Breaking and Fixing Gridcoin


Martin Grothe, Tobias Niemann, Juraj Somorovsky, and Jörg Schwenk, Ruhr-University Bochum


Bitcoin has been hailed as a new payment mechanism, and is currently accepted by millions of users. One of the major drawbacks of Bitcoin is the resource intensive Proof-of-Work computation. Proof-of-Work is used to establish the blockchain, but this proof of work does not bring any benefits and arguably is a waste of energy. To use these available resources in a more meaningful way, several alternative cryptocurrencies have been presented. One of them is Gridcoin, which rewards the users for solving BOINC problems. Gridcoin currently possesses a market capitalization of $ 23,423,115.

In our work we conducted the first security analysis of Gridcoin. We identified two critical security issues. The first issue allows an attacker to reveal all email addresses of the registered Gridcoin users. Even worse, the second issue gives an attacker the ability to steal the work performed by a BOINC user, and thus effectively steal his Gridcoins. These attacks have severe consequences and completely break the Gridcoin cryptocurrency.

We practically evaluated and confirmed both attacks, and responsibly disclosed them to the Gridcoin maintainers. We developed backwards compatible design changes for the Gridcoin system, in order to protect users’ trust into this promising approach.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {206164,
author = {Martin Grothe and Tobias Niemann and Juraj Somorovsky and J{\"o}rg Schwenk},
title = {Breaking and Fixing Gridcoin},
booktitle = {11th USENIX Workshop on Offensive Technologies (WOOT 17)},
year = {2017},
address = {Vancouver, BC},
url = {},
publisher = {USENIX Association},
month = aug