It’s difficult to pick the most dangerous among blockchain attacks, but 51% attacks are certainly up there. Not only do they result in losses, but they often affect the whole market. To fully comprehend the potential implications of such an attack, we first have to get acquainted with what it means.
51% attacks, also known as majority attacks, usually befall blockchains that use the proof-of-work (PoW) consensus mechanism. A 51% attack is a situation in which one user of the chain gains control over more than half of mining compute power, potentially allowing them to manipulate transactions in the blockchain.
- Why is a 51% attack dangerous?
- 51% attacks explained: How do they work?
- How a 51% attack happens
- How bad are 51% attacks?
- What are some examples of successful 51% attacks?
- Defense against majority attacks
- With 51% attacks preemptive actions are key to blockchain security
- Frequently asked questions
- About the author
Why is a 51% attack dangerous?
If a 51% attack succeeds, a malicious actor gains excessive rights. This means they have the power to cancel transactions, institute censorship over them, or stop accepting any new transactions altogether. In this case, the chain is, in a way, controlled by either one person or a group of people.
However, the most critical is the option to double-spend: to spend the same funds more than once. This kind of power over a chain is attractive to any malicious actors looking for profits.
51% attacks explained: How do they work?
To better understand how a 51% attack functions, we need to look at the principles of mining and describe how exactly it works, especially how transactions are added to a blockchain.
In a blockchain, data is stored in a chain of blocks, hence the name. Each block contains transactions and the hash code of the previous block. They form a chain that’s impossible to alter, which is why the technology itself is considered secure. It’s still important to remember that not all blocks end up in the blockchain; only the longest chain does, with the rest being dismissed. This allows for soft forks – several chains existing at the same time.
Another important part of this ecosystem is a node – an electronic device that functions in the blockchain and has an IP address. The nodes that participate in the mining process are called miners. A person or a company may stand behind a node.
Now let’s take a look at the process. First, a node receives a set of transactions and forms a block out of them. Then it starts to mine this block. Because the information doesn’t spread through the chain momentarily, several chains of blocks can exist within the chain simultaneously. While forming a block, a proper node chooses the longest chain of blocks, stating the last block when it mines a new one. The mining process in PoW blockchains consists of resolving a complex mathematical problem within a formed block.
If a miner resolves the problem faster than all the rest of the chain users, they find the block, send the problem’s resolution to the other miners, and the block gets added to the chain. This is how proof-of-work functions in a blockchain, basically powering it.
How a 51% attack happens
When over 50% of the mining power ends up in the hands of a malicious user, they can start building their own fraudulent chain of blocks. An attacker chooses a block from a list of recently mined ones and mines an alternative chain from it. This way, a soft fork is created artificially, meaning that two equally valid chains of blocks exist simultaneously.
An attacker adds the transactions that may prove profitable into their chain. This could, for instance, be transactions that allow for double-spending. If the attacker manages to make their chain longer than the existing one, the network will accept this chain while the previous one, starting with the soft-forked block, is canceled. This way, the attacker can spend the funds from the main chain of blocks, then replace it with the other one that contains unspent funds, and get their spent funds back. This situation sums up double spending, which is one of the primary goals of malicious users everywhere.
How bad are 51% attacks?
51% attacks can be pretty devastating. However, in a way, they get a worse reputation than what is deserved. The attack is costly: one user must have enough technical capacity to outplay all the remaining participants in the mining process. Not only that, but maintaining it for a considerable amount of time is necessary since the attack isn’t fast. The user would have to create a soft fork and manage to mine the second chain of blocks that has to be longer than the first one. That’s not an easy task by any means.
It’s the complexity of 51% attacks that makes them less popular than flash loans or rug pulls. Note that 51% attacks only affect PoW chains and are not a threat to PoS consensus mechanisms.
What are some examples of successful 51% attacks?
Over the last few years, several successful 51% attacks have occurred on various chains. Among them, unfortunately, the most famous ones are present. In the past, Bitcoin Gold, Litecoin, and Ethereum have all fallen victim to this type of attack. Below we have listed so most notable examples.
An attack on Bitcoin Gold occurred in January 2020 and resulted in double spending of approximately $7000 worth of BTG coins. On January 23 and 24, the hard fork of Bitcoin was attacked with two reorganizations of over ten blocks. A researcher from MIT Digital Currency Initiative on GitHub reported the news. Both attacks happened within 6 hours, with one allowing the malicious users to make $19,000 and the other adding $53,000 to this amount. The attack resulted in the coin’s price going up while Binance increased the escrow period for its purchase.
Ethereum Classic is no stranger to majority attacks after being repeatedly hit, especially in August 2020, when this happened three times. The Bitfly mining company informed the public about all three instances in which 3693, 4000, and 7000 blocks were reorganized.
The last attack occurred right after a statement regarding the necessity of “aggressive innovations” for the chain’s PoW was released by ETC Cooperative.
Unlike in the case of Bitcoin Gold, however, the attack didn’t have any effect on Ethereum’s coin prices.
Defense against majority attacks
No remedy can assuredly prevent or eliminate the effect of an attack. Yet there are options that everyone who works with PoW blockchains should keep in mind. First and foremost, it’s vital to correctly calculate the intervals between the blocks after which a transaction is accepted. Usually, it’s the number of blocks: the more block confirmations you need for a transaction to be accepted, the less likely it is that a hacker will manage to create an alternative chain and surpass the existing one. This is exactly why, in the first example, Binance made the choice to prolong the escrow period.
Another important detail is monitoring the mining process and ensuring that a single user or group doesn’t get their hands on more than 50% of the mining computing power. It’s not easy, but this maintenance helps detect a potential threat early.
With 51% attacks preemptive actions are key to blockchain security
In crypto security, preemptive actions are always more effective. This is why awareness is the key to securing users’ and projects’ funds. In regards to 51% of attacks, it’s possibly the only path to providing safety to a blockchain.
Frequently asked questions
What is a 51% attack?
What are the main risks of the 51% attacks?
Are proof-of-stake (PoS) consensus blockchains vulnerable to 51% attacks?
How common are 51% attacks?
How not to become a victim of a 51% attack?
About the author
Gleb Zykov is the CTO and co-founder of HashEx. Zykov started his career as a software developer in a research institute, where he honed his technical and programming skills in the development of various robots for the Russian Ministry of Emergency Situations. He then brought his expertise to the IT services company GTC-Soft, where he designed Android applications and became the lead developer and CTO. At GTC, Gleb led the development of several vehicle monitoring services and a premium taxi service similar to Uber.
In 2017, Gleb co-founded HashEx, an international blockchain auditing and consulting company. As the CTO, he heads the development of blockchain solutions and smart-contract audits for the company’s clients.
In line with the Trust Project guidelines, the educational content on this website is offered in good faith and for general information purposes only. BeInCrypto prioritizes providing high-quality information, taking the time to research and create informative content for readers. While partners may reward the company with commissions for placements in articles, these commissions do not influence the unbiased, honest, and helpful content creation process. Any action taken by the reader based on this information is strictly at their own risk.