Hacking the Global Economy with GPUs Or: How I Learned To Stop Worrying And Love Bitcoin

Video thumbnail (Frame 0) Video thumbnail (Frame 578) Video thumbnail (Frame 1614) Video thumbnail (Frame 3547) Video thumbnail (Frame 7486) Video thumbnail (Frame 11634) Video thumbnail (Frame 13158) Video thumbnail (Frame 13844) Video thumbnail (Frame 15586) Video thumbnail (Frame 17027) Video thumbnail (Frame 18899) Video thumbnail (Frame 21692) Video thumbnail (Frame 22888) Video thumbnail (Frame 24089) Video thumbnail (Frame 25069) Video thumbnail (Frame 26487) Video thumbnail (Frame 27348) Video thumbnail (Frame 28889) Video thumbnail (Frame 29705)
Video in TIB AV-Portal: Hacking the Global Economy with GPUs Or: How I Learned To Stop Worrying And Love Bitcoin

Formal Metadata

Hacking the Global Economy with GPUs Or: How I Learned To Stop Worrying And Love Bitcoin
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
In the post 9/11 era when it's nearly impossible to buy a pack of gum without alerting the big three credit bureaus, you may think that anonymity is long gone from the economy. That's where bitcoin comes in. Bitcoin is a decentralized peer-to-peer currency based solely on computing power. It is (mostly) untraceable and highly anonymous, not backed by any banks or companies, and in the words of Jason Calacanis "the most dangerous project we've ever seen". In my talk I'll explain what bitcoin is and isn't, and why this 70+ PetaFLOP network has caught the attention of everyone from The Washington Post and MSNBC to Wikileaks and the EFF. Skunkworks is an undergraduate studying electrical engineering. He's an active phone phreak and experiments with high voltage and hardware hacking in his spare time.
Graphics processing unit Mobile app
Purchasing Turbo-Code Purchasing Information Regulator gene Feedback Software developer Multiplication sign Covering space Plastikkarte Database Plastikkarte Information privacy Database transaction Information privacy Bit rate Personal digital assistant Computer hardware Surreal number Energy level Energy level Information Hacker (term) Address space
Digital electronics Code Multiplication sign Execution unit Curve 1 (number) Numbering scheme Mereology Database transaction Food energy Befehlsprozessor Core dump Stability theory Graphics processing unit Area Curve Software developer Sound effect Database transaction Bit Numbering scheme Control flow Term (mathematics) Thermodynamic equilibrium Entire function Data mining Befehlsprozessor Order (biology) Chain Website Block (periodic table) Stability theory Slide rule Computer file Software developer Rule of inference Event horizon 2 (number) Power (physics) Chain Crash (computing) Natural number Computer hardware Data mining Communications protocol Rule of inference Graphics processing unit Airfoil Standard deviation Shift operator Pseudonymization Physical law Code Volume (thermodynamics) Cartesian coordinate system Similarity (geometry) Peer-to-peer Software Communications protocol
Point (geometry) Scale (map) Potenz <Mathematik> Graph (mathematics) Scaling (geometry) Multiplication sign Thermodynamic equilibrium Exponential function Drop (liquid) Line (geometry) Thermodynamic equilibrium Data mining Type theory Hypermedia Hypermedia Internet service provider Energy level
Statistics Game controller Closed set System administrator Robot Regular graph Rule of inference Power (physics) Chain Estimator Bit rate Average Operator (mathematics) Vector space Data mining Uniqueness quantification Conservation law Vertex (graph theory) Address space Physical system Covering space Rule of inference Block (periodic table) Surface Operator (mathematics) Core dump Computer network Bit Denial-of-service attack Incidence algebra Data mining Film editing Software Vector space Calculation
Service (economics) Computer file System administrator .NET Framework Password Trojanisches Pferd <Informatik> Database Data storage device Diallyl disulfide Drop (liquid) Plastikkarte Mereology Different (Kate Ryan album) Vector space Touch typing Data mining Encryption Energy level Communications protocol Information security Address space Physical system Graphics tablet Moment (mathematics) Data storage device Computer Plastikkarte Computer network Database Bit Virtualization Trojanisches Pferd <Informatik> Public-key cryptography Entire function Type theory Data mining Vector space Hash function Password Hard disk drive Website Right angle Key (cryptography) Encryption Information security Table (information) Communications protocol
Hoax Patch (Unix) Confidence interval PRINCE2 Patch (Unix) Real number Plastikkarte Inverse element Plastikkarte Power (physics) Data mining Heegaard splitting Cross-correlation Vector space Term (mathematics) Cross-correlation Vector space Data mining Website PRINCE2 Marginal distribution Partial derivative Marginal distribution
Block (periodic table) Multiplication sign Virtual machine Plastikkarte Database transaction Database transaction Theory Virtual machine Type theory Internet forum Website Maize Block (periodic table) Address space Metropolitan area network Row (database) Address space
