Part 4: The 51% attack
This article acts as a bookend to the first block of knowledge offered by this Academy.
In previous episodes, we covered the fundamentals of the Proof of Work algorithm, the responsibilities of miners, hashes and hashing functions, and the importance of determinism.
In this episode, we will cover two potential risks of PoW blockchains that are related but frequently misrepresented.
1) Double-spend fraud, which allows an attacker to use their funds twice and then use the 51% attack to override the current consensus, covering their tracks.
2) The 51% attack does not aim to attack a centralized exchange user or the exchange itself but instead attacks the chain. In this method, the attacker tries to mine a block faster than the rest of the blockchain network to revert their transaction history. If they succeed in this private mining and add a block with fake history on the chain, they have won. Thanks to the rule of the longest chain (used in PoW), the blockchain consensus must accept this tampered-with block, and the attacker thus erases the log of their transaction and keeps the money they have already spent.
The "51% Attack" along with a "Double spend fraud" is a commonly known attack combination risk in the Blockchain industry, which may threaten the integrity of the cryptocurrency system. The purpose of this article is to shed some light on the matter for those who don't think about themselves as blockchain experts but want to get better acquainted with this issue.
Let's start with an example from the world outside of the blockchain - in particular, one where you could double-spend your money (but probably end up in jail afterward!).
Non-blockchain example
If you are old enough to remember the days before electronic credit card systems, you may recall the manual, hand-operated credit card press used to make a carbon copy of your card information when you paid with your card in a store. The store would mail off the copy to Visa, MasterCard, or whoever issued the card, and they would deduct the paid sum from your account and pay the store. Imagine going into a shop today that is still using one of these machines. Your debit card has $1,000 on it, and you buy a new watch for $1,000. The store gives you the watch and uses the machine to get a copy of your card in order to get money from the card issuer. Then, you walk into a jewelry shop next door and buy another watch for $1,000, except this time, they have the electronic machine that we are all used to today. You buy the watch, they swipe your card, and you get your $1,000 right away. Now you have two watches, and you spent the same $1,000 twice! By the time the first store tries to get their money, it's already gone!
Watch the following clip to get an idea.
The vulnerability of blockchain
The video above is a good example of a double spend, but a 51% attack is something different, even though not unrelated. Think about a 51% attack like this: "You have a voting contest consisting of 100 voters and you bribe 51 of them. You can now control the result of the vote using your majority control."
Now, let's look at this problem from a Blockchain perspective. I will use a quote from an article I have found to be very educational and well-written. The author of this piece is Coinmonks, and you can read the full-length article here.
"Let's say I spend 10 bitcoin on a luxurious car. The car gets delivered a few days later, and my bitcoin are transferred from me to the car company. By performing a 51% attack on the Bitcoin blockchain, I can now try to reverse this Bitcoin transfer. If I succeed, I will possess both the luxurious car and my Bitcoins, allowing me to spend those Bitcoins again."
This example abuses blockchain's design philosophy. Blockchain's brilliance comes from its decentralized nature, which is reached by mathematical consensus, where multiple people verify a transaction. If it is legitimate, the consensus will accept it and will treat it as a lawful history on the public chain. However, on any PoW-based blockchain, it only takes 51% to form the majority. As such, illegal transactions and fraudulent activity may be possible on smaller blockchains, where achieving the majority is realistically viable.
The key element here is the democratic aspect of the blockchain, where the majority of miners need to agree with a particular state of the network. By doing this, they can define what is the truth and what is not - what is legit and what is fake. But what if this majority is a single big entity with the advantage of having more computation power or having a majority of votes, at least temporarily, and they use their power for malicious activity?
The 51% Attack
A 51% Attack is a possible attack on a blockchain when somebody obtains more than 51% of all hashing power (hashing is used for mining). If somebody has more than 51% of this power, they can mine much faster than anybody else, which provides an advantage in a "cheat race." If a scammer is mining faster, they will also be faster than their competitors in finding a solution that leads to another block being mined and added to the current state, thus creating the "longest" chain. This will make their chain longer, and the network will, by design (keeping with the rule of the longest chain), need to accept their chain (which includes the fake block) as the final result. Basically, if there is a conflict on the blockchain, the network will always use the longest and the most difficult chain to mine as "the right one" to accept, and since the attacker has more hashing power, the rest just can't win. That's unfortunately bad in this case, but that's how this tech works.
But how can somebody get that much hashing power? It can be a whole community or a few people with many resources.
The intention of the attacker is to perform a "double spend" using their money and to cover their tracks with a 51% attack. This means that an attacker uses their own cryptocurrency for purchasing goods or services. These transactions are added and visible on the public network. Meanwhile, they will mine their own private version of those blocks, where those transactions never happened, and will attempt to swap those two elements (change the history of the transactions that happened on the public chain).
