The short answer is that a 51% attack is when a miner or group of miners controls more than 50% of a network’s mining power, also known as hash rate or hash power. With most of the power, they can therefore control the network, in terms of what it accepts and confirms. Using this, a attacker could theroretically spend a coin multiple times by refusing to confirm transactions, and do a whole host of other malicious things.
A network’s hash rate is a measure of the rate at which hashes are being computed on the network, a process that is known as hashing. Simply put, hashing involves taking an input string of a given length, and running it through a cryptographic hash function in order to produce an output of a fixed length.
Hashing on the Bitcoin network requires the use of Secured Hashing Algorithm 256 (SHA-256), which is the cryptographic hash function that is used on the Bitcoin network. Numerous cryptocurrencies make use of different hash functions e.g. Ethereum utilizes the ‘Ethash’ hashing function, whilst Litecoin’s cryptographic hash function is ‘Scrypt’.
A network’s hash rate can usually be measured in the following denominations:
- 1 KH/s (kilohash per second) is 1,000 (one thousand) hashes per second
- 1 MH/s (megahash per second) is 1,000,000 (one million) hashes per second
- 1 TH/s (terahash per second) is 1,000,000,000,000 (one trillion) hashes per second
- 1 PH/s (petahash per second) is 1,000,000,000,000,000 (one quadrillion) hashes per second
The 51% attack concept was first explained for Bitcoin but could be undertaken on many blockchains. Even though this kind of hacking is possible, it’s extremely difficult.
All cryptocurrencies are based on the blockchain network. In a network that uses the PoW consensus algorithm, in order to add a new block, the miners must perform complex calculations, thereby proving that they have done the work. The first miner who offers the right solution to the problem gets the opportunity to create a new block and an appropriate reward for it. The more processing power at the disposal of the miner, the higher the chances of finding the right solution faster than everyone and the greater the amount of remuneration. When the miner finds the right solution, the system notifies all network participants about it.
It is this key role of computing power that leads to the threat of 51% attack. If the miner or the pool of miners controls more than half of the hash rate, then they have the ability to fully control the network as they can add new blocks, manipulate two-way operations and refuse to confirm new transactions. Also, a 51% attack can lead to the fact that unscrupulous miners can use the same coin several times by recalling transactions made with it, which is called double spending, or double waste. At the same time, the attacking side cannot change information in already added blocks or generate new cryptocurrencies.
It should be noted that blockchain networks using the PoS consensus algorithm are much less subject to the threat of a 51% attack, since under this algorithm, the validators work on maintaining the operational capacities of the blockchain and their work is based on their share of the network’s cryptocurrency (or stake), and not on the computing power of their nodes. Any attack attempt in this system becomes unprofitable.
Most often, new “cryptocurrencies” are jeopardized by the 51% attack which has not yet managed to garner the support and trust of the crypto community, and accordingly, the miners need less capacity to get a “controlling stake” of the hash of such a network. This attack, however, is unlikely to bring financial benefits to the miners and will more likely be used as a way to eliminate competitors. Another case is an attack on a commercially successful cryptocurrency, but this is an order of magnitude more difficult since the cybercriminals will require huge computing power that is available to only a handful of them.
How easy is it to obtain 51% of the network?
For a big market cap coin like Bitcoin, it would be impossible for one person to acquire the majority power of its network. The majority of the network would require a hash rate of over 14 EH/S, which is thousands of times stronger than the world’s fastest supercomputers. However, mining pools could easily coordinate a pool stronger than half of the network’s power. In July 2014, a mining pool called GHash was close to obtaining 51% power but agreed to limit its mining.”power to 39.99% to preserve trust in the Bitcoin ecosystem.
There is one option that can remove the risk altogether: centralisation. Tokens, like Ripple, simply have a single central authority. Although it’s actually pretty easy to say that Ripple acts like a token constantly under 51% attack; because, well, it is constantly under a 51% attack.
Ripple unveiled a strategy in 2017 to ‘become more decentralized than Bitcoin’. Their (now ex) technology chief Stefan Thomas claimed that Ripple validators are less likely to be malicious or attacked successfully since they are chosen on ‘merit’.
“Bitcoin chooses validators solely based on their mining power, which actually deincentivizes security,” Thomas wrote. “Security measures cost money, but don’t improve on the speed of mining.”
The XRP Ledger’s biggest difference from most cryptocurrencies is that it uses a unique consensus algorithm that does not require the time and energy of “mining”, the way Bitcoin, Ethereum, and almost all other such systems do. Instead of “proof of work” or even “proof of stake”, The XRP Ledger’s consensus algorithm uses a system where every participant has an overlapping set of “trusted validators” and those trusted validators efficiently agree on which transactions happen in what order.
Economics of a 51% attack
If a malicious miner acquires 51% of the network’s power and performs a 51% attack and double spends some coins, the value of that cryptocurrency will presumably drop in value. The result for the attacker would be:
Net value for the attacker = Number of coins double spent * (value of the coin – the coin’s drop in value)
In some instances the net value from that attack would be less than the value rewarded from mining the coin benevolently.
The monetary economics of a 51% do not always make sense from a profit standpoint, but could make sense if greater politics were at stake i.e. a government or competing cryptocurrency that tampers with Bitcoin or another cryptocurrency to distill fear in its network.