51% Attacks: Something to be Afraid of? | Medium
Even though decentralized blockchains are designed for improved security, there is one popular type of exploit on everyone’s mind: 51% attacks. Lots of people misunderstand what a 51% attack is and the implications of it. In this article, I will explain how the blockchain is secure and how 51% attacks take advantage of a critical vulnerability.
Blockchain Security: How Secure Is It?
As mentioned, the blockchain is quite secure, but that does not mean there are no blockchain security issues. 51% attacks primarily concern Proof of Work based blockchains, much like Bitcoin. Let’s dive in with Bitcoin as the focus.
If you have read anything about Bitcoin or the blockchain, then you probably understand that the blockchain’s purpose is to be a global, current, and decentralized public ledger of transactions. This means that all nodes which make up the Bitcoin blockchain must always agree on the status of the network; this is called achieving consensus. It is what makes a blockchain trusted and secure.
Achieving consensus with a Proof of Work blockchain has the following steps, often known as the mining process:
- Transactions are broadcasted to the network. Transactions are simply people sending coins to one another.
- Miners grab these transactions, turn their backs, and privately race to solve the answer to the next block that should be added to the blockchain. This ‘race’ is actually miners guessing to solve a complex mathematical problem according to SHA-256 — Bitcoin’s Proof of Work consensus algorithm. Each guess requires computing power from the mining hardware. The more hash rate a miner has (more guesses per second), the better chances they have at finding the block.
- The first miner to solve the block proposes the updated ledger (with the new block) to the rest of the network.
- If the network agrees, then the blockchain is updated, and the miners start this cycle over again, grabbing new transactions and racing to find the next block.
- If the network is proposed with two different versions of the blockchain by two different miners, it will accept the longest chain.
In summary, it is the decentralized nature of Bitcoin’s blockchain and all of the nodes performing this consensus process which makes it secure. Although, if someone has enough wealth to control 51% of the hashing power, then they can achieve their own consensus.
Blockchain Security Issues: Hashing Power Exploit
Now, remember in step two of the mining process I mentioned that each ‘guess’ requires computing power. If each guess is 1 CPU cycle on your computer, and it takes billions of guesses to solve the next block, then this can be a considerable amount of computing power, actually increasing your monthly electricity bill! The number of guesses per second is often referred to as hash rate.
You can sum up the total hashing power required by all of the nodes in the network to achieve consensus. It is this aggregate hashing amount, across the network, which makes the blockchain so secure. This essentially means that for someone to add an invalid block to the blockchain, they need to reach their own consensus, which often requires 51% or more of the total hashing power; you can then propose a block and accept it as valid. Dominating 51% or more of a blockchain as large as Bitcoin’s requires a substantial amount of capital (tens or hundreds of millions of dollars).
Now you may begin to visualize what a 51% attack is, but let’s keep exploring to paint a more literal picture.
What is a 51% Attack?
A 51% attack is when a miner or group of miners achieve 51% or more of the networks hashing power. Once this is achieved they can achieve consensus amongst themselves and perform double spend attacks by literally reversing the transaction. The double spending problem is a classic. There are other types of exploits which can be done once 51% is achieved, but double spending is the most commonly talked about.
An example double spend can be if I purchase a guitar from you. I send you the Bitcoin, you confirm receipt of them, then you give me the guitar. Meanwhile, if I have control of the Bitcoin network, I can reverse that transaction giving me back my coins, while I still own the guitar.
A 51% attack and double spend attack go hand and hand and are sometimes used interchangeably. Naturally, if a 51% blockchain attack is performed, they will generally attempt to double spend coins. Let’s explore how this works.
How a 51% Attack and Double Spend Attack Works
Now let’s walk you through the process of a 51% attack from the attacker’s perspective. First, remember three things we previously discussed:
- You need 51% or more of the total hashing power to perform a 51% attack
- Miners race to find the next block. The more hashing power a miner has, the better chances they have at finding it.
- If nodes are presented with two conflicting versions of the blockchain, they will choose the longest one to be valid (because more ‘work’ has been done)
So, you are a hacker planning his next big 51% attack on the almighty Bitcoin. You own a large mining facility and can generate enough hashing power to dominate 55% of the blockchain. Since the more computing power a miner has means the better odds he has at finding the next block, then you owning 55% of the network will ensure you win the race.
Here is where it all starts.
Generally, when miners think they found the next block, they will broadcast it to the rest of the network for consensus. However, you decide not to; instead, you hard fork the blockchain, maintaining your own private version by not broadcasting to the network. There are now two different versions of the blockchain, your private one and the public one.
One version is being maintained by you and the other is maintained by the nodes on the truthful, public blockchain. Since it is the same protocol, coins on either chain are compatible with any Bitcoin wallet and can be spent.
Double Spend Attack
At this point, you have successfully forked your own blockchain. You are working on your own, private chain. This is where the double spend attack occurs. You can spend your coins on the public blockchain, but not on your private chain.
Let’s say you buy a Jimi Hendrix signed guitar for 100 Bitcoin on the public chain. Your coins are sent, broadcasted to the network and baked in with the next block. Meanwhile, you have not spent these coins on your private chain, thus, you still have them, according to that ledger. Additionally, you are working to add blocks faster to your chain than the public one, to make it longer.
Remember the third rule mentioned previously: if nodes are presented with two conflicting versions of the blockchain, then they will choose the longer one. This rule can be found directly in the Bitcoin whitepaper.
So, some time passes and you have officially added more blocks to your chain than the public one. You then broadcast (propose) your version of the chain to the public, and since it is longer, the nodes are obligated to accept your chain and mine at it. Now, your corrupted version of the blockchain becomes the public, truthful version. On this new chain, the 100 BTC you spent on the guitar, was not spent at all. You have essentially reversed the transaction and scammed the guitar seller.
How to Protect Against 51% Attacks
To summarize once more, a 51% attack is when an attacker manages to:
- Control 51% or more of the network, enabling them to fork their own, private chain
- Spend coins on the public blockchain, but not on their private chain
- Work to make the private chain longer than the public one by adding more blocks
- Present the corrupted private chain to the network, and it is then accepted as the new public chain since it is longer
- Any coins you spent on the old public chain are now unspent since you never spent them on the private chain, which became the new main chain.
While a 51% attack can be devastating, they can be defended against. Generally, a 51% attack is avoided through a hard fork. This means that a 51% attack has been identified and the community agrees at exactly which block the blockchain attack began.
Hard Forks and Rolling Back the Chain
Once the 51% attack has been properly identified, the community will then agree to roll back the chain to X block number and start mining from there. This means the community will agree to start mining at a new chain, beginning at X block height. This flexibility is partially what makes blockchain security and decentralized networks in general so trusted.
This forking technique is optimal when the chain is rolled back to a recent block This means there is a minimal number of transactions which will be reversed because then fewer people are affected by the change. Ultimately the 51% attacker will end up losing any coins he tried to mine ahead of time, wasting massive amounts of money on computing power for nothing. It is for this reason that 51% attacks are not performed as much as you would think. More often than not, they hurt the reputation of a brand, rather than offer any large financial incentive for the attacker.
Still, there are situations where attackers do get away with large sums of money, or the chain is not rolled back because too many transactions have occurred, or the community does not agree.
