Has There Ever Been a 51% Attack on Bitcoin?
Cryptocurrencies like Bitcoin and Ethereum get their name from cryptographic hash functions that keep information secure on the blockchain from online hackers. In most circumstances, the built-in cryptographic functions are good enough to deter most hackers.
However, there is always a chance for a hacker to gain entry into the blockchain network and control the creation and flow of cryptocurrency coins. The chance is very low, but it has happened to many blockchains.
This blog entry explores one type of cryptocurrency hack: the 51% attack. Fortunately for BTC holders, this kind of attack has never hit the Bitcoin blockchain. But many other blockchains have been struck by one.
What Happens in a Blockchain Attack?
When a malicious user successfully attacks a blockchain, they can take control of the creation of new blocks while preventing existing users from completing legitimate transactions. In some cases, like Bitcoin, attackers would also control the creation of new tokens, which can be awarded to their own addresses.
They can also create fake transactions and send them to their own addresses. This is done by redirecting spent Bitcoins from other users to their own addresses and spending them again. This activity is called double-spending. Double-spending is the main problem that consensus mechanisms in blockchains attempt to solve.
Attackers can also conduct Direct Denial of Service (DDoS) attacks on legitimate or ‘honest’ users to prevent them from contacting the blockchain. This gives corrupt miners enough time to use existing funds on the blockchain or influence the blockchain to accept the corrupted blocks.
Types of Blockchain Attacks
There are several types of blockchain attacks. Here is a list of some of the most recognized ones.
1. Race Attack
This type of attack occurs when a user sends two transactions simultaneously to different users, using two machines. The first transaction is received by the victim, while the second transaction is broadcast to the network.
The goal of the attacker is to receive the amount sent back from the network while rendering the transaction sent to the victim invalid. To prevent this attack, it is advisable to wait for at least one block confirmation.
2. Sybil Attack
A Sybil attack exploits the blockchain’s reputation system. In this attack, a node creates several pseudonymous identities to gain influence among other peer-to-peer nodes in the blockchain.
With enough influence, the attacking node can conduct illegal transactions. This type of attack is harder to detect, but it can be prevented by putting strict controls on user creation, trust mechanisms, and authority.
3. Finney Attack
This attack is carried out by miners who do not release information about new blocks into the blockchain. In this instance, the miner spends newly mined tokens without network confirmations.
The goal is to send the coins to themselves so that tokens can be added to their pre-mined block. The transaction will be rejected by other network nodes over time. One way to reduce the risk of being hit with this kind of attack is to wait for 6 confirmations before finalizing a transaction.
4. Vector 76 Attack
This is a combination of Race and Finney attacks that targets transactions with only one confirmation. The goal is to reverse such a transaction altogether. The miner creates 2 nodes, one connected to an exchange network, while the other is connected to other peers in the blockchain.
The attacker sends two transactions to the entire network (one of a high value, and the other of a low value). They then follow this with a high-value transaction to the cryptocurrency exchange, along with transferring information about a new block.
After this transaction is confirmed, the attacker will then send another low-value transaction to the main network to cause the network to reject the previous transaction so that the coins can be redeemed to their address.
Vector 76 attacks can be mitigated by connecting to reliable peers on the blockchain network while disabling incoming connections.
5. 51% Attack
In a 51 % attack, a malicious user attempts to gain control of the majority of the blockchain’s computing power. By achieving this, they assume majority ownership of a blockchain.
In this case, an attacker will be able to create new ‘corrupted’ blocks of the original or ‘honest’ blockchain. If allowed to persist, the new blockchain can become the persistent record on the digital ledger, and sell all coin deposits on an OTC exchange for fiat currency.
51% of attacks are difficult because it is very expensive to conduct such an attack in a real-life scenario.
Understanding 51% of Attacks in Detail
Blockchains are distributed digital ledgers that record online transactions. So in other words, they are a database of transactions operating on a network of computers. Transactions are validated by a consensus mechanism used by different computers. Bitcoin requires 3-6 computers to confirm a transaction.
Each transaction is recorded in a series of blocks that are connected by timestamps and cryptographically sealed. This keeps the record tamper-proof over time. To unseal the blocks, the network requires power to perform cryptographic puzzles. This power is shared across all participating computers.
If more than 50% of the computing power is taken by a group of users on the blockchain, we get a 51% attack. A 51% attack allows the malicious user to alter the function of the blockchain in several ways:
- Creating new blocks on their own. They can then fill these new blocks with transactions without the consensus of users outside their group. The result is a completely separate ‘corrupted’ chain of blocks that has a record of illegal transactions.
- Excluding new transactions from the ledger
- Changing the order of transactions
- Blocking other miners on the network, to prevent them from validating transactions or getting more rewards
- Reversing transactions to enable double spending
Here are Some More Points to Know About a 51% Attack
- Even after a 51% attack, it is extremely difficult to change the historical record of transactions. This is because cracking the cryptographic keys is resource and time intensive.
- A 51% attack on an established blockchain like Bitcoin is very expensive. This is due to the hardware requirements to meet the current hash rate per second. As of December 16, 2022, this value is over 221 EH/s. 51% of this value is just short of 113 EH/s. A look at some of the most powerful mining ASICs reveals that many have a hash rate that is a millionth of this value. Therefore, the hardware cost needed to conduct such an attack would be worth billions of dollars. And that’s without mentioning the cost of space or power consumption (which won’t be cheap either).
- Hashing power can be borrowed from cloud mining services and is only required for the duration of the attack. Using cloud mining services lowers the cost of the attack.
- Timing is important, as the attack needs to be executed in a window that prevents ‘honest’ users from creating new blocks that can be used to diagnose the attack and reverse it. For this reason, 51% of attacks are more common on smaller blockchains that have less user participation and a significantly lower hash rate threshold.
Has Bitcoin Ever had a 51% Attack?
Bitcoin has never experienced a 51% attack. While it is theoretically possible to conduct such an attack, it is very expensive, as we have pointed out in the previous section.
Furthermore, the top 3 BTC mining pools own more than a 60% stake in the network hash rate. Therefore, the likelihood of such an attack happening to Bitcoin is much lower.
If you are a Bitcoin holder, we recommend you take all the necessary precautions to guard against such attacks.
Notable 51% Attacks
Bitcoin Gold (BTG) has been at the receiving end of a 51% attack twice. This is a textbook example of a small blockchain being vulnerable to this kind of attack.
A series of 3 attacks on Bitcoin SuperVision (BSV) occurred in 2021 in 3 months. While the blockchain was restored, its reputation was damaged. Ethereum Classic has been hit with many 51% attacks.
Litecoin Cash was one of the first PoW/PoS hybrid blockchains to be hit with a 51% attack.
51% of attacks are possible on any blockchain, but they are particularly easy to execute on smaller blockchains with lower hash rates. Coins that are compromised in this way can risk being delisted from cryptocurrency exchanges.
Many established blockchains like Bitcoin, Ethereum, and Cardano are very secure, and it is unlikely they will experience a 51% attack soon.
The editorial content of OriginStamp AG does not constitute a recommendation for investment or purchase advice. In principle, an investment can also lead to a total loss. Therefore, please seek advice before making an investment decision.