51% attack on blockchain: what is it and how to prevent one

Despite a lot of pros, blockchain is not perfect. Some look for illegal ways to make a profit. We can no longer imagine a digital world without hackers; they were there in Web1, then moved to Web2, so the question of when they will get to Web3 was only a matter of time. One of the main threats to data security for digital assets created on blockchain technology is the so-called 51% attacks. They permit hackers to manage the network and the money swaps flowing through it. Let’s talk more about this today.

What is a 51% attack?

A 51% attack is a system capture in which the intruder’s mining capacity surpasses the rest of the system’s capacity by at least 1%.

The person attacking has a so-called “controlling block” of the generating capacity in his hands. Such an attack aims to eliminate a competitor if it is a new digital asset or to profit if a successful currency is attacked.

A well-performed attack permits the hacker to prevent confirming some or all money swaps by performing a transactional rejection of service or to prevent all other miners from mining, leading to a monopoly on the currency’s mining.

However, even with 51% of the total hash rate, attackers cannot undo money swaps from other consumers or stop creating transactions and translating them to the network. Varying block rewards, making digital assets out of thin air, or sneaking coins that never were owned by the attackers are also considered infeasible events in an attack.

How does 51% work?

Bitcoin and other cryptocurrencies can be hacked. Those who say otherwise are lying or don’t know how blockchain works. One of the most common ways is to manage more than 50% of the capacity in the mining network. Many people do not fully understand or they incorrectly understand how this happens, believing that the hacker is stealing money from a specific person’s wallet. This attack does not give users’ wallets a chance to be hacked, so scammers steal funds from exchanges. Also, many think hackers are cracking the blockchain by creating coins right out of thin air, which is invalid.

To understand how the attack works, we need to understand exactly how the hacker conducts it. Let’s look at the algorithm of his actions:

• first, he collects coins: mines, buys or steals them;
• then, after collecting the necessary amount of coins, the hacker gets most of the hashing power of the network;
• then launches an attack;
• first mines are hidden on his node;
• when the scammer finds the proper cache, he packs it on his node and then releases it to the network;
• all other nodes recognize the hash as correct and write it to their blockchain;
• then, the hacker continues to mine locally on his node but no longer sends the blocks found to the network;
• in this way, one version of the blockchain exists privately at the hacker, while the other is at all other nodes in the network;
• in the end, the hacker creates a transaction in which he sends all his coins to the selected exchange;
• all nodes think that the transaction works by consensus, and it succeeds;
• the exchange sees the deposit and transfers the funds to the attacker;
• this balance on the exchange, the hacker can swap it for other digital assets or withdraw it, but quickly;
• after the withdrawal, the attacker publishes a hidden version of the blockchain without the transaction sent to the exchange, and due to its superior hashing power (51%+), it is longer and therefore applied by the network as correct.

After that, it is as if there were no coins credited to the exchange, and the hacker has the double equivalent of his cash. That’s all.

Adverse effects of the 51% attack

As we understood from the description above, a 51% attack is an attack on a blockchain network in which cyber criminals gain control of 51% or more of the network’s power. This is very dangerous and gives hackers the following opportunities:

• stop adding new information to a block, preventing other miners from generating blocks;
• take the reward for adding new blocks, as well as user commissions for transactions;
• exclude or change the order of transactions;
• prevent some (or all) transactions and blocks from being confirmed;
• cancel your transactions, allowing you to spend the same coins several times (so-called double spending);
• block the work of other bona fide miners and prevent them from mining new coins;
• create their version of the blockchain (i.e., hard fork the original network).

Why is it dangerous?

Suppose attackers control more than 51% of the network’s hash rate. In that case, they can also manipulate the complexity of the blockchain, delete transaction history by rolling back previous blocks and edit the mempool (the list of transactions waiting to be included in the league).

The economic sense of the attack for hackers is double-spending. A 51% attack allows the creation of counterfeit coins — spending the same cash multiple times. As a result, the attacker can withdraw or exchange the currency for another cryptocurrency, reverse the transaction online, and spend the same coin again.

With a 51% attack, one cannot make transactions with other people’s coins, transfer them to stacking, change the number of coins and generated blocks, or change the information in old blocks (rewrite the blockchain). Also, with a 51% attack, hackers cannot learn a user’s private key or forge their signature, just as they cannot manipulate validators’ voting decisions.

Examples of the attack

If BTC has too extensive a network for this attack, digital assets with lower hash rates are vulnerable. Let’s consider examples of 51% attacks.

One happened in 2016: the victims were two small Ethereum clones, Shift and Krypton.

In May 2018, hackers attacked Bitcoin Gold, a Bitcoin hard fork, for three days, spending more than $18M in coins on the network through the five exchanges, including Binance. Another one, Bittrex, ended up delisting the coin. Within six hours from January, Bitcoin Gold was attacked again, but this time the hacker could only make $70K. The expected value of the assault was $10,2K in six hours.

In April and May 2018, cybercriminals struck the Verge blockchain and were successful in making $1M and $1.75M. Verge was hacked this February again: about 200 days of transactional history were destroyed, and 560K blocks were restructured. But thanks to the timely response of the community, the attackers could not make any money.

From October to December 2018, the Vertcoin (VTC) coin was attacked. Attackers twice spent about $100K on VTC, reorganizing more than three hundred blocks in the network. In December 2019, the incident happened again and restructured more than six hundred blocks. The malicious spent about one bitcoin to get the hash rate needed to execute the assault but failed to double-spend despite the block reorganization. He died because the cryptocurrency exchange Bittrex (the initial purpose of the episode) shut down its wallet before the restructured blocks were released.

In 2019, an Ethereum fork was harmed by the attack 51% of the time — hackers made about $200K in stop Classic. Cryptocurrency exchange Coinbase was forced to halt all swaps, withdrawals, and deposits temporarily.

Ethereum Classic has already been subjected to three attacks in the summer of 2020: on August 1, 6, and 29. The hackers spent about $192K but made $5.6 million by reorganizing approximately 14,7K blocks. Despite this, the price of Ethereum Classic showed resilience. In October, the developers implemented a system to protect against 51% attacks — the MESS protocol, which made it about 31 times more expensive to conduct an attack. 

How to prevent 51% attack?

Developers offer different algorithms to protect against attacks. For example, there is a universal solution suitable for all digital assets. The idea is to register the state of the blockchain constantly. Suppose an unknown person wants to attack the network. He disconnected his node at block 100, maimed 15 blocks to block 115, then reconnected the node and waited for transfer confirmation. But then it turned out that on block 110, the company’s security system fixed the state of the blockchain, so now the hacker’s 15 blocks could not be authorized.

The developers of PirlGuard take a different approach. They set a specific parameter — the number of blocks. Let’s say it’s 30. If the intruder reconnects his node to the network and adds his 20 blocks (20 less than the set number, 30), the web will accept them. If John decides to add 35 blocks, the chain will also be rejected.

In most cases, new digital assets are attacked. It is easy to do this with them because you do not need high mining power to perform an attack, and a 51% attack on blockchains like Bitcoin and Ethereum requires too many resources, making the attack impractical, and therefore, almost impossible.

As long as mining remains profitable and many users are on the network, attacking the system is extremely difficult. As soon as the profits from mining become less than the cost of purchasing and maintaining the equipment, miners will start to leave the system, and the network will become vulnerable.