Hpool 51% attack to become 100%

I tried posting this on reddit, but it didn’t make it.

Just a what if…

What if engineers at hpool decide to apply a network white list to all their clients, only accept traffic sync from hpool members, and block syncing with anyone outside. Since they already have 51% of the netspace, will this process invalidate all of our plots and transactions that are not in hpool?

There are 2 aspect to this :frowning:

  1. Could it happen ?

  2. Is it happening ?

  3. The usual challenge - why would they risk something so serious, potentially damaging the chain community fatally for moderate gain - does it make economic sense ? But yes i think it would be POSSIBLE if the client was modified for that purpose - that is always the risk with strong centralized elements of a network and not specific to chia

  4. How to tell ?

Don’t get me wrong - i don’t THINK it is happening , but it does raise questions about how one might detect if this was indeed an issue.

Are you suggesting a potential degradation of Full Node sync’ing - not a direct Consensus attack of some sort. Detection of this would start with identifying which clients were members of the pool so a statistical analysis of connectivity with hpool and other clients could be take place.

If you are suggesting a plain variation of a 51% attack by creating a complete network segment and chain fork then it would be detectable within the chain itself (or it would in any normal chain so lack of detection would require dev cooperation which i am even less convinced of). I don’t know if chia has enough independent chain nerds to tell/detect it if the software had this built in but i suspect it does

So how would one start with identifying hpool clients ?

  1. I don’t know – it’s an interesting thought. I’d love to see someone give a rundown of how hpool actually works, someone who’s using it now. Let me know if the answer is already out there.

  2. No. They don’t have 51% of the netspace. They have around 36%. Look at the top address in chiaexplorer. That’s hpool.

If hpool’s website is claiming they have 51%, then they are either lying, or conflating PB (10^15) and PiB (2^50), or both.

1 Like

Good points,

with no official protocols and minimum withdrawal requirement, I think they have their clients on the neck, I think I read something about installing some sort of signature.exe and mining.exe files in their onboarding site. Traffic and IP addresses can be easily obtained within the process. Not to mention if they have any type of monitoring script built in.

Joining hpool with a minimal plotting commitment would be an interesting start - assuming they are using dedicated mining binaries you might be able to monitor using some network wire monitoring tool and analyzing the difference between plotting inside the pool and outside. It is possible (if they were being defensive) that they could disguise that by merely proxying the harvesting through a central gateway (so hpool could look to the network like a huge farm) , but that would add latency as the chia harvesting protocol is proxied to each client. This would be difficult to detect if they used SSL

If i wanted to build/hide such a system - this is where i would start !

1 Like

Hpool might also be unable to accurately determine which plots are duplicates or invalid at scale since it’s a hack. 10% of their “netspace” could be a mix of duplicate plots, corrupted plots, plots that can’t respond within 30 seconds, or folks messing around with their hacky pool protocol to over report space.


they took close 40% what you earn, thats if what they give you is correct, doggie…

Wait up, I thought you carry out an 51% attack with just ~36% of the net space?

Yes, if you can obtain a timelord that is significantly faster than every other one on the network. Read about potential attacks here (under the section “Relevant attacks and countermeasures”):

1 Like