This week, cryptocurrency exchange Kraken found themselves in hot water, temporarily suspending Monero (XMR) deposits after a confirmed 51% attack on the Monero network by the Qubic mining pool on August 12. Not only was the hostile takeover a significant event, as one group obtained over 50% of the network hashing power, but it also raises many doubts about the security and resiliency of mediocore Proof-of-Work (PoW) blockchains.
The Anatomy of an Attack
A 51% attack occurs when a single miner or miners achieve over 50% control of a blockchains hashing power. They have enough control to simply rewrite the transaction ledger on the blockchain by reversing previous transactions or stopping future transactions from being confirmed. For example, in this situation, the Qubic mining pool, peaking with a max hashing rate of 2.6 GH/s, managed to surpass and maintain more than 50% hashrate dominance. Attaining this level of power made it possible for the Qubic mining pool to achieve a six-block deep reorganization over the Monero blockchain, and effectively rewrite recent history while orphaning approximately 60 blocks. Security analysts differ in their interpretations of this activity – whether it was a malicious attack or a “stress test” of the decentralization degrees – but there is no argument, it was a very significant interruption to an important privacy coin.
Kraken’s Swift Response
Following the network’s instability, Kraken made a decisive move to protect its users. The exchange confirmed it had “paused Monero (XMR) deposits after detecting that a single mining pool has gained more than 50% of the network’s total hashing power.” This was described as a security precaution, with the exchange assuring users that trading and withdrawals for XMR would remain fully operational. This moves highlights an important issue for centralized exchanges that manage decentralized assets, the withdrawal was still open however by ceasing deposits, they are sending a clear message that they are worried and trying to mitigate this possible double spending risk inherent in 51% attacks.
The Monero Community’s Reaction
The assault was a shock to the Monero community and spurred, at least briefly, a debate about the security of the network overall and communication practices. Monero has been the target of security breaches in the past, but this one marks the first serious incident damaging the consensus protocol. It is noted by some in the community that the core Monero developers have not offered an immediate, official response to this attack; one large content creator / voice on social media even lamented no “unified pushback.” While it may be prudent not to react hastily after such an attack, this silence – formed because of deliberation or coordinated efforts – merely allowed some to perceive that the network appeared vulnerable. The case emphasizes the importance of clear and timely communication with users in the wake of security issues in order to preserve users’ trust.
The Broader Implications for Privacy Coins
Monero’s central appeal revolves around its strong privacy features which mask transaction reference particulars for users desiring financial anonymity. Unfortunately this most significant feature and the reason users turn to Monero has also caused it to attract unwanted scrutiny from regulators and centralized exchanges. The recent 51% attack showcased a risk present in most smaller PoW networks that is usually not thought about, mining centralization. With comparably huge mining populations like that of Bitcoin, Monero’s total mining population makes it vulnerable to a single entity gaining majority, or a large minority, of the network’s hashrate. This event raises questions for stakeholders on how to best protect privacy focused blockchains with a smaller mining population.
What’s Next for Monero?
As the community reacts and recovers from this incident, the market has already reacted. Monero price has fallen since the event, which I can only take as a sign that investors are concerned. Although the Qubic pool’s hashrate has been back under the 51% threshold since the first attack, this incident is just a reminder of the evolving threats we face in blockchain technology. The final determination of Monero as a currency will depend on whether the community can harden its network against attack, address mining centralization, and rebuild the confidence that investors, miners and other Macaroons and merchant service providers appear to have lost. For exchanges like Kraken, the incident serves as an example that risks remain that require preventative measures and work in order to remain resilient is always needed in an environment where threats can compromise network integrity in hours or minutes. Indeed, the incident has reinforced the idea of a complex and seemingly unending continuum between decentralisation and security.
