51% attacks have become a fact of life in the world of cryptocurrencies. Even though they directly affect crypto exchanges, these fraud cases could indirectly affect crypto investors. We’ll explain what a 51% attack is, how criminals use it to double-spend crypto and what the long-term risks are for your investment plans.
Double-Spending Digital Cash
Satoshi Nakamoto created the Bitcoin blockchain to address the inherent weaknesses of fiat-based electronic payments. “No mechanism exists to make payments over a communications channel without a trusted party,” Nakamoto wrote in his Bitcoin white paper. Trusted parties are unavoidable because fiat-based transactions are reversible. Buyers must depend on the reputation of the sellers. Sellers must impose know-your-customer requirements on the buyers. And the entire system must accept a level of fraud.
Nakamoto’s solution was to make trust irrelevant through cryptographic proofs. “Transactions that are computationally impractical to reverse would protect sellers from fraud,” Nakamoto wrote, “and routine escrow mechanisms could easily be implemented to protect buyers.” Neither side in a transaction needs to know anything about the other. Buyers can only transfer the bitcoins they own. Once a seller gets a bitcoin, nobody can take it back.
Making transactions irreversible
Bitcoin and similar cryptocurrencies depend on networks of “miners”. When you buy a latte with a bitcoin, miners process that transaction by bundling it up with hundreds of other transactions into a proposed block. Then the competition for the reward begins.
Only one miner’s block will join the blockchain. To be that one, each miner tries to create a proof of work by running hashing algorithms — very complex calculations — on powerful computers. Although hard to calculate, the proof of work is very easy to check. The first miner to calculate a proof of work broadcasts it to the mining network. When enough miners agree that the proof of work is real, the new block becomes part of the official blockchain and the race is on to add the next block.
The blockchain provides a record of every transaction ever made — an accepted truth of who owns what.
Digital money’s double-spending problem
Counterfeiting is an age-old threat to real-world currencies. Let’s say you hand someone a fake twenty-dollar bill and get two real ten-dollar bills back. You’ve made money for nothing and that fake bill is now circulating in the money supply. If left unchecked, counterfeit currency drives inflation and reduces trust in a trust-dependent financial system.
Digital currencies face a similar threat through something called “double spending”. When you use a digital coin to buy an ebook, you transfer that coin from your digital wallet to the book seller’s wallet. But what’s to stop you from resetting your wallet and then spending that coin again? This question had plagued efforts to create digital currencies for decades. There must be some way to trust the integrity of a transaction.
Satoshi Nakamoto’s solution
The phrase “computationally impractical” Nakamoto wrote in his white paper provides a clue to why the Bitcoin blockchain is so resilient to double-spending. Bitcoin uses complex math and simple economics to prevent double-spending. If it’s easier and more profitable to mine bitcoin, then there’s little incentive to corrupt the cryptocurrency by double-spending.
When creating a new block, miners aren’t just bundling a bunch of bitcoin transactions. The hashing algorithm uses cryptography to calculate a unique number, called a hash, that’s based on the transactions and the current blockchain’s hash. The next update combines the new blockchain’s hash with another block of transactions to create a new hash.
Since the hash for each block of transactions depends on the hashes for all the previous blocks, changing a transaction in one block means recalculating the hashes for every subsequent block on the blockchain.
Nakamoto made sure that this kind of math is so hard to do that Bitcoin’s mining network can only add one new block every 10 minutes. It isn’t enough to recalculate the hashes on the blockchain because, while you’re doing that number-crunching, the mining network has added even more blocks to the blockchain.
The only way to write your own version of the blockchain is to win the computational race to add a new block every single time. You need to have more processing power than the rest of the mining network.
What Is a 51% Attack?
In a 51% attack, a group of miners tries to win that race by controlling more than half of the network’s processing power. Once they pass that threshold, they control the blockchain and can add new blocks faster than anyone else in the network. By launching a 51% attack, these miners could spend a bitcoin, erase the transaction and spend it again and again.
51% attacks on Bitcoin aren’t worth it
The complex calculations needed to launch a 51% attack makes success very difficult and very unprofitable. It’s been years since a desktop computer had the hashing power to mine bitcoin. Today’s miners use machines with processors that are custom-designed to calculate the hashing algorithm.
These machines are expensive and you need a lot of them to have a chance at getting bitcoin rewards. That gives large companies an advantage. They can afford to spend millions of dollars to build server farms that contain rack after rack of these mining machines.
Websites like Crypto51 use the cost of running a cryptocurrency mining farm to calculate how much you’d have to spend to launch a successful 51% attack. In the case of Bitcoin, a one-hour attack would cost more than $548,000.
And that assumes nobody does anything to stop you. Upon learning that an attack was underway, the Bitcoin community would rally together and throw even more processing power onto the network. This would drive the cost of an attack into the millions of dollars.
“If a greedy attacker is able to assemble more CPU power than all the honest nodes,” Nakamoto argued, “he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins.”
In the end, attacking Bitcoin just isn’t worth it. But not every cryptocurrency is Bitcoin and profit isn’t always the motivation.
Going After Einsteinium
“If I livestreamed the setup and execution of doing a 51% attack against the testnet for the sake of education would anyone watch?”
This was the question team-periwinkle posted to the r/CryptoCurrency and r/Bitcoin subreddits on Sunday, October 7. The unnamed crypto enthusiast proposed a live attack on Bitcoin to show how a 51% attack works, the decisions attackers would make to set things up and the countermeasures Bitcoin’s miners would take.
In a later edit to both posts, team-periwinkle shifted his plans to conduct a real attack against a smaller cryptocurrency.
Einsteinium launched with a noble mission to support scientific research. Based on a copy of the Bitcoin blockchain, the project would “tax” miners and use the proceeds to award research grants. People using the Einsteinium cryptocurrency would be able to support worthy causes and interesting science.
The cryptocurrency never took off and it now languishes far down the market cap listings, the crypto equivalent of a penny stock.
The 51% threat in team-periwinkle’s words
The following excerpts from team-periwinkle’s comments show that the stunt was meant to reveal the risks 51% attacks pose to the huge number of small cryptocurrencies like Einsteinium.
“Bitcoin and other large coins are secured by the fact that it would be really hard for any given person to get 51% of the hashing power of the network because so many people mine it. But many other, smaller coins have very little total hashing power and it would be pretty cheap to rent enough hashing power to fork them. That’s what I’m doing (sans the defrauding the exchange part).”
“I’m doing it to serve as something of a wake-up call to small coins that don’t take steps to mitigate such attacks. Also to show people how these attacks work.”
An exposé, not a hack
Team-periwinkle went out of his way to explain that he was not going to hack an exchange or cause harm to any crypto users. The livestream would be a demonstration, nothing more.
“I’m not going to defraud [an] exchange with it. I also think it may prompt people to think more seriously about the potential of 51% attacks in smallcap coins.”
He also explained how affordable such an attack was. Mining-for-hire firms like NiceHash let you rent mining capacity on a number of crypto networks. The mining costs on a smaller cryptocurrency’s network pretty small.
“For einsteinium $20-40. But it would get more attention if we did a bigger coin like vertcoin, doing that would cost $330/hour so between $330 and $500.”
Bad luck on Saturday the 13th
Team-periwinkle launched his live Twitch stream on the promised day. But Einsteinium wasn’t a good target anymore. Before team-periwinkle could buy his extra hashing power, the project’s developers bought their own chunk of processing to make a 51% attack too expensive.
Team-periwinkle shifted his sights to Bitcoin Private. This privacy coin was created in February 2018 by merging the code for Bitcoin and Z-Classic.
Less than 90 minutes into the stream, however, Twitch shut him down because “Attempts or Threats to Harm” violated Twitch’s terms of service. Two hours later, team-periwinkle went live on Stream.me and was banned within 35 minutes.
Team-periwinkle’s stunt caught the attention of many in the crypto community. Dogecoin creator Jackson Palmer, for example, live-tweeted his own commentary during the stream.
I have to say, it is very interesting to be sitting around on a Saturday afternoon watching someone demo-ing a 51% attack while other people attack his IP addresses. Very crypto and 2018.
— Jackson Palmer (@ummjackson) October 13, 2018
Despite the streaming struggles, team-periwinkle was able to take over 70% of the hashing power on Bitcoin Private’s network and mine enough blocks to create his own version of the cryptocurrency’s blockchain. True to his word, however, team-periwinkle did not use his power for evil.
Successful 51% Attacks
There are people more evil than team-periwinkle. Over the course of 2018, a rash of 51% attacks struck small cryptocurrencies. In May, developers notified crypto exchanges that a 51% attack on Bitcoin Gold was underway. Bitcoinist estimated that the double-spent coins took nearly $18 million out of the exchanges’ coffers.
In a message to the Bitcoin Gold community, the team speculated that they were targeted because “we are on more large Exchanges, with significant liquidity and fairly deep order books – these are necessary for an attacker to be able to profit from such an attack.”
51% Attacks’ Impact on Investors
Making a double spend scam work requires so much hashing power and money that most crypto investors won’t be the target. These scammers need to make large trades quickly which means crypto exchanges are their preferred mark. That doesn’t mean, though, that the average crypto trader is unaffected.