Beat (acoustics) Group action Digital electronics Multiplication sign Channel capacity Execution unit Plastikkarte Bit rate Military operation Computer hardware Data mining Videoconferencing Series (mathematics) Local ring Traffic reporting Vulnerability (computing) Graphics processing unit Graphics processing unit Channel capacity Information Software developer Computer network Mass Bit Maxima and minima Data mining Software Hash function Series (mathematics) Representation (politics) Local ring
Data mining Server (computing) Power (physics)
first just like to thank everyone for coming out and making this great Def Con this has been my first Def Con and I've really enjoyed it I had a lot of great speakers here and it's been fabulous attending and just hope speaking his app is fun anyway my handle skunk works and today I'm going to be talking to you about hacking global economy with GPUs or how i learned to stop worrying and love bitcoin then first we'll start off
with the usual housekeeping I'm not a Bitcoin developer I only play one on television I'm an undergrad in electrical engineering kind of a phone freak and a hardware guy hi this is my you know as I said first Def Con and I'm not affiliated with Lockheed Martin you know just in case you're wondering from the handle I'm going to try and cover as much as possible in this 20-minute turbo talk kind of trying to aim this at all levels of bitcoins best or all levels of knowledge about Bitcoin to the best of my ability feel free to go ahead and contact me anything about the talk or any further questions and again talks for informational purposes don't do anything stupid so first kind of surreal
basics about Bitcoin how it came about kind of some of the reasons behind it I'm sure a lot of you already familiar with this but a lot of other payment solutions online right now are plagued by extremely high fees you know you've got high fees by paypal you've got fees on debit cards crazy crazy interest rates on credit cards very little more privacy online right now for payment solutions aside from Bitcoin you know PayPal tends to play money police they do charge backs all the time credit card companies do charge backs all the time they are kind of running your money you're not running your money and then of course we've got credit card companies amassing these huge huge databases of purchase histories and you know user information really for who knows what so there's really no way to pay cash online before Bitcoin and that's concert now Mike's going that's kind of a I think one of the main reasons it came about then on top of that you've also got the issue of regulation by governments as we all know in the huge economic collapse after the subprime Fiasco government regulation is not always a good thing and you know lack of oversight can really cause some problems and so that's another thing bitcoins trying to address is decentralising money so then what and
who bitcoin is a decentralized peer-to-peer currency I'm sure you're all well aware the slide actually hasn't been updated it was worth about a hundred million dollars when I put the slide together there's since been another crash it's down to around fifty five million trading it eight dollars or so a Bitcoin as of this morning it's based on sha-256 mind or minted mostly with GPUs and as far as everyone knows it's legal it's kind of a bit of a gray area it doesn't really meet the standards of a currency under US federal law on the other hand the eff to my knowledge stopped accepting donations in Bitcoin a while ago so i'm i'm really not completely sure on legality of it and i'm not sure that anyone is completely sure on the legality of it but it certainly groaned quite massive proportions and there haven't been any widespread you know Treasury Department raids on Bitcoin mining operations yet so Bitcoin was initially put together by this highly enigmatic developer Satoshi Nakamoto this is likely a pseudonym he left supposedly in 2010 after contributing this huge base of code and kind of the basic rules that the Bitcoin protocol operates on and he may or may not have profited enormously from developing Bitcoin he may have profited that as if he was running a lot of Bitcoin mining equipment after he first developed the software before he let it go public no one again it's completely sure because of the semi anonymous nature of Bitcoin I'm going to touch on this a lot more later bitcoin is not at least outright a Ponzi scheme there's no central company that's running it it's also really not controlled in much of any manner except these core developers who just basically maintain the code and kind of keep things in running order it's also not backed by anything the idea is just kind of well you use bitcoins and I'll use bitcoins and we'll all say it has value and the idea being there's scarcity behind them you can't just kind of pulling out of thin air in great quantities so that's kind of the idea of the intrinsic value of them even though they're not backed by anything so basically you've got Bitcoin miners minting bitcoins with generally graphics processing units also application specific integrated circuits I'll get to that a little later one people mine these bitcoins they're stored in a wallet dad file then every transaction is hashed into this big chain that kind of goes around the entire network that's really an oversimplification most mining is pooled now but that's kind of a basics of it then as we move into the
