In today's lesson we are going to talk about something you will have heard about before. You may not know exactly what it means, but after this lesson you will.
✔️ A 51% attack is an attack on a blockchain network for the purpose of fraudulently obtaining tokens, stopping operations or damaging its reputation.
✔️ It requires possession of more than 50% of the validators' voting power to create corrupt blocks that honest participants would not approve.
✔️ The power and cost to attack Bitcoin increases every year, making attacks less likely.
A 51% attack is an attack on a blockchain network. The purpose of such an attack is to obtain coins fraudulently, bring the network to a halt or even shut it down, stop trading or give the blockchain network a bad name. Other reasons may lie in the realm of driving down prices or reducing competition.
Blockchain networks work with a consensus protocol to agree on the state of the blockchain. Here, more than 50% of the validators, who must approve new blocks, must be owned by the same person or pool if you want to launch an attack. After all, if you own more than 50% of the voting power then you can always vote in your own favor. This way you can create corrupt blocks that honest validators would never approve and you can double spend coins.
Let's take Bitcoin as an example. To attack the Bitcoin network, you need 51% of the network's computing power to attack it. The purpose of the attack is to make money, generally. So then you need to know how much computing power you need and how much it will cost you.
These costs are more or less known and listed on all kinds of websites. The hashpower (computing power) to attack Bitcoin gets bigger and more expensive every year. Even if you reach 51% you will probably still lose money on it. Therefore, an attack on Bitcoin is rather unlikely. Bitcoin is one of the most secure networks in this regard.
If a group of miners (pool) get too close to the 50% of computing power on a proof of work network they are usually asked to slow down or consider splitting. No one is waiting for a pool to screw things up.
Most coins can be attacked by the 51% attack. So why doesn't that happen all the time? The reason is that there are all kinds of protocols in place that work. After all, as an attacker, you have to be able to get away with loot or get something else. Why else would you do it?
With a lot of proof-of-work networks, such as Bitcoin, not only do you need more than 50% of the computing power, but an attack has to achieve something. Most coins are so secure because an attack costs too much relative to the chance of getting a bigger loot.
A successful attack can take place on a smaller network, though. The problem with such an attack is that in turn the loot becomes so small that it is not attractive to start it. Moreover, often trading in a coin under attack is suspended on exchanges, so you cannot sell the loot. If you then suddenly find yourself offering loads of coins on an exchange, they will spot you. A successful attack is therefore very difficult. It takes money, technology and a plan of sale. Fortunately, most people think this is too much work.
In addition to proof of work, you also have proof of stake networks. These too can be attacked if more than 50% of the coins are staked by a group or person, after which they can get exclusive rights to new coins, duplicate coins and approve malafide blocks.
Proof of stake works so that if you want to become a validator and approve blocks you have to put a lot of coins at stake. If you make a mistake in approving blocks you get fined, which they call slashing. If you approve many incorrect blocks they can take all your coins at stake.
If you have to have half of all coins in circulation that is already very pricey. Then if you can lose all those coins because you are malicious, you will soon find yourself empty-handed.
So Proof of stake has a simple but very effective economic principle at its disposal to make a 51% attack unprofitable. This is why you won't hear that a proof of stake network has been attacked very quickly.
Generally speaking, it does not occur very often for the above reasons. Nevertheless, it has occurred from time to time. Given the number of coins out there, the chance of an attack is very small, but still a few attacks occur every year.
Usually they are "pocket change," amounts under 100,000 euros are the most common. Still, there have been a few large attacks in which significant amounts have been captured.
For example, in 2018 there was an attack on the Bitcoin Gold network, in which $18 million was captured.
That same year, Verge was attacked, with attackers leaving with $1.7 million.
The smartest attack did date back to 2016. In this, Krypton was attacked, with the attackers spending coins twice, then sending the coins back over the network. This made it seem like nothing was going on, while the attackers sold their Krypton and made off with a mountain of Bitcoin. Well played!
Ethereum Classic has also been attacked a few times. In the process, more than a million dollars was raised once.
Bitcoin SV has also been attacked a few times, including three times in consecutive months in 2021. As such, Craig Wright, the chief of Bitcoin SV, is a type you like to attack.
A downside for networks that are attacked is that the price of the coin often drops dramatically and confidence in the network drops. Even though the incorrect blocks are sometimes detected and declared invalid, it still has a negative impact on the reputation of such a coin.
If it is likely to happen again, people often turn to a hard fork. This involves leaving the old blockchain for what it is and switching to an entirely new blockchain with different rules from a certain block number. This is however the last resort.
A 51% attack is something that can always happen with any coin. The reason it happens so infrequently is because blockchains are so cleverly constructed.
With proof of work, the security lies in the cost involved. Also, the technical knowledge necessary for this is a barrier, in addition to the possibility that you can't get rid of the coins.
With proof of stake, you work against yourself if people find out that you approve faulty blocks. Therefore, we consider proof of stake networks the safest when it comes to 51% attacks.