A Detailed Look at 51% Attacks
Ever since the advent of Bitcoin in 2009, the Proof-of-Work methodology has been the primary defence mechanism for decentralized cryptocurrencies against double-spend attacks. Proof-of-Work makes it exorbitantly costly for an aggressor to manipulate the blockchain and undo transactions considered completed. An attacker could cause a double-spend through a “51% attack” where they acquire a majority of the hashrate on target cryptocurrency. This concept was initially dismissed by Satoshi Nakamoto, the creator of Bitcoin, assuming that a party obtaining a 51% of Bitcoin’s hashrate would be implausible.
Emergence of Altcoins and Rise of 51% Attacks
In recent years, our understanding of 51% attacks has evolved with the significant growth of alternative cryptocurrencies. Altcoins, each with differing market capitalizations, have provided an easy target for 51% attacks. As only a minority of miners from larger coins need to divert their attention to a smaller coin to gain control over 51% of its network hashrate.
This development has resulted in new economic models considering the motivations behind executing a 51% attack where sufficient hashrate can be purchased if the attacker is willing to fork out the cost. As per these theories, successful attacks are either breakeven or profitable unless miners have considerable fixed costs associated with their mining hardware.
Mining rental services have essentially nullified the fixed costs for an attacker. Renting services require only the purchase of hashrate during the attack, eliminating any commitments to future returns. This mechanism allows an attacker to rent hashrate for its marginal cost, leading to the threat of high-value attacks. Unfortunately, the detection of these attacks often relies on media reports and disclosures from affected parties like exchanges.
Introducing the Reorg Tracker for 51% Attacks
To mitigate this issue, we’ve built a system to actively monitor a variety of Proof-of-Work cryptocurrencies and detect chain reorganizations (reorgs), useful indicators of possible 51% attacks. Upon detection, the system scrutinizes the blocks involved and notifies any incidents of double-spent transactions. It also provides a cost estimate of the attack based on prevalent hashrate rental prices at the time.
Upon the launch of this reorg tracker in June 2019, over 40 reorgs were detected, serving as evidence that markets renting hashrate were being utilized to execute a number of the attacks.
The Basics of the Blockchain and 51% Attacks
In essence, a blockchain is a distributed ledger storing and recording data. It checks all the boxes for decentralization, an essential characteristic as the entire network of distributed participants has to agree on the state of the blockchain. This ensures the validity of the block’s state can be certain.
A 51% attack happens when a single person or group gains control of over 50% of a blockchain’s hashing power, typically achieved by renting mining hash power from a third party. Successful attackers can then block new transactions from getting confirmed and change the order of transactions This essentially gives them the power to rewrite the blockchain and reverse their transactions, leading to double-spending, a problem that was mostly faced by electronic payments, with the network being unable to prove that the same digital asset hadn’t been spent by more than one person.
However, the potential damage from a 51% attack is theoretically limited. While the attacker could trigger the double-spending problem, they cannot reverse others’ transactions on the network, prevent users from broadcasting their transactions, create new assets, steal assets from unrelated parties, or alter block rewards. As the blockchain network grows with more nodes, the possibility of a 51% attack diminishes, correlating with the cost of performing such an attack ascending in tandem with the network hashrate.
The likelihood of such an attack happening, especially on sizeable blockchains like Bitcoin, is extremely rare as the financial costs would far outweigh the benefits.