51% attack: the biggest threat to blockchain, how should we deal with it?

Author: Hacken. Translated by: Cointime.com QDD
What is a 51% attack?
A 51% attack is an attack in which an entity controls more than half (51%) of the stake or computing power in a blockchain network. This disproportionate control allows the attacker to implement major changes that violate the decentralized principles of blockchain. In other words, a 51% attack allows the attacker to rewrite transaction history, prevent transactions from being completed, stop validators' rewards, and make double payments.
It is important to note that a 51% attack is one of the most important threats to blockchain security, especially for blockchains that use Proof-of-Work and Delegated Proof-of-Stake consensus algorithms. A worrying consequence of this attack is double spending, where the same digital currency is spent multiple times, undermining the trust and reliability of the blockchain.
How does a 51% attack work?
Diving deeper into the mechanics of a 51% attack, let’s walk through the steps an attacker follows to gain and exploit control of a blockchain network. While the exact details of an attack can vary depending on a number of factors, here’s a simplified version of what a common attack process looks like:
1. Accumulation of power: The first step is for the attacker to accumulate more than half (51%) of the network’s computing or hashing power. This can be achieved by acquiring a large amount of hardware resources or convincing a large number of miners to join a mining pool controlled by the attacker.
2. Partition: The attacker now controls a majority of the network hashing power, effectively separating their group from the main network, but still maintaining internal communication. Despite this separation, the hacker group continues mining operations but does not share progress or receive updates from the main network. As a result, two parallel versions of the blockchain begin to evolve independently.
3. Fast mining: Due to their superior hashing power, the attacker's group is able to add blocks to their version of the blockchain faster than the rest of the network. Over time, the difference in length between the two chain versions becomes statistically proportional to the difference in hashing power between the two groups.
4. Reintegration and dominance: Once the hacker group rejoins the network, two competing blockchain versions propagate throughout the network. According to the rules of the consensus protocol, nodes retain the longest blockchain and shorter blockchains are discarded. This means that all blocks added by the main network during the separation are orphaned and their transactions are released back to the memory pool.
5. Potential threats: A successful 51% attack could trigger a range of threats that could seriously affect the blockchain network and its participants. These threats range from financial fraud (such as double spending) to complete denial of service attacks that paralyze network functionality.
The high cost of a 51% attack
It is worth noting that a 51% attack is not easy and requires a lot of resources and time. This huge financial and technical burden makes it unaffordable for most people.
A major part of the cost lies in the mining equipment required. To control more than half of the network’s hashing power requires a large amount of high-performance hardware, which for a major blockchain like Bitcoin can cost more than billions of dollars.
But it's not just a hardware issue. Mining consumes a lot of energy. Bitcoin mining consumes up to 95.58 terawatt hours per year, which is equivalent to the annual energy consumption of Finland’s 5.5 million people. Therefore, there are also significant power and maintenance costs to consider.
In addition to the high cost, the timing of the attack plan is also very important for the hacker group that attacks the network. They need to control more than half of the network and introduce the modified blockchain at the right time. If the attack fails, the hacker may gain nothing.
Furthermore, in a decentralized environment, there is no central authority that can enforce the use of a compromised chain. Validators and clients can agree to restart the chain from a point in time before the attack, although this can be very messy and undesirable.
The high costs and risks associated with such attacks act as a strong deterrent, especially for larger networks like Bitcoin or Ethereum. On the other hand, smaller blockchains have less mining power, making them more vulnerable to attacks. However, it is possible to rent a few hours of mining power through services like Nicehash to attack these smaller networks, greatly reducing the cost of an attack.
Risks and consequences of a 51% attack
A successful attack can have significant impact on the blockchain network and its users. Here’s what happens:
1. Double spending: This is the most worrying consequence. An attacker could spend their funds twice - first as a normal transaction, then altering the blockchain to show that they never spent the funds.
2. Denial of Service (DoS) attack: A hacker takes over and blocks other miners' addresses for a period of time. This prevents honest miners from regaining control of the network. As a result, the attacker's false transaction chain can become permanent.
3. Transaction reversal: An attacker can block payments between some or all users. This disrupts the normal operation of the network and may cause delays in transaction confirmation, undermining confidence in the reliability of the network.
4. Reputational damage: In addition, an attack could severely damage the reputation of a blockchain. This could lead to a loss of trust among current and potential users, causing a significant drop in the value of the associated cryptocurrency and deterring new users or investors from joining the network.
Actual examples of 51% attacks
In the history of blockchain, there are some notable cases:
1. Bitcoin Gold (BTG): In May 2018, Bitcoin Gold suffered a 51% attack, in which the attacker successfully made a double payment worth approximately $18 million. This incident caused significant damage to the currency's reputation and market value.
2. Ethereum Classic (ETC): As the most frequently attacked blockchain, Ethereum Classic suffered a large-scale attack in August 2020, in which the attacker successfully made double payments worth $5.6 million.
3. Vertcoin (VTC): Although lesser known, Vertcoin experienced a 51% attack in December 2018. The attacker performed double payments worth approximately $100,000.
These attacks demonstrate significant vulnerabilities and consequences, further emphasizing the need for effective security measures.
Prevention measures for 51% attacks
Mitigating these risks can be challenging, but various approaches have been proposed:
Changing the consensus algorithm
Switching to a different consensus algorithm is one possible way to reduce the likelihood of a 51% attack. Proof of Work (PoW), the consensus mechanism initially adopted by many blockchains, is susceptible to such attacks due to the risk of mining concentration.
In contrast, the Proof-of-Stake (PoS) consensus mechanism is less susceptible to such attacks because the attacker would need to own a majority share of the blockchain’s total stake, which is typically a costly endeavor.
Delayed blockchain confirmation
Another effective deterrent is to delay blockchain confirmations. This approach gives the network time to detect and potentially prevent a 51% attack. By extending transaction confirmation times, an attacker would need to continuously control more than 51% of the network for a longer period of time, significantly increasing the cost and difficulty of such attacks.
Penalty system
Establishing a penalty system is another viable defense strategy. For example, implementing slashing conditions in a proof-of-stake blockchain would confiscate a portion or all of a malicious actor’s staked tokens if they are found to have violated the network’s rules. This type of penalty greatly increases the risk for any potential attacker and can serve as an effective deterrent.
Blockchain protocol audit
Finally, regular blockchain protocol audits are a critical part of a comprehensive security strategy. These audits exhaustively examine the protocol to uncover vulnerabilities, including potential avenues for a 51% attack. By proactively identifying and addressing these weaknesses, blockchain developers can significantly strengthen the network’s defenses.
Summarize
While the risk of a 51% attack is daunting, it is important to understand that the cost and complexity of executing such an attack makes it rare. However, the potential impact and historical precedent underscore the importance of proactive preventative measures and ongoing efforts to make blockchain technology more secure and resilient.
The future of Web3 depends on our ability to solve these challenges, turn vulnerabilities into strengths, and create a more powerful and secure digital future for all.
FAQ
What is a 51% attack?
51% attack is one of the most important security issues of blockchain, especially blockchains using proof-of-work consensus algorithm. This attack occurs when someone controls more than half (51%) of the mining power of a blockchain network. This control enables them to make important decisions, undermining the decentralized concept of blockchain.
What can a 51% attack do?
In a 51% attack, an entity with a majority can manipulate the blockchain in a number of ways. They can halt transactions and prevent them from being confirmed, reverse transactions to perform double-spending attacks, and prevent other miners from mining new blocks.
How much does a 51% attack cost?
The cost of a 51% attack varies depending on the blockchain network involved. For example, to launch a 51% attack on the Bitcoin blockchain, an attacker would need to control the most powerful ASIC mining equipment. The cost of the equipment alone is over $7.9 billion. This estimate does not include the ongoing costs of electricity and maintenance.