economics mining is designed to become exponentially harder and harder leading to a finite supply of roughly 21 million bitcoins they can be traded in quantities as little as one ten-millionth of a bitcoin as i said they're minted now mostly by graphics processing units but then you can also use CPUs which are quite inefficient now and possibly application-specific integrated circuits that is a special piece of hardware only designed for mining bitcoins may may be some of the Bitcoin mining power now it's loosely tied to other currencies via energy and equipment costs you know you'd think Bitcoin just being kind of this decentralized peer-to-peer currency it would just be a completely free market but you know the reality is you can only buy computer hardware mostly in US dollars at least from the you know central distributors and your power costs are still going to be in u.s. dollars that's assuming you're in the u.s. if you're in Europe it's going to be in the euro etc and we actually saw that a lot there was a major deflation again in Bitcoin just last week it with the entire debt ceiling fiasco and that you know kind of had a ripple effect in Bitcoin we saw Bitcoin prices dropping also there was a another event that kind of happened at the same time but i think the debt ceiling was part of it anyway if bitcoin does ultimately become a stable currency profits for mining bitcoins are going to have to go down to 0 because mining does become exponentially harder and early adopters have definitely won big in Bitcoin if you started mining back when bitcoin first started out then you made a lot of money on it late adopters least were still covering costs until about a week ago when we had this second kind of market collapse and supply and demand curves kind of explain everything relatively well if you look at the blue there that's your supply curve the two red ones or your demand curves and you know basically you just have the shifts and those two curves affects your equilibrium that the price will tend towards Bitcoin had two hundred thousand percent inflation over the last several months really really explosive growth to a high of over thirty dollars a Bitcoin back in June then it valued to about half of that to 15 and then was stable over most of July looked like it was finally tending toward an equilibrium early saw a relatively steady trade volume in relatively steady prices in Bitcoin markets and then just last week with the whole debt ceiling fiasco combined with a either large break-in or large expose of a scam with a site my bitcoin calm about a quarter million dollars of bitcoins just kind of left when the site went down and no one's exactly sure what's up and that caused Bitcoin prices to drop to around eight dollars that combined with the whole debt ceiling thing so again this slides
a little outdated this is showing back when I put this together I thought we were kind of looking at an equilibrium price around fourteen to fifteen dollars a great quote kind of to illustrate this thirty dollar spike his media's like the weather only it's man-made weather out of the old altar stone Phil natural born killers and that's really pretty applicable to what happened with Bitcoin at the thirty dollar spike I don't think investors alone would have ever put it up to thirty dollars that quickly if it hadn't been for all the media attention and media just kind of created a very very large demand-pull inflation people were just buying bitcoins left and right sitting on them and that's what drove the price is up so high really to unsustainable levels when you had this big currency exchange mount gox getting hacked i'll get to that a little later in my talk and they you know that really just kind of caused bitcoin to lose a lot of its value and then as i said there was the second to break into an e-wallet provider my bitcoin calm very recently that caused yet a another drop that we don't see on this graph
so profit or slow decline thereof you can see the exponential scale here of mining profits for your you know Bitcoin miners and this does kind of reinforce the fact that if Bitcoin does survive as a currency it's going to have to stabilize it some type of equilibrium if you try to put a straight line through all those data points you're going to notice you've basically got an exponential drop-off in Bitcoin mining profits down to people just covering costs as time progresses then what's
happened in the last several months as the Bitcoin network has gotten so large is you've had people pooling their resources together in Bitcoin mining the reason being that 50 bitcoins are generated every 10 minutes roughly it's generally a little faster than that when the network was growing very quickly but you know only having these blocks of 50 bitcoins being generated every 10 minutes if you're an average Bitcoin miner out there you might be mining one of these blocks every you know two months so that's where the idea came in of pooling resources together and getting smaller payouts much more quickly and some pool operators were taking a cut the administrator of deep bit net which was the largest mining pool for quite a while i'm not sure if it still is i haven't really kept up with mining pool stats but he was clearing over thirty thousand dollars a month and that's a conservative estimate at one point and that went on for at least two three months of that rate mining pools introduced a huge attack vector on Bitcoin we had already an incident where deep bit got the payout addresses you know the Bitcoin addresses of users that coin czar paid out to changed and you know I'll cover that a
