In the past few days, the media reported about the 51% attack(s) against Ethereum Classic (ETC) that presumably used hash-power from the NiceHash platform. In this press release, we try to explain and inform the general public about this event and resolve some misconceptions about NiceHash that continuously appear in the media.

NiceHash does not support or enable 51% attacks, but its hash-power might be abused by the attacker's pool. We believe such deliberate and harmful actions should be taken very seriously. At NiceHash, we undertake all the necessary steps to prevent or help prevent market disruptions, market manipulations, or misuse of the NiceHash hash-power marketplace. Upon receiving or identifying sufficient evidence of activities violating our Terms of Service, NiceHash takes all the necessary steps to prevent further abuse or misuse of NiceHash Services. In such cases, NiceHash closely cooperates with law enforcement to ensure that further investigations and undertakings are conducted swiftly, lawfully and according to our Terms of Service and Privacy Policy.

In the case of ETC we have received a complaint from etclabs.org and immediately launched an internal investigation. We are directly communicating with etclabs.org to resolve the situation.

How does NiceHash work?

There is a big misconception about how NiceHash works, so it is appropriate we first explain what NiceHash is.

NiceHash is a hash-power broker. Think of it as an ISP for blockchain. Just as your internet service provider (ISP) can deliver you packets of data over the internet infrastructure, NiceHash can deliver packets of data to mining pools. These packets of data can be described as hash-power.

Buyers participate in an open marketplace where they can select the algorithm that they want to support with hash-power. They choose a pool (that will accept the hash-power from NiceHash), set the price that they are willing to pay for hash-power, and place the order. Once the order is getting fulfilled by miners connected to NiceHash, their hash-power data is forwarded to the pool that the buyer has chosen for mining. For each valid share they submit, they get paid in bitcoins for the price determined by the current weighted average and refreshed each minute. In the end, the buyer receives the crypto-currency from the pool.

It is imperative to understand that the same algorithms can be used to support multiple PoW blockchains. NiceHash does not have any way to monitor if a particular algorithm hash data is supporting this or that blockchain. Only buyers of hash-power know this and pools that receive such hash-power.

Can NiceHash prevent abuse of its hash-power for 51% attacks?

Technically, it is impossible for NiceHash or any other miner behind a pool to detect if its hash-power is/will be abused for a 51% attack. Mining pools deliver (to NiceHash) only information necessary to calculate a block hash. From this information NiceHash can not know what blockchain transactions pool included in the block, is this block part of the legitimate or parallel blockchain, what is the beneficiary address of the block reward, etc.  Additionally, the way 51% attack usually works, an attacker is building his own version of a blockchain offline and then submits it later without transactions that he wants to hide, causing blockchain reorganization. Since attack happens later than mining (usually a few hours after), no miner, no blockchain node or any other blockchain participant can distinguish between legitimate and attackers pool during mining time. And as we can see in the recent attack against ETC, even after an attack happened, it might take days to finish the analysis of events to figure out if there was an attack and who was the attacker. Even if we could observe all the blockchains at once, it is impossible to know if there is a malicious actor involved. Many users also use private pools that are inaccessible for monitoring.

How to prevent or mitigate a 51% attack?

This question was asked even in the famous Satoshi whitepaper. The answer was and still is - in a truly decentralized proof-of-work solution you can’t. The only thing one can do is make a price of an attack higher than attacker reward.

NiceHash is giving everyone with smaller and less secure blockchain projects a chance to make them safer. Such projects should be renting hash-power and thus raising the hashrate of their blockchain. It is always a good practice to have a portion of funds allocated for security. If a blockchain is under attack, such an attack can be mitigated by using NiceHash!

To keep a PoW-based blockchain with small hashrate safe, we highly recommend periodically renting of hash-power through NiceHash. Such activity can always result in making PoW blockchain more secure. Furthermore, coins produced in the process can cover almost the entire investment in security.

If we want to build a truly decentralized world, we can not impose limitations. Just like ISPs can't guarantee that all internet traffic is not malicious, NiceHash cannot be responsible for the security of every blockchain infrastructure. The question of security becomes the question of the community and its creators. We must accept that if we want a true decentralization.

We are always open to a debate regarding this topic, and if you want to get in contact with NiceHash, do not hesitate to contact us.

Your NiceHash team.