The 51% attack targets the Bitcoin network. It becomes possible based on certain conditions being met. For an organization to launch such an attack successfully, it would need to somehow control the majority of the mining power (hashrate) of the Bitcoin network. This would lead to attackers being able to control which transactions are verified. More concerning, it will allow them to misuse their own coins for ill-gained profits.
Now, to understand how this type of attack is launched, you need to have a good understanding of how Bitcoin works and about Bitcoin Mining. If you aren’t already familiar, you can read about them in our other articles.
What is Blockchain?
In brief, Bitcoin is a decentralized currency. That means there is no central authority to control it. Rather, it uses a peer to peer network to manage a worldwide ledger which contains details of all the transaction details that have ever taken place. This is called a blockchain.
To a regular user, Bitcoin will feel like just another online or mobile payment method that they access over their computer or a mobile application. However, in reality, there is a lot more going on under the hood, and it is fundamentally different than other payment methods like credit cards.
One of the main benefits of Bitcoin is that it offers a considerable amount of privacy to users, protecting your privacy in the same way as the best VPN services (using encryption). Transactions are performed based on a Bitcoin address, which is just a number that cannot be tied to any personal information of the user. However, anyone who has your Bitcoin address will be able to send you Bitcoins or see your balance. Their single defining factor is that they always begin with “1”.
Creating Bitcoin addresses is free, and there is a virtually endless supply of them, so it is recommended that you create a new one for each transaction, so that your financial history is harder to track. There is a downside to this, which we will look at later in this article.
In addition, Bitcoin transactions cannot be reversed. This provides a solution to many types of fraud where transactions are fraudulently revered after they are completed. So it is a great solution to be implemented in markets where fraud is prevalent via credit cards and other virtual payment methods.
What is Bitcoin Mining?
When a new transaction is created, it is transmitted across the network to be verified. This process can take up to 10 minutes on average as the verification process is done by multiple individual users on the network.
These users are called Bitcoin miners, and they use powerful computer hardware to continuously search for a hash that matches a given pattern. This pattern identifies a hash that matches what is called a “Block.” Miners are rewarded whenever they find a matching hash. This motivates them to look for new blocks. The reason that it takes up to 10 minutes to verify transactions is that Bitcoin only releases new blocks subject to 10-minute intervals.
This is important because blocks are used to verify transactions and create new Bitcoins. Once a block is created, a certain number of transactions are verified. While this sounds time-consuming and unreliable, Bitcoin uses a way in which miners can provide proof of their work so that other miners can simply verify this new block rather than having to repeat all the work themselves. Using the “Consensus Algorithm,” other miners can validate that the new block is valid, without having to search for it themselves or knowing the actual hash.
Each node in the network stores only the blocks that they validate. So when multiple nodes have the same blocks, they are said to be in consensus, and this is how the ledger is maintained. This also makes it difficult for attackers to fraudulently create ledgers as they would need to do so in many nodes, or be rejected.
The process of verifying transactions is a little more complicated in reality as it depends on many factors, such as the transaction fee that is attached to the transaction. The fee is decided by the sender, but transactions with higher fees attached to them will be verified faster.
What is a 51% Attack?
Now that we have gone over the basics, you are more equipped to understand how a 51% attack can happen and its implications.
The security of the Bitcoin network is ensured by maintaining a shared ledger which is agreed upon by all miners (computers processing the network’s transactions). This is called the blockchain. Nodes communicate with each other to verify that they are working on the same valid blockchain (ledger). This is one of the defining features of Bitcoin compared to other cryptocurrencies and has resulted in the immense trust user have placed on it.
Now, when a single organization obtains control over the majority of miners, it would potentially have the power to approve only the transactions that it prefers and delay others. While this process usually happens on a more regularized basis depending on the transaction fee, having a controlling share of the mining power can mean that transactions can be verified or ignored for fraudulent reasons.
While it may seem like simply changing transactions because you have a controlling share of the hashrate, it is more complicated. The group would need to have control of all the nodes that are in consensus about the particular transaction. It would also need to reject all the blocks that have been created after it. This is why a higher hashrate would make it easier.
If the group has 51% ownership, they can also block other nodes from validating new transactions and impact the blockchain on a more indirect level. This is called a mining monopoly. One implication of this is that it can significantly delay the verification of new transactions, which could impact the reliability and reputation of the Bitcoin network.
But the more dangerous outcome is that this group with 51% control can prevent other miners from completing blocks. In turn, allowing them to delay or reverse their own transactions. This could allow them to perform transactions, reverse them, then perform more transactions with the same Bitcoins, allowing them to be respent over and over again. This process is called double-spending.
