> My lead developer, Krypton-Dev, remains anonymous. I have known him and yet not known him for over two years now. Ironically, he is one of my best friends and the person whom I trust the most, by often placing the entire success or failure of Krypton in his very capable hands.
> Just two days ago, I did this very thing, trust this anonymous friend with not only my business and entire life savings (don’t get me started about using personal funds to found a startup!) but, also with the investments of everyone holding Krypton’s blockchain coin, KR.
> In a single sleepless night, Krypton-Dev coded this POS blockchain and Windows and Mac wallets for KR to be moved to. Can you understand why I trust this man with my business and KR holder’s investments? My admiration for his tireless dedication to Krypton knows no bounds.
Holy shit this is hilarious. My understanding from this article is that the founder is not a programmer, barely understands the technology, gave her life savings to someone she knows only as an online alias, who then used it to develop their own crypto currency, and thinks that a client rewrite in C will solve all of their problems. This is truly amazing.
Also, she considers this online persona her best friend. The founder is so far out of her depth, so naive, it hurts me to even consider that someone like this exists. The blog post is painful.
> Also, she considers this online persona her best friend.
Assuming it's not just a story, it's not impossible that they are very good friends, but the information and trust asymmetry involved makes it hard to believe that Krypton-Dev views her in quite the same light as she views him. My quack-pseudo-psychology take would be that she's justifying choices she has made by changing her perception of reality until they make sense. If Krypton-Dev isn't her best friend and the person she trusts the most, then she's made some very risky choices, so he must be, right? That said, this is a very small amount of information to go on, and it's entirely possible that their relationship is far more complicated than that.
Its scary how little the founder understands about proof of work, golang, or Ethereum. The geth issue that was patched 4 months ago had nothing to do with being 51% attacked.
There's no hashing power dedicated to the altcoin so it got attacked, and this is something that's been happing to POW altcoins for 6 years now. Its not clear how she ever expected the POW consensus to survive a 51% attack, and has not described how the Ethereum protocol has anything to do with the failure of her consensus algorithm. If she was on a bitcoin-based POW chain she would have had the same issues.
The author seems confused about the nature of this attack. It has nothing to do with using the go language or any other, it's purely about the choice of consensus algorithm and the vulnerabilities of a small ecosystem. In a small blockchain, it's much easier for bad actors to gain enough hashing power to control proof of work. I do see they are moving to a proof of stake algorithm, I hope that works out.
Still unclear to me why some of these smaller coins exist, except perhaps for rampant speculation. From the krypton site: "$KR is my vision for an ultra-fast blockchain that can realize all of the features of Ethereum with fewer initial coins, faster speed and lower inflation." That sounds ok, but right now none of those things are the primary problem with Eth.
its clear to me that they exist because the founders benefit from their existence. its a repeatable revenue stream.
"I am not the only person with a sizeable investment in KR and I am now nowhere near the top holder, having solely repaid the theft from Bittrex, valued at $2,900."
I've been working in the permissioned blockchain space for a couple years now, even OSed a POC of a raft based system we tested out at JPM in march. It is truly scary how little most people focused on blockchain understand about consensus. Some get it, but most don't.
When I was doing vendor vetting the talk usually revolved around the "blockchain revolution" but glossed over over the consensus issues. In the permissioned blockchain space, mining is really not an option (how do the incentives for mining work when there are no coins involved?). Luckily, we have a lot more flexibility in the consensus system we can pick.
Moreover, the term "blockchain" itself is ill-defined/overloaded. If all blockchains use mining then the 51% issue is ever present (though if I remember correctly problems arise at 30-ish%). If the broader "BFT consensus" definition is used then no, you can use PBFT/SmartBFT and a host of others to come to consensus without ever needing to touch crypto let alone mining. The issue, of course, is that Mining-based consensus is the only system that works for truly public blockchains, as it allows for anonymous participation at all levels and can also scale flat.
If anyone else is a consensus nerd, I wrote a technical-biz-persone level white paper on permissioned blockchains that goes into more depth and covers the issues associated with using TLS vs PPK sigs [1].
> Know this: Krypton is more than just a blockchain or another cryptocurrency. We will survive these attacks, even if it means staying on the POS chain, in order to protect KR investments, until we do the complete rewrite of our client platform in a more secure language, like C.
It has nothing to do with Ethereum. This Krypton chain has a very minuscule hashpower so it's susceptible to attacks. It would happen with any Proof of Work chain. She is moving to a Proof of Stake which requires +- 51% of the ownership total coins to execute an attack like this.
Postgres isn't written in standard C. It's written in a derivative of C where signed integer overflow is defined as two's-complement and the strict aliasing rule is removed. Most standard C compilers also support this variant language with the compile options -fwrapv -fno-strict-aliasing.
If you're going to use Postgres as an example of writing secure code in a language, that's fine, but make sure you're advocating for this C variant and not for standard C. Standard C, where signed integer overflow is undefined and the strict aliasing rule exists, is extremely hard to write secure code in.
