Bitcoin's greatest vulnerability: 51% attacks

By Zachary Gruskin Bitcoin, 51% attacks, Vulnerability, Pooled mining

The Bitcoin network is run entirely through mining. Mining is the process by which computers solve algorithms, and when they find a block they get the block reward of 25 Bitcoins (worth $15,500 currently). Usually miners pool together their resources and receive shares of the block reward proportional to their mining power, since when mining alone it's extremely rare to find a block even if you own hundreds of thousands of dollars of mining equipment. When a block is found all transactions included in that block are confirmed. After receiving Bitcoin you cannot send it anywhere until it is confirmed at least once, so mining is essential for the Bitcoin network to keep running. On average there is 1 block found every 10 minutes, so it takes on average 10 minutes for a transaction to become confirmed. Confirmation time can vary wildly though, from less than a minute to several hours.

When Bitcoin arrives in your wallet it proceeds to confirm and is non-reversible nearly 100% of the time. However one major vulnerability exists in the Bitcoin protocol: the 51% attack. In order to conduct a 51% attack you need greater than 50% of the total Bitcoin mining power. Currently the network hashrate of Bitcoin is 125 Petahash/second (PH/s), or 125 million Gigahash/second (GH/s). In order to conduct a 51% attack you would need at least 63 PH/s. This would cost an immense amount of money. If you bought all 63 PH/s through cex.io (the biggest Bitcoin cloud mining service) it would cost 428,000 Bitcoins, which is over $265 million. It is likely that you could get the hardware far cheaper if you bought directly from the manufacturer, but it would still cost at least $100 million, not to mention the massive electricity costs.

If someone managed to gain 51% of Bitcoin's mining power despite the costs, they could then conduct double spend attacks. First the attacker sends Bitcoin to a merchant/person on the original blockchain (The blockchain is a ledger of all Bitcoin transactions in history, and the blockchain grows through miners finding new blocks and confirming transactions). The merchant will see the Bitcoin arrive in their wallet, and under the impression that the transaction is non-reversible they will send the product/money in exchange. Simultaneously the attacker will create their own blockchain, which is known as a fork. On this fork the attacker will spend the Bitcoins that were already sent to the merchant. If the attacker's blockchain fork becomes longer than the original blockchain, it will then replace the original blockchain forever. Essentially, the longest blockchain is always considered the official blockchain. The merchant's Bitcoins will disappear when the attacker's blockchain fork becomes the official blockchain, and the attacker will have both the Bitcoin and the product/money.

Merchants often require a certain number of confirmations before accepting payment, in an attempt to minimize the risk of a double spend attack. For example, Cryptsy (a major cryptocurrency exchange) requires 6 confirmations, meaning 6 blocks must be found in order for your Bitcoin transaction to be accepted. This is unlike a normal Bitcoin wallet where only 1 confirmation is needed before you can spend the Bitcoins again. Confirmations are useful in the scenario of a double spend attack where the attacker controls less than 51% of Bitcoin's mining power. The probability of a successful double spend attack with less than 51% of the network's mining power decreases with each successive confirmation, since the original blockchain has more mining power and will therefore end up being dominant. A double spend attack with 10% of Bitcoin's mining power only has a 0.1% chance of succeeding if the merchant requires 6 confirmations, while it is likely to succeed if the merchant accepts the transaction with zero confirmations. Thus, it is important to require some confirmations if you are a Bitcoin merchant.

If an attacker controls 51% of the network hash rate then no amount of confirmations can prevent a double spend attack. In other words there is a 100% chance of a double spend attack succeeding if an attacker controls more than 51% of the Bitcoin network hash rate. However, considering the immense cost of a 51% attack it is extremely unlikely anyone would ever do it. If someone invests hundreds of millions of dollars into mining equipment they certainly wouldn't want Bitcoin to be compromised by a double spend attack. A double spend attack would lead to fear and panick, and the value of Bitcoin would crash. Essentially the attacker would be shooting themselves in the foot, they would get some free Bitcoins but the price of Bitcoin would go down drastically so they'd lose a lot of money. This makes a 51% attack unfeasible for profit seeking criminals.

The closest anyone has gotten to owning 51% of Bitcoin's network hash rate is ghash.io, the largest Bitcoin mining pool. Sometimes they exceed 50% of the total Bitcoin mining power, leading to panic in the community and calls for miners to move from ghash.io to another pool. Ghash.io has stated that they would never conduct a 51% attack, which goes without saying since that would ruin their reputation and lead to a devaluing of the large amount of Bitcoins they own.

The only successful double spend attack in Bitcoin history occurred in March 2013, although it wasn't due to a 51% attack. Bitcoin was upgraded from version 0.7 to 0.8, and an error in the code resulted in miners on version 0.8 generating blocks that were incompatible with 0.7. This resulted in 2 different blockchains, aka forks, and significant amounts of mining and transactions were occurring on both blockchains. Ultimately the community decided to revert to the 0.7 blockchain since it was dominant. However one person managed to conduct a double spend attack for $10,000 of Bitcoin ( https://bitcointalk.org/index.php?topic=152348.0 ). They initially sent the transaction to the 0.8 blockchain, and noticed it wasn't included in the original 0.7 blockchain. They decided to broadcast a transaction to the 0.7 blockchain that spent the Bitcoins which were already sent to the merchant. When 0.7 was made the official blockchain again the merchant's $10,000 of Bitcoin disappeared. Fortunately the person who conducted the attack was honest and returned the Bitcoins.

Alternative cryptocurrencies, like Dogecoin, Black Coin, and Dark Coin are also susceptible to 51% attacks. 51% attacks are way more common in the alternative cryptocurrency world, since way less resources are needed to take over 51% of the network. Some cryptocurrencies have network hash rates less than 100 Megahash/second (MH/s), so an attacker could perform 51% attacks with less than $10,000 of equipment. There have been many cases of alternative cryptocurrencies undergoing 51% double spend attacks, including Feathercoin and White Coin, resulting in tens of thousands of dollars of direct losses in both cases. Also, when the White Coin 51% attack occurred the market crashed violently, costing investors millions of dollars. When investing in alternative cryptocurrencies it is important to keep in mind that 51% attacks are much more likely than with Bitcoin.

Thus, although Bitcoin transactions are irreversible nearly 100% of the time, the possibility of a 51% attack exists. If someone controls over 51% of the Bitcoin network hash rate they can create their own blockchain, and reverse payments they sent to merchants on the original blockchain. However 51% attacks are extremely unlikely since it would cost $100-300 million to conduct an attack. If someone has invested that much into Bitcoin mining they would lose far more money due to the market crashing than they would gain during the attack. However, 51% attacks are a serious threat for alternative cryptocurrencies. A 51% attack on any alternative cryptocurrency requires much less resources than an attack on Bitcoin, and the attacker could simply start mining a different alternative cryptocurrency after they ruin the market price of the cryptocurrency they attacked.