Timewarp Attack


#1

Urgent Announcement - Timewarp Attack

Background

Dear community, we’re writing to let you know that BitcoinZ (as well as several other equihash forks) has been the target of timewarp attacks. If you’re interested in learning more about timewarp attacks, there are many great resources online. A fairly thorough overview is available here.

As a simple explanation, Bitcoin as well as most forks allow blocks to be created with a timestamp of up to two hours in the future. This timestamp is put into the block’s header by the miner or pool who generates the block. Every node uses the most recent block’s timestamp as a basis for the current time. This is done to ensure the blockchain doesn’t rely fully on NTP servers which would be a centralized dependency.

Unfortunately, since the node who generates a block sets the timestamp, a malicious node has the power to not be honest with the current time, and can generate a block whose timestamp is two hours in the future. While this may not sound like a big deal, it is. This causes the blockchain’s difficulty logic to think no blocks have been mined for two hours and immediately starts decreasing the difficulty.

At the same time, the attacker usually has massive hashpower to ensure they soak up all the low difficulty blocks before everyone else. Once real time catches up with the blockchain time, (two hours later) difficulty skyrockets because to the blockchain, it looks like many blocks have been mined in the same second or few seconds. This causes massive gaps between blocks as miners work to solve overly complex blocks, and honest miners to lose potential mining rewards that end up going to the attacker.

Mitigation of Timewarp Attack

Due to network latencies and time misalignment, we need to have an allowed time window. This window however, doesn’t need to be two hours. The BitcoinZ developers have decreased the window to 30 minutes, minimizing the effect of future timewarp attacks and at the same time continuing to ensure the network is stable and allows for time variations.

We have released a new update to the BitcoinZ node and wallets that we ask everyone to update to as soon as possible to ensure the blockchain rejects these attacks. You can find the latest build of the BitcoinZ node at:

Linux Binaries: https://github.com/btcz/bitcoinz/releases/tag/1.4.0
Windows Wallet: https://github.com/btcz/bitcoinz-wallet/releases/tag/v1.4.0
Windows CLI: https://github.com/btcz/bitcoinz-win/releases/tag/v1.4.0

Continued Monitoring

We thank you for your continued support. Please feel free to reach out to us on Slack, Discord or Telegram if you have any questions. The Zhash fork is still scheduled for block 160,000 and will actually further secure our network since the attacker won’t be able to utilize NiceHash to maximize their profits from these attacks.

We encourage you to spread the word and let everyone know to update nodes and full node wallets. Thanks for your attention!

Join Us: Discord / Slack / Telegram


#2

#3