Breaking and Fixing a Cryptocurrency, presented at Ruhrsec 2017

by Martin Grothe,

Summary : Bitcoin has been hailed as a new payment mechanism, and is currently accepted by millions of users. One of the major drawbacks of Bitcoin is the resource intensive Proof-of-Work computation. Proof-of-Work is used to establish the blockchain, but otherwise it does not bring any benefits and arguably is a waste of energy. To address this problem, several alternative cryptocurrencies have been presented. One of them is Gridcoin which rewards the users for solving BOINC problems. In our work we conducted the first security analysis of Gridcoin. We identified two critical security issues. The first issue allows an attacker to reveal all the e-mail addresses of the registered Gridcoin users. Even worse, the second issue gives an attacker the ability to steal the work performed by a BOINC user, and thus effectively steal his Gridcoins. These attacks have severe consequences and completely break the Gridcoin cryptocurrency. We practically evaluated and confirmed both attacks, and responsibly disclosed them to the Gridcoin maintainers, together with the proposed countermeasures