On January 23rd, Bitcoin Gold was 51% attacked and $72,000 was double spent. This is the second time that Bitcoin Gold (BTG) has been attacked, and its aftermath left many people wondering: why don’t exchanges delist Bitcoin Gold and other easily 51%-attackable PoW coins?
Turns out, there’s a simple answer. But first, let’s examine the circumstances of how this attack was performed.
Bitcoin Gold is a fork of Bitcoin that uses the ASIC-resistant ZHash mining algorithm. ZHash is optimized for efficient GPU mining and increases the difficulty of ASIC development due to its high memory requirements. GPUs are widely available for rental since they are commoditized and in large supply relative to ASICs, so it’s easy to rent enough hashpower to dominate the Bitcoin Gold network. Hashpower marketplaces, such as NiceHash and MiningRigRentals, have dramatically decreased the costs of performing a 51% attack, and similar marketplaces are popping up left and right (see Warihash, Luxor, etc).
The recent attack on Bitcoin Gold required up-front capital costs of $3,400 (0.4 BTC to reorg a total of 29 blocks assuming linear slippage), but note that this cost was recouped through block rewards on the reorganized chain. Because of the inexpensive overall cost, this attack could have been performed entirely using spot GPU rental markets. Furthermore, because GPU rental markets are becoming increasingly liquid, the cost of overtaking a GPU mineable network is decreasing (see NiceHash pricing). Thus, the up-front capital required by the attackers is only the Bitcoin Gold they wanted to double-spend, plus the hashpower costs. The BTG attackers double spent an estimated $72,000 and paid only $3,400 (recouping ~$4,200 through block rewards), giving them an ROI of ~96.6%, making this a wildly profitable attack.
And of course, the primary victims of 51% attacks are exchanges. The attack generally goes like this: the attacker deposits coins on an exchange, those coins are traded for some other liquid coins like BTC, and then the BTC is withdrawn. The original deposit transaction is later reverted by the 51% attacker, allowing them to get back their original deposit and essentially double their money. Because of this vulnerability, exchanges wait a confirmation period (originally 12 blocks on Binance for Bitcoin Gold) before allowing coins to be withdrawn. But while these confirmation periods increase security, they cannot prevent attacks outright. For more on the mechanics of 51% attacks, check out @hosseeb’s Tweetstorm on the Ethereum Classic (ETC) attack last year.
Bitcoin Gold’s 51% attack was the second in just two years (the first Bitcoin Gold attack was much larger), yet BTG remains traded on exchanges like Binance to this day. Naturally, the question arises: why doesn’t Binance delist BTG?
Binance currently trades ~$4.13M in BTG/BTC volume per week. So Binance makes around $429,000 per year in total profit on the BTG/BTC trading pair alone (assuming average fees of 20 basis points (maker/taker) per trade and low BNB usage).
After calculating profits for all low-mid market capitalization PoW coins, a trend crystalizes. It is more profitable for Binance to list low-mid market cap PoW coins, even with their potential losses due to 51% attacks. The chart below shows estimates of the percentage of hash rate available for rent, along with Binance’s profit estimates (assuming current market prices).
Note: All rented hashpower increases the total hashrate of the network. Thus, an attacker must acquire >=100% of the current hashrate to launch a successful 51% attack. All hashpower acquisition estimates are also vulnerable to linear market price slippage, which can vastly increase attack costs.
We can generalize the list/delist decision for vulnerable PoW coins to the following simple formula:
As long as the above holds, we expect that Binance and other sufficiently high-volume exchanges will continue to list vulnerable PoW coins. Exchanges can always reduce the probability of a 51% attack by increasing the number of confirmations required for withdrawals (Binance increased this for BTG from 12 to 20 following the attack). But of course, this does not prevent attacks outright and instead merely increases an attacker’s capital costs. Exchanges can further engage in attack prevention by performing prudent anomaly detection on user deposits of small-cap PoW coins. But note that there is no way to directly detect a 51% attack before it happens, since renting hashrate does not cause the on-chain hashrate to drop in any way.
The most recent Bitcoin Gold attack was worth ~$72K, while Binance expects to make $429K from Bitcoin Gold this year. Likewise, the Ethereum Classic 51% attack netted the attacker approximately $1.1M, while Binance expects to make ~$3.2M off its trading fees. This is yet another reason why coins do not die after 51% attacks.
That said, 51% attacks are still an enigma. They seem like a fundamental violation of the proof-of-work security model. But 51% attacked coins continue to trade on top exchanges, and often, bizarrely, increase in price after an attack (see ETC, BTG, XVG). We can partly explain this phenomenon by seeing 51% attacks as a tax on exchanges and modeling their continued incentives to list vulnerable coins. But as for why 51% attacked coins sometimes appreciate, unfortunately that still remains a mystery.