A Group Of Miners Has Exposed One Of Bitcoin's Fatal Flaws


Lots of people believe Bitcoin is impregnable.


Yesterday showed it may not be.

GHash.io, the world's largest collective of Bitcoin miners, gained control of more than 42% of the all the computer processing that powers the Bitcoin network. It's the first time they came close controlling more than 50% of the entire network. Were that 50% threshold ever crossed, a host of problems have the potential to occur. We'll get to what those are in a moment.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Bitcoin miners exist to make a buck. But the price they pay to do so is to confirm other people's transactions. This make sure the same Bitcoins, which of course don't physically exist, aren't spent twice.

When they perform such a confirmation, by unscrambling an encrypted string of letters and numbers, they're rewarded with Bitcoin. This is what the "Confirmations" button you see in your Bitcoin wallet after you've made a transaction (here is one of the larger ones) refers to:


Below the 50% threshold, there are enough independent miners who can separately confirm whether your transaction is legit.

But a collective that breaks the 50% threshold would have the ability to confirm all Bitcoin transactions on their own - and thus the capacity to start messing with the transactions' reliability. For instance, they could send out false confirmations, reverse the direction of transactions, or block them from occurring entirely. And you wouldn't even know it was happening.

As soon as the Bitcoin community realized what was happening at GHash, "independent" miners who'd subscribed to the collective removed their computers from the pool. Plus GHash, despite its opaque management (it's equipment is rumored to be sited in Ukraine, but no one knows much about its leadership), later released a statement saying they would, "take all necessary precautions to prevent reaching 51% of all hashing power, in order to maintain stability of the Bitcoin network." Quartz' Chris Mims was the first to report the story.

Indeed, getting to more than 50% without anyone noticing is quite difficult. Blockchain.info, the principal site tracking the Bitcoin network, keeps a running tally of which groups have what share of the system. GHash's share has come back down to 40%. But it gibes with a chart we recently published showing control of Bitcoin wealth is heavily concentrated. Here's what the network control chart looks like now: GHash still enjoys the plurality of all hashing power:


Bitcoin observers agree that there wouldn't be more than a temporary disruption to the network once 50% was breached. As soon as anyone realized this had occurred, most people would stop using Bitcoin, sending prices crashing and making it unprofitable for the "bully pool" to maintain majority control.

But there are even more extreme scenarios. Benjaming Gorlick, the COO of Cloud Hashing, a collective recently profiled in the New York Times, did not rule out the possibility that some unknown group could one day take control of the entire network with a giant leap in processing power. "If someone was developing the technology behind the scenes, then launched it all at once, it would be bad," he told us by phone recently.

That remains a remote possibility, he said, since the Bitcoin community remains small enough that someone would eventually take notice.

This is not the first time a mining collective has approached the 51% threshold. Last spring, reddit went ballistic after a group called BTC Guild, which at the time controlled many of the most powerful miners in existence, called ASICs, and nearly hit the figure.


BTC Guild owner Michael Marsee told us in a note today that the problem has not become any less acute since then. While many pools consist of a large majority of "independent miners" not directly affiliated with the pools' founder, GHash was heavily weighted toward its own proprietary miners.

"It almost happened to BTC Guild in the early days of ASIC mining, where almost all existing ASICs were on my pool because it was the only one that worked for them," he said. "GHash.io's problem is different in that half of their speed is owned by themselves. It's self-inflicted, and without that private speed they would not even be the largest pool, let alone near 51%."

The Bitcoin community remains convinced that anyone who participates in Bitcoin automatically has its best intentions at heart.

But this kind of power concentration would seem to strike at the heart of the Bitcoin mission.