little later on attack vectors but they definitely introduce a pretty large surface that criminals can get at then kind of a scary stuff with botnets and there's already been a botnet spotted in the wild mining bitcoins is if you have a botnet that plays by the rules there's really no way to distinguish it from regular mining traffic unless you you know figure out that the botnet is a botnet by looking at command and control channels or finding infected systems etc but looking at the Bitcoin end it looks just like regular Bitcoin miners and the interesting thing with Bitcoin unlike just about everything else is if you're a botnet you're better off not actually trying to ddos Bitcoin or take it down you're better off just simply playing by the rules and making money at it and in fact I did a couple conservative calculations there probably dozens of botnets out there right now that could net the bot master a hundred thousand dollars a day doing that and frankly we don't necessarily have any way of knowing that a very well coated botnet is not responsible for half of bitcoins hashing power enrollment attack
vector wallet dat all of Bitcoin users coins are stored in this you know single file it is in plain text you know the bitcoins represent be public keys and your private key is the right to spend them stored in wallet dad if you read the frickin manual you're going to encrypt wallet dad most people don't including this one guy by the handle all in vain who stored about half a million dollars worth of bitcoins in a single file he was compromised by some type of targeted attack he lost everything so good quote here based on the findings report my conclusion was that this idea was not a practical deterrent for reasons which moment must be all too obvious dr. Strangelove from the movie of it's kind of a theme of the title basically what I'm saying here is having a plain text wallet dat when you've got a lot of non tech savvy people dealing with bitcoin is inherently a kind of poor idea and you're going to run into a lot of a lot of different ways to so-called pickpocket wallet at there are people who are leaving their systems wide opens sharing their entire hard drive on limewire there have been a couple different specialized trojan horses spotted in the wild that specifically grab wallet dad and uploaded and gullible users are gullible they're even open to traditional 419
scams which I'll touch on a bit more basically any third party that's part of Bitcoin you know currency exchanges while it storage sites that is if you're too stupid to encrypt your own wallet why not outsource it to a kind of virtual bank for bitcoins gift card exchanges mining pools lotteries stock markets all these services are out there and all of them have varied levels of security Bitcoin protocol itself has a decent level of security I think dan Kaminski's talk was uh was very illustrative of that you know he did obviously drop pad exploit but still the protocol in general is relatively sound but these third parties very very wildly insecurity they're generally a lot less secure than the actual Bitcoin protocol and generally a lot less secure of an established financial institutions had deep bit dotnet the big mining pool getting hacked into undisclosed amount stolen through undisclosed attack vector changing payment addresses and then the administrator taicho reimbursed users for however much was lost one has to think when he was making 30 grand a month he didn't want his income to go away it might have just paid out-of-pocket who knows then also this big currency exchange for Bitcoin where you could exchange US dollars for bitcoins mount GOx they were using unsalted passwords for quite a while and then they ultimately switched over to salted passwords but for users who hadn't logged in in a while their accounts still had unsalted password hashes and basically what happened is someone through again an undisclosed attack vector got a hold of the username and you know password hash database ran it through your run-of-the-mill hash lookup table and got about access to 9 million dollars worth of accounts attempted to withdraw the money trading ended up freezing for about a week and that devalued the Bitcoin market from about two hundred million dollars to about 100 million dollars because of