The American exchange Bittrex de-listed Bitcoin Gold following its attack. The tersely-worded announcement gave two weeks’ notice that all three of Bitcoin Gold’s trading pairs would be gone. Bittrex did not explain why the cryptocurrency was going or provide any immediate advice on what customers should do.
The Bitcoin Gold Foundation explained the delisting on its own blog. Evidently, Bittrex demanded the Foundation “take responsibility for the attack” by reimbursing the exchange it lost 12,372 BTG. Since the Foundation did not have enough in its coffers to make that kind of payment, Bittrex kicked their cryptocurrency off the exchange.
Withdraw it or lose it
An October 5 announcement gave 30-days’ notice that Bittrex would close its Bitcoin Gold wallet. The exchange still didn’t explain why Bitcoin Gold had to go. It just warned customers to withdraw their Bitcoin Gold holdings by November 5 or lose everything when the wallet disappears.
Bittrex’s delisting policies don’t specifically mention 51% attacks, but it’s easy to see how such and attack would fall within the scope of terms like “compromised or defective.” Other exchanges, such as New Zealand’s Cryptopia and Hong Kong’s OKEx do cite 51% attacks as a reason for booting a cryptocurrency.
All of these exchanges provide a grace period. If you were on vacation and didn’t see the notice, however, you’d be out of luck. Once a centralized exchange erases its private keys, those coins are lost on the blockchain.
Future 51% Risks
The largest proof-of-work cryptocurrencies are largely immune. As mentioned earlier, an attack on the Bitcoin network would cost more than half a million dollars an hour. Attacks on Ethereum, which uses a different algorithm, would be almost as expensive. However, the long tail of cryptocurrencies offers many tempting targets.
Another factor is the growing number of mining-for-hire companies. By doing the heavy lifting and big spending, these firms make it easy for double-spend scammers to rent the hashing power they need to take over small blockchain networks.
Limited scope for profit
One factor that may keep these attacks from spreading is how little control the attackers actually get. The only transactions they can change are their own. The only mischief they can get up to is swindling crypto exchanges by double-spending.
An attack’s success depends on speed because the attackers are paying by the hour. The longer it takes, the less profitable the whole operation becomes. In the case of the Bitcoin Gold attack, the exchanges instantly accepted large deposits and did not wait for the recommended number of blockchain confirmations before handing over the money. Simple policy changes could make the attacks less appealing.
A recent proposal from the developers of Horizen (ZenCash’s new name) would bake delays into the blockchain. Since a 51% attack has to be done in secret, the attackers must keep their new blocks in reserve. The Horizen proposal would build a penalty into the algorithm that would force attackers to spend even more money.
What if profit doesn’t matter?
Ultimately, Nakamoto’s strategy for deterring a 51% attack depends on attackers having a financial self-interest in the outcome. The deep-seated worry among crypto experts is that a large organization with deep pockets could launch 51% attacks just to destroy a cryptocurrency.
New York University professor Joseph Bonneau, for example, presented a paper at a recent conference that looked at just this scenario. It’s called a Goldfinger attack after the James Bond villain who tried to turn America’s gold supply radioactive. Bonneau and his co-authors explored different types of Goldfinger attacks. Bribery is particularly troubling, they concluded, because the declining value of mining revenue could make miners susceptible to bribes.
And then there’s China
Bribery isn’t the other way to influence miners. A simple knock on the door by the secret police could do the trick as well. Researchers from Princeton University, Florida International University and the MIT Lincoln Laboratory looked into China’s dominance of the Bitcoin network.
They found that 74% of the world’s Bitcoin hash power is owned by mining pools based out of China. “Pool miners cannot be directly controlled by China,” the researchers wrote, “but the managers are located within China and as such are subject to Chinese authorities… they control the inputs and outputs of their miners, allowing Chinese authorities indirect control over that hash power.”
One of the things China could do with that control is launch a “punitive fork” by refusing to let the blockchain hold transactions from censored addresses. China could also make changes to the blockchain by launching an “eclipse attack” to disable the Bitcoin network’s anti-censorship mechanisms.
Other types of attacks could rip Bitcoin’s pseudo-anonymity apart or simply undermine confidence in the cryptocurrency to the point that mainstream users simply walk away.
Whether motivated by state-sponsored actions or good old-fashioned criminal greed, 51% attacks are here to stay. But what does that mean for a crypto investor? Deep-pocketed exchanges may be the scammers’ preferred target, but that doesn’t mean investors aren’t exposed. The cryptocurrency’s trading options will shrink as exchanges delist them. Combined with the news of the attack itself, the value of an investor’s crypto portfolio could suffer.