My name is Mickey, also known as Tezkatlypoka from Reddit,
and I will explain you a 51% attack mechanics today.
Manual to this article: You have to read this article from front to back and show your grace. After all, that is how literature works, right?
(unless it is instruction manual, in which case no one reads them at all)
Hello, my friends, readers, community members. With this little article,
I would like to show you my point of view of what “51% Attack” or ”Double spend” is. This is the attack that is common in the BlockChain industry and you probably heard about it here and there. The point of this article is to shed some light for those who don’t think about themselves as blockchain experts, or to those of you who just want to get this issue a bit more under their skin. My name is Mickey Maler of the Pirl official and this is my point of view. Let me guide you through.
Let’s start with an example from a world unrelated to the blockchain and let’s try to pick one case where a man could double spent his money (and get some jail time afterwards probably).
If you are old enough to remember the days before electronic credit card systems, you may recall the manual, hand-operated credit card press which made a carbon copy of your card information, which the store would then mail off to Visa, Mastercard, or whoever issued the card. Imagine going into a shop today that still using one of these machines. Your debit card has $1,000 on it, and you buy a new watch for $1,000. The store gives you the watch
and uses the machine to get a copy of your card which they can send to the card issuer to get their money.
Then, you walk next door to another jewelry shop and buy another watch for $1,000, except this time they have the electronic machine that we are all used to today. You buy the watch, they swipe your card and electronically now have your $1,000. Now you have two watches, and you spent the same $1,000!
By the time the first store tries to get their money, it’s already gone!
This is a good example for double spend, but 51% attack is something different even though that they are related to each other. Think about 51% attack like this: “You have a voting contest and 100 voters. And you pay off or bribe 51 of them.”
Now, let’s look at this problem from a Blockchain perspective. I will use a quote from one article I have found to be very educative and well written, so I will post it here as a reference. The author of this piece is Coinmonks
and here you can read his article in full length.
“Let’s say I spend 10 Bitcoin on a luxurious car. The car gets delivered a few days later, and my Bitcoins are transferred from me to the car company. By performing a 51% attack on the Bitcoin blockchain, I can now try to reverse this Bitcoin transfer. If I succeed, I will possess both the luxurious car and my Bitcoins, allowing me to spend those Bitcoins again.”
The blockchain is brilliant because of its decentralized nature through mathematical consensus, where multiple people verify a transaction and if it’s legit, consensus will accept it and will treat it as a lawful history on the public chain. However, on a private blockchain, it only takes 2/3 or 51% to form the majority which could mean illegal transactions /fraudulent activity.
The key element here is a democratic aspect of the blockchain where the majority of miners need to agree with a particular state of the network. By doing this, they can define what is truth and what is not.
What is legit and what is fake. But what if this majority is one big entity who got an advantage, at least temporarily, and using their power for malicious activity?
51% Attack is a possible attack on a Chain when somebody obtains more than 51% of all hashing power (hashing is used for mining). If I have more than 51% of this power, I can mine much faster, than anybody else, and that gets me some advantage in this “cheat race.” If a fraud is mining faster, he will also find a solution leading to another block faster being mined than his competitors can mine it. This fact will make his chain longer and the network needs to accept his chain as a final result since the network will always accept the longest chain as a valid and true one. That’s unfortunately bad in this case, but that’s how this tech works.
How can somebody get that much hashing power? It can be a whole community or a few people with many resources. Basically, if there is a conflict on the blockchain, the network will always use the longest
and the most difficult chain as “the right one” to accept and since the attacker
has the more power, the rest just can’t win.
The intention of the attacker is to make “double spend” on his money
and to cover tracks with 51% attack. This means that attacker uses his own cryptocurrency for purchasing goods or services. These transactions are added and visible on the public network. Meanwhile, he will mine his own private version of those blocks, where those transactions never happened
and will attempt to swap those two elements (change the history of the transactions that happened on the public chain).
What the attackers do is that they mine a longer valid chain in private
(not peered with the rest of the network), which is only possible if they control more than half the hash power and then use it to their advantage, and do a “cheat” on the blockchain, with intention do double spend tokens, that belong to the chain which was attacked recently (the attacker mines new blocks but he does not announce it to the other 49% of the network.
