A ”Double-spend fraud” utilizes the “51% Attack” as a method of reverting the history of the blockchain. This commonly known attack combination is an ever-present risk in the Blockchain industry, which may threaten the integrity of a cryptocurrency system.
The purpose of this article is to shed some light on the matter for those who don’t think of themselves as blockchain experts but want to get better acquainted with this issue.
A blockchain re-organization is a process that can be done without 51% or more hashing power, so why do we care if the attacker has access to 51% of it? What is special about having 51% of hashing power is that the reorganization (assuming the attacker starts from the chain tip) will always succeed, whereas with less than 51% of hashing power they only have a minor probability of succeeding.
Mentioning this type of attack in a series of articles about Bitcoin, where the 51% attack has never happened (that we know of), can create doubts. However, this article aims to enhance your know-how and provide you with a complete picture of PoW by showing an attack method developed against this consensus algorithm. Even though we don’t have a record of the Bitcoin blockchain being “51’d”, we do have some records of a double-spend fraud on other chains:
The 51% attack has never occurred on the Bitcoin blockchain in its entire history, but it has happened several times with other PoW blockchains between 2016 and 2018. Similar to Sybil attacks from the previous chapter, PoW’s energy requirements make the 51% attack economically unfeasible in reality and almost impossible on the Bitcoin blockchain, since:
To better understand the steps involved in a 51% attack, let’s look at an example from the world outside of blockchain - in particular, one where you could double-spend your money (but probably end up in jail afterwards!).
If you are old enough to remember the days before electronic credit card systems, you may recall the manual, hand-operated credit card press, used to make a carbon copy of your card information when you paid with your card in a store. The store would mail off the copy to Visa, Mastercard, or whoever issued the card, and they would deduct the paid sum from your account and pay the store. Imagine going into a shop today that is still using one of these machines. Your debit card has $1,000 on it, and you buy a new watch for $1,000. The store gives you the watch and uses the machine to get a copy of your card, in order to get their money from the card issuer. Then, you walk into a jewellery shop next door and buy another watch for $1,000, except this time, they have the electronic machine that we are all used to today. You buy the watch, they swipe your card and get your $1,000 right away. Now you have two watches, and you spent the same $1,000 twice! By the time the first store tries to get their money, it’s already gone!
Watch this clip to get an idea.
The video above is a good example of a double spend, but a 51% attack is something different, though not unrelated. Think about a 51% attack like this: “You have a voting contest consisting of 100 voters and you bribe 51 of them. You can now control the result of the vote using your majority control.”
Now, let’s look at this problem from a Blockchain perspective. I will use a quote from an article I have found to be very educational and well written. The author of this piece is Coinmonks and you can read the full-length article here.
“Let’s say I spend 10 bitcoin on a luxurious car. The car gets delivered a few days later, and my bitcoins are transferred from me to the car company. By performing a 51% attack on the Bitcoin blockchain, I can now try to reverse this Bitcoin transfer. If I succeed, I will possess both the luxurious car and my Bitcoins, allowing me to spend those Bitcoins again.”
This example abuses blockchain’s design philosophy. Blockchain’s brilliance comes from its decentralized nature that is reached by mathematical consensus, where multiple people verify a transaction. If it is legitimate, the consensus will accept it and will treat it as a lawful history on the public chain. However, on any PoW-based blockchain, it only takes 51% to form the majority. As such, illegal transactions and fraudulent activity may be possible on smaller blockchains, where achieving the majority is realistically viable.
The key element here is the democratic aspect of the blockchain, where most miners need to agree with a particular state of the network. By doing this, they can define what the truth is and what is not. This happens thanks to the full blockchain nodes, which define what is “legit” by setting the consensus rules. And under these rules, two or more competing versions of the chain can potentially be “legit.” But according to the “difficulty-wise longest valid chain” rule, only one chain can be the most legit. This consensus statement lays down the fundamentals for the follow-up question that miners are helping to answer by mining on one chain instead of another:
“Of all existing valid chains, which one should the users’ full nodes follow?”
But what if this majority is a single big entity with the advantage of having more computation power or having a majority of votes, at least temporarily, and they use their power for malicious activity?
A 51% attack is a possible attack on a blockchain when somebody obtains more than 51% of all hashing power (hashing is used for mining). If somebody has more than 51% of this power, they can mine much faster than anybody else, and that provides an advantage in a “cheat race”. If a scammer is mining faster, they will also be faster than their competitors in finding a solution that leads to another block being mined and added to the current state, thus creating the “longest” chain. This will make their chain longer and the network will, by design, (keeping with the rule of the longest chain) need to accept their chain (which includes the not valid block) as the final result. Basically, if there is a conflict on the blockchain, the network will always use the longest and the most difficult chain to mine as “the right one” to accept, and since the attacker has more hashing power, the rest just can’t win. That’s unfortunately bad in this case, but that’s how this tech works.
But how can somebody get that much hashing power? It can be a whole community or a few people with many resources.
The intention of the attacker is to perform a “double-spend” using their money and to cover their tracks with a 51% attack. This means that an attacker uses their own cryptocurrency for purchasing goods or services. These transactions are added and visible on the public network. Meanwhile, they will mine their own private version of those blocks, where those transactions never happened, and will attempt to swap those two elements (change the history of the transactions that happened on the public chain).
What the attackers do is that they mine a longer valid chain in private (not peered with the rest of the network). That is only possible if they control more than half the hash power and then use it to their advantage. Then, they “cheat” on the blockchain, with the intention to double-spend tokens that belong to the attacked chain. Effectively, the attacker mines new blocks but does not announce it to the other 49% of the network. Therefore, the others don’t know that the alternate version of the blockchain exists and is ready to rear its ugly head. When attackers want to make their attempt on a 51% attack, they usually mine with a higher hash rate on a particular node that is not attached to the network. When they get ahead a little bit against other nodes, they switch the connection from the node of their private chain to the network of the public one.
Then, the following can happen:
Imagine that we have a public chain. Every block in this chain has its own name. We will use capital letters like A, B, C, D, and so on. Then, we will have our attacker, who is a really big miner and is in possession of more than 51% of the hash rate. They are trying to scam this public chain by changing the history of the original public chain. They will use the vast hashing power at their disposal, as well as their own private version of the public chain. We will call that private chain with lower-case letters: a,b,c,d.
We know that the attacker has more hashing power at the moment and wants to use it for validating a new block faster than the miners of the public chain. Since the attacker has more potential, there is a higher possibility that they will guess the right nonce (unique number) that will allow them to add another new block to their private chain while public chain miners are still mining a previous block.
The situation goes like this:
51% attacks are the biggest known security issue with Bitcoin and other Proof-of-Work blockchains. That being said, the more hash power devoted to a chain, the more secure it is, while smaller chains could easily be taken over by a small proportion of miners switching from a large chain like Bitcoin or Ethereum to a chain with much less hash power. However, these attacks are mostly prevented by two things: firstly, that large mining pools abide by rules they’ve set themselves to not grow too large, and secondly, a 51% attack can have a serious economic impact on a coin, so why would a large miner risk it when it usually means drastically hurting the price of a coin, and in the case of ASIC-mined coins, hurting the value of their mining hardware too! In the end, you must remember that behind all of the algorithms and hardware, there are still humans controlling everything with their own economic incentives and desires. If a successful 51% attack were to facilitate a double-spend on the Bitcoin network, for example, the value per bitcoin would decrease drastically, meaning the attacker’s funds and mining hardware would also decrease in value - meaning less financial incentive for an attacker to attempt a double-spend in the first place.
Keep in mind that attacks like this are extremely hard and expensive to perform, and almost every year somebody discovers an improvement or a new idea on how to make fraudulent activity like this almost impossible. After all, no matter how brilliant an idea you have, somebody can always find a little loophole in your security and is able to use it to their advantage.
Congratulations. You made the fourth step in becoming a blockchain expert.
See you later in episode 5, where we will investigate forking a blockchain.
Until then, stay Sovryn!