Just two lines of poorly written code were enough for a hacker to famously syphon 3.6 million ether from The DAO in 2016, worth $50 million at the time. Ironically, the area of exploited code contained a note from DAO developers encouraging users to, “be nice.” Clearly, this positive message wasn’t enough of a deterrent to stop said hacker doing exactly the opposite.

Now, it is mining pools which are profiting without doing any work—but this time, they're playing by the rules. Data from crypto intelligence platform CoinFi and analytics platform Alethio suggests Ethereum has succumbed to a process called “spy mining” or “SPV mining” which was prevalent in Bitcoin from 2015-2016.

Etherdig, a mining pool, is using the process to effectively collect mining fees— without having to actually process any transactions. It’s cheating the network, but not doing anything technically wrong. However, the loophole is so bad, if everyone did it, it would slow down the network and mining pools could run selfish 51 per cent attacks, effectively running their own versions of Ethereum they then publish to the community.



The Ethereum network creates around 5,800 blocks per day, in order to validate the current 540,000 daily transactions taking place. In return, miners receive, on average, three ETH ($687) in mining rewards per block. The majority of rewards come from mining the block, but a small amount is earned from users, via transaction fees.

Etherdig, the mining pool capitalizing on the loophole, has mined over 1,250 blocks in the last three months, without validating a single transaction. As a result, it’s received 3,750 ETH ($862,500) in mining rewards. Instead of gathering transactions, confirming them and including them in blocks, it has been creating blocks that just contain the phrase, “Interim Global Authority,” a reference that appears to be related to the popular computer game, Colony. Etherdig did not reply to queries from Decrypt seeking comment.



You can see CoinFi’s research into the empty blocks here.



Miners compete to create the next block by performing a computational race. Typically, miners have to wait until a block has been broadcast before they can start this race but sometimes pools find a block and start mining on it privately. By spying on such mining pools, Etherdig can get the necessary block information it needs to create its own empty blocks. With this head start, Etherdig can get ahead of the other mining pools and create blocks faster than its computing power–expressed as its hashrate–would normally allow.



“From early September, some miners have started consistently mining empty blocks. The average block time of these blocks is 15 per cent shorter than for blocks filled with transactions. The data suggests that spy mining is taking place,” says Johannes Pfeffer, co-founder of Alethio.



A wider issue for Ethereum

Another mining pool, F2Pool has also been mining empty blocks. It is currently the third largest mining pool in the network with 12.5 per cent of the network hash rate and is mining empty blocks at a much higher rate than Etherdig. At the time of writing, it has mined 100 empty blocks in 24 hours. That’s 1.7 per cent of all blocks on the network. F2Pool did not reply to queries from Decrypt seeking comment.





However, the majority of F2Pool’s blocks do contain transactions so it is contributing to the network. While Etherdig seems to be spy mining, it appears F2Pool is carrying out something called selfish mining. In selfish mining, when a miner in a mining pool discovers a block, it lets the rest of the pool work on its block header in order to gain a time advantage on the next block. Essentially, a selfish miner creates a private blockchain that it, and its pool, can work on more quickly. When it’s solved more blocks than the public blockchain, it publishes its version (which is now longer) to the public chain. When this happens, miners spot the longer chain and join it, allowing the selfish miner to gobble up the block solving rewards. Spy miners are effectively eavesdropping on the whole process, making things worse.



The increasing use of spy mining is a potential problem for Ethereum. Empty blocks are being propagated at a 15 per cent faster rate which means spy miners are rewarded with an up to 15 per cent increase in revenue. If mining pools all jump on the bandwagon, blocks picking up transactions may get fewer and far between. This means transactions would take longer and gas fees could rise. It could also drive legitimate miners to other coins, reducing the security of the network.



An answer in the past

The good news is, we’ve seen these empty blocks before. The Bitcoin network had some 100,000 empty blocks mined over two years that saw miners reap the rewards for what other people sowed. The solution came in the form of a small upgrade to the network’s core code, which made it tougher for miners to eavesdrop on their competitors.



But that solution came at a time when Bitcoin was small, and developers were happy to work together. Subsequently, the Bitcoin and Bitcoin Cash communities have developed a love of in-fighting where mining pools appear to have a large say in the matter.



Ethereum meanwhile has a different, albeit more high-class problem: Its developer community, some 250,000 strong according to Consensys, is large and ponderous—and that comes at the expense of innovation. On the other hand, the sheer number of developers may help them to wrap the issue up quickly.

The main issue is not selfish mining but spy mining. While F2Pool is mining a mix of transaction-filled blocks and empty ones, Etherdig is almost solely mining empty blocks. Ethereum’s parasitical miners make bitcoin’s bed bugs seem almost cute in comparison.

Please note: This article has been edited as miners do not wait for transactions before they start mining.

Update: Etherdig stopped mining empty blocks using the address mentioned on October 5.

