51% Attacks and the Sword of Hashrate
A Word from the 49%
The team here at Flipside is gearing up for an exciting 2019 in the crypto industry, with the first two weeks of the year already revealing some interesting developments. One event in particular has dominated headlines, the 51% attack on Ethereum Classic (ETC). It is the most high profile attack since Bitcoin Gold was attacked back in May 2018, and brings about some interesting questions about the scalability of the technology.
We wanted to get our hands dirty examining what Flipside’s asset scores can tell us about the incident as well as conduct a more macro-level investigation.
Let’s Get Down to FCAS
Using our proprietary comparative metrics, FCAS and its User Activity, Developer Behavior, and Market Maturity factor scores, we wanted to examine both ETC performance following the attack, as well as what it means for the asset’s future prospects.
Despite an initial 10% drop following the attack, ETC’s price was resilient and rebounded to perform just under its peers. This performance can be attributed to a number of factors including Coinbase suspending trading and preventing a major sell-off, the ETC community rallying around the network following the attack and maintaining network function, and sheer indifference or lack of knowledge from a percentage of the holders. Additionally, the attackers made off with BTC after transferring double-spent ETC to exchanges, and no individual ETC holders were targeted and victimized (as is the case in most 51% attacks), indicating that market players are willing to accept these types of risks in the short term.
Our FCAS for ETC reflects these behaviors. Currently at 716, it dropped immediately following the attack, as the asset’s User Activity factor score plummeted. In the days since the initial drop, FCAS has trended upward, as Developer Behavior and Market Maturity scores increased, showing sustained trading volume in the asset and increased development efforts, reflecting the price resiliency we see in performance.
Overall, this raises questions about 51% attacks and their effects on crypto markets. With that in mind, let’s explore them in further depth, and see what they could mean for ETC and the industry at large.
A Word from the 49%
The attack on Ethereum Classic began January 5th at 19:58:15 UTC. Following what turned out to be multiple chain reorganizations and double spending of coins, the incident was acknowledged via the Ethereum Classic Twitter account in the late hours of January 6th.
When the dust finally settled, Coinbase had suspended ETC on their exchange and reported a total of 20 block reorganizations on the network, totaling $1.1 million worth of double spends.
Get Hashed
To provide some context, in Proof-of-Work consensus systems, miners compile transactions into blocks and then compete with other miners to add that block as the next one in the blockchain. They compete by “hashing”, which is essentially trying thousands of hash combinations in order to solve a cryptographic hash puzzle. The longest chain of blocks on a blockchain is accepted as truth on the protocol, and when hashrate is evenly distributed (no individual actor has > 50%) this longer chain is steadily built.
In a 51% attack, the nefarious actor will build a “secret chain”, that eventually becomes longer than the “primary chain” (that the rest of the miners are building upon). Once it is longer, the protocol will accept the secret chain as truth. Here is where the double spend attack comes in. In the case of the ETC incident, the attackers began by transfering 5,000 ETC to a wallet address on the network. This transfer was recorded on the primary chain. Call this Transfer A. They then transferred this ETC to an exchange, and bought bitcoin with it. Call this Transfer B. All the while, the attackers were building a secret chain that did NOT contain Transfer B. Using superior hashing power, the attackers grew their private chain longer than the main chain and replaced it. This new chain contains Transfer A, but not Transfer B, so the attackers still have the 5,000 ETC in the wallet address, as well as the BTC they acquired on the exchange. Double spend attack complete. In the end, the attackers carried out this attack in the same fashion across multiple wallet address, making off with millions.
How susceptible are chains?
After learning about the details of the incident, I was curious what it would take to carry out such an attack on larger scale projects. This brought me to Crypto51, an independent site that calculates the costs of 51% attacks across different blockchains. See the image below. At first glance, it appears relatively inexpensive to attack a chain for an hour (ETC is $4,361/hour). The “Nicehashable” column in the image indicates what percentage of the attack could be funded by renting hashing power from the Nicehash service. Note ETC has a 93%.
On its face, this seems like an economically viable opportunity, considering the amount that the ETC attackers were able to double spend, but the reality is somewhere in the middle as the “49%” is not as helpless as you might think. Larger networks have so much hashing power from large-scale mining pools running ASICs, that for an attack to be worthwhile, it would require a much more robust hashrate attack than evidenced on the Crypto51 site. This is because competing miners on the network can increase their hashrates to deter the attack, creating a linear distribution of cost for the attackers that would ultimately deter their efforts.
To attack, or not to attack…
An interesting research report from the University of Chicago Booth School of Business explores in depth some of the economic incentives of mining activities as a whole and how they relate to potential attacks. The quick take is that it is expensive to maintain a blockchain with reward structures that sufficiently disincentive the benefits of a one-time attack. It also calls into question the scalability of blockchain networks as stores-of-value due to the high “tax rate” required to maintain the network as a reliable ledger or database. The “tax rate” in this case is the necessary amount of money that must flow through the system as rewards to miners maintaining the flow of transactions, to deter a one time attack.
Outside of monetary gain, attacks are often motivated by a desire to discredit the victimized chain; showing vulnerability and sowing distrust in a network’s capabilities can drive down price and ultimately ruin a blockchain community. Interestingly enough, Ethereum Classic’s price was relatively unaffected by the attack, as evidence by the visual below. The January 10th downturn can be attributed to overall market trends rather than distinctly a response to the attack.
The End Game
From a macro perspective, the potential for further attacks, and the overall susceptibility of blockchains to these attacks, calls to light a further discussion on the viability of these chains to be scaled to widespread use.
Up to now, we have yet to see another PoW chain come close to the hashrate and overall usability of Bitcoin. Second-tier chains offer varying levels of innovation with light, unproven use cases, and the high-levels of risk associated with their chain’s vulnerabilities will continue to stymie adoption. Bitcoin remains the only chain able to prove PoW staying power.
Thanks very much for reading.
If you are interested in continuing the discussion, or learning more about Flipside’s metrics, please feel free to e-mail me at avi@flipsidecrypto.com or visit us at flipsidecrypto.com.
Key Articles