lack of confidence then attack vector dimwits full and his bitcoins are soon parted you can have traditional 419 style scams such as I'm a Nigerian prince with 89 million bitcoins and you know you can have fake gift card sites plenty of those have been spotted in the wild fake investment sites fake mining pools possibly i'm not sure that we've seen any in the wild yet but it's certainly a real possibility fake currency exchanges are definitely out there no charge back really means easy pickins you know you can't call up American Express and say hey someone just stole 500 bitcoins from me can you guys do a chargeback there's definitely an inverse correlation with tech savvy and victimization among things like this there is really no patch for human stupidity so if you've got stupid people using Bitcoin you're going to run into a lot of theft and attack vector Wales and
hft kind of borrowed have a whale term from Las Vegas here but anyone with enough assets can really directly move the Bitcoin market kind of more in economic attack but the idea would being that you have enough assets to exert partial market power and then you can just sell and buy and that would artificially inflate and deflate for price you can pretty well camouflage that by simply splitting up all of your large accounts into a bunch of small accounts and it's pretty hard to distinguish from regular trading when the market is fluctuating enough then high-frequency trading already you've probably read about this on Wall Street but that's where you have automated trading for small marginal gain repeated ad infinitum coupled with market movers you can really get an unfair advantage but the market does become harder to move more Bitcoin grows then vending
machines in phinney this is the Finney attack basically if you accept a transaction without having any confirmations the attacker can create a nun blonde broad casted block and then send the same coins to himself in that block then let's say walk up to a vending machine it takes bitcoins and by the time the vending machine has its transaction processed the attacker has already sent their bitcoins to himself instead of a vending machine so pretty simple solution around this is to just have some type of stored value card where you require instant transactions you know you need to use bitcoins at 7-eleven or vending machine you just go ahead and load up your stored value card and then you use that BRB FBI so dan
kaminsky you already really touched on this a lot i'm going to skip over a lot of this but the basic thing is a lot of what's done in bitcoin is public you know the addresses the transaction records in theory as far as anonymity goes this in and of itself wouldn't be a problem what ends up happening those you've got a lot of users like you said on forums who were you know posting hey donate to my bitcoin address or you know you've got people reusing the same Bitcoin addresses over and over again and what you can do and want to read Harrigan showed in their paper I'd highly recommend everyone to go out and read that paper is that bitcoin is really not that anonymous you know unless you're sitting around wardriving ten towns away you know so it's just not that anonymous and sites like Silk Road have really started to give it quite a bad name but basically don't be surprised if the party man rolls up if you do any legal stuff on Bitcoin
then we've got application-specific integrated circuits already kind of talked about this but the idea behind it is you've got a specialized piece of computing hardware specialized chip that would be custom built just for mining bitcoins or just for doing sha256 very high upfront development costs in this but there are much more efficient than using graphics processing units for mining bitcoins I've already got an anecdotal report but they're deployed in at least one Bitcoin mining operation and again just like a botnet they could represent a very high percentage of network hashing capacity and we really wouldn't have any way of telling then
we've got the GPU shortages that have been caused by Bitcoin the radeon HD 5850 900 series have been the hardest hit right about the time Bitcoin went up to thirty dollars there were just huge shortages like my local micro center had no x 800 or x 900 series rating GPUs left in stock weak weak Bitcoin hit 30 even I think had some x700 selling out people were that desperate to mine bitcoins and get in on the action demand-pull inflation has been driving up retail prices about thirty percent I think they're starting to come back down a bit now with the fever around Bitcoin dying down a little the 5000 series are more efficient minima 6000 series and mining bitcoins and even the 6000 series beats and video by a lot the GPU hash cracking talk yesterday had a had a pretty interesting some pretty interesting info about that each GPU was representing around fifteen dollars a day in profits of revenue or fifteen dollars a day in our revenue at peak prices and then a couple oddities that
are relatively funny we've run across a couple anecdotes of Bitcoin miners suspected of growing marijuana because they've had very high electric bills they've been rated and it turns out well they're farming currency you know they've got a server farm going and it's just using a really a lot of power there's one Bitcoin miner also who suffered brain damage after heat stroke he slept in a non air-conditioned room with a bunch of mining rigs and you know don't do that but coined org has a lot of pretty good humorous stories like that and that's pretty much in any quick
questions he