When you start out on your cryptocurrency journey, you most probably do some research on the internet. You most probably will soon come across headlines such as “Bitcoin hacks” (1) or “Bitcoin attacks” (2). The most widely known attack is the so-called “51% attack”.
Many articles, especially outside the cryptocurrency space, are describing the 51% attack in a way which triggers massive fear. Sometimes people ask themselves if that “magic internet money” (3) just can outright disappear. So you rightfully wonder how such an attack will affect your hard earned savings.
In this article we want to give you a quick insight about the risk and solutions.
In order to understand the importance and workings of the 51% attack, we need some understanding about so-called “proof-of-work” blockchains. For a very detailed explanation, check out the following resource by Anders Brownworth where you can simulate being a miner yourself (4).
In order to create new blocks containing transactions, let’s have a look at our voluntary block validator called Jane. In blockchain terms, she is a miner.
Jane is in a constant competition with other miners to find the next valid block the fastest. In order to achieve that, Jane performs computational tasks according to the defined hashing algorithm (e.g. SHA-256 or Equihash) of the chosen “proof-of-work” blockchain. As soon as Jane has found a valid block, she gets the block mining reward defined in the blockchain consensus rules. In order to have a high likelihood of finding the next block, Jane needs to get as much hash power as she can get.
A 51% attack allows a malicious miner to basically seize sizable control over a “proof-of-work” blockchain. It is then possible to double-spend coins thus obliterating the solution of the “double-spend-problem”. Solving the “double-spend-problem” is the most important achievement of blockchain technology as of today. It assures you can only spend digital money once in the absence of a central authority controlling all transactions (5). It is clear why being able to spend the same coins more than once sends shivers down the spine of people in the blockchain industry. Ethereum Classic (ETC) just suffered another 51% attack in July 2020 where the attackers could steal about 5M USD worth of ETC (6, 7). Hence, we are not talking about a theoretical attack, but a very real one.
Workings of a 51% attack
51% attacks are directly affecting the workings and architecture of a “proof-of-work” blockchain. Let us now have a look at the malicious miner Bob. Bob is renting additional hashpower in order to gain 51% of the “proof-of-work” blockchain which he wants to attack.
While Jane still mines blocks according to the consensus rules and she is unaware Bob can mine blocks much faster than all other participants. Whenever he wishes, he can present the longest chain while he controls at least 51% of the hashpower.
With every passing block however, this will become harder and more costlier to do. After a certain number of blocks it will become almost impossible. In this limited window of opportunity however, Bob can take advantage of the following scenario. Bob pays for an expensive digital item with an altcoin and sends them to the merchant’s wallet who waits for one transaction confirmation. After some time, Jane has mined Bob’s first transaction and Bob receives his item.
But in the meantime, Bob was secretly mining too. However, he included a second transaction of the same base in a block. Instead of selecting the merchant as recipient, Bob chose his own address. As soon as he receives his item, he can now publish his secretly mined blocks to the network. This will then override the block mined by Jane as Bob now has the longest chain. So the merchant ends up with nothing. Bob has got his coins back to one of his addresses by having effectively double-spent his coins by substituting the merchants address with one of his own.
How to deal with risk of a 51% attack?
There are several options of avoiding 51% attacks like for example using a “proof-of-stake” approach like Tezos is doing. In a “proof-of-stake” blockchain, there is no mining. Each node submits the next valid block which then participates in a draw-like game for inclusion in the blockchain.
The probability of a block being actually selected will be in proportion to the stake of a given node. If a node submits forged blocks, it will get punished. The node will lose his whole stake, thus effectively discouraging the incentives driving the 51% attack in a “proof-of-work” blockchain. Also the amount of computing power of any given node is irrelevant. This makes the economic model of renting hashpower for a 51% attack moot (8). Proof-of-stake has the big advantage that different blockchains can co-exist without having to compete for the same limited pool of miners. They can avoid having to deal with the winner-takes-it-all-effect inherent to the internet.
The proof-of-work blockchain needs to have a high hashrate which is constantly growing. A low and decreasing hashrate increases the likelihood of attacks. As of today, Bitcoin has a hashrate high enough in order to be secure from 51% attacks. Other smaller “proof-of-work” blockchains like Bitcoin Gold (BTG), Verge (XVG) or Ethereum Classic (ETC) are not (9, 10). Forking the blockchain just works when the 51% attack has been detected in a timely manner.
The easiest solution for Merchants is to just accept very strong “proof-of-work” blockchain coins like Bitcoin. But if merchants want to accept other coins (called altcoins) of a weak “proof-of-work” blockchain they could require more transaction confirmations. In order to be sure their coins are unlikely to be double-spent, a merchant can wait for e.g. 50 or 500 confirmations depending on risk tolerance.
This decreases the likelihood of getting the coins double-spent by a malicious participant. However there is also good news for the average holder of “proof-of-work” altcoins. Coins which have already hundreds or thousands of confirmations are very unlikely to get stolen even in “proof-of-work” blockchains with low hashpower. Wealth stored in e.g. Bitcoin is considered safe enough as running such an attack comes with high costs (11).
All references have been accessed between 28.08.2020 and 01.09.2020