What’s a 51% Attack?

When you own 51 percent of a company, you control it. Having 51 percent of the computing power driving a cryptocurrency increases your ability to control it too.

In recent so-called 51 percent attacks on certain cryptocurrencies, hackers have stolen large quantities of digital coins. More worrying still, in some cases the cost to control enough processing power has been peanuts — relatively speaking. Does this put your favourite cryptocurrency at risk?

51 percent attacks concern cryptocurrencies and blockchain protocols that rely on processing power to validate transactions. This typically means they use a proof of work consensus mechanism. The PoW mechanism presents a hashing problem that nodes (miners) in the blockchain network must solve before being allowed to add a block to the blockchain. Miners with more processing power solve the PoW hashing problem faster. They then reap more cryptocurrency coins as a bonanza per block validated, as transaction fees paid by users, or both.

This explains why hugely powerful mining installations exist for popular cryptocurrencies like Bitcoin. Those unable to finance such installations for themselves can join mining pools. The total amount of processing power is again huge, and the gains are then shared between the members of the pool. Users can also rent hashing power from specialised suppliers.

Once a miner or mining pool controls 50 percent or more of the hashing power, things change. Instead of the decentralised system envisaged for most cryptocurrencies, power is re-centralised into the hands of one entity. This can allow the user to dictate which transactions will be validated or reversed. It opens the door to illicit gains through double spending.

The double-spend problem is a fundamental concern in cryptocurrencies. Normally, you should only be able to spend your crypto coins once. Like physical bank notes, you hand your digital coins over to make a purchase or a transfer. After that, you have what you bought, but you no longer have the coins you used to buy it.

However, an unscrupulous miner can set up a parallel chain for creating blocks and spend its coins both on the official chain and the parallel chain. With 51 percent or more of the processing power, the miner can then race to add blocks faster to the parallel chain than blocks are being added to the official chain.

A blockchain protocol based on PoW typically stipulates that the longest validated chain is the one that everybody must use. Once the parallel chain becomes longer (more blocks have been mined and added) than the official chain, the parallel chain becomes the official one. The previous official chain and its transactions are then discarded. The miner keeps the gains from both chains, having effectively spent the same digital coins twice.

That’s the theory. In practice, popular PoW cryptocurrencies like Bitcoin have grown to have enormous total hashing power. It is very unlikely that a single entity will ever amass enough power to gain control, and even if they did, the cost to gain the power needed to perform the attack would typically make the attack not worth doing.

Bitcoin specifically has never suffered a 51 percent attack. During the early stages of Bitcoin’s development, the GHash.io mining pool grew large enough to become a potential threat. As such an attack would have destroyed the coin’s value and been disastrous for all, GHash.io took steps to limit its power and encourage the value to increase instead — and that’s part of the beauty of bitcoin and decentralised cryptocurrencies.

There was more incentive for GHash to keep the bitcoin blockchain running than to use its power to perform a 51 percent attack and put bitcoin’s integrity at risk. Had GHash done so, bitcoin’s value would surely have plummeted, decreasing the value of GHash’s bitcoins and the expensive equipment bought to mine the bitcoin in the first place.

However, for certain smaller cryptocurrencies, the possibility not only exists, but has already been exploited. The outlay needed to launch a 51 percent attack may be only a few hundred dollars of rented hashing power, peanuts when compared to potential gains. As the saying goes, forewarned is forearmed. If you are concerned that a PoW cryptocurrency of interest to you might be vulnerable, you can make an initial check on the cost of a 51 percent attack online.

Enjoyed this post? We’d love to hear your thoughts on it. Complete the nakamo.to survey for a chance to win nakamo.to merchandise!