Defending The Indefensible With Scala, Or The Hitchhiker’s Guide To 51% Attacks

This article was originally published on The Daily Chain, 17th October 2020.

“I’d say security is never absolute, no one has the key to perfect software, or the perfect consensus algorithms, but with things like LdPoW we’re trying to fix very real problems that we and countless other projects face because we’re small networks prone to being attacked.”

Hayzam Sherif, Scala Founder, October 2020

There exist thousands of crypto currencies and many of them are forks of Monero. While it may not necessarily require a lot to stand out from a crowd littered with dull clones, it does take a lot to rise above it. Doing so demands innovation.

In this article we explore Scala (XLA), a privacy coin which has succeeded in securing what few others have: 51% attack resistance.

51% Attacks For Breakfast

The vulnerability of Proof-of-Work (PoW) coins to 51% attacks is a well established fact of crypto.

There have been several 51% attacks on proof-of-work blockchains in recent weeks, including Verge and GameCredits, but the most noteworthy has been the attack that saw hackers make off with up to $18 million after a successful double spend was executed on the Bitcoin Gold network.

51% attacks and the future of PoW (2018)

In these attacks a person or group who holds the majority of a network’s hash power can control the destiny of all its transactions. An attacker can refuse to process some transactions while gladly double-spending their own. Like kryptonite to Superman, 51% attacks render their victims defenseless.

These attacks have been made easier in recent years with the growth of mining rental services, and websites even provide statistics for hourly costs of attack.

Don’t Panic

Unlike many coins which often use hybrid Proof-of-Work and Proof-of-Stake consensus mechanisms to mitigate 51% attacks, Scala has made a novel twist on Delayed Proof-of-Work (dPoW) to secure their own.

Created by the developers at Komodo, dPoW employs a group of democratically elected “notary nodes” which are tasked with taking snapshots of a blockchain state and uploading block hashes to the Bitcoin ledger. The results are security checkpoints that nodes on a network can fall back on in case of attack.

Projects outside Komodo can also enjoy these security benefits by paying the notaries to snapshot their chains and notarize that information in the block hash they send in their Bitcoin transactions once every 10 minutes (here is an example of such a transaction).

Although dPoW presents an elegant method for securing a chain by leveraging Bitcoin’s hash power to preserve a trustworthy checkpoint of a chain state, it is with no small degree of irony that the decision to use Bitcoin as storage proves problematic. At least for some.

Delayed Proof-of-Work is pricey and some feel that dPoW and other technologies that store data on Bitcoin needlessly bloat the ledger. Last year for example Veriblock was criticized by some for spamming Bitcoin.

Work, But Lighter

Rather than enshrine data on Bitcoin, Scala’s Light Delayed Proof-of-Work (LdPoW) uses the Interplanetary File System (IPFS) in combination with ZeroNet for the same purpose. Sybil attacks are prevented by the hardcoded notaries who also run as IPFS nodes hosting the snapshots.

“Not everyone can run an LdPoW node, only the ones that are elected are able to run, anyone who runs the Daemon outside of these 16 nodes won’t even be contacted by the local Daemon, the local Daemon has a list of these 16 nodes hardcoded.”

Hayzam Sherif,

And why not use IPFS? The Scala team don’t wish to burden Bitcoin. Using IPFS is a much cheaper alternative, and one which can scale to more than one snapshot every 10 minutes. LdPoW went live on Scala’s mainnet in July as part of its Panthera update.

But surely nothing is as secure as Bitcoin? To this Scala creator and developer Hayzam Sherif had this to say:

“I’d say security is never absolute, no one has the key to perfect software, or the perfect consensus algorithms, but with things like LdPoW we’re trying to fix very real problems that we and countless other projects face because we’re small networks prone to being attacked.”

There is a need for technologies like dPoW and LdPoW, as any of the hundreds of PoW coins which have been successfully attacked can attest. Ethereum Classic is only the most recent example of a coin which could have benefited.

