51% Attacks

By Jamesa Brown


What is a 51% Attack?

A 51% Attack, also known as a “majority attack”, is an attack on a blockchain by one or more miners that control more than 50% of the network’s mining hashrate, or computing power. The attacking miners would be able to prevent new transactions from gaining confirmations, and reverse transactions that were completed while they were in control of the network. Through the control of the network’s mining hashrate, according to Investopedia, the attacker or group of attackers can prevent other miners from completing blocks and create opportunities for double-spending. Double-spending is the act of spending a cryptocurrency twice. Double-spending is an issue that is unique to digital currencies.

Despite the potential drawbacks of double-spending and the prevention of new transactions, a 51% attack would be difficult to execute on locked transactions, known as a historical blocks. The older a transaction is at the start of an attack, the more difficult an attack on it would be. In many cases, changing transactions before a specific checkpoint is considered to be impossible.

Past Attacks

If the majority of mining powers gets into the hands of a few miners, that entity can pose a severe threat to the cryptocurrency. Two examples of such an instance are the 51% attacks on Krypton (KR) and Shift, two Ethereum-based cryptocurrencies, in 2016.

The Krypton attackers had stolen approximately 21,465 KR from Bittrex by double-spending on the network. They managed to do this by selling KR for Bitcoin after sending the KR to Bittrex, and then rolled back the blockchain to reverse the transaction. Since one month after the attack, the Krypton and Shift development teams have reported that they have resolved the issue of lost funds and they have suggested to Bittrex to increase KR withdrawal times to lessen the risk of double-spending.

Earlier this year, in May, Bitcoin Gold suffered from a 51% attack. The attacker or attackers controlled a vast amount of Bitcoin Gold's hash power such that even with Bitcoin Gold repeatedly attempting to raise the exchange thresholds, the attackers were able to double-spend for several days. They eventually stole over $18 million worth of Bitcoin Gold.

Less than one month after Bitcoin Gold’s attack, Horizen, formerly known as ZenCash, suffered from a 51% attack. According to their report on CryptoNinjas.net, one of the pool operators received a warning of a potential attack two days before it took place. The ZenCash team investigated the attack and increased security measures on the exchange platform to mitigate the likelihood of double-spending. The resulting double-spending from the attack was mitigated, but over $500,000 dollars were lost during it. This pushed the CEO of what is now Horizen to dispel myths and rumors during a press release. Since this release, Horizen has released a security adjustment to Bitcoin’s Satoshi Consensus algorithm. The thoroughly tested adjustment is designed to enhance protection of Proof-of-Work blockchains against 51% attacks.

A Very Recent Attack

GeoCold, a Twitch livestreamer, earned a spot in recent online headlines by stating the following on his twitter account: “Oct 13, 3:00 CDT (8:00 UTC) I'm doing 51% attacks against real live CryptoCurrencies and explaining the whole process on twitch.” This tweet was followed with many assumptions as to why someone would take on the role of an attacking miner.

When I watched the first hour of the free livestream, GeoCold stated he wanted “People [to be] more motivated to fix things” by demonstrating how easy a 51% attack could be for anyone who was interested in doing it. The result, however, was the abrupt ending of the stream due to reports being filed against it by anonymous viewers.

By the end of GeoCold’s second live attempt at attacking Bitcoin Private, however, he proved his demonstration effectively enough to reappear in online news outlets. He was later seen communicating with the Bitcoin Private Twitter account to clarify his intentions. Bitcoin Private thanked GeoCold for his clarification of what he was trying to accomplish, and the interchange was less than hostile.

By the end of the ordeal, GeoCold managed to become the target of many cryptocurrency followers by being booted off of two streaming platforms. GeoCold updated his followers on this development, stating that “we got ~70% of BTCP's network and I was about to fork it”. The result of this attack was informative to some, and an embarrassing reminder to others that a 51% Attack has undesirable consequences for the tech-savvy users.

Bitcoin’s Risk of a 51% Attack

Some cryptocurrency investors don’t believe that a single miner can gain control of the Bitcoin network hashrate. After Bitcoin Gold’s unfortunate attack, however, all investors faced the harsh reality that, if equipped with the knowledge, one or more miners could cause a 51% on many, if not all, cryptocurrencies.

According to popular Bitcoin.com news article writer, Kai Sedgwick, 51% may not be enough to gain control of Bitcoin’s hash rate. Sedgwick cites Jimmy Song’s ponderings of various mining scenarios. According to Song, “an attacker armed with 60% of the hashrate would still be expected to take 100 minutes to overtake the rest of the network in confirming blocks. Meanwhile, the rest of the network would have caught on to what was happening, and begun invalidating the attacker’s blocks.”

Sedgwick concludes his article by stating that a 51% attack would be highly improbable. One reason for his reasoning is his carefully explained return on the investment of an attack. As previously mentioned, the time spent in attempting to overtake the rest of the network at 60% would be too long to go unnoticed. The issue of the lack of returns on the investment is also a reason that a 51% attack is not probable in the near future.

Conclusion

Despite the increase in security on all cryptocurrency platforms and in forums, the likelihood of a 51% attack continues to be prevalent. Many cryptocurrencies face the risk of becoming a target of the attacks, but they could learn from Horizen and other platforms that have searched for solutions by remaining vigilant while operating their networks.