51% attacks. Merely mentioning them makes crypto traders a little fidgety, and with good reason.
A successful 51% attack against a cryptocurrency would, at best, take a big chunk out of that cryptocurrency’s price. And, at worst, could end use of the cryptocurrency altogether.
When you look at it that way, a 51% attack sounds terrifying. Let’s look at how they happen, and how blockchain projects keep them safe.
51% Attacks, Explained in Simple Terms
Put simply, a 51% attack could occur when a malicious actor (or group of actors) commands more than half the mining or hashing power on a blockchain.
As you can see in the chart below, many different mining pools are at work on the Bitcoin blockchain. If one of those pools reached a 51% majority, they could, hypothetically, initiate a 51% attack.
But What Does a 51% Attack Do?
A 51% attack, also known as a “double-spend attack”, allows the attacker to rewrite history on a blockchain.
In practical terms, it means the attacker can spend that particular cryptocurrency twice.
As an attacker, I would buy something with bitcoin, then initiate a 51% attack to create a new version of the blockchain – one that doesn’t include my transaction.
Sounds pretty scary when you put it like that. That said, it is rather difficult to actually pull off a 51% attack on an established network. Bitcoin, for example, has never been hit by a 51% attack. Most large cryptocurrencies are safe, software bugs notwithstanding.
And, even if you can pull one off, you only become a time traveler. You do not have the ability to break the rules of the network, steal cryptocurrency from others, or create new currency out of thin air.
To understand more, let’s go over how we might perform a 51% attack (hypothetically, of course).
A 51% Attack Requires a New Blockchain “Fork”
To initiate a 51% attack, we need to “fork” the blockchain, which means splitting it in two. Then we need to convince the network that our malicious forked blockchain is the real one.
Background reading: What is a hard fork in cryptocurrency?
But there’s a problem:
Cryptocurrencies need to have a way of knowing which blockchain is the ‘real’ one.
Working this out is very simple – the longest one wins. By going with the longest blockchain on the network, the network can always be sure that the current blockchain is what the majority of the mining power wants.
The longest blockchain being the ‘real’ one has some other benefits too.
For example, cryptocurrencies are often community driven. If the community does not like a particular update, miners won’t switch to the new software. If miners don’t switch to the new software, the old chain continues and remains the ‘real’ blockchain for the network.
Making Our Malicious Forked Chain the Dominant One
Essentially, to perform a 51% attack, we need to keep our fork secret.
We can keep our fork either secret to one computer, or let it go between the nodes we control. Once we have our fork, we need to keep it up to date with the rest of the network.
Essentially we create a mirror image of the original blockchain.
You can think of our secret blockchain as a reset button. Once we have it, we can do something on the live blockchain and not copy it into our secret one.
Then, we can mine a bit harder on our secret blockchain and have it be a little longer than the real one. That’s why we need 51% of the hashing power on the network.
Nodes in a cryptocurrency network always follow the longest chain, as it usually indicates what the network at large wants to do. Once we release our secret blockchain to the network, all the nodes grab it and see it as the real one, as it’s the longest.
And once our blockchain is the real one, whatever we did before is undone.
How Double Spending Comes In
Often the thing undone in 51% attacks is a transaction. We can pay for something and then switch out the old blockchain with our secret one where the cryptocurrency is instead transferred to a different address.
This is referred to as a double spend. The network will reject the original transaction, as it will occur after the new transaction from the perspective of the new blockchain.
What a 51% Attack Can and Can’t Do
As mentioned above, the attack does not give us the power to do whatever we want.
We must still follow the rules on the network. If we don’t follow the rules, our new blockchain is rejected by the network, and the attack fails. The requirement to following rules makes for an interesting combination of what we can and can’t do during the attack.
What the Attacker Can Do
Cause double spends
This is one of the main reasons to perform a 51% attack. It allows us to spend currency twice, essentially stealing it back from the first address it is sent to. Note that this cannot occur without cooperation from whoever owns the currency in the double spend.
Collect block rewards and cause other miners to have invalid blocks
As the attackers, we are mining all the blocks on our malicious blockchain and therefore get to select where the rewards for mining those blocks go. Depending on the price of the cryptocurrency in question, this may provide a nice counterbalance to the inevitable price-collapse of the cryptocurrency when the attack is revealed.
Other than some counterbalance, the block rewards are unlikely to completely negate the cost. For this reason, an attack is unlikely to take place solely for the reason of collecting block rewards.
Stop transactions for a time, or remove confirmations from being added to the blockchain
As we control all the blocks in our chain, we can choose what transactions go into those blocks, much in the same way regular miners can. We simply instruct our miners to not include a specific transaction in their blocks.
The transactions that are kept out of blocks will remain in the transaction pool. After the attack, any miner can pick up the transaction and include it in a block. This means we can delay a transaction for as long as we are in control.
What the Attacker Can Not Do
Steal cryptocurrency from others
As an attacker, we may control the blockchain itself during the time in the attack, but we do not control wallets we don’t own. Having control over the blockchain does not magically give us the private keys required to spend currency we don’t own.
Create cryptocurrency out of nothing
As mentioned above, we must still follow the rules of the network. That means mining blocks and receiving rewards as normal. We can’t magically create non-existent transactions or create cryptocurrency out of nothing.
Completely stop a transaction from occurring
We can keep a given transaction out of the blocks on our chain. But, this does not mean the transaction no longer exists, it simply means it remains in the transaction pool as an unconfirmed transaction. As soon as the attack stops, other miners may pick up the transaction and include it in their next block. Assuming it’s not a double spend transaction at that point.