In last week’s season finale of the fifth season of Silicon Valley, the show’s underdog tech startup has just come off a less-than-spectacular initial coin offering for their company’s cryptocurrency, PiedPiperCoin. To make matters worse, their cryptocurrency is hit with a “51 percent” attack—essentially, a takeover of a cryptocurrency network.
When the finale aired, catastrophic 51 percent attacks were mostly a theoretical bogeyman in the IRL cryptocurrency world despite minor incidents in the past. Only days after the Silicon Valley episode aired, though, a wave of 51 percent attacks hit the cryptocurrencies Verge, Monacoin and Bitcoin Gold. Altogether, these attacks are estimated to have resulted in a loss of more than $20 million USD.
The wave of 51 percent attacks has renewed fears in the cryptocurrency community that similar attacks may take down even larger networks, perhaps even market leaders Bitcoin and Ethereum. If you’re wondering how these attacks work and if there’s anything that can be done to stop them, you’ve come to the right place.
What is a 51 percent attack?
Cryptocurrencies like Bitcoin and Ethereum rely on groups of computers around the world to independently verify the state of the blockchain, the distributed ledger that lists how much digital money everybody holds. In the kind of attack that affected Verge, Monacoin and Bitcoin Gold, one malicious actor controls the majority of the network’s total computing power, hence the name “51 percent attack.”
This gives the attacking miner some control of the blockchain because they can effectively reverse their own transactions—this allows the attacker to spend the same coins twice, which undermines the entire point of cryptocurrencies since blockchain technology is supposed to transparently keep track of money in a way that is permanent and irreversible.
Researchers have long acknowledged these attacks were possible, and in 2016 two attacks did occur in small cryptocurrencies. But accessing enough computing power to execute that kind of attack on large networks like Bitcoin or Ethereum would be really expensive—numerous firms dedicate warehouses filled with servers to mining those blockchains. It’s possible that these firms could collude to execute the attacks themselves, but many argue that compromising the blockchain is not in cryptocurrency miners’ best interest since it could wreck the value of the coin they were mining.
Why do 51 percent attacks matter?
The recent attacks on Verge, Monacoin, and Bitcoin Gold have reignited a debate in the cryptocurrency world about the threat posed by 51 percent attacks. While almost all researchers acknowledge that 51 percent attacks are theoretically possible on blockchains secured by proof-of-work, the debate mostly hinges on whether it is economical to perform these kinds of attacks on the larger cryptocurrency networks such as Bitcoin and Ethereum.
Although any blockchain secured with proof-of-work mining is technically vulnerable to the attack, smaller cryptocurrencies are especially so since less computing power is required to achieve 51 percent.
“In the past, miners have been quite docile and compliant, partly because they lacked the technical sophistication to launch attacks, and partly because there weren’t that many options on which coins to attack,” Emin Gün Sirer, an assistant professor researching distributed systems at Cornell University, told me in an email. “We are now beginning to see miners act more strategically.”
In the case of Verge, Monacoin, and Bitcoin Gold, it’s uncertain whether they were executed by the same attacker since each attack leveraged a different approach.
How do 51 percent attacks actually work?
The Monacoin attack only resulted in a loss of $90,000 and the Verge attack resulted in about $1.7 million worth of the currency being stolen. By far the largest attack was on Bitcoin Gold, which had about $18.6 million stolen from cryptocurrency exchanges in double spend attacks.
In cryptocurrencies, the longest chain of transactions becomes “the” blockchain that describes the current state of the system. Malicious miners can take advantage of this if they control the majority of the network’s computer power. A miner that achieves this can privately mine blocks at a pace that overtakes the original blockchain, essentially creating a fork.
“We are now beginning to see miners act more strategically”
While these miners can’t change the underlying rules of the blockchain, they can create a ledger that looks different than what other users see. To leverage this into an attack, the malicious miner may send a payment to a merchant on the original blockchain while privately mining a blockchain that contains a transaction for the same coins, but to an address they control.
After the merchant sends the goods, the malicious miner can release their chain, making their version of the blockchain’s payment history the correct one and ensuring the merchant never gets their digital money. This, roughly, is what happened in the case of the Bitcoin Gold attack.
To execute the Bitcoin Gold 51 percent attack, the hacker created their own private Bitcoin Gold blockchain and kept the coins mined on this chain in their own wallet. At the same time, on the public Bitcoin Gold blockchain they sent the mined coins to a cryptocurrency exchange, sold them for a different cryptocurrency, and then made a withdrawal.
At that point, the hacker’s private blockchain was pushed to the public network, where it was accepted by the other computers on the network as the legitimate version of the Bitcoin Gold chain. The transactions that showed the coins being sent to the cryptocurrency exchange on the public blockchain were effectively erased and looked as though they had been sitting in the attacker’s wallet the whole time.
In reality, however, all those coins in the wallet had already been switched to another cryptocurrency on the exchange cashed out. This means the attacker was able to spend all of the coins in their wallet without actually losing any of them. They had, in other words, double spent all the tokens.
Can anything be done to stop 51 percent attacks?
To prevent similar double spend attacks in the future, a Bitcoin Gold developer suggested increasing the number of blocks required to confirm transactions from 22 blocks to 50 blocks. This raises the cost of attacks because a miner must control 51 percent of the network for a longer period of time.
Sirer saw the attacks as a testament to the value of ASICs in the cryptocurrency ecosystem. ASICs are specialized computer chips that are made to mine only one specific coin and are far more efficient than general computer hardware like graphics cards. ASIC’s have come under attack in some cryptocurrency communities, however, because they are only produced by a handful of companies and one of the largest, Bitmain, also runs mining operations.
Bitcoin Gold was specifically designed to be ASIC-resistant and only mineable with relatively inexpensive graphics cards. The idea was that by keeping a coin GPU-friendly it also keeps the network decentralized, rather than allowing computing power on a network to end up in control of large companies like Bitmain. Yet as Sirer pointed out, it is also possible to rent large amounts of GPU computing power, which makes 51 percent attacks on those networks more feasible.
“ASICs get a bad rep, partly because their distribution is not controlled or controllable,” Sirer told me in an email. “Yet at the same time, they secure the coin. By forcing the miner to buy dedicated hardware, not usable for another purpose, they ensure that the miners have skin in the game, and will work to make the coin succeed.”
The recent wave of 51 percent attacks is a forceful reminder that there’s no such thing as a free lunch in the crypto world. Every decision about how to secure a blockchain or foster decentralization comes with tradeoffs, and learning what these tradeoffs are can be a very expensive lesson.
Get six of our favorite Motherboard stories every day by signing up for our newsletter .