations are a feature of the Bitcoin system when they occur organically and are used to align participants and nodes on the network.” Hence, a block reorganization is not inherently bad; however, it became an attack on the network when it was used for double spending. Once the attacks were confirmed, Bitcoin Association and the BSV Infrastructure Team immediately mobilized reactive and preventive measures. The attacks stopped once these measures were in place.
“Protective measures have been implemented for the BSV network and there have been no further attacks since then. However, at this stage Bitcoin Association and the Bitcoin SV Infrastructure Team continue to treat this as an active situation, and we have a global team closely monitoring the network at all hours,” the Association said.
What is double spending?
Double spending is the act of spending a digital currency at least twice. It is practically stealing and is highly illegal. To explain it more simply, it is like using one unit of BSV to purchase online game credits and then using that same unit of BSV to buy online casino currency. In the end, a discrepancy in records will show that one unit of BSV is missing, because one was only spent, while two different transactions were processed.
The attacks were used to double-spend BSV; and yes, there was indeed a double spend of BSV transactions. However, there have been no reports yet from the Association and exchanges carrying BSV of an innocent party who has been negatively affected by the attacks—meaning it is highly likely that the attacker double-spent their own transactions.
Who is the attacker?
The attacker has been identified as an unknown miner who is impersonating another Hathor miner who has been going by the same handle “Zulupool.” Bitcoin Association and the BSV Infrastructure Team has yet to find the real-world identity or identities behind the “Zulupool” impersonator. However, further investigation has led the Association to believe that it is the same person or group responsible for the Bitcoin ABC (BCHA) chain attacks last March.
“Just a few months ago, an actor also using the same ‘Zulupool’ moniker carried out a deep block reorganization of the Bitcoin ABC (BCHA) chain. While we cannot independently confirm that it is the same party who is behind the recent attacks on BSV, the BCHA chain incident had similarities in methodologies and characteristics with the reorganization attacks on BSV, and also used the same Zulupool name; these factors strongly suggest it is the same actor,” the Association revealed.
Why did this “Zulupool” impersonator attack BSV?
Although the motives for the malicious attacks cannot yet be verified as the culprit has not been caught, Bitcoin Association has listed three possible reasons as to why a blockchain, and BSV specifically, may be attacked in this manner. The most apparent one is for the block reorganization attacks to be used for double spending, which has already been explained previously. The second plausible explanation is that it is “a coordinated campaign against competing implementations and chains of Bitcoin,” as BCHA was just recently attacked using the same method.
“While no direct losses or thefts have yet been attributed to the attack on the BSV blockchain, the response by exchanges to restrict BSV deposit and withdrawals and/or trading activities and the attending reputational harm caused by the attacks could indicate that the detrimental intangible impact was the primary goal, not a secondary repercussion,” the Association pointed out.
It is also possible that these block reorganizations were done in order to mask the transaction history of certain coins and make them difficult to trace and track. However, if this is the real reason for these malicious attacks, then it is a complete and utter failure as more attention is now being given to these transactions and anything connected to them. Advanced forensic tools are also being used to investigate the attacks and document every detail as evidence to be used in court.
So, what now?
After the block reorganizations were confirmed to be malicious in nature, Bitcoin Association has immediately published a statement about its zero tolerance policy against illegal activities on July 8. The Association has been in constant communication with exchanges since then and has even recommended for them to freeze BSV deposits that may be related to the attacks. Some exchanges have decided to suspend BSV services, which include deposits, withdrawals and trading. The Association is working continuously in order to restore these services as soon as possible.
“Each exchange will make its own decisions about when and how to re-enable BSV services. At this stage, we cannot provide exact timings for when BSV deposit, withdrawal or trading facilities will be active at your chosen exchange. Bitcoin Association and its representatives remain in contact with exchanges and will share any news and updates on this front, as and when it becomes available.”
At the moment, it is without any form of deceit that the Association assures everyone that the BSV network “remains safe to use and is operating as it usually would.” It is not collapsing nor dying. The issue has been resolved, a team of experts is constantly monitoring the situation and a criminal complaint has been filed.
What this event actually shows is that BSV is equipped to handle this kind of malicious attack as all it has to do is follow what has been laid out in the Bitcoin white paper. While these attacks have been a real inconvenience to deal with, it is just that—nothing major that would deter BSV from more important tasks, such as releasing Teranode this year and continuing on with its ultimate goal of global enterprise adoption of the BSV blockchain.
