Security in the cryptocurrency space is of utmost importance. After all what good is a decentralised blockchain if a hacker can simply change the coin’s supply, censor it or even halt the chain to the ground. Different ways have come up over time to protect blockchains from attacks, ranging from traditional Proof of Work all the way to some concepts some would consider absurd like Proof of Identity. But really how secure are these methods and how would someone go about attacking a blockchain.
A brief history of cryptocurrency attacks
There are two forms of attack one could theoretically perform, either an attack using a loophole or bug in the code that allows a hacker to for example siphon funds from smart contracts or exchanges. However, I am going to discuss attacks that require a malicious actor to overpower the system by changing the rules of the blockchain through “legitimate” means. Such an attack for example is called a 51% attack in traditional Proof of Work and Proof of Stake algorithm, where an attacker can change consensus or perform double-spend attacks (where the attacker is able to send the same token twice, effectively doubling his holdings). Over the years some networks have been attacked by 51% attacks where an attacker is able to gain over 51% of the hashrate in POW based blockchains or 51% of the coins in a POS based chain. Very recently Ethereum Classic (A fork of Ethereum) has been under multiple 51% attacks in a row due to the low security of the network caused by the fork’s low hashrate. It is unclear what the attacker wanted to achieve with these attacks, and it is unknown who the attacker is, but clearly this shows that ETC is not a secure network to use.
Proof of Work and Proof of Stake security
POW and POS are by far the most popular consensus methods for blockchains. In POW, calculations are done by computers or specialised machines that confirm transactions and create blocks. It is assumed that most of these miners are going to be honest as they are financially incentivised to be. However, if a malicious actor is able to gain over 51% of the hashrate they are then able to create new blocks more often than other miners are able to, as such they are able to confirm transactions containing anything they want, and most nodes would follow that chain as it has the most hashpower behind it. This is similar in POS where new blocks are created by holders of the coin. An attacker must hold over 51% of the network’s coins in order to be able to attack it in a similar manner. Clearly this means that the harder it is to gain 51% of the network’s hashrate or coins, the more secure that network is.
Bitcoin is the most popular POW coin and has a very high hashrate, this means that it would cost an extraordinary amount of money (well over billions of dollars according to some calculations) to buy and operate the required equipment. You would also need massive empty land to store such a mass of machinery that makes it virtually impossible to attack Bitcoin. On the POS side I will use PIVX as an example. As of the writing of this article 40% of the coin’s 64 million supply is locked for staking, which means one would need almost 12 million coins in order to 51% attack the network. At the current price of $0.5 that means it would cost roughly 6 million USD to attack PIVX. This figure might seem low at first. But remember this attacker will need to purchase all of this PIVX, which alone would be near impossible since there isn’t this much supply available to sell. And buying this much would almost certainly shoot the price up well over ten-fold. This means the true cost to attack PIVX is realistically much higher, increasing the security of the network.
Other methods of security
There are many projects that have created and deployed other forms of security on top of just basic 51% protection. For example, Dash and Horizen have Chainlocks, which is another form of security that make it much harder to censor or roll-over already existing transactions. Masternodes are also a very popular way to add some security to a network by adding additional full nodes to a network to deter a Sybil attack. Other forms of security enhancement have also come up over time from using both POW and POS on a chain to having extra layers of validation for new blocks. Overall, it is surprisingly difficult to actually attack most blockchains as long as they have extra security measures in place or a sufficiently high hashrate/marketcap. It is best to look into the security of any coin you wish to invest in as a big attack on a network can really be devastating.
I’d appreciate any small tips to help me out: