What is a 51% attack?
A 51% attack occurs when a person, group, or entity gains control of 51% of a blockchain's hashing power, meaning they control some aspect of the project.
The method by which this is achieved is different for each consensus mechanism.
On a proof-of-work blockchain (like Bitcoin), this would be done by gaining control of the network's mining capabilities.
On the other hand, with a proof-of-stake blockchain (such as Cardano), this would be done by controlling 51% of the tokens staked.
Blockchain is a distributed ledgerwhich means it is decentralized.
However, once an entity has more than half the hashing power on the network, it is 51% susceptible to attack.
How does 51% occur on a technical level?
If a proof-of-work network is presented with two conflicting chains, the network will choose the longer chain.
Indeed, the more transactions he successfully completes, the more likely he is to be a good actor.
Getting 51% of the hashing power means you can mine faster than the rest of the miners.
This means that 51% of attackers can quickly create the longest chain and then act maliciously. The network has no choice but to choose the attacker's chain, as it will be the longest.
Often you will find that an attacker does not immediately announce their blocks to the blockchain. Instead, they will mine privately to create their own blockchain. This is how they can get the longest chain before manipulating the public blockchain.
They will spend their coins on the public network (usually for real-world assets that cannot be revoked) while excluding these transactions from their own version of the blockchain, creating a double spending problem.
After a while, the attacker will announce their version of the blockchain to the network, and it will have to be accepted because it is longer than any other chain.
This is how a 51% attack occurs on a proof-of-work blockchain. This process may be different when dealing with other consensus mechanisms.
What could a 51% attack lead to?
Once an entity controls 51% of the network, it can commit multiple malicious acts that will disrupt the blockchain for all participants.
Edit transactions
Once the attacker has 51% of the hashing power, they will be able to modify transactions validated by network nodes. This could involve, for example, changing the amount sent or even completely canceling a payment.
Reverse transactions
Transactions made while the attacker is in power can also be reversed, causing a double spending problem (one of the reasons Bitcoin was created); thus, doubling the attacker's money.
Mining monopoly
A mining monopoly could also arise as a result of a 51% attack.
This would occur when the attacker blocks all transactions of a miner (or group of miners) in their own private network before releasing their own version to the network. This means that the attacker can essentially censor miners out of the network until they are the only miner left, creating a monopoly.
Unfortunately, this would mean that the blockchain is now centralized, in the hands of a bad actor, while the rewards from previous miners would cease to exist.
What can't 51% of attackers do?
They may have a lot of power, but they are not God. 51% of attackers are limited in some way.
Transactions before they were in power
Although they can modify, prevent, and reverse transactions during their reign, they cannot delete or modify transactions made before taking control of them.
Prevent broadcast to blockchain
The attacker cannot prevent someone from streaming on the blockchain.
Indeed, miners, stakers, validators, etc. (which the attacker will control) do not broadcast to the blockchain. Instead, they are the ones who approve or deny these transactions.
Steal assets
Attackers will not be able to steal assets from wallets they do not control, because they will not be able to broadcast the transaction on the blockchain.
Edit network protocol rules
Elements such as adjusting block rewards, token amounts, and consensus mechanisms are built into the blockchain system. Traditionally, these issues are resolved by a soft or hard fork. A 51% attacker cannot force a fork.
If an attacker attempts to force a fork, they will simply isolate themselves on the blockchain, as no other nodes will reach consensus with them.
Check out our article on forks here.
How do networks protect themselves from a 51% attack?
Of course, no blockchain wants to be subject to a 51% attack, so it uses several techniques to protect itself.
Financially unviable
The system Proof of Work uses to deter users from doing this is to make it financially unviable for the attacker. For someone to get 51% of the hashing power of a large proof-of-stake blockchain would require an insane amount of computing power and, therefore, a lot of money.
Of course, this depends on the size of the network, meaning that smaller blockchains are more susceptible to these attacks.
Proof of Stake
It's easier to get 51% of the hashing power on a small proof-of-work blockchain. Proof of stake can help mitigate this risk because it forces wealthier investors to put their money on the line. This means they would lose their tokens if they were caught being a bad actor.
To learn more about consensus mechanisms, read our article on the subject here.
In the delegated proof-of-stake consensus mechanism, validators are often elected by the community. This means that if half of the validators on the network started acting maliciously, the community could quickly undelegate their tokens and remove them from the network.
Promotion of decentralization
Simply, the best way to protect yourself from a 51% attack is to be as decentralized as possible.
Promoting decentralization can come from the team behind the development of a blockchain – for example, by refusing funding from large companies that want big hashing power – or from the community by simply creating nodes themselves.
Has this already happened?
We have never seen a successful 51% attack against Bitcoin or Ethereum, but we have seen some small projects fall victim to this attack.
Bitcoin Gold
When this project suffered a 51% attack, it was the 26th largest cryptocurrency by market capitalization.
The attacker obtained over 51% of the hash power and, over a period of several days, 18 million USD worth of Bitcoin Gold was stolen thanks to the attacker's double spending.
Edge
Privacy coin, Verge, suffered a 51% attack in 2018, which resulted in $1.7 million stolen. This happened only a month after another 51% attack, which wiped out 22% of the token's value at the time.
In response to both 51% attacks, the Verge team performed a hard fork in an attempt to fix the exploit used by the attacker.
Do 51% attacks mean the end of cryptocurrencies?
The two pieces above are still alive but are significantly smaller than they were before the attack. Bitcoin Gold, for example, fell from the 26th largest crypto to just outside the top 100.
Although the attacks did not result in the immediate abandonment of the projects, they seriously damaged their price, growth and reputation.
However, Vitalik Buterin suggests that a 51% attack would “not be fatal” for Ethereum 2.0. Declaring that they could only attack once before they are removed from the network. He then pointed out that this is not the case on a proof-of-work system, which could be exploited repeatedly by the same entity in a 51% attack.
Will a 51% Attack Ever Happen Against Bitcoin?
Theoretically, this could happen. However, this is very unlikely.
Although we mentioned previously that Proof of Work is less secure than Proof of Stake, this mainly applies to small Proof of Work networks.
The Bitcoin network is so large that to get 51% of the hash power would require spend just over 15 billion USD.
Not only does this become financially unviable, but it also minimizes the number of potential attackers in favor of a small group of billionaires who could afford this type of investment.
What is a 34% attack?
A 34% attack poses the same threat as a 51% attack. However, this requires much less hash rate.
This attack uses Tanglea distributed ledger that some cryptocurrencies use to falsely approve or disapprove a transaction, while only needing 34% of the hashing power.
Conclusion
The 51% attack is an exploit that attacks both the security and decentralization of a cryptocurrency. When done successfully, it can result in the theft of millions of dollars and a project's reputation in free fall.
Due to the amount of resources required to carry out such an attack, the largest cryptocurrencies are unlikely to fall victim to a 51% attack. That being said, you can never say never, especially in the world of blockchain.
This article is part of the Hashnode Web3 Blog, where a team of selected editors offers new resources to help you discover the world of web3. Visit us to learn more about NFTs, DAOs, blockchains and the decentralized future.