51% Attacks: What are They & What are the Risks?

51% Attacks

Before reading this intermediate article, it is recommended you already understand blockchain basics, nodes, consensus mechanisms such as Proof of Work and Proof of Stake, and forks.

What is a 51% Attack

The 51% attack is one of the most commonly discussed potential attacks to a blockchain network. In it, an attacker is able to cheat the consensus mechanism, or the method blockchain networks use to agree on what transactions have taken place. An attacker could attempt such an attack by controlling over 50% of the resources on which the consensus mechanism depends.

For example, to attempt an attack an entity would need to control over 50% of the mining power in a Proof of Work blockchain network, or over 50% of the coins being staked in a Proof of Stake blockchain network.

If an attacker were able to control the majority of the required resource, they would be able to create their own fork of the blockchain, meaning there would be two competing chains. Forks in themselves aren’t normally an issue; however, in this case the attacker’s chain happens to be backed by the majority of the network – at least according to the consensus mechanism – giving the attacker control.

Once in control, the attacker would be able to decide what transactions are or aren’t included in any blocks they create, reverse their own transactions, prevent other miners from creating new blocks, and even be able to spend their own cryptocurrency multiple times (called double-spending).

But there are certain limitations to what an attacker could do: they would not be able to alter anyone else’s account other than preventing transactions from being included in a block. They could not steal coins owned by another party, nor could they maliciously increase the total supply of coins.

Furthermore, an attacker would not be able to alter any transactions from past blocks; only blocks created since the attack began would be affected.

What is the Risk of a 51% Attack?

Because blockchain networks aren’t created equally, the risk of a 51% attack can vary greatly from network to network. However, the risk of attack largely depends on the structure, robustness, and profitability of the network.

Structure: Permissioned (politically centralized) networks are extremely unlikely to experience a 51% attack since they are centrally controlled and nodes have been given explicit permission to create new blocks.

On the contrary, politically decentralized networks like Bitcoin or Ethereum are more likely to experience an attack since anyone can join the network and help maintain the blockchain.

Robustness: Robustness can be roughly measured by the number of network participants who help maintain the network. The more robust a network is, the more expensive and more difficult an attack on that network becomes.

With Bitcoin and other PoW networks, a larger number of participants who mine and maintain the blockchain leads to a higher collective hash rate (amount of mining power). With PoS networks, more participants who stake their coins means a wider distribution of the network’s coins. In either case it becomes more costly to purchase resources – computer parts and electricity for mining, or coins for staking – and thus more and more difficult to mount an attack as the network becomes more robust.

In fact, the Bitcoin network has grown to a point where it would be virtually impossible for even the most powerful governments to sustain a 51% attack.

Profitability: Full nodes are rewarded for their help in maintaining and securing the blockchain with newly minted coins, transaction fees, or both. Were an entity to acquire over 50% of the resources needed to attempt an attack, they may benefit more from acting honestly and earning rewards than attempting to double spend their coins, especially in more robust networks where competition for rewards is high.

Plus, in PoS systems, any block creator that validates fraudulent transactions could lose the coins they have staked and their entire investment to attempt an attack would be forfeit.

What About Malicious Entities?

The risk factors above don’t cover a malicious entity that is not profit-driven, i.e. an entity that simply wants to damage or destroy the network.

In such a case, temporary downtime would likely be experienced as the network identifies the attacker and reconfigures to the correct, minority fork of the blockchain. However, it is possible the attacker would be able to perform a double spend.

While this would undoubtedly bring negative publicity and cause some level of user dissatisfaction, which may irreversibly harm a nascent blockchain network, a robust network would more likely only experience a minor setback.

Still, it must be remembered that it is extremely difficult and costly to perform such an attack on a well-established cryptocurrency such as Bitcoin or Ethereum.