This post is also available in: esEspañol

Cryptocurrencies and their underlying technology, the blockchain, are hailed for their ability to provide immutability decentralization, peer to peer systems, and security. But just like any computer system, cryptocurrencies and blockchains are not entirely hacker-proof. They are prone to vulnerabilities. One such weakness is the 51% attack, also called a majority attack.


What is the 51% or Majority Attack?

In many cryptocurrencies, including bitcoin, miners or nodes confirm all transactions. These nodes (computers) do so by solving complex mathematical problems. The first one to solve a problem broadcasts the transaction to the entire blockchain, confirming it and adding it to the ledger. The secret to being the first in confirming a transaction lies in a node’s or miner’s computing power, which in crypto terms, is called the hash rate, designed to be a foolproof, unhackable solution.

The 51% or majority attack is when one entity has control over 51% of the miners solving the equations of that particular coin. Equivalent to a bank heist, attackers gather enough computing power to compromise smaller networks, rearrange transactions, and steal millions of dollars. Additionally, it gives these malicious entities the ability to reverse transactions, eliminate others from going through, and allow multiple-spending of the same coins, also called double spending.


What a 51% Attack Is, and What It Isn’t

The ability of a single entity to have so much power as to control what happens on a blockchain does not just cause problems for a network, but also defeat the very solution that blockchains were created to solve in the ‘digital money’ world – double spending.

Hash rate matters. Just like how ‘majority carries the vote’ works in democratic dispensations, a majority attack gives the entity or organization with the highest hash rate power, allowing them to select what goes into the blockchain ledger.

A 51% attack does not also give attackers the power to create new cryptocurrencies. The only cryptocurrencies that go to these attackers are the ones acquired through mining rewards or double-spending. Attackers would only be able to change transactions of a few previous blocks but aren’t able to modify blocks that have been recorded for a long time.


What Is Feasible In A 51% Attack?

The majority attack is a vulnerability that is feasible. Blockchains, public ones especially, are open, allowing anybody to be part of the system by downloading and running a node. Additionally, there is no central authority in these blockchain systems to stop bad actors (i.e., hackers or misconfigured nodes) from joining the network as in bitcoin. Also, the advent of mining pools (where groups of people pool together computing power to mine as a single entity) could provide an unbelievable amount of power to a select few bad nuts.

Bad actors with enough computing power or hash rates can hijack a cryptocurrency’s network and engage in double spending and other malicious activities. This would culminate into a loss of confidence for a project and a reduction in the affected crypto’s value.

On a real-world consideration, engaging in a 51% attack is exceptionally tough and not feasible in large public blockchain environments. An invader would require an insane amount of computing power, more than the rest of the whole network combined, to succeed in a majority attack. The Bitcoin Blockchain, for instance, houses millions, if not billions of miners across the globe. It would require vast sums of money to buy mining hardware and the consumption of an insane amount of electricity. Even combining all the computing power in the world would not easily allow an attacker to penetrate a network like that of Bitcoin’s blockchain – but possible on smaller blockchains with few nodes (computers) running the system.

Even if an attacker can bypass the stumbling blocks outlined above, there are still issues that would make a majority attack not feasible. Space would be needed for the safekeeping of mining hardware, the cooling systems to keep hardware stable, and the risks associated with hiding one’s tracks from electricity companies and state authorities would be all too expensive and risky to undertake.

In many, especially large public blockchain ecosystems, the incentives for good behavior far outweigh the incentives for bad behavior and might deter people and entities from engaging in malicious behavior on these blockchains.


Traces of the 51% Attack

Even though it’s not a rampant vulnerability, the 51% attack has been used to conquer some blockchains. Shift and Krypton, two ethereum-based blockchains suffered 51% attacks and were asked to pay the ransom by the 51 Crew, the group that hijacked the projects. Though the two projects didn’t pay the ransom, they were hit hard, with Krypton now defunct.

Bitcoin Gold is another project that suffered a 51% attack in May this year. Attackers were able to make away with over $18 million worth of the then 26th largest cryptocurrency. These malicious entities controlled large portions of the cryptocurrency’s hash power, allowing them to engage in double spending for a few days.

Interestingly, a different form of the 51% attack occurred in April 2018 on the Verge (XVG) blockchain. Though this case wasn’t explicitly linked to using a lot of computing power to attack the system, the malicious actors discovered a programming bug that allowed them to produce massive layers of new blocks at a fast pace.  Within a short period, they were able to create a lengthy form of the Verge network.


Bringing It All Together

It is clear that the blockchain is not immune to vulnerabilities, at least for now. And since the ecosystem is still young and growing, it is only a matter of time for excellent and innovative solutions to crop up. For now, it’s clear that the 51% attack could happen to any blockchain though networks like bitcoin haven’t suffered this form of attack, other smaller blockchains have been hit.

The principles governing cryptocurrency mining and transaction verification depicts that it is challenging to rely on majority attack to penetrate public blockchains with colossal hashing power and a globally large blockchain network – an example is Bitcoin. On the other hand, blockchains that have smaller hashing power and also do not have huge, globally dispersed computing nodes are easily prone to the 51% attack.


The future of blockchain and the 51% attack

Though this form of attack is feasible and has happened to many blockchains, this vulnerability is sometimes overstated. The mining power, the hardware needed, the electricity, and the risks of covering one’s tracks are not easy to overcome. In essence, it shows that highly decentralized systems will have much advantage in preventing a 51% attack than less decentralized ecosystems.

The blockchain’s decentralization, distribution, and immutability features are changing the way we view value, trust, governance, and business processes. As time goes on, these entities, coming together, will help find a solution for the majority attack problem.  Though it isn’t likely to hit large blockchain ecosystems, it doesn’t hurt to be careful.