There has been a wave of 51 percent attacks on smaller cryptocurrencies recently. ZenCash has been the latest of a series of targets for this kind of attack. Another high-profile case was the well-known but controversial Bitcoin fork, Bitcoin Gold. Interestingly, ZenCash was named as relatively safe in the Bitcoin Gold team’s response to their own incident.
As always in these cases, reports on the amount of money disappearing differ, but it has become clear that 51 percent attacks on smaller coins can be very lucrative.
How do 51 Percent Attacks Work?
Proof of work consensus protocols rely on computational power for executing algorithms. Usually, hash values or similar mathematical functions are calculated until a value is found that matches certain criteria. For example, in Bitcoin, a nonce field in the block being created is re-calculated until an SHA-256 hash value with a certain number of leading zeros is found. Mining consists in competing to find this value. The miner solving the puzzle first gets to create the block. In case of dispute, the chain “forks” and the chain with most support wins. Bitcoin’s original paper already foresaw this and includes calculations showing that the history of the blockchain can only be altered if more than half the network colludes in this. Hence the term “51 percent attack”.
The recent attacks all used the 51 percent method to rewrite the blockchains history for a few blocks. The double spending attack executed works by making large transfers to and from exchanges and dominating the blockchain for a while issuing fraudulent blocks that double-spend coins. This is possible because the attackers managed to get hold of enough resources for the duration of the attack to “own” more than half the network’s computational power.
Hash Power and ASIC Mining Hardware
The original consensus algorithm introduced by Bitcoin was solid at the time and in some sense still is. However, it assumed nodes would be competing for mining rewards on equal terms. Instead, clever engineers have realized that the hashing algorithm involved is extremely parallelizable, which first led to GPU mining and then to specialized hardware (ASIC) which can mine at a speed impossible to match with general purpose hardware. This alters the balance of the network and puts computational power in the hands of a few individuals, in particular in smaller blockchains.
Hashing power can be rented, so it is possible for attackers to obtain enough hashing power for a few hours to dominate a smaller blockchain sufficiently to alter transaction history.
Fragmentation and Countermeasures
The hourly cost of renting sufficient hash power for a 51 percent attack for different chains has been calculated and is listed on a webpage. For many of the smaller altcoins, it is surprisingly cheap to dominate the chain for a few blocks. The reason for this is that the smaller the chain, the fewer nodes maintain the system. Furthermore, many of the nodes may be low powered “hobbyist nodes”.
In this sense, fragmenting the market into many cryptocurrencies significantly increases the risk, resulting in many small blockchains, which are less secure. This is one of the reasons why implementing a coin on top of existing blockchains, such as ERC-20 tokens on Ethereum is a good idea for most projects. The underlying large chain protects the token from 51 percent attacks.
In the meantime, many cryptocurrencies focus on ASIC resistant mining algorithms as a countermeasure.