🇺🇦 Hacken was born in Ukraine, and we stand with all Ukrainians in our fight for freedom!

🇺🇦 Hacken stands with Ukraine!

Learn more
bg

51% Attack: The Concept, Risks & Prevention

51% Attack: The Concept, Risks & Prevention

Published: 29 Jun 2023 Updated: 22 Nov 2023

In the landscape of Web3, the 51% attack stands out among other blockchain security vulnerabilities. It’s an exploit that undermines the core principle of decentralization in blockchain, allowing hackers to manipulate transactions, exemplified by the notorious $18 million double-spend attack on Bitcoin Gold.

This article takes an in-depth look at this vulnerability, unfolding its working mechanisms, potential risks, and security measures.

What Is A 51% Attack?

A 51% attack is an attack on a blockchain network where a single entity gains control of more than half (51%) of its staking or computational power. This disproportionate control allows them to implement substantial changes, contravening the decentralization principle fundamental to the blockchain. In other words, a 51% attack gives the power to rewrite tx history, prevent tx completion, stop rewards to validators, and double spend.

It’s important to note that a 51% attack is among the most significant security threats to blockchains, particularly those utilizing Proof-of-Work and Delegated Proof-of-Stake consensus algorithms. One alarming outcome of such an attack is a double-spending, where the same coins are spent more than once, damaging the trust and reliability of the blockchain.

How Does A 51% Attack Work?

Diving deeper into the mechanics of a 51% attack, let’s explore the step-by-step process an attacker follows to gain and exploit control over a blockchain network. While the exact specifics of an attack can vary depending on several factors, here’s a simplified, general sequence of events that typically characterizes such an attack:

  1. Accumulate Power: The first step involves the attacker accumulating more than half (51%) of the network’s computational or hashing power. This could be accomplished by acquiring substantial hardware resources or convincing a large number of miners to join a pool under the attacker’s control.
  1. Partitioning: The attacker, now commanding a majority of the network’s hashing power, effectively segregates their group from the main network while still maintaining internal communication. Despite this separation, the hacking group proceeds with mining operations but refrains from sharing their progress with the primary network or receiving updates from it. Consequently, two parallel versions of the blockchain start evolving independently.
  1. Fast-Paced Mining: Due to their superior hashing power, the attacker’s group is able to add blocks to their version of the blockchain faster than the rest of the network. Over time, the difference in length between the two versions of the chain becomes statistically proportional to the difference in hashing power between the two groups.
  1. Reintegration and Dominance: Once the hacking group rejoins the network, the two competing versions of the blockchain propagate through the entire network. According to the consensus protocol’s rules, the nodes keep the longest blockchain, and the shorter one is discarded. This means all the blocks added by the main network during the separation period get orphaned, and their transactions are released back into the Mempool.
  1. Potential Threats: Upon successful execution, a 51% attack can open Pandora’s box of threats that can significantly impact a blockchain network and its participants. These threats range from financial fraud in the form of double-spending to outright denial of service attacks that paralyze network functionality.

High Cost Of 51% Attacks

It’s worth noting that a 51% attack is not an easy task, it requires a significant amount of resources and time. This hefty financial and technical load makes it unaffordable for most people.

The bulk of the cost lies in the required mining equipment. To control over half of a network’s hash power, you need a lot of high-performance hardware, running into millions of dollars for prominent blockchains like Bitcoin. 

But it’s not just about hardware. Mining consumes a lot of energy. Bitcoin mining used up to 95.58 TWh yearly, which is on par with the annual energy consumption of Finland with over 5.5 million people. So, there are significant electricity and maintenance costs to consider.

Apart from the high costs, timing is crucial for a group planning an attack on the network. They need to control more than half of the network and introduce their altered blockchain at the perfect moment. If the attack fails, the hackers could lose everything.

On top of that, in a decentralized environment, there is no central authority to enforce the use of a compromised chain. Validators and clients can agree to restart the chain from a point before the attack occurred, although it would be messy and undesirable.

The high costs and risks associated with such an attack serve as a strong deterrent, particularly for larger networks like Bitcoin or Ethereum. On the other hand, smaller blockchains don’t have as much mining power, making them more vulnerable. But it’s easier to rent mining power for a few hours from a service like Nicehash to hack these smaller networks, which cuts down the cost of the attack significantly.

Risks And Consequences Of A 51% Attack

A successful attack can have significant implications for a blockchain network and its users. Here’s what happens:

  • Double-Spending: This is the most feared consequence. The attacker could spend their money twice — first, they perform a regular transaction and then change the blockchain to show they never used the money at all. 
  • Denial-of-Service (DoS) Attack: The hacker takes over and blocks the addresses of other miners for a while. This stops the good guys – the honest miners – from getting back control of the network. As a result, the attacker’s false chain of transactions can become permanent.
  • Transaction Reversal: The attacker can block payments between some or all users. This disrupts the normal operation of the network and can lead to significant delays in transaction confirmations, undermining confidence in the network’s reliability.
  • Damage to Reputation: Also, the attack can severely damage a blockchain’s reputation. This can lead to a loss of trust among current and potential users, resulting in a significant drop in the value of the associated cryptocurrency and deterring new users or investors from joining the network.

