Shattered is the trust in transactions that happened during the time period where the attacker controlled >51%, from addresses that the attacker also controlled. AFAIK so far they haven't controlled 51% for any amount of time, though they did control more than 33% for a short while, which is enough for "selfish mining." Either way, the attack did illustrate that a government could easily take over XMR if they wanted to. The impact of that, we'll have to wait and see.
Controlling 51% of XMR costs ~$30M per day, you'd have to short a huge amount of XMR to make that worthwhile. Who would be the counter party and how would you do that anonymously?
The attack itself is unprofitable, the "profit" for Qubic is the publicity they get. (or at least that's what they're betting on)
Monero has a theoretical market cap of $4.7B USD and daily volumes >$100M USD. I wouldn't recommend taking that short position in one go but over a few days and a few exchanges I wouldn't see a problem acquiring a very large short of the token.
You'd have to spend $30M per day in order to control 51% of XMR, and then you'd YOLO your life savings (which would have to be another couple hundred million dollars) on centralized exchanges without anyone noticing?
I was completely wrong about the cost. XMR mining rewards amount to only $150k/day.
At the height of the attack, Qubic (the company) paid people up to $3 in QUBIC for every $1 of XMR they mined through QUBIC, and they achieved around 33% of XMR's hashrate which was sufficient to mine the majority of blocks for a few hours.
If they were forced to buy back all those QUBICs they paid out, this might have cost them ~$100k/day. But thanks to the media attention it's likely that they didn't need to buy anything back and actually were able to emit more than they otherwise could have.
XMR needs to adapt -- switch to PoS, or ASICs-based POW, or a hybrid of both.
KAS is PoW, at ~240 times the hash-rate of LTC, ~120 000 000 times the hash-rate of XMR, and 0.0007 times the hash-rate of BTC. Obviously not really comparable...
It's mainly an argument against CPU/GPU mining. If you have invested in specialized hardware that can mine only one coin, you're strongly incentivized to protect trust in that coin. An attacker like Qubic would need to pay you a lot more than they need to pay a CPU miner.
Crypto projects succeed/fail for all kinds of reasons that are completely unrelated to de-/centralization. You'll have to be more specific about what Grin's case should teach us.
>So then, _centralize_ around an ASIC?
ASICs are commodities. For BTC (SHA-256) there are at least 8 different companies producing ASICS, and even a smaller project like KAS (kHeavyHash) has >4 competing companies. Not much centralization risk on that side, at least not for mature projects (which a hypothetical ASIC-XMR would be by now).
The main challenge for ASIC-miners is the same as for CPU- and GPU-miners: cheap electricity -- and that's not something that can easily be centralized.
Since ASICs are built for mining one specific algorithm and no other, ASIC miners are invested in the survival of "their" mining algorithm.
If there are several competing coins using the same algorithm, it may be possible to incentivize ASIC miners to destroy one of them if it benefits the others, but even then it's risky.
CPUs in contrast can be used for a million different things, CPU miners are not incentivized to support any given crypto project. It's also much easier to rent large amounts of CPUs than of ASICs.
It's not like we abused people's trust, and then they stopped trusting us. No, a cabal of evil tricksters tricked them into not trusting us anymore. We're totally trustworthy.
