Last week our theme was “Can a Cryptocurrency replace the US Dollar to Become the World’s Reserve Currency?.“
Our theme for this week is “Is a 51% attack a real issue?”
In 2018, cryptocurrency hackers earned $20M with 51% attacks, The report by Group-IB, showed that in 5 incidents last year, hackers walked away with $19.5 million worth of cryptocurrencies.
Hackers attacked Verge twice stealing more that $1 million, $550,000 worth of ZEN, Litecoin Cash was hit, and the biggest heist was Bitcoin Gold, when the attacker sent 388,000 BTG ($18 million) to their personal wallet.
This February, Coinbase discovered that Ethereum Classic was attacked. Hackers accessing Coinbase’s network, rewrote portions of the platform’s transaction history enabling users to spend the same cryptocurrency more than once. The Ethereum Classic blockchain was rewritten by someone that controlled at least 51%. Over $1 million was lost as a result of this hack. On Coinmarketcap.com, Ethereum Classic is the 20th largest cryptocurrency, with a market cap of $526 million.
In “Once hailed as unhackable, blockchains are now getting hacked,” on MIT Technology Review, Mike Orcutt makes the argument that blockchains are no longer safe and that we’ll see more of these attacks in the future.
While these hacks took place on smaller blockchains, they are a very real. They show us that a 51-percent attacks are not just a theoretical concern anymore. And they are not the only way to hack a blockchain.
What is a 51-percent attack? It’s when an attacker controls at least 51% of the total mining power of Proof-of-Work blockchain. To make a simple analogy, you can think of it as owing 51% of a company’s shares, you are the majority owner. The same is true with blockchains.
Most blockchains like Bitcoin, Ethereum, use the Proof of Work protocol to verify and add a new blocks of transactions to the blockchain. To add a new block, a complex cryptographic math puzzle must be solved. The miner, that solves it first, adds the new block to the blockchain and receives a cryptocurrency reward for the work they performed. This process is called mining. If someone was able to get control over a majority of the computing power on a given blockchain, they would be able to impose their will on the rest of the network, including making changes to the ledger.
These attacks have become quite tempting, especially with services like NiceHash, that can give you instantly the mining capacity you need to take over a coin’s blockchain, like Ethereum Classic.
Crypto51 published research on how much you would need to spend, in order to take over the top cryptocurrencies. You can see the full list on Crypto51 on their website.
In the case of Ethereum Classic hack in February, the cost is $5,437 an hour, $130,488 per day. In a 3 day period the attacker made $1.1 million. I’d say that it was a very nifty profit, when you compare it to the $391,464 cost.
Proof of Work blockchains are susceptible to 51-percent attacks, but not all blockchains are created equal. For smaller networks, 51-percent attacks present a real threat. But for Bitcoin and Ethereum, the risk is pretty low. The computing power and coordination that is needed to take over 51% of the hash power for large blockchains, would be enormous, making the chances of a successful attack very unlikely.
While Proof of Work is the most widely used consensus method, there are plenty of solutions that are trying to tackle the problem: Merged Mining, Penalties for Delayed Blocks, Notary Nodes, Permissioned Blockchains, Proof of Stake.
Blockchain technology is very simple and extremely secure. Is it fully secure? No. But what technology is. Can blockchain security be improved? Yes, it can. As cryptocurrencies and blockchain become part of our lives, hacks will become more frequent , challenging the legitimacy of the industry and the technology. The only thing we can expect is that the top cryptocurrencies, implement solutions to minimize the risk from potential attacks.
I have no positions or commercial relationships with the companies or people mentioned. I am not receiving compensation for this post.
Subscribe by email to join the 25,000 other Fintech leaders who read our research daily to stay ahead of the curve. Check out our advisory services (how we pay for this free original research).