[bmcusick]

As opposed to what? Proof of Stake? Not even Ethereum can get that to work securely.

I'm not familiar with all of those small coins, but the problem with Bitcoin Gold is that it uses the same Proof of Work that several other coins use, so a miner can buy ASICs and then switch between coins.

So they can mine honestly on Coin 1 for a while, then switch to Coin 2 and do some double-spend attacks, then when Coin 2's price collapses, they switch back to Coin 1 or move on to Coin 3. The miner has no long term incentive to support the value proposition of any one coin, and they can attack coins that use the same PoW algorithm as their "main" coin at will.

The same problem applies for coins that use ASIC-resistant PoW's, only more so. You can just rent an AWS cluster for an hour to run your attack, then ghost with the profits.

What coin developers need to do is design their proof of work and mining activity to ensure that miners have the same (or close-enough) long term incentives as coin holders.

[snarf21]

I personally am happy about this. Maybe this will get rid of all the worthless alt coins that were created only pump and dump.

There are a lot of smart people out there working on some of these but I think the solution is the ones where alt coins are simple a 1:1 peg and essentially a side chain. All transactions are still mined by the same people so this attacks go away. At worst, we have 2 or 3 pools that are fighting for the fees and in the process keeping each other honest.

[andrewla]

I think this is a bootstrapping problem for all new coins. As you say, novel mining methods are vulnerable to cloud-based "attacks", and existing mining methods mean that the economics of competing with the main coin's mining power can make you vulnerable to sharp swings in mining power.

As unpleasant as it sounds, a centrally managed coin is probably the only effective way to bootstrap a new coin securely at this point. A trusted source or groups of sources has to sign off on a "main" chain periodically until there is sufficient mining capacity that the cost (in coin units) of bringing new capacity online has reached some sort of equilibrium, after which you could soft fork to remove the signing requirement (or just release the private keys for any miner to use and let the consensus algorithm take over).

[admax88q]

> So they can mine honestly on Coin 1 for a while, then switch to Coin 2 and do some double-spend attacks, then when Coin 2's price collapses, they switch back to Coin 1 or move on to Coin 3. The miner has no long term incentive to support the value proposition of any one coin, and they can attack coins that use the same PoW algorithm as their "main" coin at will.

On top of that, I think proof of stake will make this sort of attack 10k worse. With proof of stake there is essentially no resource cost for you to mine an additional fork. Proof of Stake is not computationally expensive, so there's no pressure for you to choose the one coin/chain you want to invest your resources in.

[bigdaddyrabbit]

> ...proof of stake will make this sort of attack 10k worse. With proof of stake there is essentially no resource cost.

This is not true. For a 51% style attack on a PoS chain, you need to acquire a majority of staked coins. Each coin you buy increases the cost of the next coin, (demand/supply and all that), and the price of the coin increases exponentially as an attacker accumulates 51% of the coins.

With PoW, cost of acquiring hashpower is linear (acquiring the last 1% costs the same as the first 1%), which is why PoW is easier to attack.

[amluto]

> For a 51% style attack on a PoS chain, you need to acquire a majority of staked coins.

Not really. All you need is a controlling vote for enough confirmations. At 51%, you’re very likely to have a controlling vote. Below 50%, it’s still possible.

[hndamien]

And that is why these are not decentralised solutions. Just maintain a controlling stake and you are good to go!

[leumas]

For certain scenarios, it's possible to buy your security through anchoring. Use a dpos system to propose blocks on your chain, and then anchor a hash of your state into one tx in every Bitcoin or Ethereum block. Much cheaper solution overall, and allows the system's inflation to fund innovation in the community rather than just act as a subsidy for securing the network.

[dnomad]

There are several coins that have been using PoS for years without known incident. I'm not sure where this idea that PoS is unproven or insecure comes from but it appears to be FUD. The facts on the ground indicate that PoS does work and it can work securely at scale.