10 reasons why 2019 is the year of the cryptocurrency 51% attack
ETC kicked off the year-long 51% attack festival in style, and there's plenty more where that came from.
2019 will be the year of the 51% attack, suggests David Vorick of Siacoin and Obelisk mining.
There are at least 10 reasons why.
1. Hashrate marketplaces
The ability to rent mining power from hashrate marketplaces, most notably Nicehash, will continue to make attacks easier.
This can be thought of as a great big pool of mining power that can be accessed on demand – because that's exactly what it is.
Vorick puts it into perspective:
"Before hashrate marketplaces existed, attacking a cryptocurrency with 100,000 GPUs defending it more or less required owning 100,000 GPUs. Attacks of that scale would require many tens of millions of dollars to execute... After the development of hashrate marketplaces, the same 100,000 GPUs can be rented for several hours at a cost of just tens of thousands of dollars."
2. More ASICs are being released
ASIC miners are high-powered mining machines, and they're still being built.
As time passes, you get more ASIC machines on the market. And 2018 has provided some very clear trails of cause and effect where the release of a new ASIC miner for a certain algorithm is followed by 51% attacks.
Of recent note, Vorick says, are ASICs for Ethash and Equihash.
Ethereum Classic recently got chewed up by a 51% attack amid rumours of a new Ethash ASIC miner. Equihash ASICs delivered an even more abject lesson, with Bitcoin Gold, and ZenCash and Bitcoin Private (all Equihash) falling like dominoes after the Equihash ASIC hit the market.
The main reason ASIC miners leave so many cryptocurrencies vulnerable isn't just because miners use them to directly attack. Rather, it's because they flood Nicehash with a lot more supply, which dramatically lowers the cost of renting that hashrate for that algorithm. The result is that an ASIC release almost instantly makes any coin of that algorithm much more vulnerable.
3. Too many forks and too much sharing of mining algorithms
Making your own mining algorithm is a lot of work. It's much easier to just fork some other coin, or to re-use a mining algorithm you see elsewhere. There are no signs of this trend abating in 2019.
The most obvious reason this leads to 51% attacks is because it means around the same amount of hashing power is being shared between more coins, leaving each of them more vulnerable.
This is exacerbated with another more insidious vulnerability though, Vorick notes. Sharing mining algorithms causes additional breakdowns of "incentive compatibility." This is the principle that the incentives of individual participants are aligned with those of the network as a whole.
The idea is that a miner wouldn't want to attack the cryptocurrency they're mining because they risk damaging the value of their equipment and cryptocurrency. But when that same miner can use their gear to attack some other cryptocurrency, they don't have that obstacle.
4. Attackers have gotten much more sophisticated
The cryptocurrency boom of late 2017 saw a lot of people pay attention to the industry for the first time, and 2018 was highly educational for a lot of people. In other words, there are more people with the skills to carry out a 51% attack today than there were a year ago. This literally means there are more 51% attackers looking for targets now.
At the same time, more skilled attackers can turn a profit where a less skilled attacker can't.
Although they're commonly known as "double spend" attacks, Vorick notes that on the more sophisticated end, they might also be a triple or quadruple spend attack.
5. Mining farms keep getting larger
Economies of scale rule the mining industry, so mining farms just get bigger and bigger. And with their economies of scale, they're also the most likely to survive downturns.
There are now many farms with over 10,000 mining machines, a handful with over 100,000 machines and at least one with well over 500,000 units.
Correspondingly, this means that if your cryptocurrency has fewer than 10,000 machines working on it, it can be easily and single-handedly knocked over by a mining farm. If it has fewer than half a million machines working on it, it's still vulnerable.
6. The bear market slashed hardware prices
Falling cryptocurrency prices have made video cards a lot more affordable. That's good news for gamers and attackers alike. It's also made ASIC miners more affordable, and every mining firm that goes out of business means another new fire sale on mining gear.
At the same time, there are a lot of newly cash-strapped companies with hashrate to spare and every reason to launch a 51% attack where possible.
As cryptocurrency prices fall, it's gotten much easier to launch a 51% attack.
7. The bear market slashed cryptocurrency prices
Miner block rewards determine how much hashrate their networks can support. These are a combination of programmed tokenomics (such as, 3 tokens per block every 10 minutes on average) and crypto prices.
If crypto prices fall too much, a network can't support as many miners. As a result, its hashrate will fall and its security will be weakened.
A cryptocurrency's price must match its miner block rewards. If there's a mismatch or a coin's price suddenly drops too far, a cryptocurrency may suddenly became vulnerable.
8. It's easier to short crypto markets
As the cryptocurrency trading and exchange scene continued to grow in 2018, it presented a lot more opportunities to short a much wider range of cryptocurrencies. This presents a new way of profiting from a 51% attack.
It also presents some new opportunities to use hashrate for things other than 51% attacks. With variations such as empty block mining or selfish mining, you don't need a full 51% of a network's hashrate to detrimentally impact it. This makes more coins vulnerable to more attacks, and creates further incentives to go for these types of attacks.
9. More exchanges, more targets
Cryptocurrency exchanges might have proliferated rather than declined in 2018, and more exchanges mean more money and more targets for double spends in 51% attacks.
This not only presents more opportunities for low hanging fruit in exchanges with inadequate confirmation requirements, but can also make it easier for an attacker to triple or quadruple their spend by hitting multiple exchanges simultaneously.
10. Because it's now 2019
2018 was the year of 51% attacks, but now it's 2019 and it's still the year of 51% attacks. Plus, the Ethereum Classic attack and subsequent refund drama ushered in the new year with a real bang that's going to be hard to beat.
Dash is looking mighty vulnerable though.
A single entity has controlled more than 51% of Dash's hashrate for a bit over 6 months now. And coincidentally, one mining pool took 51% control of ETC about 6 months before it was struck by a 51% attack.
Disclosure: At the time of writing, the author holds ETH.