majority attack: how hackers can seize 51% of a cryptocurrency and profit
Most recently, privacy coin Verge (XVG), the 33rd largest digital currency by market cap, suffered at least two (and possibly a trio,) of these majority attacks over a six-week period around May. Verge’s management team tried to sweep the attack under the rug, pointing to DDoS attacks that triggered “delays”. Market participants and analysts note that Verge was slow to respond and the project lost a combined USD 2.8 million in two network hacks.
It’s worth noting that Verge is a “privacycoin” that emphasizes anonymity and security. It also gained traction and notoriety for becoming an accepted payment method on Pornhub. Needless to say, these attacks can’t be comforting to people trying to keep their purchases obscured.
Verge is only the latest example, but it’s not the only coin that’s been the victim of a majority hack. One of bitcoin’s offshoots, a coin dubbed Bitcoin Gold, was also targeted amid dozens of spoofed transactions that ultimately cost the project $18 million spread across various cryptocurrency exchanges. If a bitcoin spinoff is vulnerable to a 51% attack, is any coin safe? It’s an important question for anyone who wants to buy Bitcoin in Canada or other major cryptocurrencies
51% Attack Defined
A 51% attack occurs when dishonest nodes gain more computing power (or hashrate) than the honest nodes, and use that computational power to create wealth. Hackers who gain majority control of a PoW network have a pair of options – either use the control to double spend or generate new coins. If they are double spending, the attackers confirm fake transactions on what’s designed to be an immutable ledger, sending themselves multiples of the same coin. If they are generating new coins, they can award themselves the rewards of mining, or change the rules of the network to gift themselves new coins.
Nakamoto addressed the PoW vulnerability in his white paper, pointing to “network timestamps” and “hash-based proof of work” as the solution to the double-spend problem. But in the case of Verge, the hackers were able to seize control of two of Verge’s 5 mining algorithms. From here, they could mine illegitimate coins, and falsify the timestamps to publish the transactions onto the blockchain, legitimizing the coins.
Rent 51% Attacks by the Hour
A 51% attack should be apparent to the network participants, and will likely devalue the currency. The hackers are diminishing the value of the very coin they’re targeting, but can still do so profitably. Computing power for mining on crypto networks can now be rented by the hour on sites like NiceHash. Users can buy and sell hash power, making the process of performing one of these attacks much easier. The economics of performing an attack increasingly favor the hackers.
A new website (crypto51.app) shows just how easy it is to rent enough computing power to take over a network. As an example, for $950/hr, enough computing power could be rented from NiceHash to take majority control over Bitcoin Private, a blockchain worth about $500 million. For just $41/hr, you could seize Einsteinium, currently at a market cap of $42 million.
The more obscure the coin, the higher the likelihood of a 51% attack. As cryptocurrencies become stronger with more participants, they also become weaker with less. Researchers indicate that it’s the networks of the spinoff PoW coins that are the most susceptible to hacks. The leading PoW cryptocurrencies like bitcoin and ethereum have managed to avoid a 51% attack.
That’s one reason why if you want to quickly get started with cryptocurrency, you should stick to major cryptocurrencies that are harder to takeover. These are coins like Bitcoin, Ethereum, Bitcoin Cash, and Litecoin. They’re the coins traded on Canada’s trusted cryptocurrency exchange, Bitbuy. Be careful when it comes to smaller coins.
While an attack on bitcoin appears unlikely, the PoW system has its weaknesses. Large cryptocurrency mining institutions like Ghash.io have been mining bitcoin for years, thereby increasing their footprint on the network. Ghash.io has rebuffed claims that it might use its position to attack the network, but it has already come close to controlling over 50% of mining power. It has previously been reported that 90% of bitcoin mining power is controlled by 16 miners. In ethereum, that number drops down to 11.
Of course, that’s not to say that Ghash or another miner would try to act maliciously if they crossed the 50% threshold; An attack of bitcoin or ethereum would surely send ripples throughout the entire crypto industry.. It does pay to stay on top of the news and get the current price of Bitcoin before completing any transactions.
But, if the market continues to be flooded by altcoins – especially those that are the product of hard forks of the leading cryptocurrencies – the threat of 51% attacks is something that investors and issuers alike need to be increasingly aware of.
As a side note, Ethereum’s co-founders have announced plans for the network to migrate away from a PoW system to a proof-of-stake algorithm dubbed Casper.