Cryptocurrency fans were recently taken aback by a 51% attack on Ethereum Classic that led to more than USD 1 million in losses. This is not the first documented case of an altcoin falling victim to such an attack. It has caused uneasiness among some Bitcoin investors as well, who wonder whether it’s also possible to launch an attack of this sort on Bitcoin.
Our goal here is to provide a general explanation of what a 51% attack means for the crypto world and how susceptible Bitcoin investors actually are.
What is a 51% attack?
In the cryptocurrency world, a 51% attack refers to the risk involved with a single miner or a group of miners controlling more than half a network’s mining power. Gaining control over the majority of the network makes it possible to reverse transactions and double-spend funds.
What does that mean in practice?
Imagine buying a luxury home on Malta for the astronomic sum of 550 BTC. The deal is settled, the documents signed, and you’ve sent your bitcoins to the real estate company’s BTC wallet. If you then performed a 51% attack on the Bitcoin network, you could reverse the transaction, leaving you with both the bitcoins and the luxury home in your possession.
How are these attacks possible?
Attacks of this type are only possible with cryptocurrencies based on the proof-of-work (PoW) mining algorithm, which we wrotte about in our earlier mining article.
According to PoW logic, the more computational power a miner or a pool of miners have, the bigger their chances of finding the block.
Here’s what happens when someone gains control over more than half the mining power:
A group of malicious miners finds the new block, but they don’t broadcast it to the rest of the network. Instead, they create an offspring of the blockchain. Now there are two versions of the blockchain, each one developing separately.
Let’s say the malicious miners spend 550 BTC on the honest branch of the blockchain to buy a house. But they don’t include this transaction in the offspring branch, which shows them as still having that amount of bitcoins in their wallets.
The blockchain is based on democratic principles. That means that transactions are regarded as trustworthy only when the majority of participants agrees to verify them. The technical means of achiving this is to create a longer string of blocks. And since malicious miners control more than half the mining power, they have the ability to quickly add blocks to their version of the blockchain.
Once the attackers succeed in creating a longer chain, they broadcast their version to the rest of the network.
The network then recognizes the new version. In this way, the bitcoins remain where they were while the documents for purchasing the house have already been signed in the real world.
Altcoins that have suffered a 51% attack
Some altcoins have already fallen victim to this type of attack. There have been three significant events in the past year:
A point of interest with regard to the last attack was that the crypto exchange Gate.io, one of the principal victims, claimed a few days later that the hacker had partially returned the stolen money:
The recent ETC 51% hacker has returned $100k worth of ETC back to https://t.co/8kWqgDWNXb on the 10th of January. We have raised the ETC confirmation number to 4000 and launched a strict 51% detection for enhanced protection.
— gate.io Exchange (@gate_io) January 12, 2019
The attack happened only a month after the news broke about the ETC team running out of funds. This raises an interesting question that still remains unsolved: Was the main goal of the attack to increase the wealth of an individual or group, or was it to demonstrate to cryptocurrency adherents the tenuousness of their religion and its ability to pay their debts?
Who is at risk?
Ethereum Classic is among the top 20 projects at CoinMarketCap. Verge ranks a bit lower but is still in the top 100 on the first page, as is Bitcoin Gold.
Reports on a possible attack on Dash have recently come out. Dash is also in the top 20. The report claims that around 70% of Dash hash rate are controlled by a single mining pool Nicehash. The team has promptly responded and declared the ChainLocks release in the next version. This technology will help Dash to fight against mining centralization:
With 0.13 successfully released we are thrilled to announce that 0.14 will include ChainLocks. This is a crucial update to the Dash Network and will make us uniquely protected against 51% attacks. -Bob Carroll #Dash
For more information about ChainLocks: https://t.co/1dc37P2q5v
— DASH (@Dashpay) January 16, 2019
Since such huge and reputable projects turn out to be so vulnerable, what else can you expect from smaller ones? The website arewedecentralizedyet.com (archived at the point of writing the article) states that most of the popular projects are controlled by 1-4 entities:
- Cryptoslate: USD1.4 billion to maintain the attack for a year, equivalent to approximately USD160,000 per hour
- GoBitcoin: USD6.6 billion per year, or USD756,000 per hour
- Exaking: USD554,000 per hour
- Crypto51: USD253,000 per hour
Given such widely differing figures, calculating the exact cost of a 51% attack on Bitcoin is obviously not viable. What is clear is the magnitude of the estimates: even the lowest calculation suggests that the cost would far exceed what the hackers stand to gain.
For more on this, see a recent study by the trading platform Zebpay.
Is a Bitcoin 51% attack impossible?
A 51% attack on Bitcoin’s network is unlikely because of its sheer lack of profitability. Does that mean it’s impossible? We’ve all heard of Murphy’s Law: whatever can go wrong will go wrong.
And who really knows? Those huge Bitcoin mining pools may have been forming cartel agreements and silently making double spends for a long, long time. And if that’s the case, you can bet that none of us would ever know.
Spices things up for Bitcoin investors, doesn’t it?