Hayzam Sherif

We will hear more from Hayzam in a few moments. I asked him to describe himself and with some modesty he replied, “I’m a very boring person actually, but my background is actually medical science and I’ve been working with computers for a very long time, I own a small start-up in my hometown and do cool computer stuff for making a living.”

Sherif’s modesty was rapidly confirmed when a blog post from an iPhone jailbreak site was brought to my attention. In the article titled “Conversations with Hayzam Sherif, 17-year old Hacker and Coder” Hazan is asked about his past.

“By the time I was 15, I found some security vulnerabilities for companies like Instagram. I was paid some amount of money which motivated me further.”

The Scala founder is quick to point out that Scala is a team effort. He was interviewed in a podcast last year (when the project was still known as Stellite), and remains self-effacing.


As the name suggests, Scala has an interest in scaling. This takes form in its Paypal-like payment gateway (ScalaPay) and its Android miners that are optimized for ARM processors. The former offers zero confirmation private transactions, and the latter an intelligent temperature control (As-Much-As-You-Can) designed by Scala developers to prevent over-heating in mobile devices.

So Scala presents three distinct innovations: LdPoW, ScalaPay and AMAYC (with a fourth in the pipeline).

But let’s cast a more critical eye over these technologies. Is security in the first weakened by using IPFS, and is mobile mining a gimmick?

“IPFS serves the purpose extremely well, pinning files on IPFS is much cheaper than executing transactions on BTC just to store data and both of these are immutable and uneditable once live.”

“Mobile mining actually started off as an experiment and we feel like profitability is a relative term, right now you’d earn pennies mining all day, but just like any experiment we learned a lot from this one. And yes, to answer your question ARM CPUs seem to have a marginal edge over the regular desktop/laptop chips but it still isn’t feasible for anyone to make a decent chunk of change with (relatively speaking).”

“The profitability dilemma I would say is what brought us to think about the CDN. In India if your phone can magically make 5 INR a day it’s considered god send. But 0.05 USD doesn’t sound too appealing.”

At my request Hayzam elaborated on “ profitability dilemma” and his mention of CDNs.

“Okay so basically we figured, what does mobile phones have that PCs/laptops don’t, and what is this commodity that is in abundance in the poorest countries but in scarcity in the richest ones? The answer might surprise you and it’s “mobile data”, India with over 1.3B people and one of the worlds largest smartphone adoption scales, has the absolute cheapest internet according to”

“Even myself, I pay less than 4.08 USD for 80 gigabytes of data, and some telcos even give away unlimited data, now hosting 2400 GB of data on AWS per month is like 50 bucks, why can’t we just split that into chunks and distribute it across these tiny pocket devices. So anyone with access to cheap data can reap rewards. “

“Companies like Netflix waste millions of dollars each year giving money to providers so that they can host videos, I don’t know if you remember Popcorn Time did it for free. And they were a major competitor!”

“We intend to use this awesome tech called webtorrent for distribution of files, because it’s fast and dynamic, all the good from torrents but it’s based on webrtc so even browsers can access the files that the phones distribute.”

Scala’s experiment with mobile mining became the genesis for Phantom, the project’s fourth innovation, a distributed CDN currently under development.

In a Snapshot

ScalaPay is being overhauled, improved and rewritten. Phantom is under development. The team have arranged some funding by reworking the tokenomics and all-in-all the future looks good for Scala.

Undoubtedly there is a long way to go before Scala gets wider recognition, a distance most likely to be measured with marketing and exchange listings — because the innovations from this unassuming Cryptonote coin are already on Github and (unlike its private transactions) there for all to see.

If you want to learn more about Scala (XLA) check out their website, github, twitter, and join them on discord.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


The Immutable Network (DARA), founder. Immutable builds free blockchain products and platforms to fight censorship and stop data loss. Also a journalist/writer.