When most people think of possible attacks on Bitcoin or crypto, they think of a 51% attack where a miner amasses a majority of the network hash power and forks the blockchain, in order to double spend crypto or to implement code changes. However, another lesser known hack is the timewarp attack, which is what this article explores.
In a nutshell, a timewarp attack occurs when a miner reports incorrect timestamps on the blocks they mine, in order to bring about a lower difficulty. Many cryptocurrencies like Bitcoin periodically adjust difficulty according to the rate of block generation, so that block generation stays at the set amount in the code, which is 10 minutes per block for Bitcoin. By reporting incorrect timestamps a miner can trick the difficulty algorithm and cause difficulty to be lowered, allowing them to mine blocks faster and make more money. This has negative effects for a crypto’s economy, since a timewarp attack increases the inflation rate of a crypto, causing a surge in supply that can lead to a lower market price.
In Bitcoin’s code, a block can be timestamped up to 2 hours in the future, past which point it is rejected. This leeway was designed to account for errors in computer clocks, so miners would not have blocks rejected if their computer clock is slightly off. There have been numerous instances in Bitcoin’s history where a previous block has a timestamp that is after the timestamp of the next block, and this seems to have been a problem especially when new technology is introduced, like when Bitcoin mining pools first launched in 2012.
The 2-hour leeway for block timestamps is what opens the door for timewarp attacks. For Bitcoin, it would be very difficult to conduct a significant timewarp attack, since it would be publicly obvious on the blockchain, and a successful attack would need a majority of mining power. However, it is still possible, and if a large majority of miners work together they could theoretically drop the difficulty with continued timewarp attacks until it only takes 1 second to mine a block, which is the minimum possible block time. At this worst-case scenario of a timewarp attack, instead of taking 2 weeks to mine 2,016 blocks, it would take just over half an hour. This would lead to rapid inflation of the Bitcoin supply, which could be quite damaging for the market.
It is very unlikely Bitcoin miners would collude and perform such a timewarp attack, since miners have invested billions of USD into mining infrastructure, and the damage to the Bitcoin ecosystem from such an extreme timewarp attack would wipe out their investment. Not to mention it would be glaringly obvious to the community, and there would be a tremendous public outcry.
However, with some cryptocurrencies, it is much easier to perform a timewarp attack. For example, the Verge cryptocurrency continuously re-adjusts difficulty, unlike Bitcoin which adjusts difficulty once every 2 weeks. Therefore, if someone gains a majority of hash power on the Verge they can rapidly implement an extreme timewarp attack. Further, Verge uses multiple mining algorithms, allowing for multiple points of attack. This is exactly what happened, someone timewarp attacked Verge and brought Scrypt difficulty to minimum levels, and they netted millions of USD of Verge in the process.
There are discussions in the Bitcoin community to change the code to prevent timewarp attacks, and obviously other cryptocurrencies need to follow that ideology to prevent catastrophic timewarp attacks like what happened with Verge. However, there is a new idea called Forward Blocks that would apparently be inhibited if Bitcoin’s timewarp attack exploit is fixed, so there is a stalemate on implementing the fix for timewarp attacks in Bitcoin’s code. That being said, the fix is ready for deployment if a timewarp attack ever becomes an issue for Bitcoin.
Follow BitcoinNews.com on Twitter: @BitcoinNewsCom
Telegram Alerts from BitcoinNews.com: https://t.me/bconews
Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.
Image Courtesy: Pixabay
