By controlling the majority of the network's hash rates, attackers can halt payments between users by preventing new transactions from gaining confirmations. Attackers can also use their majority to double-spend coins by reversing transactions that were completed while they are in control of the network.
Even with a 51% stake in computing power, it is unlikely that attackers would be able to create new coins or alter old blocks.
How Does Blockchain Work?
Before diving into the specifics of a 51% attack, it is important to understand what blockchain (the technology that makes cryptocurrencies like Bitcoin) is.
A blockchain is a digital ledger of transactions that is duplicated and distributed across an entire network of computer systems on the blockchain. These digital files record all transactions made on a cryptocurrency's network and are available to all users—and the general public—to review. The decentralized database managed by multiple participants is known as Distributed Ledger Technology (DLT). Because of this level of transparency made possible by DLTs, no one can spend a coin twice.
For Bitcoin, a new block, a bundle of data in the blockchains, is generated about every 10 minutes. Once a block is finalized or mined, it cannot be altered since a fraudulent version of the public ledger would quickly be spotted and rejected by the network's users.
If hackers wanted to corrupt a blockchain system, they would have to change every block in the chain across all of the distributed versions of the chain. This prospect becomes more complex as blockchains like Bitcoin and Ethereum continually grow and add to their chains.
Mining coins involves the investment of vast amounts of electricity and computational resources. A miner's success usually equates to the amount of computational power (commonly called or hash rate) she has.
There are mining nodes in locations around the globe. These nodes compete to be the next to find a valid block hash and be rewarded with freshly generated coins. Competition and global distribution mean that the hash rate is not under the control of a single entity. At least it is not supposed to be.
If a miner or group of miners controls the majority of the computing power on a network, they can interfere with the process of recording new blocks. The attackers can prevent other miners from completing blocks, allowing them to monopolize the mining of new blocks and earn all of the rewards in a technique called a 51% attack.
How a 51% Attack Occurs
A 51% attack refers to an attack on a Proof-of-Work (PoW) blockchain where a single entity or organization controls the majority of the hash rate, potentially causing a network disruption. In such a scenario, the attacker would have enough mining power to exclude or modify the ordering of transactions and reverse transactions they made while being in control.
In the mining process, miners use powerful computers to run complex calculations to compete to solve an equation generated by the system. The higher a miner's computing power, the more likely they are to solve the equation.
Whenever a transaction is carried out on a blockchain, be it by Bitcoin, Ethereum, or any other cryptocurrency, it is put in a pool of unconfirmed transactions. Miners are allowed to select transactions from the pool to form a block of transactions.
Suppose attackers gain control of the majority of computing power on a blockchain. In that case, they’d be able to outcompete other miners, gain control over the chain and consequently would have the ability to reverse past transactions that need to be confirmed, double-spend the coins, and prevent new transactions from being confirmed.
After gaining control of the chain, corrupt miners don't broadcast solutions to the rest of the network. This practice results in the formation of two versions of a blockchain: a fork in which one, which is the original blockchain followed by legitimate miners, and a second blockchain used entirely by a corrupt miner who is not broadcasting the results of a puzzle to the network.
A corrupt miner will likely continue to work on his own unbroadcasted version of the blockchain. With the second blockchain now isolated from the network, the corrupt miner can spend her coins on the truthful version of the blockchain, the one that all the miners are following.
For example, an attacker can spend ten bitcoins to buy a sports car. If the attacker cancels this transaction before it is confirmed, the ten bitcoins revert back to their account, and the attacker would still get their sports car.
In addition to gains made from double-spending, attackers also earn a substantial amount from miner rewards to compensate them for their efforts in mining coins and updating the blockchain. Since the attackers create a monopoly on hash power on the network, they keep receiving miner rewards in terms of new coins issued.
Implications of 51% Attacks
51% attacks on blockchains can lead to loss of digital assets or cash by cryptocurrency users or exchanges. Additionally, users risk their transactions not being confirmed or reversed due to forks introduced by such attacks. But perhaps, even more, damaging is their ability to discredit a coin's reliability, security, and trustworthiness.
Since the attackers can tamper with unconfirmed transactions and blocks, innocent miners run the risk of confirming blocks that the fork created by the attacker later invalidates.
Moreover, this could also potentially lead to the delisting of specific cryptocurrencies with questionable security measures from crypto exchanges. For example, BTG was delisted from Bittrex after the BTG team refused to pay damages to the exchange caused by a May 2018 attack.
How likely is a 51% Attack?
Since a distributed network of nodes maintains a blockchain, all participants cooperate to reach consensus. This is one reason they tend to be highly secure—the more extensive the network, the harder it is to corrupt its data.
When it comes to Proof of Work blockchains, the more hash rate a miner has, the better their chances of discovering the solution for the next block. This is true because mining involves many hashing attempts, and more computational power means more trials per second. Once a blockchain grows large enough, it becomes more and more unlikely that a single person or group will obtain enough computing power to overwhelm all the other participants.
For the reasons mentioned above, a 51% attack on Bitcoin is rather unlikely due to the magnitude of the network. Bitcoin's steady price increase has caused more miners to enter the system to compete for the block rewards. This competition adds to bitcoin's security because miners have no incentive to invest large amounts of resources if they do not act honestly and strive to receive the block reward.
The size of the system also makes it more challenging to change previously confirmed blocks because all blocks are linked through cryptographic proofs. For the same reason, the more confirmations a block has, the higher the costs for altering or reverting transactions. Hence, a successful attack would likely only modify the transactions of a few recent blocks for a short period.
If a malicious entity's goal wasn't monetary but instead was looking to destabilize Bitcoin by shaking trust in its system, even if the attacker manages to disrupt the network, the Bitcoin software and protocol could be quickly modified and adapted as a response to that attack.
Although it is quite difficult for an attacker to obtain more computational power than the rest of a large network like Bitcoin's, it is far more feasible to acquire the necessary computing power to overrun a smaller cryptocurrency network. Altcoins have a relatively low amount of hashing power securing their blockchain. Low enough to make it possible for 51% attacks to actually happen.
51% Attack: Real-World Examples
Two blockchains based on Ethereum, Krypton and Shift, fell victims to 51% attacks in August 2016.
In May of 2018, Bitcoin Gold, at the time, the 26th-largest cryptocurrency, suffered a 51% attack. The malicious miners controlled the majority of Bitcoin Gold's hash power and were able to double-spend for several days, eventually stealing more than $18 million worth of Bitcoin Gold.
Measuring 1-Hour Cost of a 51% Attack
The cost of attacking blockchains is going down due to the increasing and easy availability of computing power that can be rented from cloud-based hash power brokerage platforms like Nice Hash.