As the use of cryptocurrencies has grown over the years, we’ve also seen an increase in the threat from bad actors who hope to infiltrate a decentralized blockchain for their own gain. One of the most dangerous attacks is what’s known as a 51% attack, in which an individual or group is able to seize control of at least 51% of the network’s mining power.
A successful 51% attack can lead to a number of serious consequences — the most damaging of which is the potential for cryptocurrencies to be double spent. In this AAG Academy guide, we’ll explain what a 51% attack is, how it works, and the potential impact. We’ll also look at what kind of blockchain is at risk, and how an attack can be avoided.
A 51% attack, or a majority attack, as it is sometimes known, is the name given to an attack on a blockchain that involves more than 50% of the network’s miners.
The consensus mechanisms used by decentralized blockchains mostly prevent attacks by ensuring that transactions cannot be carried out unless the majority of the network agrees that they are valid. However, that falls down when the majority are bad actors, or a number of bad actors manage to gain control of more than 50% of the network’s miners.
Once a successful 51% attack has been carried out, the blockchain is compromised. Attackers have the ability to do things like alter parts of the blockchain, reverse their own transactions so that they can “double spend” their assets, and block new transactions from being confirmed. However, there are limits to what the attacker could do, which we’ll look at later in this guide.
To understand how a 51% attack works, we first need an understanding of how a blockchain operates. Most of those in use today, particularly within the cryptocurrency industry, are decentralized, which means that no single person or small group of people have control over them. They instead operate on a large network of computers or nodes located all over the world.
When a transaction is submitted to a blockchain that uses the proof-of-work (PoW) consensus mechanism, every mining node in the network is asked whether the transaction is valid. The transaction can only be processed and confirmed if the majority of nodes agree that it should go ahead. Without this, the transaction is rejected.
In order to successfully interfere with those transactions, then — or to make any changes to the blockchain at all — a bad actor would need control of at least 51% of all the mining nodes. The larger the network, the more difficult this is. A tiny blockchain with only 10 nodes would be fairly easy to gain control of, but when it comes to networks like Bitcoin, which has approximately 1 million miners all over the world, it becomes insanely difficult.
To make attacks like this somewhat easier, bad actors will usually skip setting up all those nodes themselves — which would not only be incredibly time-consuming, but also immensely expensive — and instead rent mining power from a third-party. Assuming they have the funds required, they may be able to gain just enough power to gain enough control.
A successful 51% attack is a serious thing, but the possibilities it gives an attacker are limited. Here are some of the things they would be able to do:
These things would be incredibly troublesome for those who have invested into a cryptocurrency, as well as any retailer or organization that accepts the asset as payment. Double-spend, in particular, can greatly devalue a cryptocurrency, while reversing a transaction that was previously validated takes assets away from those who are entitled to them.
Here are some things that a successful 51% attacker would not be able to do:
When attackers successfully gain control of a blockchain with a 51% attack, it effectively puts every user of the blockchain at risk. As we’ve already established, there are a number of significant things that the attacker could not do, which limits the potential damage somewhat. But those things an attacker would have control over can be incredibly disruptive.
The ability to block new transactions, change the order in which transactions are processed, and block miners from minting new coins or tokens has the potential to bring a whole project to a standstill. Coupled with the potential to reverse transactions, the attack can cause a large decline in coin or token price, which would negatively affect every token holder.
It is important to remember, however, that a 51% attack on a particular cryptocurrency does not impact other projects that are powered by a different blockchain, and it does not give an attacker the ability to access your wallet and gain control of any assets contained within it.
Bitcoin uses the PoW consensus mechanism we looked at above for validating new transactions, which means a 51% attack on Bitcoin is indeed possible. However, thanks to the size of the Bitcoin network today, it is highly unlikely. It requires an immense amount of power to be a competitive Bitcoin miner, which means incredibly costly hardware.
It is estimated that a 51% attack on Bitcoin would require at least 1.3 million dedicated mining nodes, which cost around $3,700 each. Simple math tells us that the total cost of the attack would be at least $10 billion. Not only do very few people have that kind of money to spare, but those who do are almost certainly not interested in attacking the Bitcoin network.
51% attacks are certainly feasible on smaller blockchain networks that do not have a great number of miners, and they have occurred in the past. Bitcoin Gold, Ethereum Classic, Expanse, and Litecoin Cash are just some of the more high-profile networks that have suffered from them before. But the larger the network becomes, the more difficult it is to attack.
There are a number of ways in which a blockchain can reduce its susceptibility to a hacker takeover. One of the simplest and most effective is to ensure that its protocol does not allow a miner or a group of miners to command more than 50% of the blockchain’s total hashing power. Without this opportunity, a 51% attack simply isn’t possible.
Alternatively, a blockchain could choose to use the proof-of-stake (PoS) consensus mechanism instead, which does not rely on miners for transaction validation in the same way PoW does. Although this mechanism has drawbacks of its own, it is certainly more resistant to a 51% attack because it uses an entirely different method of creating new blocks.
The PoS system also allows a blockchain’s community to vote on who can be a block validator, which means that any suspicious or untrusted candidates, or those who appear to be amassing too much power over the blockchain, can be blocked and kicked out of the network before they ever get a chance to mount a potential attack on it.
The cost of a 51% attack is directly related to how big the network is. As we outlined above, an attack on a large and well-established blockchain like Bitcoin would cost at least $10 billion, according to the latest estimates. However, a significantly smaller network that requires a lot less power would be a lot more affordable to potential bad actors.
Some of the best examples of 51% attacks are those that were carried out on Bitcoin Gold in 2018 and then again in 2020, resulting in more than $18 million worth of assets being double-spent. Ethereum Classic was also attached in 2019, which saw the double spending of more than $1 million worth of ETC tokens.
Proof-of-stake (PoS) uses an entirely different consensus mechanism to proof-of-work (PoW), which does not rely on miners. It also allows potential block validators to be voted in by the community, who can reject those who may seem too risky or too powerful.
One of the biggest impacts on investors when a 51% attack occurs is that the value of an affected cryptocurrency is significantly reduced.
This article is intended to provide generalized information designed to educate a broad segment of the public; it does not give personalized investment, legal, or other business and professional advice. Before taking any action, you should always consult with your own financial, legal, tax, investment, or other professional for advice on matters that affect you and/or your business.
Be the first to get our newsletter full of company, product updates as well as market news.