To understand a 51% attack, we must understand how the architecture of consensus algorithms on decentralized networks can make a blockchain vulnerable to an attack.
Typically Proof-of-Work consensus is used to demonstrate how an attack is carried out. However, other consensus algorithms, such as Proof-of-Stake, are also vulnerable to such an attack albeit it’s less likely on certain implementations of a Proof-of-Stake blockchain due to incentives.
We will use the Proof-of-Work example as it is the first and most common type of blockchain.
Proof Of Work Consensus
A Proof-of-Work blockchain has miners who compete against each other to discover new blocks. To discover a new block, a miner adds a random string called a nonce and then puts it into a hashing function.
By adding all the values of the output of the hashing function together you get a sum of a number. This number is random and completely different every time you change your input. The goal of the miner is to get a sum that is below a variable called the “target”. The target is changed in accordance with the network’s difficulty.
Network difficulty is adjusted roughly every 2 weeks on the Bitcoin network. That way,
The network can predict roughly how long on average it will take to discover a block because the output sums of the hashing function are normally distributed. So it can predict that target X would be found in 1% of random hashes for example. Of course, the actual number is dictated by the total hashing power of the network so the probability of having a sum that is equal to or lower than the target sum is much lower than on the Bitcoin network.
The profitability of mining plays a role
Ultimately, how profitable your mining setup
That is partly how the network maintains a decentralized structure, it gives incentives to other miners to compete against you even if they aren’t the most powerful. Otherwise, whoever had the most mining power could gobble up all those rewards and the other miners would drop out because there is no profit in it for them. Then we would be back to square one with a centralized payment system in which the single miner monopoly could insert transactions and blacklist addresses on the network. Obviously, that would defeat the purpose of a blockchain,
Attacking with 51% of hashing power
A 51% attack can be performed by a single actor, like a mining company or even a pooled mining system. if it gets 51% or more of the total hashing power on the network. (Hashing power just refers to how fast computers can produce new hashes).
How the attack actually is executed is by secretly mining a separate fork of the ledger and not initially broadcasting it to the network. This is normally done as soon as you discover a new block.
Meanwhile, you let the other miners continue on adding blocks to the blockchain. Then you make a purchase on this alternate chain which everyone else is using.
What an attack looks like
So let’s say you are an evil miner and you want to steal a Lamborghini. Typically a Lambo costs about $200,000. (In the majority of cases it is not cost effective to perform a 51% attack unless you are doing it for large amounts of money since it costs so much money to get large amounts of hashing power.)
This Lamborghini dealership accepts Bitcoin and so you pay them the cost of the Lamborghini. A responsible dealership isn’t going to give you the keys to the car until there are sufficient confirmations on the Bitcoin network.
Once the dealership is satisfied with the number of confirmations, they give you the keys to the
Now, since you’ve secretly been mining another version of the ledger behind everyone’s back you broadcast your new version of the ledger which started before you made the purchase of the
The Longest Chain Rule
This works because the Bitcoin network has a consensus rule called “The Longest Chain Rule”, which always chooses the longest chain of blocks to resolve disputes of alternate versions or forks of the blockchain. Normally, this makes perfect sense as the longest chain has the most hashing power behind it. Because it is the fastest at creating new blocks and so people put more energy at stake to produce it with the belief that it is the correct chain.
However, if a single entity has the majority of the hashing power, then they can produce blocks faster than everyone else on average and therefore can perform this type of attack.
But because mining is a random, stochastic process it doesn’t guarantee that having 51% of the hashing power will always produce a successful attack. But having 51% of the hashing power does make it very likely. As it turns out, you could do this type of attack with less than 51% of the hashing power. It just makes it much less probable that it will be a success. The more hashing power, the more likely it is you will be successful.
Protections from the attack
There are some protections against this type of attack as it becomes harder to alter blocks the further in the past they are.
According to the online tool from gobitcoin.io, the hardware cost alone for a 51% attack on the Bitcoin network is about $7 billion and the electricity cost is around $4 billion per day. This makes it quite unlikely that such an attack could happen on the Bitcoin network today. But it is still feasible on some smaller Proof-Of-Work blockchains, Ethereum classic being a notable example from earlier this year.
The other dynamic is the fact that the attack has to be executed pretty quickly. Otherwise, the network might fork to reverse the attackers’ fake transactions. In practice, most of the 51% attacks have been done by double spending on exchange wallets as that is one of the most practical ways to do it.
Also, if the market finds out before the attacker can exchange his coins, it can cause the value to drop very quickly as market participants sell out of fear of the network being compromised or being “dumped on” by the hacker selling his coins and increasing the available circulating supply. So there are economic incentives at play as well.
Some consensus algorithms like the Stellar Consensus Protocol make these types of attacks nearly impossible.