What the attackers do is that they mine a longer valid chain in private (not peered with the rest of the network). That is only possible if they control over half the hash power and then use it to their advantage. Then, they use a "cheat" on the blockchain, with the intention to double-spend tokens that belong to the attacked chain. Effectively, the attacker mines new blocks but does not announce it to the other 49% of the network. Therefore, the others don't know that the alternate version of the blockchain exists and is ready to rear its ugly head. When attackers want to make their attempt on a 51% attack, they usually mine with a higher hash rate on a particular node that is not attached to the network. When they get ahead a little bit against other nodes, they switch the connection from the node of your private chain to the network of the public one.
Then, the following can happen:
- The network uses the longest possible chain.
- Miners will re-mine this new block; the consensus will approve it as valid, and a 51% attack is here in its full glory.
The target is usually a blockchain that uses a PoW consensus algorithm. A blockchain exchange cannot solve this problem for a particular project but can implement some features to help prevent or warn against this situation. This is not the responsibility of any exchange, but a quick reaction and cooperation are critical aspects of getting things in the original order.
Final example
Imagine that we have a public chain. Every block in this chain has its own name. We will use capital letters like A, B, C, D, and so on. Then, we will have our attacker, who is a really big `miner` and is in possession of more than 51% of the hash rate. They are trying to scam this public chain by changing the history of the original public chain. They will use the vast hashing power at their disposal, as well as their own private version of the public chain. We will call that private chain with lower-case letters: a,b,c,d.
We know that the attacker has more hashing power at the moment and wants to use it to validate a new block faster than the miners of the public chain. Since the attacker has more potential, there is a higher possibility that they will guess the right nonce (unique number) that will allow them to add another new block to their private chain while public chain miners are still mining a previous block.
The situation goes like this:
1) The public chain is A+B+C+D;
2) The fraudulent private version of that public chain is also a+b+c+d;
3) Now we are in the race for the block E (or "e" in the case of the attacker). Who do you think will have a higher probability of adding a new block to the chain in a shorter time frame? Yes, the attacker. They might have to spend a lot of money, electricity, space, and time to do this, but right now, they are in possession of higher hashing power and are basically running this race on steroids. When the attacker successfully validates a new block and adds this block to their chain, they will get an a+b+c+d+e chain while miners of the public chain are still mining that E block, which the scammer already has.
4) The attacker then switches their connection and adds their private blockchain to the public network. Now, the Network will accept the longest chain (a chain with the highest block height), which is the chain A+B+C+D+e. As a consequence, miners of the original public chain will have to end mining block E and need to accept the A+B+C+D+e state of the chain and continue their work on this chain.
5) Now, back to double-spending.
Imagine that the attacker uses their coins to purchase goods. They spent their coins in block C on the public chain, but on the private chain that they were mining in private, they are still in possession of all their coins. Their private chain doesn't have any marks of them spending money. When they do this manipulation with the help of higher hashing power, they change the history of the original public chain. When they take a look at their wallet after the new block is added, they will see the full original unchanged balance they had before purchasing any goods, even though the goods are already on their way to the scammer's door. The attacker just performed a double spend thanks to the 51% attack.
Coda
The 51% attacks are the biggest known security issue with Bitcoin and other Proof-of-Work blockchains. That being said, the more hash power devoted to a chain, the more secure it is, while smaller chains could easily be taken over by a small proportion of miners switching from a large chain like Bitcoin or Ethereum to a chain with much less hash power. However, these attacks are mostly prevented by two things: firstly, large mining pools abide by rules they've set themselves not to grow too large, and secondly, a 51% attack can have a serious economic impact on a coin, so why would a large miner risk it when it usually means hurting the price of a coin drastically! In the end, you must remember that behind all of the algorithms and hardware, humans are still controlling everything with their own economic incentives and desires. If a successful 51% attack were to facilitate a double-spend on the Bitcoin network, for example, the value per bitcoin would decrease drastically, meaning the attacker's funds would also decrease in value - meaning less financial incentive for an attacker to attempt a double-spend in the first place.
Remember that attacks like this are extremely hard and expensive to perform, and almost every year, somebody discovers an improvement or a new idea to make fraudulent activity like this almost impossible. After all, no matter how brilliant an idea you have, somebody can always find a little loophole in your security and is able to use it to their advantage. Even Ethereum has been hacked once, but they solved that problem with elegance and applied fixes and preventions to make this sort of attack near impossible in the future.
Congratulations. You made the fourth step in becoming a blockchain expert.