So they don’t know that the alternate version of the blockchain exists and is ready to bite). When attackers want to make their attempt on “51% attack”, they usually mine with a higher hash rate on a particular nod that is not attached to the network, and when they get ahead a little bit against other nodes, they switch the connection from the node of your private chain to the network of the public one.
The network always uses the longest possible chain (that’s how this was invented). Miners will re-mine this new block; consensus will approve it as a valid, and 51% attack is here in its full glory.
Target is a blockchain of their choice which uses PoW consensus algorithm. Exchange cant solves this problem for a particular project, but exchanges can implement some features that can help prevent or warn against this situation. As I just said, this is not a responsibility of any exchange, but quick reaction and cooperation could be a critical aspect of getting things in original order.
Imagine that we have a public chain. Every block in this chain has its own name. We will name those block with capital letters like A, B, C, D and so on and so for. Then we will have our attacker, who will be in possession of more than 51% has-rate (really big miner). He is in his den and trying to do a cheat on this public chain in a way in where he wants to change the history of the original public chain. He will use his high hashing power and his own private version of the same chain as the public one is. We will call that private chain with lowercase letters like a,b,c,d.
We know that attacker has more hashing power at the moment and he wants to use it for validating a new block faster than the miners of the public chain. Since he has more potential, there is a higher possibility that he will guess
the right nonsense (unique number) that will allowed him to add another new block for his private chain in the time when public chain miners are still mining a previous block.
The situation goes like this:
The public chain is A+B+C+D;
Fraud private version of that Public chain is also a+b+c+d;
Now we are in the race for the block E (or “e” in the case of the attacker).
Who do you think will have a higher probability of adding a new block
to the chain in the smaller time frame? Yes, the attacker. He might have to spend a lot of money, electricity, space and time to do this, but right now, he is in possession of higher hashing power and he is running this race on steroids.
When the attacker successfully validates a new block and add this block to his chain, he will get a chain like this: a+b+c+d+e in the same time while miners of Public chain still mine that E block, that fraud already has.
The attacker then switches his connection and add his private blockchain to the public network. Now, since we know that the Network will always accept only the longest chain
(a chain with the highest block height), a chain A+B+C+D+e, miners
of the original public chain will have to end their job on finding a correct nonsense for their block E and will need to accept the state of block A+B+C+D+e thanks to the “Longest chain rule” and will continue their work with this chain.
Now back to double spend. Imagine that attacker use his coins for purchasing goods. He will spend 1/3 of his coin in block C on the public chain, but on the private chain that he was mining in private, he is still in possession of all his coins. His private chain doesn’t have any marks of spending money. When he does this manipulation with the help of higher hashing power, he will change the history of the original Public chain. When he takes
a look to his wallet after a new block is added, he will see his full original unchanged balance, he had before purchasing any good from a store, even though that his good is already on its way to his door.
He just did a double spend thanks to the 51% attack.
Dear readers. Keep in mind that those attacks are extremely hard and expensive to do and almost every year somebody comes with some fix or new idea how to make this fraud activity almost impossible to do. I believe that blockchain technology is the future and no matter how brilliant idea you have, somebody always can find a little hole in your security and is able to use it to his advantage. Even Ethereum has been hacked once, but they solved that problem with an elegance and applied fixes and preventions to make this almost impossible for is happening again in the future.
That’s all for me to you today, my dear readers. Come to meet me at our discord, where we can continue in the debate if you want.
I would like to finish this article by quoting my friend Dan, who wrote a Coda from a view of longtime blockchain expert, and thank all of you for your kind attention. Have a nice day, stay safe and stay with us.
With kind regards, Mickey.
Dan: “51% attacks are the biggest known security issue with Bitcoin and other Proof-of-Work blockchains. That being said, the more hash power devoted to a chain, the more secure it is, as smaller chains could easily be taken over by
a small proportion of miners switching from a large chain like Bitcoin or Ethereum to a chain with much less hash power. However, these attacks are mostly prevented by two things: firstly, that large mining pools abide by rules they’ve set themselves to not grow too large, and secondly, a 51% attack can have serious economic impact on a coin, so why would a large miner risk it when it usually means hurting the price of a coin drastically! In the end, you must remember that behind all of the algorithms and hardware, there are still humans controlling everything with their own economic incentives and desires.”