51% attack: Is Bitcoin under threat?

Cryptocurrency fans were recently taken aback by a 51% attack on Ethereum Classic that led to more than USD 1 million in losses. This is not the first documented case of an altcoin falling victim to such an attack. It has caused uneasiness among some Bitcoin investors as well, who wonder whether it’s also possible to launch an attack of this sort on Bitcoin.

Our goal here is to provide a general explanation of what a 51% attack means for the crypto world and how susceptible Bitcoin investors actually are.

What is a 51% attack?

In the cryptocurrency world, a 51% attack refers to the risk involved with a single miner or a group of miners controlling more than half a network’s mining power. Gaining control over the majority of the network makes it possible to reverse transactions and double-spend funds.

What does that mean in practice?

Imagine buying a luxury home on Malta for the astronomic sum of 550 BTC. The deal is settled, the documents signed, and you’ve sent your bitcoins to the real estate company’s BTC wallet. If you then performed a 51% attack on the Bitcoin network, you could reverse the transaction, leaving you with both the bitcoins and the luxury home in your possession.

How are these attacks possible?

Attacks of this type are only possible with cryptocurrencies based on the proof-of-work (PoW) mining algorithm, which we wrote about in our earlier mining article.

According to PoW logic, the more computational power a miner or a pool of miners have, the bigger their chances of finding the block.

Here’s what happens when someone gains control over more than half the mining power:

  1. A group of malicious miners finds the new block, but they don’t broadcast it to the rest of the network. Instead, they create an offspring of the blockchain. Now there are two versions of the blockchain, each one developing separately.

2. Let’s say the malicious miners spend 550 BTC on the honest branch of the blockchain to buy a house. But they don’t include this transaction in the offspring branch, which shows them as still having that amount of bitcoins in their wallets.

3. The blockchain is based on democratic principles. That means that transactions are regarded as trustworthy only when the majority of participants agrees to verify them. The technical means of achieving this is to create a longer string of blocks. And since malicious miners control more than half the mining power, they have the ability to quickly add blocks to their version of the blockchain.

4. Once the attackers succeed in creating a longer chain, they broadcast their version to the rest of the network.

5. The network then recognizes the new version. In this way, the bitcoins remain where they were while the documents for purchasing the house have already been signed in the real world.

Altcoins that have suffered a 51% attack

Some altcoins have already fallen victim to this type of attack. There have been three significant events in the past year:

A point of interest with regard to the last attack was that the crypto exchange Gate.io, one of the principal victims, claimed a few days later that the hacker had partially returned the stolen money:

The attack happened only a month after the news broke about the ETC team running out of funds. This raises an interesting question that still remains unsolved: Was the main goal of the attack to increase the wealth of an individual or group, or was it to demonstrate to cryptocurrency adherents the tenuousness of their religion and its ability to pay their debts?

Who is at risk?

Ethereum Classic is among the top 20 projects at CoinMarketCap. Verge ranks a bit lower but is still in the top 100 on the first page, as is Bitcoin Gold.

Reports on a possible attack on Dash have recently come out. Dash is also in the top 20. The report claims that around 70% of Dash hash rate are controlled by a single mining pool Nicehash. The team has promptly responded and declared the ChainLocks release in the next version. This technology will help Dash to fight against mining centralization:

Since such huge and reputable projects turn out to be so vulnerable, what else can you expect from smaller ones? The website arewedecentralizedyet.com (archived at the point of writing the article) states that most of the popular projects are controlled by 1–4 entities:

Arewedecentralizedyet.com: most of the popular cryptocurrencies are pretty centralized

It’s noteworthy that only PoW-based (proof-of-work) projects are at risk. PoS-based (proof-of-stake) projects have other issues, but the 51% attack is not one of them. To conduct an attack of that type on a PoS project, a hacker would need to buy at least half the entire circulating supply, an impossible task since the price of any given coin would spike in response to the increase in demand.

The probability of a 51% attack on Bitcoin

This raises the logical question of whether Bitcoin, which is also based on PoW, is at risk for a 51% attack.

On the one hand, the big mining companies like Bitmain are suspected of controlling a large amount of the ASIC mining operations. According to blockchain.com, more than 50% of the hash rate is distributed among the five biggest mining pools: BTC.com, AntPool, SlushPool, F2Pool and ViaBTC.

Blockchain.com: The five biggest mining pools control 50%+ of Bitcoin’s hash rate (Jan. 14, 2019)

On the other hand, Bitcoin’s network is much bigger than the networks for minor coins. This is what makes the 51% attack on Bitcoin much more difficult and consequently less viable.

Renowned Bitcoin entrepreneur Andreas Antonopoulos explained as early as 2013 why no government would ever dare conduct a 51% attack on Bitcoin. According to Antonopoulos, the cost of an attack would far outweigh any gains won by the hypothetical attacker.

How much would a 51% attack on Bitcoin cost?

A number of studies and websites have calculated the cost of conducting an attack of this type on the BTC network, based on such factors as

  • the current Bitcoin price
  • the current block reward
  • cost of mining hardware
  • cost of electricity
  • additional infrastructure costs
  • the hash rate of hardware
  • the hash rate of the network
  • hardware power consumption

The following are figures submitted by various sources (as of January 14, 2019):

  • Cryptoslate: USD1.4 billion to maintain the attack for a year, equivalent to approximately USD160,000 per hour
  • GoBitcoin: USD6.6 billion per year, or USD756,000 per hour
  • Exaking: USD554,000 per hour
  • Crypto51: USD253,000 per hour

Given such widely differing figures, calculating the exact cost of a 51% attack on Bitcoin is obviously not viable. What is clear is the magnitude of the estimates: even the lowest calculation suggests that the cost would far exceed what the hackers stand to gain.

For more on this, see a recent study by the trading platform Zebpay.

Is a Bitcoin 51% attack impossible?

A 51% attack on Bitcoin’s network is unlikely because of its sheer lack of profitability. Does that mean it’s impossible? We’ve all heard of Murphy’s Law: whatever can go wrong will go wrong.

And who really knows? Those huge Bitcoin mining pools may have been forming cartel agreements and silently making double spends for a long, long time. And if that’s the case, you can bet that none of us would ever know.

Spices things up for Bitcoin investors, doesn’t it?

Originally published at cryptoheroes.ch on January 27, 2019.

Blockchain and cryptocurrency marketing specialist