Creating Money out of thin Ether

A mining pool reels in $850,000 after exploiting a loophole in the cryptocurrency’s code and not processing any transactions. Perhaps Ether does grow on trees.

Just two lines of code were enough for a hacker to infamously siphon 3.6 million ether from The DAO in 2016, worth $50 million at the time. Ironically, the area of exploited code contained a note from DAO devs encouraging users to, “be nice.” Clearly, this positive message wasn’t enough of a deterrent to stop said hacker doing exactly the opposite.

Now, it is mining pools which are profiting without doing work—however this time, they’re playing by the rules. Data from cryptocurrency intelligence platform CoinFi and analytics platform Alethio suggests Ethereum has succumbed to a process called “spy mining” or “SPV mining” which was prevalent in Bitcoin from 2015-2016.

Etherdig, a mining pool, is using the process to effectively collect mining fees— without having to actually process any transactions. It’s cheating the network, but not doing anything technically wrong. However, the loophole is so bad, if everyone did it, it would slow down the network and mining pools could run selfish 51 per cent attacks, effectively running their own versions of Ethereum they then publish to the community.

The Ethereum network creates around 5,900 blocks per day, in order to validate the current 590,000 daily transactions taking place. In return, miners receive, on average, three ETH ($689) in mining rewards per block. The majority of rewards come from mining the block, but a small amount is earned from users, via transaction fees.

A chart showing the increase in empty blocks on ethereum.

Above: Since September, the number of empty blocks being mined has increased 637%

Etherdig, the mining pool capitalizing on the loophole, has mined over 1,250 blocks in just the last three months, without validating a single transaction. As a result, it’s received 3,780 ETH ($869,500) in mining rewards. Instead of gathering transactions, confirming them and including them in blocks, it has been creating blocks that just contain the phrase, “Interim Global Authority,” a reference that appears to be related to the popular computer game, Colony. Etherdig did not reply to queries from CBNN seeking comment.

You can see CoinFi’s research into the empty blocks here.

Miners compete to create the next block by performing a computational race. Typically, miners have to wait until a block has been broadcast before they can start this race but sometimes pools find a block and start mining on it privately. By spying on such mining pools, Etherdig can get the necessary block info it needs to create its own empty blocks. With this head start, Etherdig can get ahead of the other mining pools and create blocks faster than its computing power–expressed as its hashrate–would normally allow.

“From early September, some miners have started consistently mining empty blocks. The average block time of these blocks is 15% shorter than for blocks filled with transactions. The data suggests that spy mining is taking place,” says Johannes Pfeffer, co-founder of Alethio.

A bigger issue for Ethereum

Another mining pool, F2Pool has also been mining empty blocks. It’s currently the third largest mining pool in the network with 12.5% of the network hashrate and is mining empty blocks at a much higher rate than Etherdig. At the time of writing, it has mined 100 empty blocks within 24 hours. That’s 1.7% of all blocks on the network. F2Pool did not reply to queries from CBNN seeking comment.

a chart showing ethereum mining pool distribution.
F2Pool is one of the largest ethereum mining pools and is regularly mining empty blocks. 

Nevertheless, the majority of F2Pool’s blocks do contain transactions so it is contributing to the network. While Etherdig seems to be spy mining, it appears F2Pool is carrying out something called selfish mining. In selfish mining, when a miner in a mining pool discovers a block, it lets the rest of the pool work on its block header in order to gain a time advantage on the next block. Basically, a selfish miner creates a private blockchain that it, and its pool, can work on more quickly. When it’s solved more blocks than the public blockchain, it publishes its version to the public blockchain. When this happens, miners spot the longer chain and then join it, allowing the selfish miner to gobble up the block solving rewards. Spy miners are effectively eavesdropping on the whole process, making things much worse.

The increasing use of spy mining is a potential problem for Ethereum. Empty blocks are being propagated at a 15% faster rate which means spy miners are rewarded with an up to 15% increase in revenue.

If mining pools all jump on the bandwagon, blocks picking up transactions may get fewer. This means transactions would take longer and gas fees could rise. It could also drive legitimate miners to other virtual coins, reducing the security of the network.

An answer in the past?

The good news is, we’ve seen these empty blocks before. The Bitcoin network had some 100,000 empty blocks mined over two years that saw crypto miners reap the rewards for what other people sowed. The solution came in the form of a small upgrade to the network’s core code, which made it tougher for miners to eavesdrop on their competitors.

But that solution came at a time when Bitcoin was small, and devs were happy to work together. Subsequently, the Bitcoin and Bitcoin Cash communities have developed a love of in-fighting where mining pools appear to have a large say in the matter.

Ethereum meanwhile has a different, albeit more high-class problem: Its developer community, some 250,000 strong according to Consensys, is large and ponderous—and that comes at the expense of innovation. On the other hand, the sheer number of devs may help them to wrap the issue up quickly.

The main issue is not selfish mining but spy mining. While F2Pool is mining a mix of transaction-filled blocks as well as empty ones, Etherdig is almost solely mining empty blocks. Ethereum’s parasitical miners make bitcoin’s bed bugs seem almost trivial in comparison.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.