What Are the 51% Attacks and How to Stop Them
A 51% attack is an instance when at least 51% of blockchain ledgers are being manipulated. The attacker erases the recent transactions and trades a single token/coin twice for different goods.
It’s nothing new — the first attacks to gain public attention happened back in 2014 and caused a lot of Bitcoin exchanges to increase their proving standards. But recently we’ve been having a whole new wave of 51% attacks, and it doesn’t sound like they are going to stop any time soon.
How a 51% attack works
Each Bitcoin (or any other unit of any cryptocurrency) is a unique digital token. All Bitcoin operations are recorded on the blockchain — a digital ledger that simultaneously exists on all computers connected to the Bitcoin network. The ledger is encrypted, and each new entry contains a piece of the previous one, ensuring that no transactions can be kept out of it.
If one blockchain ledger is found to be different from the other, the system will compare all blockchain instances and accept only the one that is confirmed by the majority. It is done to guarantee that the ledger is legit and no one is manipulating the system.
Now, you might be able to see a problem. If a single entity were to control 51% of all blockchain instances, they would be able to control the blockchain altogether. For example, they would be able to make purchases and later erase them from the ledger to spend the same tokens again.
Why are the 51% attacks becoming an issue
According to the original Bitcoin design, 51% attacks should not be possible due to the massive distribution and the sheer number of the Bitcoin miners. After all, there are millions of computers on the blockchain, and they are separated all over the world. To execute control over them, an attacker would have to spend far more than they would be able to get.
Things got a little scary in 2014 when the largest Bitcoin mining pool Ghash.io accidentally committed an attack due to its sheer size, but the members of the pool willingly split it before anything serious could happen.
In 2017, everything blew up. All cryptocurrencies started to grow at an unprecedented rate, becoming more and more valuable each day. Suddenly, the investments placed into securing the 51% of the network capacity became much more acceptable. Some smaller coins that did not have enough distribution (Verge, Bitcoin Gold, ZCash) have already fallen victims of the 51% attacks.
New attack vectors
Bitcoin has the most miners between all cryptocurrencies, which should make it the most secure coin. After all, to achieve the capacity necessary to control the Bitcoin blockchain, one would have to buy an incredible amount of computing power and connect it to the network — which would not go unnoticed and would at the very least tip off the other users.
However, there is an attack vector that allows to bypass this issue completely. Due to having cheap electricity, Chinese miners were able to mine for much larger profit and expand their mining capabilities. According to Cryptona, by February 12, 2018, Chinese miners had control over not 51%, but over 75% of all Bitcoin mining capacities. Considering the vague status of cryptocurrencies in China, this puts a lot of trust into the goodwill of Chinese government.
Moreover, with the appearance of NiceHash — a marketplace where everyone can buy or trade mining capacities — anyone can easily assemble enough computing performance to attack the blockchain. Crypto51app has done some research and published just how much one would have to spend on a proper 51% attack for the most popular cryptocurrencies:
As you can see, just for a humble $70 000 you can crash and burn the Litecoin market for an hour. Other sources, quoted by Charlie Lee, the founder and God of Litecoin, insist that if you exclude NiceHash’s margin, the cost of the operation is even less — only $38 000 per hour, but you’d have to spend a couple of millions on gear first. Even at the current NiceHash price, the operation is profitable, making the attacker around $2000 per hour — and that’s not counting the rush of feeling like a Hollywood hacker.
When it comes to MonaCoin and other plankton, only their sheer uselessness and low market caps prevent them from becoming the next big crash. Bitcoin, at the same time, is much harder to bring down, but still doable with enough investments.
How can cryptocurrency prevent a 51% attack
Charlie Lee had tweeted about the issue and later proposed a solution in the comments. He insists that the best way to prevent the future 51% attacks would be to implement merged mining.
Embrace the major algorithms and implement merged mining. So SHA/Scrypt/Ethash/CryptoNight/X11. If enough Bitcoin/Litecoin/Ethereum/Monero/Dash pools start merged mining DGB, then it becomes extremely hard to attack.
— Charlie Lee [LTC⚡] (@SatoshiLite) May 31, 2018
Merged mining allows for the miner’s pool to mine several cryptocurrencies simultaneously, as long as they are implemented on the same algorithm. This would allow the smaller cryptocurrencies to piggyback off the already established mining networks and increase their own hashrate.
