Also known as a majority attack, a 51 percent attack refers to an attack on a blockchain network by a malicious miner who gains control of over 50 percent of the network’s hashrate. Taking over a blockchain network allows the bad actors to reverse transactions, halt payments, or prevent new transactions from confirming.
Most importantly, it also allows the bad actor to engage in double spending to create “free” money from the network, which can then be sold for other cryptocurrencies on exchanges to “cash out” on the attack. To engage in double spending, the attacker will deposit coins on an exchange and into a personal wallet. Once the exchange has accepted the deposited coins, the attacker will launder them for bitcoin or other cryptocurrencies, which they then withdraw onto a personal wallet. The attacker will attempt to do this as many times as possible until the network’s developers realize that the network is under attack, inform exchanges to mitigate the attack and find a fix for the problem.
Because of the incentives within consensus protocols, 51 percent attacks should only be deployed on proof-of-work cryptocurrencies, i.e. on those blockchain networks that require miners to compute complex mathematical calculations to confirm transactions and to secure the network.
51 percent attacks have been wrongly considered more of a theoretical threat to blockchain networks than an actual one, as the cost of taking over a network by gaining over 50 percent of the network’s hashrate has been believed to be too expensive for a bad actor to successfully pull off. While that may be the case for the Bitcoin network, it is most definitely not the case for small-cap altcoins but even some of the larger altcoin networks are vulnerable to this type of attack as we have witnessed in the past few weeks.
Verge hit by three 51 percent attacks in 2018
When it comes to 51 percent attacks, no cryptocurrency project has made the headline as many times as the privacy-centric digital currency Verge (VXG). Since the start of the year, Verge has been hit with three 51 percent attacks.
On April 4, the Verge network reportedly suffered its first 51 percent attack. According to Bitcointalk forum user, ocminer, a malicious miner was able to mine blocks with spoofed timestamps to trick the network into thinking the new block was mined an hour ago so that it was added onto the blockchain while the next mined block was added to the network immediately. This allowed the attacker to mine one block per second and accumulate a reported 250,000 XVG.
The Verge team responded with a tweet saying “We had a small hash attack that lasted about 3 hours earlier this morning, it's been cleared up now. We will be implementing even more redundancy checks for things of this nature in the future! $XVG #vergefam,” and initiated a hard fork to fix the vulnerability.
However, the issue that allowed the attacker to successfully pull off his stunt was not adequately addressed as the next 51 percent attack on Verge occurred only a month later.
On May 22, the Verge blockchain was hit with the same type of attack, which resulted in hackers being able to mine 25 blocks per minute, generating 8250 VXG (worth around $920) per minute. The total cost of the attack was 35 million XVG ($1.7 million).
A suspected third attack on the Verge network was discovered on May 29, which suggests that the Verge developer team was never able to fully plug its vulnerability and that its mining network is not distributed enough to fend off future 51 percent attacks.
Bitcoin Gold and ZenCash also attacked
The bitcoin hard fork, Bitcoin Gold (BTG), was also the victim of a 51 percent attack, which allowed a malicious miner to disappear with $18.6 million. After the attacker managed to gain over 50 percent of BTG’s hashrate, they sent coins to an exchange while simultaneously sending the same coins to their personal wallet. Normally, the blockchain would prevent this from happening. However, as the attacker had control over the blockchain, they were able to reverse the transaction and double spend the coins, which led to the affected exchange losing almost $18.6 million during the attack.
Following the attack, Bitcoin Gold communications director Edward Iskra published a warning to users explaining how the malicious miner was able to steal BTG from exchanges. The latest high profile victim of a 51 percent attack is the privacy-centric coin ZenCash. In a statement published on June 4, the ZenCash team announced that a malicious miner was able to take over the network and engage in three double spends.
The attacker was reportedly able to gain 23,152 ZEN, which was worth around $700,000 at the time of the attack. Other cryptocurrencies that have suffered similar attacks in the past few weeks include Monacoin (MONA) and Electroneum (ECN).
The cost of 51 percent attacks
The recent surge in 51 percent attacks suggests that more attacks of this sort can be expected. The barriers to entry and the increase in hashing difficulty of mining proof-of-work coins has made it substantially less profitable to mine leading cryptocurrencies, which, in turn, makes double-spending attacks more appealing to bad actors.
According to a blog post, by FECAP University cryptocurrency researcher Husam Abboud. It would cost as little as $1.5 million to attack the Ethereum Classic network and by spending around $70 million a malicious attacker could even take over the entire network to bankrupt the cryptocurrency.
To attack smaller cryptocurrency networks, however, the costs are much lower. To illustrate how easy it can be to launch 51 percent attacks, a new platform named Crypto51.app was launched. Crypto51.app shows users how much it would cost per hour to launch a 51 percent attack for a range of crypto assets. The creator of the platform has extracted hash rates from Mine the Coin, cryptocurrency prices from CoinMarketCap, and mining rents from NiceHash to compute the costs of the attacks.
Somewhat shockingly, according to Crypto51.app, several quite well known altcoins could be successfully 51% attacked for under US$1000. While there are limitations to Crypto51.app’s data, it does illustrate the vulnerability of smaller proof-of-work cryptocurrencies.
The rise in 51 percent attacks reminds the community of Bitcoin’s supremacy
The increase in double-spending attacks on altcoins and the low cost of attacking the networks highlight the fact that bitcoin (BTC) is still the most secure digital currency in the market as it has the highest hashing power dedicated to securing its network. Having said that, the cryptocurrency community is also learning that smaller blockchain networks are not as safe and impenetrable as previously thought.