51% Attacks: The Deathly Scenario for any Blockchain

When it comes to the security and integrity of a Blockchain, nothing is quite as scary as the prospect of a 51% attack.

The lethality of such an attack is so well known that it has even entered into public lexicon with popular shows such as HBO's Silicon Valley which mentions it in one of their episodes.

What is a “51% Attack?”
Broadly speaking, a 51% attack is an attack on a proof-of-work cryptocurrency Blockchain whereby an organization or group is able to control the majority of the mining power (hashrate).

Why would they want to do this? A network such as Bitcoin is cryptographically secure precisely because of decentralization. All of the nodes on the Bitcoin network have to agree on the state of the shared ledger in order for there to be trust in said ledger.

These miner nodes have to look to the other nodes in the network in order to make sure that the ledger that they are verifying is indeed the correct ledger. If, however, a single entity or group is able to control more than 50% of the hashrate then they can attempt to alter the state of the Blockchain in their favor.

For example, they could reverse particular transactions that took place while they were in control of the network. This process is called "double spending". They can also block other transactions from taking place when they are in control.

Why is it potentially deadly?
Although a 51% attack does not produce new coins or directly cause a collapse of a Blockchain, there are severe impacts on confidence that participants will have in the cryptocurrency.

If someone knows that a malicious miner is able to alter the state of the Blockchain then it creates a crisis of confidence. Other miners to the network will either have to cease mining, or take the risk that they are confirming the invalid chain.

Users will also panic about the chance of their transactions not getting confirmed and worry about the prospect of a particular transaction being reversed by the malicious miner(s).

This could have severe impacts for trust going forward as the potential threat may raise its head anytime in the future.

How likely is an attack?
Fortunately for most cryptocurrency holders, the most established Blockchains are quite unlikely to suffer an attack. This really comes down to the cost of performing such an attack. In order to perform a 51% attack, a miner has to garner more than 50% of a network. This requires resources.

In terms of proof-of-work mining algorithms, that cost is electricity and hardware. The more established and advanced a Blockchain is, the harder it is to propagate blocks and hence the more expensive it becomes to garner this hashpower.

There is also an indirect cost that the attacker will have to bare, and that is the cost of the falling coin price. As more people become aware of the attack taking place, they may start to dump their coins - which will impact the value of the stolen loot.

The estimates of the cost of performing this attack on the Bitcoin network are about $634k per hour. The cost to perform the attack on the Ethereum network is slightly more than half that at $336k.

It is also important to note that most attacks require much longer than one hour to actually mine the blocks and yield any results. Add to this the likelihood of a fall in the price of the coins and the chance of other emergency measure, you could have an unprofitable attack.

However, the same cannot be said for some of the newer Blockchains that have lower hashing power protecting the network. This is particularly relevant today as hashing power can easily be rented due to sharing hashing algorithms across chains.

Potential Solutions
51% Attacks are a threat which many proof-of-work Blockchains do eventually face. The notion being that if an attacker is able to garner the hashing power to control the network then they have the upper hand.

However, using completely different consensus algorithms could indeed eliminate the risk. Proof-of-stake is often touted as the best alternative as it relies on a mining node staking their own coins in order to take part in verifying transactions. Dishonest nodes could lose their entire stake should they attempt to control consensus.

In fact, the second most valuable cryptocurrency (Ethereum) is moving away from a Proof-of-work consensus to a Proof-of-Stake (PoS) based mechanism called "Casper" over the next few months. Many have speculated that this was in response to the threat of centralization.

In the end, 51% attacks are threat that remain present on PoW Blockchains that are not sufficiently decentralized or secure. Combatting centralization and being one step ahead of potential bad actors is the most optimal solution.

Recent attacks
51% attacks have always existed as a threat but have once again raised their ugly head in the form of two recent attacks on relatively new Blockchain.

Bitcoin Gold
Bitcoin Gold was one of the biggest public Blockchain to have suffered a 51% attack. This happened on the 18th of May and was disclosed by the team. The attacker was able to take control of the network and double spend 388,201 BTG tokens which is equivalent to $17.8m. 

The team announced that the attacker was attempting to steal coins from exchanges by double spending the coins sent to the exchanges. They would then quickly launder out the Bitcoin Gold into another altcoin to cover their tracks.

Given the change in the hashing power on the network, one can only assume that the attacker had a large amount of mining power behind them. Bitcoin Gold uses the same hashing algorithm as Zcash (Equihash) so it is likely that someone with a great deal of Equihash mining power performed the attack. It is also possible that the attacker was able to rent the excess hashing power.

The estimates to the cost of performing a Bitcoin Gold attack at the time were about $1,245 per hour which makes it much more cost effective to attack. Bitcoin Gold is also a relatively new blockchain that forked from the original Bitcoin chain back in November last year.

In this case, the attacker stopped on his own accord after claiming his BTG. This was probably because when advised, many of the exchanges decided to increase the transaction confirmation requirements. The attacker may also have been spooked at the prospect of being identified by one of the exchanges they were stealing from.

Prices have fallen substantially since this attack and exchanges are likely to be a lot more prudent going forward. So although the chances of another attack are less likely currently, the threat has not been neutralized. In order to fully do this Bitcoin Gold would have to alter the hashing algorithm such that it was unique.

ZenCash (ZEN) is another new Blockchain project that was a fork of a fork. More specifically, it forked from ZClassic (fork of Zcash) in May last year. Hence, it has the same mining algorithm as Zcash and funnily enough, Bitcoin Gold.

On the 2nd of June, ZenCash suffered from a 51% attack that was able to double spend two massive transactions of 13,000 ZEN and 6,600 ZEN respectively. At the time, these double spends were worth more than $550,000. In response to this the ZenCash team told all exchanges to increase their confirmation times.

The attack lasted for 110 blocks which was about 4 hours. At the time, the four hour attack was estimated to have cost about $30,000. Hence, if all assumptions are correct, then the attack yielded the individual a sizable return.

In response to this attack, the ZenCash team worked quickly to try and contain the damage. They also released an official statement where they laid out potential technical proposals that they had to ward of future attacks.

What’s Hot on Infosecurity Magazine?