What is a 51% attack?
A 51% attack is a vulnerability in PoW blockchains with the help of which an attacker takes control of transaction confirmation and block generation.
What gives the possession of 51% of the network power?
With 51% of the power available, attackers:
- do not allow other miners (validators) to find blocks ( selfish mining );
- spend double coins to steal from service providers, exchanges or exchangers ( double spend );
- fork the main blockchain, dividing the network into two competing chains;
- Do not allow transactions or blocks to be confirmed.
- during the attack, they collect all block rewards and transaction commissions.
The attack is more serious if the attackers control significantly more than 51% of the network. Then they:
- steal from any contracts like deposit-challenge-verify and status channels / Lightning Network , if the attackers were participants in them;
- reduce and manipulate network complexity;
- steal coins that are not dated by the genesis block (by rolling back the old blocks and retaking the rewards for these blocks);
- delete contracts or transaction history (by rolling back old blocks and editing the list of included transactions).
An attack of 51% by itself does not allow attackers :
- get your private key or fake a signature;
- to get coins obtained as a result of the contract malfunctioning;
- send, freeze in staking or burn your coins in your place (with the exception of the techniques mentioned above);
- manage the decisions of holders of complete nodes (validators).
How many resources will it take to complete a 51% attack?
A malicious mining pool can hire additional resources and launch an attack on the selected cryptocurrency. Based on the data from 51crypto service, the authors of the study “Studying the types of attacks on the blockchain” compiled a table of six cryptocurrencies and indicated the attack price per hour (cost).
Data received in April 2019. To attack Bitcoin, you need to spend $ 486,000 per hour. An attack on Dash (with a market cap of $ 2.3 billion) costs only $ 15,000 per hour.
What is selfish mining?
A strategy that allows miners to increase their profits by hiding blocks from the public network. Miners do not send a block to the network every time after generation, but continue to mine new blocks on top of any independently found blocks. While competitors mine on top of older blocks, the selfish miner takes advantage.
There is an unspoken race between the public chain of honest miners and the private chain of selfish miners. Attackers must have enough computing power to make the secret chain longer than the public one.
As soon as a private blockchain becomes longer than a public one, attackers release it on the network to receive rewards for finding blocks and user commissions. If the capacity of a private network is from 25% of the capacity of the entire network, selfish miners will continue to win the chain race until they are replaced by another selfish miner or a disadvantaged minority.
In blockchains working on the Proof-of-Work (PoW) algorithm, it is not the longest chain that matters, but the most “reinforced” one.
The longest chain represents the majority of computing power only if there is no monopolist in the network (owner of 51% or more power). If it is, then the longest chain may not represent the will of most miners.
How does double spend cryptocurrency (double spend)?
Imagine that an attacker has significant computing power. He pays for a product or service with a supplier, he accepts a large amount in cryptocurrency and the transaction is almost complete. The transaction is sent to the common blockchain and after three confirmations, the participants in the transaction say goodbye.
When the villain is convinced that the victim will not find him, he “returns” the coins to himself. To do this, the attacker after sending the money rolls back the blockchain to an earlier state.
Another, more secretive option: the attacker is mining a parallel chain of blocks, in the manner of selfish mining. There, instead of a fair transaction, a double-spend transaction was included. Such a transaction sends the same coins to another address belonging to the fraudster. It remains to “feed” the valid chain to an alternative portion of blocks (with the correct PoW), in anticipation that the network will accept them.
Thus, the network will “exclude” the correct transaction from history. The supplier looks into the wallet and sees that he has lost his coins and there is no evidence of the transaction. He did not even take screenshots of the wallet, did not copy the transaction ID when he received the coins.
In theory, if a transaction has one or more confirmations, a double waste is excluded. Many do not know what to do when a transaction “disappears” from the Bitcoin wallet.
Thanks to such “schemes,” coins are returned to the attacker's wallet every now and then, and you can spend them twice, thrice, and so on. Frequent double spending leads to the threat of cryptocurrency withdrawal from trading on exchanges affected by double spending. In addition, attacked cryptocurrencies lose market capitalization after the attack. For example, Verge cryptocurrency was attacked in May 2018, and has since lost more than 95% of its value.
Hard fork after 51% attack as a method of creating a new asset
With a 51% attack, you can create a new cryptocurrency. The PoW consensus algorithm was designed to prove the integrity of the chain, not to prevent branching.
Suppose attackers stealthily mine several blocks, and then “drop” them onto the main network. If there is no community support behind the attacker, an honest minority of the remaining 49% will reject such a chain. But several secretly found blocks allow the attacker to detach from the network and continue to mine their own chain, while the rest of the miners will continue the old one. So two assets appear, one is known to all, and the other is a new one.
As long as miners are enough for the blockchain to work, even the new blockchains formed as a result of the hard fork will not cause significant harm.
Is it possible to carry out an attack of 51% without having 51% power?
The famous "bitcoin guru" Andreas Antonopoulos believes that the bitcoin network is no longer at risk of 51% attack due to the resources miners spend on maintaining the network. Andreas claims that in 2019 there is no point in attacking Bitcoin, it will be too costly even for governments. But you can attack less powerful altcoins, says Andreas.
To carry out an attack on the blockchain, an attacker does not always need to have 51% or more computing power. The probability of success is calculated based on the attack time and the amount of computing power.
Even if the attacker controls 40% of the network, he will be able to carry out the attack for two blocks with a 40% success rate.
But miners are only a small part of the blockchain security model. After 10 years, we saw real examples of attacks and it turned out that the threat was greatly exaggerated.
51% attack examples from cryptocurrency history
An attack of 51% is not feasible. The mining pool Ghash.io for a short period of time in July 2014 possessed more than 50% of the processing power of Bitcoin. This led to the fact that the pool voluntarily tried to reduce its share in the network. The statement said that in the future it will not reach 40% of total production.
In August 2016, a group of hackers from 51 crew hacked the blockchain projects Krypton and Shift. With a series of double spending, they managed to steal approximately 20,000 Krypton tokens.
In May 2018, a group of malicious hackers gained control of 51% of the Bitcoin Gold altcoin network , which allowed them to steal $ 18 million in cryptocurrency from Bittrex, Binance, Bitinka, Bithumb and Bitfinex. Bittrex accused the developers of negligence and demanded compensation from them, otherwise the exchange promised to close trading in BTG. The developers replied that this is a known type of threat. The Bittrex exchange did not take care of the precautions and is to blame for what happened.
In June 2018, Monacoin, Zencash, Verge, and Litecoin Cash were hit by 51%. This led to millions of losses. As a result of the attack, some exchanges lost approximately $ 90,000 in Monacoin, $ 500,000 in ZenCash and $ 1.7 million in Verge.
In November 2018, as a result of a 51% attack on Aurum Coin, more than $ 500,000 was stolen from the Cryptopia exchange .
In May 2019, two large mining pools carried out a 51% attack on the Bitcoin Cash network . According to them, they prevented the theft of unsecured SegWit coins, which were stored at addresses from where anyone could pick them up. These coins remained online after being separated from Bitcoin in 2017, but were blocked by developers. Until they turned out to be accidentally unlocked by a hard fork in May 2019.