Real-World Cases Of 51% Attacks

Throughout the history of blockchain, there have been a few notable such cases:

  • Bitcoin Gold (BTG): In May 2018, Bitcoin Gold experienced a 51% attack that allowed the attacker to double-spend approximately $18 million worth of BTG. This event caused substantial damage to the coin’s reputation and market value.
  • Ethereum Classic (ETC): Perhaps the most frequently targeted blockchain, Ethereum Classic suffered a massive attack in August 2020, where the attacker managed to double-spend $5.6 million worth of ETC.
  • Vertcoin (VTC): Vertcoin, though lesser-known, experienced a 51% attack in December 2018. The attacker double-spent 603 VTCs, equivalent to roughly $100,000.

These raids demonstrate significant vulnerabilities and consequences, reinforcing the need for effective security measures.

Prevention Of 51% Attacks

Mitigating these risks can be challenging, but various methods have been proposed:

Change Of Consensus Algorithm

Switching to a different consensus algorithm serves as a viable approach in reducing the likelihood of 51% attacks. Proof of Work (PoW), the initial consensus mechanism employed by many blockchains, renders itself susceptible to such attacks due to its mining concentration risk.

Alternatively, the Proof of Stake (PoS) consensus mechanism is less prone to such attacks as it requires a hacker to possess the majority of the blockchain’s total stake, often a prohibitively expensive venture.

Delaying Blockchain Confirmations

Another effective deterrent involves delaying blockchain confirmations. This method buys time for the network to detect and potentially ward off a 51% attack. By extending the transaction confirmation time, attackers would need to sustain control over 51% of the network for a more extended period, dramatically increasing the cost and difficulty of such an attack.

Penalty System

Instituting a penalty system serves as another viable defensive strategy. For instance, the application of slashing conditions in PoS blockchains penalizes malicious actors by confiscating a portion or all of their staked tokens if they are found to be acting against the network’s rules. This punitive measure significantly raises the stakes for any would-be attackers and can serve as a potent deterrent.

Blockchain Protocol Audit

Lastly, regular blockchain protocol audits are a crucial aspect of any comprehensive security strategy. These audits meticulously scrutinize the protocol to detect vulnerabilities, including potential avenues for a 51% attack. By identifying and addressing these weaknesses proactively, blockchain developers can considerably reinforce their network’s defenses.

The Bottom Line

While the risk of a 51% attack is a daunting thought, it’s essential to understand that the costs and complexity of carrying out such an attack make them rare. However, the potential impact and the historical precedents emphasize the importance of proactive preventive measures and continuous efforts toward making blockchain technology more secure and resilient.

The future of Web3 depends on our ability to tackle these challenges, turning vulnerabilities into strengths and creating a more robust and secure digital future for all.


FAQs

What is a 51% attack?

A 51% attack is one of the biggest blockchain security issues, especially those using Proof-of-Work consensus algorithms. This attack happens when someone controls more than half (51%) of a blockchain network’s mining power. This control allows them to make major decisions, breaking the decentralization concept of blockchain.

What does a 51% attack do?

In a 51% attack, the entity with majority control can manipulate the blockchain in several ways. They can halt transactions and prevent them from being confirmed, reverse transactions to carry out a double-spend attack, and prevent other miners from mining new blocks. 

How much would it cost to 51% attack?

The cost of a 51% attack varies depending on the blockchain network in question. For example, to launch a 51% attack on the Bitcoin blockchain, an attacker would need control of the most powerful ASIC miners. The cost of this equipment alone would exceed $7.9 billion. This estimate does not include the ongoing costs of electricity and maintenance.

Follow @hackenclub on đť•Ź (Twitter)

share via social

Subscribe to our research

Enter your email address to subscribe to Hacken Research and receive notifications of new posts by email

Interested in getting to know whether your systems are vulnerable to cyberattacks?

Tell us about your project

  • This field is required
  • This field is required
    • telegram icon Telegram
    • whatsapp icon WhatsApp
    • wechat icon WeChat
    • signal icon Signal
  • This field is required
  • This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

1,200+ Audited Projects

companies logos

Apply for partnership

  • This field is required
  • This field is required
  • This field is required
  • This field is required
    • Foundation
    • VC
    • Angel investments
    • IDO or IEO platform
    • Protocol
    • Blockchain
    • Legal
    • Insurance
    • Development
    • Marketing
    • Influencer
    • Other
This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

1,200+ Audited Projects

companies logos

Get in touch

  • This field is required
  • This field is required
  • This field is required
  • This field is required
This field is required
By submitting this form you agree to the Privacy Policy and information beeing used to contact you
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo