51% Attacks Are a Growing Threat to Smaller Blockchains; Komodo May Be the Solution
01.31.2019

Komodo, an intriguing project that could help address the increasing risk of 51 percent attacks on smaller blockchains, today announced a partnership with the CoinBene exchange. CoinBene will recommend Komodo’s chain-security solution to projects whose token it lists and which CoinBene deems at risk of 51 percent attack. The exchange will also begin “initial exploration” into Komodo’s atomic swap capabilities, which would allow for trustless peer-to-peer trading of digital assets across blockchains. Komodo’s native token, KMD, will also begin trading on CoinBene February 1.

CoinBene is nominally one of the world’s largest exchanges, but that comes with a big asterisk: according to a December report from the Blockchain Transparency Institute, CoinBene is home to massive “wash” trading. That fake trading inflates the exchange’s reported volume, with actual trading only 1 percent of the amounts listed on ranking sites like Coinmarketcap.

CoinBene, in a statement to BREAKER, blamed third-party activity by market makers and API users exploiting the exchange’s fee structure and “looking for trading arbitrage opportunities.” However, CoinBene may also be misrepresenting its volume to attract listing fees: the small privacy coin BitcoinZ reported making a payment of 10BTC to CoinBene when it tried to get listed there, at an unknown date. Signs of fake volume have led the BTI to list CoinBene on its “advisory list” of suspect exchanges.

Explainer: What is a 51 Percent Attack? 

In a statement, Komodo said it was aware of allegations against CoinBene, but that “we do not have the ability to validate or demerit the allegations against CoinBene ourselves … We look forward to working with CoinBene and other top exchanges to explore increased trade volume transparency through atomic swaps, a well as addressing the security vulnerabilities—including 51 percent attacks—digital asset exchanges are facing.” Komodo’s services are available to any prospective user, not just through CoinBene.

Komodo is a top 100 token and is already listed on several exchanges, including giant, reputable Binance, where daily KMD/BTC volume is over $150,000. There’s little reason, then, to think Komodo is simply buying attention with the CoinBene deal, and though we debated whether or not to cover the announcement after learning about CoinBene’s sketchiness, Komodo itself is simply too interesting to ignore.

That’s especially true in the wake of several 51 percent attacks on relatively large blockchains including Ethereum Classic, Verge, and Vertcoin. As the crypto bear market continues and “cloud mining” services make it easy to rent mining power, it has become shockingly easy for bad actors to simply rewrite some vulnerable proof-of-work blockchains, allowing them to move, steal, or double spend digital tokens.

Komodo offers a conceptually simple (though no doubt cryptographically sophisticated) solution that it calls “delayed proof of work.” Every ten minutes, the latest block of Komodo transactions is distilled into a single string of digits known as a hash. That hash, which contains highly condensed information about the state of the Komodo ledger, is then written into the bitcoin blockchain by an entity known as a Notary Node using bitcoin’s Op_Return function. This acts as a backup, making it effectively impossible for a 51 percent attacker to erase or change transaction records. Komodo’s Notary Nodes are elected annually, but Komodo blocks themselves are conventionally mined using the same open-access Equihash proof-of-work algorithm as Zcash, from which Komodo was initially forked.

Komodo offers the same backup service to other blockchains for a small yearly fee. “If someone wants to 51 percent one of our customer chains, they would have to have 51 percent of the hashrate of that chain, the Komodo chain, and the Bitcoin blockchain all at the same time,” says Lee. Obviously, that’s a tall order for even the most ambitious crooks. Komodo already has customers including Einsteinium and KREDS, exactly the sort of small blockchains that could probably be kicked over with ten grand and an AWS account. (Komodo also pays, according to the project’s whitepaper, a whopping 180 BTC per year in transaction fees for the privilege of piggybacking on bitcoin.)

It must feel like defeat for an independent blockchain to have to lean on bitcoin for security.

But Komodo has a lot more going on, including what it frames as the only truly viable solution to blockchain tech’s most pernicious problem: scaling. Most blockchains based on the trusted proof-of-work security architecture, including bitcoin and Ethereum, have relatively long confirmation times as transactions propagate across nodes. When traffic spikes—as Ethereum’s did when the CryptoKitties craze hit—processing can slow to a crawl. This is particularly daunting for Ethereum, since new projects are issuing ERC-20, ERC-721, and other tokens on a near-daily basis, each one potentially the straw that breaks the camel’s back.

Komodo offers some of the same features as Ethereum, including smart contracts and the ability for third parties to issue tokens. But it works around the scaling problem with what it calls a “federated multi-chain architecture.” Each new project that joins the Komodo platform, says Lee, is set up with its own independent proof-of-work blockchain. Those many “federated” chains are built to allow easy, decentralized “atomic swaps” between Komodo-based assets, and get the security of Komodo’s backup-to-bitcoin dPoW solution.

But, according to Lee, Komodo otherwise gives its customers broad discretion to tweak their blockchain to their own specifications. That may make Komodo more appealing than Ethereum in the long run: It has become increasingly common for systems to launch as ERC-20 tokens, then run into frustrations with Ethereum transaction cost or speed, then jump ship to another blockchain platform such as Stellar or EOS. Komodo goes one step further, balancing the security of shared infrastructure with the flexibility of an independent chain.

Subscribe to the BREAKERMag newsletter for a weekly roundup of blockchain and tech news

The federated structure could also allow for greatly increased transaction volume. Komodo says it has already hit nearly 20,000 transactions per second in a live public test, compared to Ethereum’s practically glacial 15 tps. Because each sub-chain is independent, with its transactions compiled and stored by notary nodes, adding more assets to Komodo doesn’t threaten to bog it down, as with Ethereum. In some ways, the federated model resembles sharding proposals for Ethereum, though those are reportedly many months from implementation.

Komodo’s new relationship with CoinBene may or may not amount to much, both because the terms seem pretty vague, and because it’s unclear how many human beings actually trade on CoinBene. But conceptually, it’s interesting; it has so far been unusual for exchanges to take proactive responsibility for the security of coins it lists, even if that’s limited to recommending that at-risk currencies use a backup solution.

The recommendations could drive growth for Komodo, though, and according to Lee, Komodo has experienced some hesitation when it pitches its help directly to other blockchain projects. Many, he says, insist they can handle their security risk on their own, and that’s understandable: It must feel like defeat for an independent blockchain to have to lean on bitcoin for security. It also seems quite maximalist in its implications, pointing toward a possible future in which bitcoin is the hyper-secure center of a broader universe of smaller or more experimental systems. But ideology aside, maybe it’s better thought of as an insurance policy or preparation for a worst-case scenario—and those are pretty well standard for any business you’d want to put your trust in.