Cryptocurrencies such as Bitcoin and Ethereum are often lauded as “unhackable” due to their foundations of cryptography and proof-of-work consensus mechanisms.
However, there are a certain theoretical attacks which could be used to hit the blockchains the cryptocurrencies are based on.
The most prominent of these is a 51% or “double-spend” attack, which is possible when an attacker controls more mining power than the rest of the network combined.
It can be extremely difficult to perform this attack against large blockchains with evenly-distributed hash power and multiple nodes, but it is theoretically possible.
Smaller cryptocurrencies with less total hashing power are more vulnerable to this type of attack, as seen recently in a number of small tokens.
The profitability of these attacks also vary, depending on the strength of the blockchain’s mining power.
While major blockchains have so far remained safe from double-spend attacks, we have outlined the basic mechanisms and feasibility of how they work.
Double-spend attacks allow malicious actors to steal money from others by essentially reversing transactions on the blockchain.
If an attacker wished to perform a 51% attack against the Bitcoin blockchain, they would need to control over 51% of the total hashing power on the network.
This means they would either need to collaborate with major mining pools or spend an exhorbitant amount of money renting ASIC mining hardware to gain more processing power than every other miner combined.
Following this, they could mine blocks secretly without broadcasting block completion to other miners – and choose which transactions are included in these blocks.
At the same time, the attacker can spend Bitcoin on other virtual currency or send money to an exchange.
Once they have spent their Bitcoin, they can broadcast their “secret” blockchain to other miners.
The Bitcoin protocol values the longest blockchain as the correct one, as this is a good measure of the hashing power behind the blockchain.
As the attacker has more hashing power than the rest of the network, legitimate miners are forced to accept their blockchain as the “correct” record of transactions.
However, as the attacker can choose which transactions to add into blocks, this blockchain does not include the real payments made by them to other addresses – allowing them to essentially spend the same Bitcoin twice.
This may seem a roundabout way of stealing money – considering the amount of resources required – but Bitcoin’s cryptography prevents direct theft from other addresses.
Attackers cannot simply make up transactions, as these are required to be cryptographically signed with the private key of the sender and any false transactions would be rejected by the protocol.
Maintaining this attack for long enough to build a longer blockchain than the “real” version can be extremely expensive, making attacks against major blockchains unprofitable.
While blockchains like Bitcoin and Ethereum remain relatively safe from 51% attacks, the feasibility of these attacks improves as the total hashing power of a cryptocurrency’s network decreases.
For this reason, attackers may target cryptocurrencies with high market caps and low total hash power – such as ByteCoin, LiteCoin Cash, and Bitcoin Gold.
To conduct this type of attack, hackers could make use of readily-available cloud mining services, hiring hashing power from a platform like NiceHash.
According to Crypto51, performing a 51% attack against Bitcoin for one hour would cost you almost $700,000 – while a smaller cryptocurrency like ByteCoin would only cost $539, despite its market cap of almost $600 million.
These attacks are becoming a reality for smaller cryptocurrencies with low network hashing power, and holders of these tokens should be aware of the potential risks their holds.
If a 51% attack is taking place on a blockchain, be sure to identify the attacker’s addresses and do not send any transactions to them.