Another suggestion of his is to pay miners more — which would in turn drive up the rent for the mining capacities. Unfortunately, that’s not something a lot of cryptocurrencies can afford in the foreseeable future.
You can’t make the threat disappear. DigiByte is just not paying miners enough.
— Charlie Lee [LTC⚡] (@SatoshiLite) May 31, 2018
There are also whole new start ups appearing to solve the issue of a 51% attack. For example, KOMODO (not related to the famous antivirus) offers to implement notary nodes that would verify the legitimacy of the hash and prevent attackers from easily hijacking the blockchain. Alas, it would take some time to implement their solution, especially since some enthusiasts think that it defies the whole idea of crypto-freedom. After all, it does grant node maintainers an unreasonable amount of power over Bitcoin.
How high is the risk of attack on popular cryptocurrencies
Bonpay also reached out to five industry experts and asked “What do you think about the possibility of a 51% attack on popular cryptocurrencies — Bitcoin, Ethereum and Litecoin? Is it possible that one would happen soon? How high do you think is this possibility?”. Here’s what we got back:
I can’t say what the probability would be, but it would certainly be correlated with the cost! The price would be one of the major obstacles to such attacks, for sure.
— Wong Joon Ian. Managing director for Europe and Asia at Coindesk
Ethereum would have no issues really. BTC and LTC would be potentially vulnerable to this, however, note that all it takes in response is for a small group of people to set up mining and simply add enough processing to reduce the 51% by .5% to defeat the effort.
— Clif High. Developer of Web Bot
The probability of a 51% attack on Bitcoin is very low. There is no surplus miner hash power that can be rented on the open market. An attack on Ethereum is also very unlikely, because the sheer hashpower required is very high. I don’t know about the Litecoin situation.
We will see more double-spend attacks on smaller altcoins, targeting exchanges, aided by 51% hashpower. In response, exchanges will increase their confirmation times for altcoins.
This is a reasonable response that will mitigate some risk, but may not be effective beyond a certain level. We might also see other, more nuanced attacks against coins, because there are now people with the expertise to write such attack code
This will wipe out some weak altcoins, and as well it should.
To successfully hack the blockchain you’d need to hack the majority of computers mining the network simultaneously. This would be a massive undertaking for Bitcoin. Gobitcoin estimates that hardware costs alone for hacking the Bitcoin blockchain would be almost $7 billion dollars and the electricity needed for all that hardware would be the equivalent of 10 days’ worth of New York City’s energy consumption – about $10 million.
The 51% attacks that have been successful are have targeted small networks where the practicality of amassing the computing horsepower necessary is possible – assuming that success offers enough of a reward to make it worthwhile. This means the possibility of a successful 51% attack on the larger, mainstream cryptocurrencies you mentioned is essentially zero.
If there’s any one group with enough hash power to attack Bitcoin, it would be Bitmain. Even if they did have enough hash power, it likely does not make financial sense for them to do so.
In the event of a 51% attack on Bitcoin, it’s likely an emergency fork would called to change Bitcoin’s cryptographic hash algorithm. Other cryptocurrencies would likely to do the same. This would render all of Bitmain’s ASIC miners useless.
Thus a 51% attack would need to be more profitable than at least all of these things combined:
- The cost to manufacturer enough ASICs to complete a 51% attack.
- All future profits made from mining Bitcoin with their ASICs.
- All sales of ASIC miners to the public.
- Losses in value of any Bitcoin they held, as you’d expect a 51% attack to lead to a severe decrease in Bitcoin’s price.
- Their company’s reputation.
Considering the Bitmain was estimated to have made $3-4 billion last year, I don’t see attacking the network any time soon.
It is hard to predict the future, but one can already say that it’s not going to be all that bright. The problem of the 51% attacks is real, and at the moment there is no bulletproof solution. The industry is working on it, and some of the ideas do seem promising, but right now 51% attacks are the biggest issue crypto has ever faced,
Suffice to say, that the moment a proper solution is introduced, the cryptocurrency users will be able to sleep much better. But as of right now, the exchanges and stores will remain wary of the altcoins that have low market caps and not a lot of mining resources behind them.
How to turn Bitcoin to USD — If you want to wait out the 51% attack drama and come back to the market once it’s safe again.