51% attack on blockchain: Who’s at risk?

Before Bitcoin was invented, there have been several attempts to introduce a digital currency, but all of them faced defeat. DigiCash filed for bankruptcy in 1996, e-gold was shut by the US government in 2008, other less popular projects were doomed to remain in obscurity and eventually died down. 

Bitcoin has become the game-changer because its decentralized system has made it possible to resolve two key problems of digital cash at once: centralized control and double-spending. While there are few who doubt Bitcoin’s decentralization, there are still some who wonder if its network is prone to attackers wishing to spend the same coins twice.

A 51% attack is something that in theory enables the last threat. Our team at Numbrs has decided to give a detailed explanation of this attack and whether Bitcoin holders really have to beware of it.

How PoW works

To explain how attacks on the blockchain are possible at all, first of all, it’s important to understand the basics of its architecture. 

Bitcoin, as well as a lot of other cryptocurrencies that are based on its open code, relies on the distributed network of nodes. For this network to operate properly, all the nodes have to follow the same set of rules to create new blocks. Miners all over the world compete to find the hash of the next block to be added to the network while the winner gets the prize in bitcoins. In order to find the next valid block, they invest huge amounts of money in computational resources and electricity.

Since the nodes are aplenty and they all operate from different locations, the mining power remains distributed more or less evenly. Even if some participants try to cheat the system and record double-spent transactions, the overall consensus followed by the majority of other nodes will not allow this.

But what if a single organization took control over more than half of the hashing power? That’s right, it would be able to reorganize the network, impose its own rules, and record transactions that would otherwise not be permitted by other nodes.

How a 51% attack can be conducted

Here’s what happens if someone gains control over at least 51% of the blockchain:

  1. A group of miners finds a new block, but they don’t broadcast it to the rest of the network. They launch a separate thread that exists in parallel with the rest of the network.
  2. This group of miners spends a significant amount of crypto (e.g. on a luxury house) with the transaction being recorded on the main blockchain, but they don’t include it in the newly created branch. In their own version of the blockchain, the money still remains on their wallet.
  3. The democratic principles of blockchain imply the veracity of the chain that has a bigger number of blocks in it. Since malicious miners have more power than the rest of the network, they are able to find new blocks and add them to their version of the chain faster than others.
  4. Once their chain becomes longer than the main version, they force it to the rest of the network and thus make it accepted by others.

If the attack has been successful, the malicious miners get both the house and their bitcoins, as if the payment has never taken place. All other transactions that took place on the blockchain initially, are also wiped out disrupting businesses and creating all other sorts of financial havoc.

The list of remarkable 51% attacks

Here we’d like to mention some of the successful attacks that have taken place throughout the history of cryptocurrencies. Worries aside, Bitcoin is not on this list. The analysis of other cases would be useful to better understand the risks, though.

  • Ethereum Classic. 

This coin was born as a result of Ethereum’s reorganization that Vitalik Buterin conducted himself after the ill-famous DAO hack in 2014. Ethereum Classic was created by a group of enthusiasts that have decided to develop the blockchain in the state it was before the hack, i.e. with all its faults and flaws. As a result, the blockchain suffered from reorganizational attacks several times throughout its existence. The first time, the attack happened in 2019 with a total loss of ~$200,000 in ETC. In 2020, not one but three successful attacks in a single month resulted in a loss of $5.6 mln.

  • Bitcoin Gold

Bitcoin forks have fewer supporters and therefore are less secure. The first time, BTG fell victim to an attack in May 2018 having resulted in a loss of $18 mln and delisting from Bittrex. The next attack took place in January 2020 with a minor breach of only $72k.

  • Verge

This privacy coin became a victim of the 51% attack in February 2021. Roughly 200 days of transactional history were wiped out and 560,000 blocks reorganized making this attack one of the largest in the whole history.

  • Vertcoin

This is another fork of Bitcoin that experienced attacks a few times during its history. The first successful attack took place in October 2018. The network experienced more than 22 reorgs and lost more than $100k because of double-spending. In about a year, the attack was conducted again, though the losses were insignificant this time.

As you can see, in order to fall victim to a reorganizational attack, a blockchain should either have a low number of supporters or contain some security bugs from the very start. From this perspective, the service AreWeDecentraliedYet (now a part of Bitcoinera) provides some very interesting insights and food for thought.

AreWeDecentraliedYet: highly centralized blockchains are at risk of a 51% attack

It’s worth noting that although Ethereum is still in the red zone, its team is doing a great job developing the project and switching it to the Proof-of-Stake consensus algorithm which provides much better protection than PoW.

The cost of a 51% attack on Bitcoin

As we have said earlier, in order to conduct a successful attack, one must gain control over the majority of nodes and also pay enormous sums for electricity. Other factors include:

  • The cost of mining hardware which only grows together with Bitcoin’s popularity.
  • The block reward (6.25 BTC at the time of writing) along with the Bitcoin price.
  • The hash rate of the network and the hardware.
  • The power consumption rate of the hardware

It’s easy to figure out that in order for an attack to take place at all, it must be profitable in the first place. Coindesk claims that in 2018, BTG attackers had to pay only $719 per hour. 

As Bitcoin has never experienced such an attack, the calculations can only be hypothetical. Different services come up with different suggestions. Thus, Crypto51 assumes it would cost $716k per hour while GoBitcoin.io resides at $22 mln per day or a bit more than $900k per hour. The total market cap that these services refer to is way lower than what it truly is at the time of writing, so one can assume that the real cost of an attack would be even higher.

Regardless of the real numbers, the cost of an attack would be too high and thus unprofitable. Therefore, Bitcoin holders can breathe easier.