The History of 51% Attacks and the Implications for Bitcoin
In the world of proof-of-work based blockchains, no security threat looms larger than the 51% attack. This has long been the greatest worry for the security of Bitcoin’s network, where no hacking event has posed any considerable risk to date. Naturally, those blockchains which adopt some variant of Bitcoin’s pioneered proof-of-work consensus algorithm must also reckon with this potential, and successful 51% attacks in altcoins have demonstrated that it is far from just a hypothetical scenario. In this article, we take a deeper look at the nature of 51% attacks, how they have manifested in reality, the scenario by which Bitcoin could be breached, and finally a simple question: would a 51% attack on Bitcoin be worth it?
What is a 51% Attack?
In proof-of-work blockchains, miners compete using powerful computers to solve mathematical problems and discover the “hash”, a large hexadecimal number required to produce the next block. These computers are usually purpose-built graphics processing units or GPUs, with an appearance that would certainly cause TSA agents a considerable amount of suspicion. Given the enormity of scale in Bitcoin and Ethereum at present, even with one these processing behemoths the odds of getting the hash first are astronomically low. As a result, individual miners typically join mining pools, where they contribute hashing power in return for a proportional amount of the pool’s reward.
This has necessarily lead to centralization of hashing power to a small number of pools. When this centralization is sufficiently severe, a pool can come close to holding half of all the hashing power at a given time. This is when a 51% attack becomes a concern. If a pool does manage to account for more than half of the mining power, they can begin to produce malicious blocks. They will not be able to create new coins, but they can attempt to double spend coins, carry out ‘selfish mining’ — preventing other miners from producing blocks, or produce empty blocks to completely stall the network. All of these can be done in conjunction with other profit-driven actions, such as shorting on exchanges with leverage in anticipation of fallout.
Double spending remains the main threat in this situation, as evidenced by its use in 51% attacks to date. It is much more difficult to interfere with or re-organize blocks already confirmed, even in blockchains without checkpoints, though as we will there have been instances involving re-organization of recent blocks.
A brief history of 51% attacks
A number of altcoins have suffered successful 51% attacks, with double spends usually being the result. In these cases the attackers send funds to multiple exchanges, then broadcast a new block mined in secret which reverses these transactions. This allows them to repeatedly exchange the same coins for another cryptocurrency.
By far the most notorious example was launched against the BTC hardfork Bitcoin Gold, staged between the 16th and 19th of May 2018 when the BTG market cap was hovering around $100 million. The attackers began double spending to exchanges and came away with $18 million worth of crypto — Bitcoin and others — from a number of exchanges. This was the disastrous for the Bitcoin hard fork, and led to it being delisted from those exchanges which were understandably frustrated with the outcome. It now trades around $20, despite having almost the same circulating supply as Bitcoin.
Ethereum Classic suffered a 51% attack in January this year, with the attacker re-organizing blocks and beginning to double spend. Coinbase estimated a total of 15 attacks, 12 with double spends and amounting to over 200,000 ETC or $1.1 million. Trading was quickly paused for the currency on Coinbase and other exchanges, after which the price fell dramatically (but ETC was not delisted from exchanges in the same way as BTG).
Verge (XVG) was hit repeatedly with these attacks in 2018, with the biggest event leading to an immense selfish mining attack worth 35 million XVG tokens. Verge’s target block time is 30 seconds, but after successfully dominating the network’s hashrate last May an attacker began mining empty blocks at a rate of 25 blocks per minute, pocketing the block rewards.
Lastly there is the 51% attack that wasn’t. Hacking enthusiast Geocold51 promised a 51% attack on Einsteinium in October 2018, going as far as to promise a livestream of the event on Twitch. The Einsteinium community repelled this attach by renting additional hashrate from Nicehash, the hash renting service initially planned to be used in the attack, rendering the attempt infeasible.
The severity of successful 51% attacks has depended on a number of factors. The value of the coins, of course, but also the liquidity and number of active exchanges. It is much more productive if the spread of double spending can be done on numerous exchanges simultaneously, wiping out their order books in the process. The majority of successful 51% attacks occurred in 2018, and there may be obvious reasoning behind this. The cryptocurrency market was slowly but consistently declining, and naturally so was the profitability of mining badly affected currencies. As more and more miners bowed out of smaller POW coins, they left the door open for opportunistic individuals and groups to gamble by accruing the majority of hashing power and attacking those networks. As we see with Bitcoin Gold, this certainly paid dividends and easily repaid the cost of mounting the attack.
The Risks for Bitcoin, and is it Worth it?
If a 51% attack could be successfully brought to bear on Bitcoin, the result would be enormously damaging for the currency and likely the market at large, given the intense correlation between Bitcoin’s success and its alternatives. In line with this, it is vastly more difficult to stage such an attack on Bitcoin’s network given the enormous scale of BTC mining at present. Assuming perfect conditions, it would cost around half a million dollars per hour to accrue the hash power needed to begin mining nefarious blocks. As there would likely be a rapid response from the community, this cost would rise extremely quickly as more and more hashing power is added to fight off the attack. Further, this cost just takes into account the electricity requirement and assumes one is “renting” that hash power. To independently and covertly establish ones own mining pool capable of this, the hardware alone would set you back around $1.4 billion (the cost of 2.5 million ASIC processors).
Bitcoin is by far the most liquid cryptocurrency, and is a mainstay of every crypto exchange. It would be extremely straightforward to spread any double-spent coins across multiple exchanges and come away with the equivalent of hundreds of millions of dollars before those exchanges began freezing transactions. Of course once the attack is made known the market would likely shrink rapidly, so the attacker has to be sure the cost will be recovered very quickly before whatever currencies they can make off with take the hit.
In consideration of all of this, there is a consensus that mounting a 51% attack would be less profitable, both in the short and long term, than honest mining. Indeed, mining pools that have come close to a 50% stake of Bitcoin’s hash power have in the past voluntarily pulled this back, with the now defunct GHash publicly announcing they would limit their hashing total to 40% after sparking fear with their dominance of the network total.
What if Profit is Not the Driving Factor?
We know that 51% attacks are possible in any proof-of-work currency, and we know what the central risks are when one is mounted successfully — namely double spends and selfish mining. Although this will remain a threat for Bitcoin, the likelihood of such an attack being launched on a serious level, let alone a successful one, appears quite low. This is assuming the driving motivation is profit, however. Researchers tracking the security of Bitcoin regularly point out that a government coordination with mining pools, whether by bribery, coercion or otherwise, would be a far more likely motive for a 51% attack than a cash-grab. Whether such motivation exists in reality is unclear, and more so is the reality of such accomplishing the assumed goal of such an attack. Certainly Bitcoin’s market value and the cryptocurrency market cap in total would be greatly impacted, but how permanent this would be is anyone’s guess.
Article by Byron Murphy, Editor at Viewnodes. All opinions are the author’s alone. For information on some of the services provided by Viewnodes, including our Tezos delegate, click here.