If someone is able to reverse one of their transactions and convince a sufficient number of nodes that the transaction didn’t take place, then they are able to reuse the same Bitcoins for other transactions. This is where the risk of high ownership becomes relevant.
To get an understanding of how severe such an attack can be, consider the case of Bitcoin Gold. It was one of the many instances when cryptocurrencies were double-spent fraudulently. In 2018, a group of attackers launched a 51% attack on Bitcoin Gold. Despite Bitcoin Gold repeatedly trying to increase their exchange thresholds, the attackers were able to continue their double-spending transactions for a few days. It was estimated that $18 million worth of Bitcoin Gold was stolen during this attack.
How much control would you need for an attack?
In reality, you wouldn’t need 51% network control to launch an attack. You could attempt it with much less, but success would be very unlikely. We looked at the reasons for this in the earlier section, in short, you wouldn’t be able to validate the fraudulent transactions well enough.
If a group of miners decides to reverse any transactions or attempt to delay them, they would not be able to succeed as they would be creating a fraudulent version of the ledger. Other nodes in the network will reject this ledger. So the higher the amount of network control you have, the easier it will be to maintain such fraudulent versions of the ledger.
So even having 51% ownership of the network does not guarantee success, but just makes it more likely. Having higher control than 51% can only make such attacks more successful. Also, having 51% control doesn’t mean that you can completely control the Bitcoin network. The reason for this is that each block is validated by many nodes. So even with 51% control, you may not own all of the nodes that are in consensus and will not be able to pull off a successful attack.
What controls does Bitcoin have to defend against such fraudulent transactions?
While it may sound like having 51% control in the network allows a group to easily commit fraudulent transactions, this isn’t the case because of a core principle of how Bitcoin works.
Transactions of each Bitcoin are chained together. While you would think that transactions are recorded based on Bitcoins moving from one wallet to another, they actually track the movement of Bitcoins from one transaction to another. So the further back Bitcoins are recorded against transactions in the blockchain, the more secure they become against tampering.
Only the last few blocks become vulnerable during an attack. If Bitcoins have been part of transactions for longer, they will be stored in many blocks which makes it harder to reverse. This is one of the benefits of using the same Bitcoin address, transaction history is recorded for a longer period of time on more blocks which are in consensus by different groups of nodes. Using fresh Bitcoin addresses for each new transaction will make records more shallow and easier to reverse fraudulently.
Bitcoin’s large network is another of its strengths. It makes it increasingly difficult to have a majority controlling scenario due to the magnitude of the network and its high rate of increase. Miners have no incentive in investing in the high-value infrastructure that is required to launch a 51% attack as fraudulent ledgers are easily validated.
It is also to be noted that even if a successful 51% attack is launched, attackers would not be able to create new coins or increase the rewards of new blocks. New coins will still only be created as rewards for mining new blocks. This is another measure that makes Bitcoin more secure and reliable.
In addition to this, the name of this type of attack itself signifies one aspect of Bitcoin’s secureness. The fact that at least 51% ownership of the network is required to launch a successful attack makes it more difficult compared to some other cryptocurrency technologies.
One such example is Tangle – the distributed ledger, which is an alternative to blockchain. Given its less secure architecture, it can succumb to similar attacks with just 34% network control, thus giving rise to the term 34% attack.
What are the outcomes of such an attack?
This concept is interesting because such an attack is theoretically possible, given the way cryptocurrency works. There is nothing stopping any group from taking over control of the majority, or even all of the network and controlling transactions. However, this has become increasingly difficult due to the ever-increasing number of users mining Bitcoin.
Given the free and open nature of the Bitcoin network, there is no authority to stop an attack by a group that is able to accumulate enough computational power. This would come at a very high cost. The most direct outcome of such an attack will be that the attackers are able to steal large amounts of Bitcoin. This affects all users as it can impact the supply and demand of Bitcoin, which determines its value.
The more complicated implication of this is that double-spending is a perfect example of digital counterfeits. This is, in fact, the main shortcoming that cryptocurrencies were meant to overcome. So if this basic need is not fulfilled, then Bitcoin becomes meaningless.
A more indirect but serious outcome would be that users will lose their trust in the currency, and its exchange value would decline rapidly. This would not only affect the demand for Bitcoin but also for other cryptocurrencies, as users view Bitcoin as the benchmark. This would also cause miners to lose interest as their rewards begin to decline. This could lead to the network becoming smaller and being less secure.
In reality, a 51% attack is possible, given how powerful some mining groups have become. While it is to be noted that the impact of such an attack would be minor, the damage it causes could very likely lead to the demise of Bitcoin altogether.
Given current network mining difficulty levels, even a large-scale government would find it difficult to put together the resources that would be required. To learn more about digital security please see our top picks for best Canadian VPNs (for French speakers, check out Meilleur VPN).