SyncAttack: Double-spending in Bitcoin without Mining Power

Abstract

The existing Bitcoin security research has mainly followed the security models in [22, 35], which stipulate that an adversary controls some mining power in order to violate the blockchain consistency property (i.e., through a double-spend attack). These models, however, largely overlooked the impact of the realistic network synchronization, which can be manipulated given the permissionless nature of the network. In this paper, we revisit the security of Bitcoin blockchain by incorporating the network synchronization into the security model and evaluating that in practice. Towards this goal, we propose the ideal functionality for the Bitcoin network synchronization and specify bounds on the network outdegree and the block propagation delay in order to preserve the consistency property. By contrasting the ideal functionality against measurements, we find deteriorating network synchronization reported by Bitnodes and a notable churn rate with 10% of the nodes arriving and departing from the network daily. Motivated by these findings, we propose SyncAttack, an attack that allows an adversary to violate the Bitcoin blockchain consistency property and double-spend without using any mining power. Moreover, during our measurements, we discover weaknesses in Bitcoin that can be exploited to reduce the cost of SyncAttack, deanonymize Bitcoin transactions, and reduce the effective network hash rate. We also observe events that suggest malicious nodes are exploiting those weaknesses in the network. Finally, we patch those weaknesses to mitigate SyncAttack and associated risks.