(There's also the separate issue that most of the input paths into Postgres are trusted in some way: you don't expect malformed database files, and you often don't expect hostile queries. It's primarily the auth code that needs to be rock-solid, which is a relatively small piece of the software.)
I had never heard of Krypton before, but the decisions and the message in that article make it abundantly clear that I won't need to bother. Moving from golang to C and switching to a completely different blockchain in 'a single sleepless night', and then asking the community to bail you out? Zero confidence.
All the more reason not to trust cryptocurrencies as a store of value.
The 51% flaw is a glaring, fundamental problem with all current cryptocurrencies. We once thought "oh, the risks are low and it would be obvious if anyone did it". It's still obvious, but the risks are not low (and in fact, seem to be pretty easily exploited with cloud computing).
Not that they won't get there, but I don't think that blockchain solutions work in the absence of legal contracts between the parties involved. Blockchain has a lot of potential as a public, secure, distributed ledger system between competitors who can be trusted to play fair, but as the backing of an anonymous cryptocurrency the risks of a malicious actor are too great. As with anything, you need real-world penalties for breaking the rules -- and a key limitation of blockchains is that it's impossible to prevent out-of-band coordination between 'anonymous' actors without them.
The 51% attack is a big flaw with blockchains, but it goes away when the network becomes sufficiently large, with enough hash power distributed to different actors. If you can trust that it would be near impossible for a single actor (or group) to gain 51%, then there is no need to trust any individual actor.
The issue, as demonstrated by this event, is that it is difficult for a new coin to get enough momentum going at the beginning. There is a lot of research going into figuring out the best way to bootstrap new blockchains. Personally, I think this problem will be solved sooner or later.
Bitcoin is coming close to having a 51% problem (3 mining groups could join together to get 51%). At recent points in the past 2 groups have been able to hit 51%. If bitcoin isn't big enough for 51% to be a serious possibility, who is?
...it goes away as momentum builds and everyone gets interested...and then it comes roaring right back as the economics of mining favour concentration.
With this "blockchain revolution" hype, I've been waiting for these 51% attacks. Maybe people will realize that this is not a foolproof solution and that it can "easily" (you only need computing power, a.k.a money) be beaten.
You only need to spend as much as the miners already are doing. With proof of work, if it is feasible to run, it is feasible to attack. And vice versa, if it is not feasible to attack, it is probably not cost effective to run.
Bitcoin may be wasting enough electricity to put it out of reach of small-time attackers, but a nation adversary could outspend it for as long as necessary.
But what does the attack get you? Sure you could mine empty blocks and double spend, but that would hardly be worth the investment. Besides, if payment processors detect the hashing rate doubling overnight they can simply require more confirmations.
If a nation state invested in permanently disabling bitcoin that would require a big investment in ASIC's, at which point I imagine a bitcoin fork would be introduced with a slightly different PoW, but that's just speculation.
I agree the required power must have grown since 2014. But not knowing by which factor, one can only assume it's still feasible.
I can't find any source for it, but I remember reading not so long ago that 2 or 3 mining pools were responsible for 2/3 of the total bitcoin mining power. That's not something in favor of trusting the blockain as infallible.
The attack was in june, when it was ~ 100K TH/s rather than 10K. The factor becomes ~15x instead of 150x. But I must admit I don't know if that makes such an attack still feasible.
This is why Bitcoin is going to win - it is good enough for a lot of use cases and getting better. At the same time, it's the most widely accepted and the most secure. The network effect is too strong to overcome unless you offer something Bitcoin cannot.
This is not a real concern once the hashing power of the network reaches a sufficiently high level.
> Maybe people will realize that this is not a foolproof solution and that it can "easily" (you only need computing power, a.k.a money) be beaten.
This same argument can be leveled against just about any form of cryptography. With enough computing power you can decrypt anything. No cryptography is perfect, it can only be strong.
I agree in principles, but there's a difference. A system able to break a strong encryption could cost more than the world GDP and is not reallistically feasible, while owning 51% of bitcoin power is possible - not cheap, but possible.
> Just two days ago, I did this very thing, trust this anonymous friend with not only my business and entire life savings (don’t get me started about using personal funds to found a startup!) but, also with the investments of everyone holding Krypton’s blockchain coin, KR.
> In a single sleepless night, Krypton-Dev coded this POS blockchain and Windows and Mac wallets for KR to be moved to. Can you understand why I trust this man with my business and KR holder’s investments? My admiration for his tireless dedication to Krypton knows no bounds.
Holy shit this is hilarious. My understanding from this article is that the founder is not a programmer, barely understands the technology, gave her life savings to someone she knows only as an online alias, who then used it to develop their own crypto currency, and thinks that a client rewrite in C will solve all of their problems. This is truly amazing.
Also, she considers this online persona her best friend. The founder is so far out of her depth, so naive, it hurts me to even consider that someone like this exists. The blog post is painful.
reply