Most people will try to sell you on blockchain using the standard options; it’s immutable, unbreakable nature. They’ll bring cryptocurrency into it as a block reward and they’ll suggest that the magic of it is that it’s perfectly safe, secure and unhackable.
At least that’s what most of us are told.
Except it’s not. If someone tells you that something is permanent, then they’re either ignorant or they’re lying to you. Every computer program can be hacked, and thus, so it is with blockchain.
It’s just not easy.
The only way to compromise a blockchain is through something called at 51% attack. This type of attack involves contributing more than 50% of the computing power supporting the network, effectively giving the actor the ability to alter certain aspects of the network’s functionality.
Essentially, this would make the individual (or as more likely, a group) responsible for more than 50% of the hashing power needed to confirm transactions and create blocks. It would also give the group complete control over who gets to form blocks or block transactions by refusing to confirm them, or even reverse transactions that had previously been sent out, introducing the possibility of double-spending the network’s coin.
Past 51% attacks
The way crypto-enthusiasts talk about 51% attacks, you’d expect it to be one of those third-act moments where the James Bond villain gets the nuclear launch codes and monologues briefly about having all the power, followed by a villainous laugh. But nope—most of these happen by accident.
In July, 2014, a mining pool supporting bitcoin unintentionally set of a 51% attack when they discovered they were contributing more than 50% of the network’s computing power. Rather than run off with millions of dollars, Gashi.io, the company that accidentally took over Bitcoin, did the ethical thing and released a statement promising to never contribute anything beyond 40% of the hashing power.
Others haven’t been so nice.
Such as May, 2018, a group of malicious miners took over Bitcoin Gold’s hashing power, skirted past countermeasures when they were detected, and went on a double-spending spree for several days before bouncing with $18 million worth in the currency.
Then again, earlier this year, wherein blockchain security firm Slowmist published a report that indicated they had discovered a 51% attack on the Ethereum Classic network, and proceeded to warn both Coinbase and the Ethereum Classic exchanges. The attackers double-spent on several exchanges, including Bittrue, and Gate.io, with Coinbase used to funnel out most of the stolen funds. All in all, Coinbase filtered out 219.55 ETC coins, valued at $1.1 million at the time.
The larger coins by market cap and hashing difficulty, including Bitcoin and Ethereum, are increasingly unlikely to be targets of 51% attacks, because of the prohibitive cost of mining. Professor Saravanan Vijayakumaran of IIT Bombay crunched the numbers in a study earlier this year and determined that it would cost hackers $5.5 million to launch a 51% attack on Bitcoin for a day.
“The 51% attack represents the biggest threat to the security of the Bitcoin protocol as a payment system. But even this type of attacker can only add or delete transactions and cannot modify transactions or steal bitcoins without knowledge of the private keys. While launching a 51% attack requires significant expenditure with little financial returns, it is not out of reach of a hostile nation state. Until an adversary of that stature emerges, the Bitcoin protocol can be considered secure,” Vijayakumaran said.
—Joseph Morton