/ Security

The 51% Attack Explained

Over the past few weeks, there's been a number of high-profile attacks on a few very well known cryptocurrencies. The attacks were conducted using the theoretical '51% attack' so we wanted to break down what you need to know and why it's important to a trader as you make investment decisions.

Using this attack method, bad actors on various cryptocurrency networks have managed to fraudulently acquire millions of dollars in crypto assets from numerous exchanges. Bitcoin Gold, a high profile and more recent target, was the latest to be hit by a major attack. In this case, bad actors are thought to have withdrawn over $18M USD worth of crypto assets. In the ZenCash and Verge attacks, fraudulent transactions totaled more than $2M USD. The method was further popularized recently in the HBO series Silicon Valley in which startup Pied Piper's ICO was almost ruined by a similar fate.

But what is the 51% attack and how is it even possible when blockchain technology is meant to be 100% secure and immutable? To understand the nature of such an attack, it's first necessary to understand the mechanics of proof-of-work (POW) verification, or more commonly, how mining works. While the 51% attack can theoretically occur on networks that rely on POS (proof-of-stake) verification, our focus in this article will be on the more timely and urgent POW.

What is Proof-of-Work?

POW is what's known as a consensus mechanism, which is just saying it is a way to validate transactions, agree upon the network state, and add a new block, updating the blockchain’s cryptographic ledger. It relies on incentivizing individuals to ‘mine’ blocks of the blockchain in return for ‘block rewards.' Currently, for example, a successful miner will receive 12.5 bitcoins for mining a bitcoin block. What's important to note here is the word ‘successful’ as a block-reward isn’t guaranteed, rather going to the first miner to verify the transaction.

Those with more hashing power are more likely to receive the reward, while those with the least have to deal with the very real potential of lost expenses. You may have heard the term 'mining pools' recently. Created to mitigate risk, this is when individual miners pool their hashing power to increase the likelihood of winning, and then sharing the reward. While mining pools are great for individuals with limited hashing power, it results in consolidation eroding one of blockchain's most important security measures: decentralization.

Which brings us to the prospect of a 51% attack.

51% Attack

A 51% attack, as the name implies, is possible when bad actors control over 50% of the hashing power in a blockchain network. While once considered impractical and nearly impossible, mining pools along with the rapid rise in smaller cryptocurrencies, have made these types of attacks much more realistic.

Mining pools in particular, can become exploitable once their market share of hashing power grows large enough - if a pool consolidates too much hashing power, it risks being able to manipulate the creation of blocks. While > 50% is required, if a bad-actor manages to gain control of three of the world’s largest mining pools, the 50% threshold would be broken and ‘51% attack’ could occur.

And if you want to further understand what a 51% attack could cost various cryptocurrencies, there's a pretty nifty app that's tackling the issue.

What happened with Bitcoin Gold?

Bitcoin Gold’s susceptibility to a 51% attack wasn’t in fact due to mining pools, but rather the relatively small amount of hashing power needed to verify a transaction – just 28MH/s compared to Bitcoins 33 million TH/s. This allowed bad actors to gain control of the required 51% of hashing power quite easily.

Once this threshold was reached, the culprits embarked on what is known as double spending, where they use their majority control to spend the same coins multiple times. Usually, when contradictory transactions occur (i.e. when two individuals spend the same coin at the same time) the network will automatically choose the transaction with the longest chain of verified blocks and reject the other as false. However because the bad actors controlled the majority of hashing power, they were able to create false chains of verified blocks that were longer than the true ones being mined by the rest of the community. This allowed them to spend the same coin or set of coins multiple times, accumulating other cryptocurrencies which they subsequently withdrew at an approximate value of $18M USD.

The Lesson?

In light of these recent attacks, exchanges have been pushed to increase how many confirmations are required to confirm a transaction. In Bitcoin Gold's case, a hard fork is being planned to decentralize the mining power of the network and potentially reverse the fraudulent transactions.

Ultimately, the proliferation of new, smaller cryptocurrencies along with the ability to rent and pool hashing power, has substantially increased the possibility of future 51% attacks. Fortunately the crypto community is aware of the very real threat these attacks can pose to the credibility of blockchain technology and cryptocurrencies. As such you can expect to see innovative solutions to this and other security concerns as the industry grows.