Update on incident with malicious miner on the network

MWC Team

January 8, 2020

Yesterday, a malicious user began mining on the MWC network. They used a sophisticated attack which combined turning on and off NiceHash contracts, rejecting incoming blocks, and not including any transactions in their blocks. This caused many problems on the network. The attack occurred mostly between around 1 pm EST - 9 pm EST. During that time all miners, including both pools experienced a very high rate of orphans and many transactions that appeared to confirm did not confirm. The transactions were confirmed by miners on the network, but then later the blocks that they were confirmed in were orphaned by this miner. Since the miner did not include any transactions in their blocks, there may be many coins that appeared to be sent that are actually not there. The only way to confirm this is to re-sync your wallet with your node. You can do this in the Qt wallet by choosing "Re-sync with full node" in the menu. Or if you are using mwc713, running the "check" command. On the mwc-wallet, you can run mwc-wallet check. This actually brings up one of the differences between Mimblewimble and other blockchains. Since a block could be orphaned, even when the network is not under attack, it is always a good idea to resync with your full node periodically to ensure you are in the state you expected. Alternatively you could do a recovery from your seed phrase in a new wallet.

While the miner has stopped for now, this miner could return at any time. The main long term solution is to increase the hash rate of the network to the point where this miner is not able to use NiceHash effectively to do this attack thus protecting the network. It seems unlikely that this miner was motivated by profit, instead it must be someone who sees MWC as a threat. We will do all we can to assist the network in defending itself.