Hacking a blockchain is possible — but it's pretty rare. How does one go about attacking something that is immutable?
The rise in popularity of cryptocurrency has encouraged cybercriminals to find new and better ways to attack the underlying blockchains. One fairly successful method in recent years has been the 51% attack.
What Is a 51% Attack?
In a 51% attack, one or more cryptocurrency miners gain control over more than 50% of a proof-of-work (PoW) blockchain network’s total computing power or hashrate.
If successful, 51% attackers can:
- Prevent the recording, validation or confirmation of transactions;
- Change transaction processing order;
- Reverse existing transactions and then double-spend the coins.
In addition to the negative impact that 51% attacks have on the network’s users, they can also affect other miners. By controlling the network’s computing power, 51% attackers can block mining by anyone other than themselves. This also presents a significant threat to businesses who rely on blockchain for managing their finances and keeping transaction records.
And as the number of cryptocurrencies continues to grow, 51% attacks will continue to occur, particularly against networks with low hashrate.
Famous 51% Attacks on Blockchain
Numerous 51% attacks have taken place in recent years. One of the most recent was the August 2021 attack on the Bitcoin SV (BSV) network, the third in as many months.
BSV is a fork of the original Bitcoin blockchain, supported by those that believe this fork is the most true to the Bitcoin founder’s original intention in creating Bitcoin (SV stands for Satoshi Vision). At present, BSV has the 45th highest market capitalization among cryptocurrencies at just over $3 billion.
While the overall attack scope of the most recent BSV attack is still unclear, the attackers (still unknown) affected approximately 100 blocks and wiped approximately 10 hours worth of transactions, or more than 570,000 transactions from the blockchain.
BSV is not alone, however. Another Bitcoin fork, Bitcoin Gold (BTG), also suffered a 51% percent attack in 2019. Several exchanges lost an estimated $18 million due to double-spending by the attackers. This led one exchange, Bittrex, to delist BTG unless it compensated the exchange for its losses. While following the attack, BTG had the 27th highest market cap among coins, it is now in 84th place two years later.
Ethereum Classic (ETC), which forked from the original Ethereum blockchain after the infamous DAO hack (not a 51% attack!), has been 51% attacked several times.
One attack reorganized 11 blocks and allowed attackers to double-spend $1.1 million worth of coins — Ethereum Classic’s price suffered a significant decline following the attack. Another attack on ETC in 2020 resulted in the double-spending of $5.6 million in coins.
However, unlike BTG, Ethereum Classic eventually recovered its place in the rankings and now has the 20th largest market capitalization at around $8.2 billion.
What sets these currencies apart from larger, more established currencies like Bitcoin and Ethereum — and makes them vulnerable to attack — is their relatively low hashrate.
Is a 51% Attack Illegal?
There do not appear to be any laws that specifically prevent miners from seeking to control more than 50% of a network’s computing power. However, acts that miners or mining groups take after gaining network control (the actual attacks) can create criminal liability.
In the United States, the Computer Fraud and Abuse Act (CFAA) may apply to the actions of 51% attackers, although it is far from clear that this is the case.
The CFAA penalizes activity that meets all of the following criteria: (1) a transmission of a program, information, code or command to (2) a protected computer (a computer used in or affecting interstate commerce whether or not located in the US) that (3) intentionally and (4) without authorization and (5) causes damage.
While each of these criteria is potentially problematic to enforce, perhaps the most difficult is the “without authorization” requirement. Holding more than 51% of the network’s mining power implicitly gives attackers authorization to take action, even if they damage the network and other users.
Similar issues exist in applying other U.S. laws, such as those regulating securities transactions. The fact that this question has no definitive answer highlights the issues with the lack of regulation of cryptocurrency and cryptocurrency markets.
How Can You Prevent a 51% Attack?
A variety of potential options for preventing 51% attacks exist. One is changing the underlying approval algorithm for the blockchain from PoW to delegated proof-of-stake (DPoS). DPoS uses multiple delegates that change over time to validate each new block. In a DPoS blockchain, 51% of attackers must control both hashrate and the delegates, making attacks more difficult and unlikely.
Another alternative is the use of Modified Exponential Subjective Scoring (MESS). MESS analyzes block reorganizations and assigns scores to indicate the trustworthiness of the reorganization. MESS considers large-scale reorganizations, which underlie most 51% attacks, to be inherently untrustworthy.
ETC now uses MESS to protect its network against 51% attacks. According to ETC, a 2020 attack that required only a $3,800 computer to initiate it would now cost approximately $20 million.
Some currencies are protected against 51% attacks by using delayed transaction approvals, coupled with fines, to deter miners who appear to be planning an attack — cryptos using these systems include Horizen and Komodo.
Can Bitcoin Suffer a 51% Attack?
The short answer is that it is highly improbable a successful Bitcoin 51% attack could happen due to the exceedingly high costs for an attack. In fact, only a state-sponsored actor with access to massive amounts of equipment and a large, independent power source could even attempt a 51% attack on Bitcoin.
Estimates of the cost of a Bitcoin 51% attack are varied, with some estimates reaching upwards of $15 billion. Other estimates, such as the Crypto51.app website, are much lower, with the theoretical cost for conducting a one-hour long Bitcoin 51% attack at just over $1.5 million.
But the Crypto51 number is deceptive because the cost of buying hashrate is not the major obstacle to a Bitcoin network attack. Instead, it is the amount of hashrate available for purchase, shown in the column labeled NiceHash-able.
Ultimately, to successfully stage a Bitcoin 51% attack, miners would need to essentially more than double the existing hashrate using their own equipment and power. Given the popularity of Bitcoin and how high Bitcoin’s hash rate is, this is a nearly impossible scenario.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap. CoinMarketCap is not responsible for the success or authenticity of any project, we aim to act as a neutral informational resource for end-users.
