For the most part, cryptocurrencies are a very secure alternative to traditional financial instruments. As long as users take the proper precautions to store their coins - most importantly: using secure devices as wallets - there are few things that can go wrong in blockchain-based cryptocurrencies. This is thanks to the distributed power of the blockchain, which ensures there is no "single point of failure" for malicious users to target. There is, however, one potential vulnerability in every blockchain-based cryptocurrency, and that is the potential for a so-called "51% attack". In short, a 51% attack is when hackers temporarily gain access to a majority of the network's computing power, allowing them to reverse transactions and even double-spend coins. In this guide, we'll give you the full picture of 51% attacks, including the mechanism behind them, the potential consequences, and a few notable examples.
Before we can dive into the inner-workings of a 51% attack, it's essential that you understand how the blockchain - a core part of so many cryptocurrencies - actually works.
The blockchain itself is a long list of transactions that dates back to the currency's first transaction. This long list of transactions allows anyone to calculate an accurate and definitive balance for a given user.
What makes the blockchain so powerful, however, is the network that verifies it. A cryptocurrency network is exactly that: a peer-to-peer network of thousands users (called miners) contributing to and verifying the blockchain, to make sure nobody alters the blockchain to their own agenda (by creating new coins for themselves, taking away others', or similar).
Of course, it's possible for miners to disagree on what the blockchain should look like, resulting in the creation of multiple chains. When this happens, the network chooses to adopt the longest chain.
The longest chain is determined by how quickly new information is added to it, which depends on the amount of computing power (known as the hashrate) in favor of that chain. In other words, the network chooses to adopt the blockchain which the most miners support.
A 51% attack is when malicious users temporarily gain access to more than 50% of a cryptocurrency network's hashrate, or computing power, allowing them to create the longest chain however they please. Since the network always adopts the longest chain, these users effectively take control of the blockchain as a whole for as long as they can maintain a majority of the network's hashrate.
Smaller coins are at a much higher risk of being subject to a 51% attack, since they often possess significantly smaller networks and, as such, it's much easier for malicious users to gain access to a majority of the network's hashrate.
While full control over the blockchain doesn't allow these users to mint new coins or reverse old transactions, it does allow two very significant activities:
Together, halting transactions and double spending allows malicious users to slow down a network to the point where it is effectively useless, and trick others into accepting coins that don't really exist.
In the few cases where 51% attacks have succeeded, the malicious users typically deposit coins onto cryptocurrency exchanges, trade them for other coins, and withdraw those coins, all before publicizing their longer, private chain where they never deposited anything onto the exchanges. As such, they effectively double their money, while the exchange gives away its own funds.
Several examples of 51% attacks have already been recorded, but only on smaller coins which possess significantly smaller networks. Here are three of the most popular examples:
Ethereum Classic - In January 2019, Ethereum Classic - hard fork to the popular Ethereum cryptocurrency - was allegedly subject to a 51% attack. During this time, the network fell prone to a dozen double spends, totalling over one million dollars worth of coins.
Bitcoin Gold - In May 2018, Bitcoin Gold - also a hard fork, but to Bitcoin itself - saw a 51% attack which allowed almost 10% of the coin's total market cap (then around $200 million) to be double spent.
Verge - Between April and May of 2018, the privacy coin Verge fell prone to at least two separate 51% attacks. In both of the attacks, more than $1 million in XVG was double spent.
In all three of the above 51% attacks, the cryptocurrencies proceeded to have drops in their respective prices; for Ethereum Classic and Bitcoin Gold, damage to the prices wasn't too bad, whereas the 51% attacks on Verge coincided with a general market drop - causing the coin's price drop by more than 50% over two months.
As a user of cryptocurrencies, you definitely want to avoid 51% attacks - not just because they might cause a drop in the coin's price, but also to ensure you don't receive bogus, double-spent coins.
The only way to avoid 51% attacks in blockchain-based cryptocurrencies is to stick to using larger cryptocurrencies with established networks. It's generally accepted that for huge computing networks like Bitcoin and Ethereum, it would be practically impossible to gain a majority stake of the network's hashrate, making them immune to 51% attacks - at least for now!