We are constantly hearing about the risks of a 51% attack in relation to some of the smaller cryptocurrencies and there have definitely been flutters within the community regarding the issue. But the 51% attack isn't just something for the tiny coins. It’s become clear this is turning into a major problem for the cryptocurrency community as a whole. Verge (XVG), with current a market cap of over half a billion USD, has been attacked again, and Bitcoin Gold had $18 million USD stolen a couple of week ago. As users are wising up to both the relative ease at which these hacks can be carried out, coupled with the buffet of coins to choose from, the whole situation holds the possibility of some real money being made for malicious actors.
In early April, the privacy orientated coin Verge suffered a scare regarding a 51% attack. Yet the coin fared surprisingly well over the coming weeks: a sign that in a market of speculation, it’s difficult for cryptocurrencies with a decent face value to scare investors away. Less than two months later Verge has again been attacked using the 51% technique. Some of the figureheads in the Verge community publicly advised that the attackers were not in fact gaining more than half the hashrate but rather that the attack was a less sophisticated denial of service.
The attacker utilized Verge's multiple algorithm capability, which made the attack much worse. Normally blocks in a proof of work based cryptocurrency, like Bitcoin, are mined by a single algorithm, but since the Verge coin allows anyone to mine the cryptocurrency using any one of the five, the ability to gain more than 50% of the hashrate can be concentrated. This works by choosing one of the five algorithms and hacking the timestamp, thus lowering the mining difficulty for that particular algorithm. The other four algorithms were working hard, but everyone else mining the hacked algorithm were on easy street. Renting hashrate from a major provider helped complete the job.
This has done more than make enthusiasts turn a cold shoulder towards Verge, it’s brought into question the ability to attack all other coins using the 51% attack. Website Crypto51 was spun up recently and provides research regarding the costs for single attacks on many of the cryptocurrencies. It’s a fascinating and terrifying prospect.
A relatively well-established coin such as Zcash costs $56,580 in hashrate power to attack the first time; where-as, a coin like Bitcoin Private, which still has a market cap of half a million, only costs $847 to attack. Charlie Lee, ex Coinbase and Litecoin founder, tweeted that it is ‘easy’ to attack many of the proof of work coins, and with a hashrate more than 100%: in doing so removing ‘the capital cost of the attack.’ What’s there to lose?
Reducing the risk of 51% attacks
This is turning into a key issue that every ICO startup and small cryptocurrency developer should be focusing on. There are a few different ways that a coin or token can reduce its risk in having an attacker point their rented hashing power at their coins/tokens. The distribution of the pool is important to reducing the risk of the attack, and as long as the mining pools remain reasonably distributed, this makes it very difficult to perform a 51% attack. Naturally, a high hashrate also reduces the risk of the attack, since it becomes very expensive to perform the first attack, and this cost can’t be offset unless the coin meets the criteria. The recent Bitcoin Gold attack appears to be in a real sweet spot of hashrate required (cost in) vs cash out.
It may be difficult to get Bitcoin maximalists out of bed for Ethereum; say what you want about the viability of the token, but it’s a project that does have one thing going for it: a ‘token protocol’, so to speak. Tokens that adhere to a standard (the ERC20 standard) can be implemented directly into the ETH ecosystem – utilizing the power of every other token built on it. This in turn reduces the risk of any one party gaining a majority controlling power.
Bitcoin, Litecoin, and Ethereum are certainly not immune from this attack, it’s just that the set of perfect conditions are not met for these cryptocurrencies and moreover, it’s not fiscally viable (due to the cost of the first attack). However, all new coins should be wary of the true ease at which they might be attacked using this technique. We’re leaving the walls of the white papers now, and we are starting to see these attacks in the wild.
There is one option that can remove the risk all together: centralization. Tokens, like Ripple, simply have a single central authority. Although it’s actually pretty easy to say that Ripple acts like a token constantly under 51% attack; because, well, it is constantly under a 51% attack.
For decentralized coins, it’s difficult to see this attack just fall away into obscurity. This is a real problem with many of the alt-coins and a by-product of an over saturated market. Expect to read about more 51% attacks, before any clear solution is worked into the system.
Featured image from Shutterstock