July 24, 2019

Cryptocurrencies and the 51% attack: The processes, vulnerabilities and dangers

By Corey Nachreiner

Cryptocurrency entered mainstream consciousness in December 2017 when Bitcoin’s value was nearing what would become its all time high, which was just shy of $20,000 per coin. Others, called altcoins, were buoyed by this rising tide and also reached previously unfathomable prices. People even started to take out home equity loans to buy into the craze, quite likely to their financial advisers’ dismay.

Their popularity was based on the fact they were billed as a safe, albeit not necessarily stable, payment platform. Thanks to strong cryptography, in theory it should be impossible for someone to be able to manufacture their own ‘coins’, steal someone else’s, or reverse any transactions. And in most cases this is true, but there are other ways than breaking cryptography to steal them.

In January this year, one attacker exploited a flaw found in the majority of cryptocurrencies and made off with $1.1m in Ethereum Classic, the second most valuable of them all. This so-called 51% attack highlights a critical vulnerability which has actually been present since the technology’s inception and which will, over time, only get worse.

So, what exactly are these cyber currencies and how do they work in financial transactions?

Bitcoin was first launched about ten years ago and was the first example of cryptocurrency. It used a blockchain as a distributed public ledger. This is a database which is collectively shared and synchronized across multiple sites and allows money transactions to have ‘witnesses’ and without the use of any centralised bank.

A ‘distributed’ ledger contains hundreds of thousands of ‘nodes’ (a connection device), which all participate by validating and storing the ledger. Anyone can take part in the management of the blockchain by forming or ‘spinning up’ their own node. Other examples of cryptocurrencies include Ethereum, as mentioned, as well as the privacy-focused Monero and the speed-focused Litecoin.

How transactions are added

Most cryptocurrencies use a system called ‘Proof of Work’ (PoW) to build a consensus on what the correct blockchain is. The process of adding blocks of transactions to this chain is called mining and the nodes which participate are called miners.

At a high level the process operates in the following ways:

First, a mining node receives transactions and validates them to make sure there is no double spend, for example, spending the same funds twice in different transactions. The nodes then bundle up a number of transactions into a block. At the end of the block, they add a transaction which gives them an amount of cryptocurrency as payment for their work.

Finally, the node begins trying to mine the block into the blockchain. In the PoW process, this intentionally involves very difficult maths which is computationally expensive. Miners compete against each other to solve the problem which adds their block and the first miner to solve the maths gets a reward of some coins.

The miner who finds the solution to the maths problem ‘announces’ their mined block into the network and other nodes then verifies the solution and the new block is added to the chain.

‘Forks’ are created when two different miners come up with two different, but acceptable, solutions and then mine two valid blocks. Over time one will become longer as the majority of nodes add blocks to it and the longest one is accepted as the correct version and the remaining one is abandoned.

PoW blockchains rely on the honest majority, meaning that a majority of mining power must follow the intended blockchain’s mining behaviour. For large cryptocurrencies like Bitcoin, with up to hundreds of thousands of nodes, it is prohibitively expensive to amass enough computing power to control this majority under either a single person’s or organisations’ control, which keeps the ledger safe from attack.

Enter Ethereum

This altcoin was introduced in 2015 and expanded the idea of a public transaction ledger from just distributed financial transactions to distributed computing.

This is where nodes on the network participate in a decentralised virtual machine and use scripted functions to build fully distributed applications. Crypto mining scripts are a function that is placed on a website and makes use of a website visitor’s central processing unit (CPU) to mine the cryptocurrencies.

Over the last four years, developers have built applications on the Ethereum network from cat-trading game, CryptoKitties, to an investment platform called the Decentralised Autonomous Organisation (DAO).

A year after Ethereum was introduced, however, an attacker exploited a vulnerability in the DAO’s underlying code to siphon off $550m in Ether, the cryptocurrency which drives the Ethereum blockchain.

Because blockchains are immutable meaning that fixed and invariable transactions cannot be reversed, the only way to reverse this was to ‘hard fork’. This fork essentially went back in time, negated the attacker’s transactions and created a new version of the blockchain. It’s highly controversial to do this because it goes against one of the core tenants of the technology, its immutability. But due to the scale of the hack, a majority of the nodes agreed to fork so the majority rule succeeded and Ethereum continued on its new branch.

Yet from this, because a substantial number of nodes disagreed with the hard fork and continued on with the original chain, hack included, Ethereum Classic came about and the pair still exist as separate but related chains.

The 51% attack

Cryptocurrency values began to crash last year with many altcoins becoming unprofitable. This was due to the fact that mining them isn’t free. Mining nodes convert electricity into computation power in order to solve the complex maths problems involved, so if the cost of the electricity outweighs the rewards earned for successfully mining a block, it doesn’t make any financial sense to keep on with that particular currency. This in turn will lead to a drop in mining power, meaning less participants and less of a majority, which then led to the Jan 7th attack when an attacker exploited the drop in power.

The attacker sent several transactions worth from tens of thousands to hundreds of thousands of dollars in Ethereum Classic to several different wallets, which are a device, physical medium, program or service, which stores the public and/or private keys and can be used to track ownership, receive or spend the cryptocurrencies.

He then traded these funds for a different cryptocurrency like Bitcoin and started mining a separate copy of the blockchain, but this time without the original transactions, depositing Ethereum Classic into the exchanges and therefore being able to maintain a majority of the mining power – 51% or above. That meant this version of the chain caught up and overtook the original’s in length.

Basically, the attacker never sent the Ethereum Classic to the exchanges but still controlled the blockchain, as well as keeping the different cryptocurrency from the old one.

In summary, a 51% attack allows the hacker to double spend their funds. In this case, spending it once to purchase a different cryptocurrency and then regaining it to spend again. The recipient of the original transaction has their funds stolen when the blockchain is reorganised and the transaction removed.

One of the victims of this attack, Gate.io had $100,000 worth of Ethereum Classic stolen and Coinbase about $1.1m.

Are major cryptocurrencies vulnerable?

In technical terms, all the cryptocurrencies that use PoW are vulnerable to a 51% attack, including Bitcoin, Ethereum and Monero. Practically, the computing power needed to do this is astronomical. For this attack, mining power from a cloud provider like NiceHash could have been bought.

It’s worth noting that an attack like this would need to maintain 8TH/s (8,000,000,000,000 hashed per second) and NiceHash charges about $15,000 per day for 1TH/s, so this could cost $120,000 for a full day, which is enough time to execute a double spend of this type.

Therefore, these attacks are a serious risk to smaller cryptocurrencies as it is economically feasible for an attacker to rent enough mining power to take many of them over. One of the things holding them back, however, is that they are almost guaranteed to crash the value of a currency, which is smaller than Ethereum Classic.

What are the fixes?

Although larger cryptocurrencies may all but be immune to attacks like these, it isn’t stopping changes being implemented, which can help impede them. An example is Ethereum, as well as others, that are moving towards a process called Proof-of-Stake, which mitigates attacks by destroying the funds the attacker is trying to steal.

Smaller currencies could still be in trouble though, because while people still put funds into new and cheaper ones in the hope of striking gold during a surge in value, there are still serious risks. Cryptocurrencies are still essentially in the realms of the Wild West and should, as a result, be treated with careful consideration.

Read more: Forking hell, Bitcoin! Why division is the enemy of progress for decentralised networks


Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: