I’ve written about consensus algorithms in cryptocurrencies before. If any of the concepts below seem unfamiliar, I recommend a quick read of that article.
What is a 51% attack?
A 51% attack occurs when an attacker (or group) controls more than half of the network. 51% attacks are also referred to as majority attacks. With Bitcoin and other proof-of-work currencies, controlling the network means controlling the hash rate or computing power.
Hash rate is the rate at which a computer calculates hashes and is presented as hashes per second. For Bitcoin, each hash is a double SHA-256 hash calculation. Hashing is what miners do on the network to solve mathematical puzzles.
The current hash rate for the Bitcoin network (as of 6 June 2018) is 43 tera (trillion) hashes per second. If an attacker owns over half of this, they can almost guarantee success in launching an attack. In fact, a malicious actor could perform an attack with less than half the hashing power. But it would stand a much lesser chance of success. If an attacker controls 10% of the hash rate, and the receiver waits for 6 confirmations, the chance of success is 0.1%. Once they control more than 50%, their success is 100%.
When an attacker takes control of the network, they can reverse transactions made while they’ve been in control and prevent some or all transactions from gaining any confirmations. They would be able to “censor” specific transactions from taking place. Malicious actors can also engage in double-spending.
What is double-spending?
Let’s say our nefarious user Chuck sends Bob 1 bitcoin. This transaction (call it Transaction A) goes into the unconfirmed transactions pool, ready to be picked up by miners. At the same time, Chuck sends Alice 1 bitcoin too. This transaction (call it Transaction B) goes into the same pool of unconfirmed transactions.
Even though Chuck only has 1 bitcoin, he sent out the same bitcoin twice. As you know from the consensus article, only one of these transactions will be validated. A miner pulls Transaction A out of the pool, validates it, and the transaction is added to the blockchain. When Transaction B is pulled, it will be invalid as Chuck’s 1 bitcoin expenditure has already been processed, so the invalid transaction will not be confirmed.
What happens if Transaction A and Transaction B are both validated simultaneously? The blockchain will split. The blockchain favours the longest chain, so the first chain to add the next block will become the primary chain, and the transactions in the other chain will go back into the unconfirmed pool. But what if they both add another block at the same time? The fork will continue to grow with a block each until it reaches a point where one “wins” and becomes the primary chain. Thus, it’s important to wait for several confirmations before accepting the transaction as final or confirmed. This is because while the split is in progress, any of the chains are at risk of being orphaned.
How a majority attack allows double-spending
In a majority attack, Chuck can spend his bitcoins in the current public blockchain (the chain maintained by the rest of the miners), whilst mining his own private blockchain. Chuck uses his bitcoins in the public chain to buy a Lambo, a house and a boat. He also ensures that his private chain doesn’t include these transactions.
Once Chuck’s private chain is several blocks ahead, he broadcasts his private chain to the network. Because he has most of the computing power, his private chain will always be the longest, and the network will accept the longer chain as the main chain. In his version of the chain, he never spent his bitcoins, allowing him to spend it again once his chain is accepted as the primary chain. Hence the term double-spending.
Even exchanges that wait for 6 confirmations will be affected, as the public blockchain could be 10 blocks in before it switches over to the newly broadcasted chain.
Recent attacks
Only a short while ago, 51% attacks were only theoretical. We’re at a point now where they’ve become a reality. Here are a few recent attacks:
- Verge (XVG) suffered attacks in April and May, allowing the attacker to get away with almost $2 million. The attacker spoofed block timestamps. This adjusted the difficulty down and allowed the attacker to mine more XVG quicker.
- Bitcoin Gold (BTG) was attacked in May. The attackers targeted exchanges and got away with over $18 million through double-spending. BTG told exchanges to increase confirmations to 20, and later to 50 to try mitigate the attack.
- Monacoin (MONA) was attacked in May. The attacker inflicted $90,000 of damages. At once point, they controlled 57% of the hash rate.
- ZenCash (ZEN) also suffered an attack in June. The attacker made off with roughly $700,000 after executing at least three double-spends.
51% attacks in a Proof-of-Stake system
For most of this article we’ve been describing majority attacks as it would affect proof-of-work networks. How would a majority attack work on a proof-of-stake system? As you know, in a proof-of-stake system, your influence depends on your stake. For an actor to have a majority, they would need to own 51% of the stake. In the case of smaller coins that use proof-of-stake, this might be possible. For larger coins with market caps in the billions, it almost seems impossible.
Also remember that in a proof-of-stake system, minters can have their stake slashed if they act fraudulently. This kind of attack is thus quite a risky one to perform.
Aftermath of a 51% attack
What is the aftermath of a 51% attack? It all depends how long it goes on for. As we saw from the attacks above, the usually last for a short while only. This is because attacks are costly and maintaining these attacks for a long period of time could end up costing more than the attacker is getting out. The modus operandi is thus to hit hard and exit fast.
But what if an attack continues indefinitely? The coin would be rendered useless and the value would fall through the floor. Nobody is going to use a coin that’s being manipulated by a malicious actor. If you’re an attacker looking to profit, the long-term approach doesn’t provide any financial incentive. If, however, you are a government entity looking to tank the coin because of the threat it poses to financial stability, you might not even care.
Mitigating 51% attacks
One of the ways a coin can recover from attacks, is making changes to their code and algorithm. This can be changes to the consensus algorithm, changes to the underlying protocol, or improving ASIC resistance. These kinds of changes usually require a hard fork, the kind Bitcoin Gold is planning for their blockchain.
A hard fork creates a permanent divergence in the main blockchain. Nodes need to switch over to the new version if they wish to continue mining it. Usually the old fork still continues (Ethereum and Ethereum Classic are examples of this).
This is not the last we’ve seen of these kinds of attacks. As computing power becomes cheaper and easier to provision, coins need to increase their security and harden their defences if they want to survive this new Wild West.
Disclaimer: I am not a financial advisor, and none of the content on this website should be construed as financial advice. The crypto market is highly volatile, and you should do your own thorough research before making any investments.