While the Bitcoin network has yet to be successfully targeted by a 51 per cent attack, other cryptocurrencies have fallen prey to such mischief. In one recent attack, first spotted on 6 January 2019, the Ethereum Classic blockchain saw more than $1m taken by a bad actor or actors.
And what exactly is a 51 per cent attack? The Bitcoin Project offers this brief definition: “The ability of someone controlling a majority of network hash rate to revise transaction history and prevent new transactions from confirming.” In other words, it’s when bad actors have so much computing power on the blockchain network that they can generate new blocks ahead of everyone else, effectively hijacking control and gaining the ability to do things such as double-spend or reverse previously verified transactions.
Satoshi Nakamoto, Bitcoin’s creator, anticipated this possibility in his original paper describing how his “peer-to-peer electronic cash system” would work.
”By convention,” he wrote, “the first transaction in a block is a special transaction that starts a new coin owned by the creator of the block. This adds an incentive for nodes to support the network, and provides a way to initially distribute coins into circulation, since there is no central authority to issue them.”
Such an incentive “may help encourage nodes to stay honest,” he noted. However, he added, “If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.”
Despite its name, though, the 51 per cent attack is not instantly enabled the moment someone gains control over more than half of the network hash rate. Instead, a majority attack (another name for a 51 per cent attack) becomes a steadily increasing risk as a would-be attacker’s computing power grows. In fact, in 2014, after a then-popular Bitcoin mining pool called Ghash.IO hit the 51 per cent hash rate mark, to allay fears of an attack, the company said it would no longer go past the 39.99 per cent mark.
“Hitting 51 per cent network control is not a guarantee of success, just the point where success is likely,” the Learn Cryptography website states. “In fact, you could attempt this sort of attack with much less network control, but your odds of success would be very low.”
Nor does gaining control over more than half of the network hash rate mean that attackers can do anything they want on the network. For example, they wouldn’t be able to alter transactions more than a few blocks back in time. And they would still have to perform the usual cryptographic computing to generate new blocks – they couldn’t just instantly conjure up as many new coins as they wanted.
There’s general agreement that a 51 per cent attack is a greater risk in blockchains such as Bitcoin’s that use proof-of-work rather than an alternative consensus mechanism like proof-of-stake.
“Solutions such as proof-of-stake are not only less resource-intensive and more environmentally friendly, but they’re also more secure and much more difficult to fall victim to a 51 per cent attack,” Miguel Palencia, CIO of the blockchain company Qtum, told The Street after the recent attack on Ethereum Classic. “[F]or something like this to occur in a proof-of-stake network, the attacker would need to buy more than all the coins currently being staked, which would raise the market price exponentially, rendering the attack useless and extremely costly.”
However, even a proof-of-work-based network can be relatively safe against a 51 per cent attack if the network is big enough, according to a recent whitepaper. In a study commissioned by the Indian Bitcoin exchange Zebpay, Saravanan Vijayakumaran, an associate professor of electrical engineering at the Indian Institute of Technology Bombay, noted that the total hash rate for Bitcoin in May 2017 was around 27 exahashes per second. He calculated that would require around two million mining devices each capable of handling terahashes per second, and added the retail cost for those devices was around $1,200 each. Gaining enough computing power to control more than half of the hash rate, then, would clearly be a costly endeavour for an attacker, he said: at least $1.2bn for equipment alone.
“The Bitcoin protocol does not provide any cryptographic protection against a 51 per cent attacker,” Vijayakumaran wrote. “This attack is not seen in the wild for economic reasons.”