Dear D20 Network Community,
We are writing to inform you about a time attack that began on our network on May 28, 2024, and is still ongoing.
What is a Time Attack?
In simple terms, a time attack is a type of network manipulation where an attacker attempts to manipulate the timestamp of the blocks in the blockchain. This can cause a variety of issues, including difficulty spikes and syncing problems.
In more technical terms, a time attack involves an attacker mining blocks with manipulated timestamps, causing the network to miscalculate the difficulty of mining future blocks. This can lead to an artificially high difficulty, slowing down block creation and causing syncing issues across the network.
Impact on D20 Network
This attack has caused a significant spike in difficulty and has led to tremendous syncing issues across our network. It has also halted the creation of new blocks.
Our Response
Given the niche nature of our chain and the fact that our user base isn’t advanced enough to bring in the necessary hashing power, we have put a contingency plan in place to restore the network. We want to assure you that this contingency will be available to our active user base no later than Wednesday of the coming week
Transition to Proof of Stake
In response to the recent time attack, we are transitioning our network to a Proof of Stake (PoS) blockchain. This is a significant step towards enhancing the security and efficiency of our network.
What is Proof of Stake?
Proof of Stake is a consensus mechanism used in blockchain networks. . Unlike Proof of Work, which requires miners to solve complex computational puzzles, Proof of Stake chooses validators based on the number of coins they hold and are willing to ‘stake’ as collateral.
How Does Proof of Stake Help?
Proof of Stake offers several advantages that make it an effective solution against time attacks and 51% attacks:
- Security: In Proof of Stake, an attacker would need to own 51% of all tokens, which is economically impractical3. This makes the network more secure against 51% attacks.
- Energy Efficiency: Proof of Stake does not require massive computational power, making it significantly more energy-efficient than Proof of Work.
- Scalability: Proof of Stake can handle more transactions per second, improving the scalability of the network.
Proof of Stake vs Proof of Work
Compared to Proof of Work, Proof of Stake offers several benefits:
- Reduced Power Costs: Proof of Stake requires less computational power, leading to significant reductions in energy consumption.
- Increased Security: Proof of Stake is considered more secure as it requires validators to have a stake in the network, discouraging malicious activities.
- Decentralization: Proof of Stake encourages more users to participate in the network as validators, promoting decentralization.
Network Snapshot and Token Deployment
To ensure a fair transition, a network snapshot was taken of blocks not effected by the attack. This snapshot will assist in the deployment of tokens to those who honestly minted before the attack. We are committed to ensuring that all honest participants in our network are recognized and rewarded appropriately.
We believe that this transition to Proof of Stake will not only help us recover from the current attack but also strengthen our network against future threats. We appreciate your support and understanding during this transition.
Legal Actions and Documentation
We understand the severity of this situation and are taking all necessary legal actions. Due to the significant time and monetary expense lost as a result of this attack, we have notified both local and federal authorities. We are committed to pursuing all available legal avenues to address this situation.
In addition, we have been meticulously documenting every aspect of this attack. This includes all communication, or lack thereof, with our partners, community members, team, hosting providers, and those services that handle our cloud infrastructure. We believe that maintaining comprehensive records of these events will be crucial in any future legal proceedings and in preventing such incidents in the future.
We are taking several steps to minimize costs during this process:
- Efficient Legal Representation: We are working with legal professionals who are experienced in dealing with such incidents. Their expertise allows us to navigate the legal process more efficiently, reducing unnecessary expenses.
- Proactive Investigation: By conducting a thorough and proactive investigation, we aim to gather substantial evidence quickly, reducing the need for prolonged and costly investigations.
- Negotiation and Mediation: Where possible, we are exploring negotiation and mediation as alternatives to court proceedings. These methods can often lead to faster, less expensive resolutions.
- Community Support: We are leveraging the support of our community in various ways, such as gathering information and raising funds, which can help reduce costs.
- Preventive Measures: We are investing in robust security measures to prevent future attacks. While this involves an upfront cost, it will save us from potential expenses related to future attacks.
The Attacker
We have identified that the attacker used Vultr Cloud Services to orchestrate the attack. Unfortunately, Vultr has been unhelpful in resolving the issue and dropping the attacker from their services.
In addition to the time attack on our network, the attacker has also been attempting a Denial of Service (DoS) attack against our website. This attack has been occurring almost like clockwork, nightly at 11:30 PM Mountain Standard Time.
A Denial of Service attack is a malicious attempt to disrupt the normal functioning of a network, service, or website by overwhelming it with a flood of internet traffic. In our case, the attacker has been trying to make our website unavailable to our community by inundating it with traffic at a specific time each night.
However, we want to assure you that we have been successful in mitigating this attack nightly since the beginning of this incident. Our team has been working tirelessly to ensure the availability and integrity of our website and services. We have implemented robust security measures to prevent such attacks and will continue to monitor and improve our systems to protect against future threats.
Final Words
We understand the inconvenience this may cause and appreciate your patience as we work to resolve this issue. We are committed to maintaining the integrity of the D20 Network and will continue to take every necessary step to prevent such attacks in the future.