You might be under the impression that cryptocurrencies are infallible. Yes, cybercriminals have hacked exchanges and hot wallets with alarming regularity, but the underlying blockchain technology itself is bulletproof, right?
Well, no. It’s vulnerable to a phenomenon known as a “51 percent attack.”
What Is a 51 Percent Attack?
A 51 percent attack (also known as a “majority attack”) can occur when a group of miners controls more than 50 percent of a token’s hash rate (computing power). In practice, “51 percent” is a misnomer; a group actually requires 50 percent + 1 of the hash rate.
If one group has such a high level of control, it can easily compromise the associated coin by:
- Preventing confirmations and thus blocking new transactions.
- Reversing already completed transactions on the current block.
- Double spending coins on the network.
50 + 1 percent is the level of control needed for a hack to guarantee its success. It is possible, however, to succeed with a lower hash rate. Security groups have used statistical modeling to suggest that vulnerability could start to increase at around 30 percent.
One CPU, One Vote
Bitcoin, along with several other leading coins, uses a proof-of-work system to verify transactions and add them to the Blockchain.
In the whitepaper, Bitcoin’s creator—Satoshi Nakamoto—neatly summarized the process as “one CPU, one vote”:
“Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.”
You might have noticed the big if in the above quote: “If a majority of CPU power is controlled by honest nodes…”
The problem arises when dishonest nodes outnumber the honest nodes. In those cases, they can “out vote” the legitimate miners, make sure they control the longest chain, and thus seize control of the coin.
Nakamoto postulated that even if a miner could amass more than 50 percent of nodes, he would probably still “play by the rules” to protect his own wealth:
“If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favor him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.”
Unfortunately, cybercriminals aren’t exactly renowned for following rules. Since Nakamoto’s whitepaper, there have been numerous examples of 51 percent attacks.
Large Cryptocurrencies Are Safer-ish
So far, we’ve used Bitcoin to illustrate how 51 percent attacks could happen.
However, while on a technical level Bitcoin is vulnerable, on a more practical level, it is unlikely to fall victim for three reasons:
The network is so extensive that it would require a huge investment to acquire sufficiently powerful hardware to control the majority of the hash rate.
According to Crypto51, it would cost a hacker $237,941 to perform an hour-long attack on Bitcoin. The cost for Ethereum is similarly prohibitive—it would cost $74,837.
2. Mining Pools
Today, mining pools for the largest cryptocurrencies are widely distributed.
That wasn’t always the case; in 2014, Ghash.io briefly had 51 percent of the Bitcoin hash rate. Bitcoin was obviously much smaller at the time, but it was still worrisome.
To Ghash.io’s credit, they almost immediately relinquished 10 percent and asked the community to voluntarily limit themselves to 40 percent power to protect the blockchain’s integrity over the long term.
The largest Bitcoin mining pools now hover at around 20 percent of the hash rate.
NiceHash is the world’s largest online marketplace for connecting buyers and sellers of hashing power.
Crypto51 estimates that the total amount of power that NiceHash can produce is less than one percent of the total power on the Bitcoin network. Ethereum is five percent, and Bitcoin Cash is two percent. All the top coins have similarly low percentages.
As such, a weaponized NiceHash does not have enough power to perform a 51 percent attack on the major coins.
Small Coins Are at Risk
Things to start to change dramatically when you study the smaller coins.
Outside the top 10 coins, only two—Electroneum and Ravencoin—have four-digit costs for an hour-long attack. For example, Bytecoin costs $138, Vertcoin costs $171, Bitcoin Private costs just $31. Scroll even further down, and there are hundreds of coins where it would cost less than $10.
The NiceHash percentages also start to increase. There are some big coins with worryingly high percentages. Ethereum Classic is at 82 percent, Monacoin is 79 percent, and Bytecoin is 55 percent.
Again, at the bottom of the list, there are some huge percentages. SmartCoin, for instance, stands at 1,266,517%.
The Bitcoin Gold Attack
The vulnerability of smaller coins was brought into sharp focus in May 2018 when Bitcoin Gold suffered a 51 percent attack.
The token—which was a 2017 hard fork of Bitcoin—had barely been in existence for six months at the time.
The project’s Director of Communications, Edward Iskra, had to tell all exchanges on which the coin could be traded to increase confirmations from five to 50 and to review large deposits for suspicious activity manually.
“The cost of mounting an ongoing attack is high. Because the cost is high, the attacker can only profit if they can quickly get something of high value from a fake deposit. A party like an Exchange may accept large deposits automatically, allow the user to trade into a different coin quickly, and then withdraw automatically. We have been urging higher limits to prevent such an attack and urging manual review of large deposits of BTG before clearing the funds for trading.”
At this stage, it seems almost certain that we’ll see the number of 51 percent attacks increase.
But could there be a silver lining? It’s hard to argue that the thousands of altcoins currently in existence bring real benefits to end users. If the crypto world consolidated around a handful of larger coins, it might not be the worst thing for the long-term health of the industry.
And don’t forget to read our list of crypto hacks if you’d like to learn more about the sector’s vulnerabilities.