What Is a 51% Attack?
A 51% attack is when a person, group, or entity gains control of 51% of a blockchain’s hashing power, meaning they have control over certain aspects of the project.
The method in which this is obtained is different for each consensus mechanism.
On a proof-of-work blockchain (such as Bitcoin), this would be done by acquiring control of the network’s mining capabilities.
On the other hand, with a proof-of-stake blockchain (such as Cardano), this would be done by controlling 51% of the staked tokens.
The blockchain is a distributed ledger, meaning it’s decentralized.
However, as soon as an entity has more than half of the hashing power over the network, it is susceptible to a 51% attack.
How Does 51% Happen on a Technical Level?
If a proof-of-work network is presented with two conflicting chains, the network will choose to go with the longest chain.
This is because the more transactions it has successfully completed, the more likely it is that it’s a good actor.
Obtaining 51% of the hashing power means that you can mine faster than the rest of the miners.
This means that 51% of attackers can quickly create the longest chain and then act maliciously. The network has no choice but to choose the attacker’s chain, as it’ll be the longest.
Often, you’ll find that an attacker will not announce their blocks to the blockchain straight away. Instead, they’ll mine privately to create their own blockchain. This is so they can get the longest chain before manipulating the public blockchain.
They will spend their coins on the public network (usually for real-world assets that can’t be revoked) while excluding these transactions from their own version of the blockchain — creating a double spend problem.
After a period of time, the attacker will announce their version of the blockchain to the network, and it’ll have to be accepted due to it being longer than any other chain.
This is how a 51% attack happens on a proof-of-work blockchain. This process may be different when dealing with other consensus mechanisms.
What Could a 51% Attack Result In?
Once an entity has control of 51% of the network, it can do multiple malicious things that will disturb the blockchain for all participants.
Once the aggressor has 51% of the hashing power, they could modify transactions that are validated by the network’s nodes. This could be, for example, changing the amount sent or even canceling a payment entirely.
Transactions that occur while the attacker is in power can also be reversed, causing a double spend problem (one of the reasons Bitcoin was created); thus, doubling the attacker’s money.
A mining monopoly could also occur as a result of a 51% attack.
This would happen when the attacker blocks all transactions from a miner (or group of miners) in their own private network before broadcasting their own version to the network. This means that the attacker can essentially censor miners off of the network until they are the only miner left — creating a monopoly.
Unfortunately, this would mean the blockchain is now centralized, in the hands of a bad actor, while the previous miner’s rewards cease to exist.
What Can’t 51% Attackers Do?
They may have a lot of power, but they’re not God. 51% of attackers are limited in some ways.
Transactions Before They Are In Power
Despite being able to modify, prevent, and reverse transactions during their reign, they cannot delete or modify transactions made before they get control.
Prevent Broadcasting to the Blockchain
The attacker cannot prevent someone from broadcasting to the blockchain.
This is because miners, stakers, validators, etc. (which the attacker will control) do not broadcast to the blockchain. Instead, they’re the ones who approve or deny these transactions.
Attackers will not be able to steal assets from wallets they don’t control, as they cannot broadcast the transaction to the blockchain.
Change the Network’s Protocol Rules
Things like adjusting block rewards, token amounts, and consensus mechanisms are hard-wired into the blockchain’s system. Traditionally, these issues are addressed by a soft or hard fork. A 51% attacker cannot force through a fork.
If an attacker attempts to force a fork, they’ll simply isolate themselves on the blockchain, as no other node will reach a consensus with them.
Check out our article on forks here.
How Do Networks Protect Themselves From a 51% Attack?
Of course, no blockchain wants to be the subject to a 51% attack, so they employ multiple techniques to protect themselves.
The system that proof-of-work uses to deter users from doing this is by making it financially unviable for the attacker to do so. In order for someone to obtain 51% of the hashing power of a large proof-of-stake blockchain, they would require an insane amount of computing power and, in turn, a lot of money.
This, of course, scales with the size of the network, meaning smaller blockchains are more susceptible to these attacks.
It’s easier to gain 51% of the hashing power on a small proof-of-work blockchain. Proof-of-stake can help mitigate this risk, as it requires the richest stakers to put their money on the line. This means that they would lose their tokens if they were caught being a bad actor.
For more on consensus mechanisms, read our article on the topic here.
In the delegated proof-of-stake consensus mechanism, validators are often voted in by the community. This means that if half of the validators on the network started acting maliciously, the community could quickly undelegated their tokens and remove them from the network.
Promotion of Decentralization
Simply, the best way to protect yourself from a 51% attack is by being as decentralized as possible.
Promotion of decentralization can come from the team behind the development of a blockchain — e.g., turning down funding from big companies that want large hashing power — or from the community by simply setting up nodes themselves.
Has It Ever Happened?
We’ve never seen a successful 51% attack on Bitcoin or Ethereum, but we have seen some smaller projects fall victim to this attack.
When this project suffered a 51% attack, it was the 26th biggest cryptocurrency by market cap.
The attacker secured over 51% of the hashing power, and over a period of days, 18 million USD of Bitcoin Gold was stolen through the attacker’s double-spending.
Privacy coin, Verge, fell victim to a 51% attack in 2018, which resulted in 1.7 million USD being stolen. This came only a month after another 51% attack, which wiped out 22% of the token’s value at the time.
In response to both 51% attacks, the Verge team performed a hard fork to attempt to fix the exploit the attacker used.
Are 51% Attacks the End of Cryptocurrencies?
Both of the coins above are still alive but are significantly smaller than they were prior to the attack. Bitcoin Gold, for example, has fallen from being the 26th biggest crypto to being just outside the top 100.
Although the attacks didn’t result in the projects immediately retiring, they did seriously harm their price, growth, and reputation.
However, Vitalik Buterin suggests that a 51% attack would “not be fatal” for Ethereum 2.0. Stating that they could attack only once before they’re removed from the network. He then pointed to this not being the case on a proof-of-work system, which could be exploited over and over again by the same entity during a 51% attack.
Will a 51% Attack Ever Happen to Bitcoin?
Theoretically, it could happen. However, it’s very unlikely.
Although we previously mentioned that proof-of-work is less secure than proof-of-stake, this mostly applies to smaller proof-of-work networks.
The Bitcoin network is so large that in order to obtain 51% of the hashing power, you would need to spend just over 15 billion USD.
Not only does this become financially unviable, but it also minimizes the number of potential attackers to a small group of billionaires that could afford this sort of investment.
What Is a 34% Attack?
A 34% attack poses the same threat as a 51% attack does. However, it requires a lot less hashing rate to do so.
This attack uses Tangle, a distributed ledger that some cryptocurrencies use to wrongfully approve or disapprove a transaction, while only needing 34% of the hashing power.
The 51% attack is an exploit that attacks both the security and decentralization of a cryptocurrency. When successfully pulled off, it can result in millions of dollars being stolen and the reputation of a project plummeting.
Due to the sheer amount of resources required to perform such an attack, it’s unlikely that we’ll see the biggest cryptocurrencies fall victim to a 51% attack. That being said, you can never say never — especially in the blockchain world.
This article is a part of the Hashnode Web3 blog, where a team of curated writers are bringing out new resources to help you discover the universe of web3. Check us out for more on NFTs, DAOs, blockchains, and the decentralized future.