1. What is a 51% attack?
A 51% attack is a PoW blockchain vulnerability by which an attacker seizes control over transaction validation and block generation.
2. What does having 51% of the network’s power provide?
By having 51% of the power at their disposal, attackers:
- Prevent other miners (validators) from finding blocks (selfish mining);
- double spend coins to steal from service providers, exchanges, or exchanges (double spend);
- fork the main blockchain, dividing the network into two competing chains;
- prevent transactions or blocks from being validated;
- Collect all blockchain rewards and transaction fees during the attack.
The attack is more serious if the attackers control significantly more than 51% of the network. Then they:
- steal from any deposit-challenge-verify type contracts and state/Lightning Network channels if the attackers were participants in them;
- reduce and manipulate the complexity of the network;
- steal coins that are not dated by a genesis block (by rolling back old blocks and re-receiving rewards for those blocks);
- remove contracts or transaction history (by rolling back old blocks and editing the list of included transactions).
A 51% attack by itself does not allow attackers to
- Get your private key or forge a signature;
- to get hold of coins from a malfunctioning contract;
- send, freeze in, or burn your coins instead of you (except for the techniques mentioned above);
- manage the decisions of full node holders (validators).
3. How many resources would it take to execute a 51% attack?
A malicious mining pool can hire additional resources and launch an attack on a selected cryptocurrency. Based on data from the 51crypto service, the authors of the study “Exploring Blockchain Attack Types” compiled a table of six cryptocurrencies and indicated the attack price per hour (cost).
The data is from April 2019. As we can see, to attack bitcoin, you need to spend $486,000 per hour. An attack on Dash (with a market capitalization of $2.3 billion), costs only $15,000 per hour.
4. What is selfish mining?
A strategy that allows miners to increase their profits by hiding blocks from the public network. Miners do not send a block to the network every time it is generated, but continue to mine new blocks on top of any selfishly found blocks. While competitors mine on top of older blocks, the selfish miner gains an advantage.
There is an unspoken race between the public chain of “honest miners” and the private chain of “selfish miners. The attackers must have enough processing power to make the secret chain longer than the public one.
Once the private blockchain becomes longer than the public blockchain, attackers release it into the network to earn rewards for finding blocks and user commissions. If the capacity of the private network is 25% or more of the entire network, selfish miners will keep winning the blockchain race until another selfish miner or a disadvantaged minority displaces them.
In Proof-of-Work (PoW) blockchains, it is not the longest chain that matters, but the most “backed up.
The longest chain represents the majority of computing power only if there is no monopolist (holder of 51% or more power) in the network. If there is one, then the longest chain may not represent the will of most miners.
5. How does double spend cryptocurrency?
Let’s imagine that the attacker has significant computing power. He pays for a product or service to a vendor, the vendor accepts a large amount of cryptocurrency, and the transaction is almost complete. The transaction is sent to the shared blockchain and after three confirmations, the parties to the transaction say goodbye.
When the villain is convinced that the victim will not find him, he “returns” the coins to himself. To do this, the attacker rolls back the blockchain to an earlier state after sending the money.
Another, more stealthy variant: The attacker mines a parallel blockchain, in the manner of selfish mining. There, instead of a fair transaction, a double-spend transaction was included. Such a transaction sends the same coins to another address belonging to the fraudster. It remains to “feed” the valid chain an alternate batch of blocks (with the correct PoW), expecting the network to accept them.
That way, the network will “exclude” the valid transaction from history. The provider looks in his wallet and sees that he has lost his coins and there is no proof of the transaction. He didn’t even take screenshots of the wallet, didn’t copy the transaction ID when he got the coins.
In theory, if a transaction has one or more confirmations, double spending is ruled out. Many people don’t know what to do when a transaction “disappears” from a bitcoin wallet.
Thanks to such “schemes,” coins are returned to the attacker’s wallet time and time again, and it is possible to spend them twice, three times, and so on. Frequent double-spending leads to the threat of withdrawal of cryptocurrency from trading on exchanges affected by double-spending. In addition, attacked cryptocurrencies lose market capitalization after the attack. For example, the cryptocurrency Verge was attacked in May 2018, and has since lost more than 95% of its value.
6. Hardfork after a 51% attack as a method to create a new asset
A 51% attack can be used to create a new cryptocurrency. The PoW consensus algorithm was developed to prove the integrity of the chain, not to prevent taps.
Suppose attackers covertly mine a few blocks and then “dump” them on the main network. If there is no community support behind the attacker, a fair minority of the remaining 49% will reject such a chain. But a few secretly found blocks allow the attacker to separate from the network and continue mining his own chain, while the other miners continue the old one. Thus two assets emerge, one known to all and the other new.
As long as there are enough miners to make the blockchain work, even the new blockchains formed as a result of the hardfork will not cause significant harm.
7. Is it possible to execute a 51% attack without having 51% power?
Renowned “bitcoin guru” Andreas Antonopoulos believes that the bitcoin network is no longer at risk of a 51% attack because of the resources that miners spend to maintain the network. Andreas states that there is no point in attacking bitcoin in 2019, it would be too costly even for governments. But it is possible to attack less powerful altcoins, Andreas specifies.
An attacker does not always need to have 51% or more computing power to carry out a blockchain attack. The probability of success is calculated based on the timing of the attack and the amount of processing power.
Even if an attacker controls 40% of the network, he can conduct an attack over two blocks with a 40% chance of success.
But miners are only a small part of the blockchain security model. Ten years later we have seen real examples of attacks and it turns out that the threat is greatly exaggerated.
8. Examples of 51% attack from cryptocurrency history
A 51% attack is not unfeasible. The Ghash.io mining pool had more than 50% of Bitcoin’s processing power for a brief period in July 2014. This led the pool to voluntarily try to reduce its share of the network. It said in a statement that it would not reach 40% of its total mining capacity in the future.
In August 2016, a group of hackers from “51 crew” hacked the blockchain projects Krypton and Shift. Through a series of double-spends, they managed to steal approximately 20,000 Krypton tokens.
In May 2018, a group of malicious hackers gained control of 51% of the Bitcoin Gold altcoin network, allowing them to steal $18 million in cryptocurrency from Bittrex, Binance, Bitinka, Bithumb and Bitfinex. Bittrex accused the developers of negligence and demanded compensation from them, otherwise the exchange promised to close trading in BTG. The developers responded that this was a known type of threat. The Bittrex exchange did not take care of precautions and is itself to blame for what happened.
In June 2018, Monacoin, Zencash, Verge, and Litecoin Cash, were attacked by 51%. This resulted in multi-million dollar losses. The attack caused some exchanges to lose approximately $90,000 in Monacoin, $500,000 in ZenCash, and $1.7 million in Verge.
In November 2018, a 51% attack on Aurum Coin resulted in over $500,000 stolen from the Cryptopia exchange.
In May 2019, two major mining pools carried out a 51% attack on the Bitcoin Cash network. They said they prevented the theft of unsecured SegWit coins, which were stored at addresses where anyone could take them. These coins remained on the network after separating from Bitcoin in 2017, but were blocked by developers. Until they were accidentally unlocked by a hardforward in May 2019.