One User Controls Over Half of Bitcoin Mining—and That's a Security Risk

Illustration for article titled One User Controls Over Half of Bitcoin Mining—and That's a Security Risk

For the first time in its history, a single user has begun to provide over half the computational power used to mine the digital coins. But with much of Bitcoin's security stemming from its decentralized structure, that could prove a large security risk.


Ars Technica reports that researchers from Cornell University have noticed that single mining pool contributes over 51 percent of the currency's hashing—the cryptographic process required to mint Bitcoins—repeatedly, for periods of 12 hours or more. The user is GHash, which proudly names itself the "#1 Crypto & Bitcoin Mining Pool." Clearly it's not lying.

While it might not sound too much of a problem on the face of it, such computational power could be damaging for the currency. Quirks of Bitcoin means that those who control over 50 percent of Bitcoin mining have the ability to spend the same coins twice, are able to reject competing miners' transactions, and even extort higher fees from people with large holdings. And if things get really nasty, a 51-percenter could wage a DDoS attack against the rest of the network.

While GHash has only maintained majority control for up to 12 hours at time, that figure is recent; in the past, it had only managed to for minutes or hours. In others words, its control is on the rise and, speaking to Ars Technica, the researchers suggest that even 12 hours would be enough for those aforementioned security threats to become a realistic threat.

While there's no firm evidence that GHash has acted, or plans to act, maliciously, it comes after pledges that it would never cross the 51-percent threshold and accusations that it once used its considerable hashing power to attack a gambling site. It remains to be seen whether its power share will continue to grow—but most Bitcoin users will agree that it would preferable for it stop. [Ars Technica]



This is not a single user, it's a mining pool... It's thousands of users that are subscribed to this pool... Sure, it probably has one or two operators who (with a lot of work) could transform the requests sent to their users, but it's still not one user as stated...