What Is a 51% Attack?

When you hear about blockchain, the word “decentralized” is used over and over again ad nauseam, to the point where the two terms seem synonymous. We describe blockchain as “decentralized” because there’s no single person or entity that verifies transactions on a blockchain. Rather, a network of computers does this. Together, these multiple computers discern whether a transaction in a blockchain network is accurate, and if they agree, that transaction becomes part of a new block on the chain.

This isn’t an inherently decentralized system, though. If a person or group of people can gain control of a majority of the computing power in a blockchain network, it can operate in a more centralized manner and the controllers of that majority can manipulate what gets recorded on the chain, accurate or not. A majority constitutes at minimum about 51 percent. Hence the name of one of blockchain’s biggest threats—the 51 percent attack.

Gaining that much control over a blockchain network is difficult. It takes a lot of computing power, and the bigger the network, the harder it is to harness more than half of it. Bitcoin, for example, has never succumbed to a 51 percent attack. However, yesterday, Ethereum Classic—the 18th-largest cryptocurrency by market cap—was hit with such an attack. More on that here in a piece from BREAKER writer David Z. Morris; in the meantime, a quick explainer on the 51 percent attack:

How does it happen?
Miners attempting to add a block to a blockchain network have to solve a complex math problem, one that requires a lot computational power. Once a miner solves that problem, they essentially share that solution with the rest of the network. Others in the network will verify it only if the transactions in that block prove to be valid, based on transactions that came before it in the blockchain.

Related: The Ethereum Classic 51% Attack Is the Height of Crypto-Irony

While 51 percent attackers can’t create false transactions for someone else unless the attacker somehow gets access to that person’s unique digital signature, they can reverse their own transactions and prevent the confirmation of new transactions. In a sense, you can’t really steal someone else’s cryptocurrency through a 51 percent attack. However, you can falsely send your own cryptocurrency to someone else, but then reverse that transaction and end up keeping the crypto.

How does someone reverse a blockchain transaction?
You can reverse a transaction by essentially rendering it obsolete. This entails creating a new chain that doesn’t include the previously recorded transaction you’d like to “reverse.” In doing this, you can end up “spending” the same coins twice.

This is why people also refer to a 51 percent attack as a “double spend attack.” Coinbase’s blog post on the recent Ethereum Classic attack has a clear explanation of how this works. Paraphrasing it here, a miner or miners (let’s call her person A) with 51 percent control of a network could send person B coins while secretively starting a new, alternative block record. In that new record, person A would include a transaction with the same coins she “sent” to person B. Person A can then build off that new record, adding more blocks until it becomes the longest chain. This makes it the new canonical chain and renders the original transaction between person A and person B invalid, since those same coins now exist in a canonically valid block. Here’s a handy graphic borrowed from Coinbase security engineer Mark Nesbitt:

In the case of a dishonest buyer sending cryptocurrency to a vendor, that vendor could easily end up sending  wares to the buyer while the buyer stealthily creates that new, longest chain. The dishonest buyer gets what they paid for while invalidating the transaction that would have sent the vendor the coins it cost to buy their product.

What would it take to carry out a successful 51 percent attack on bitcoin? Ethereum? What about Zcash?
There’s a handy website that answers all of these questions called Crypto51. It lays out the how much it would theoretically cost to effectively attack networks ranging from bitcoin and Ethereum to the lesser known likes of Vertcoin (which succumbed to a 51 percent attack in December) and Catcoin. Attacking the bitcoin’s network this way would cost about $340,232 per hour, according to the website. Ethereum would cost $103,487 per hour, and Zcash would cost $12,989 per hour. A 51 percent attack on Catcoin, says Crypto51, would cost a whopping $0 an hour. What are we waiting for?

Is it possible to carry out at a “51 percent attack” without 51 percent of a network’s computing power?
Yes, but it’s not guaranteed. If you have control of close to half of the computing power in the network, say 40 percent or so, it’s possible to successfully carry out such an attack. However, it’s about half as likely.