ライブラリー > Pay To Win: Cheap, Crowdfundable, Cross-chain Algorithmic Incentive Manipulation Attacks on PoW Cryptocurrencies
Pay To Win: Cheap, Crowdfundable, Cross-chain Algorithmic Incentive Manipulation Attacks on PoW Cryptocurrencies
March/2021, Workshop on Trusted Smart Contracts (Financial Cryptography 2021)
The feasibility of bribing attacks on cryptocurrencies was first highlighted in 2016, with various new techniques and approaches having since been proposed. In this paper we extend the attack landscape by presenting a method, which we call Pay-To-Win (P2W), that is capable of facilitating trustless double-spend collusion across different blockchains. Moreover, our technique can also be used to specifically incentivize transaction exclusion or (re)ordering. Attacks using our approach are operated and financed out-of-band i.e., on a funding cryptocurrency, while the consequences are induced in a different target cryptocurrency. We describe a concrete instantiation of our P2W attack which is able to fund double-spending attacks accross different blockchains. For this, we choose Bitcoin as a target and Ethereum as a funding cryptocurrency. Our P2W attack is designed in a way that reimburses collaborators even in the case of an unsuccessful attack. Interestingly, this actually renders our approach approximately one order of magnitude cheaper than comparable bribing techniques (e.g., the whale attack). We demonstrate the technical feasibility of P2W attacks through publishing all artifacts of this paper, ranging from calculations for figures and tables to a fully functional implementation of our most powerful out-of-band attack, consisting of an Ethereum smart contract and a Python client.