Cryptocurrency has entered the golden age of 51% attacks. Expect more
Once considered almost mythical, 51% attacks have been springing up everywhere in recent weeks.
OPINION: About a week ago it emerged that Bitcoin Gold (BTG) was hit with a 51% double spend attack targeting exchanges.
- 51% - When the attacker has more than half of the hashing (mining) power on the network, and can more or less decide what the "truth" is. This can be done by mining a separate chain with a different truth (such as that your money was never spent) and then slapping it over the "real" chain to basically bend reality.
- Double spend - One way of exploiting 51% capability by spending the same coins twice. The attacker sends funds and receives payment from a third party, then says the truth is that they never actually sent funds. Now they have both the funds they supposedly sent, as well as the payment they received. In this case the funds (BTG) were traded to exchanges, and then yanked back out.
This attack basically has the same effect as the old coin on a string trope, except this particular coin was worth about $18 million, and building the string is estimated to cost tens of thousands of dollars a day in computing power. How long the string needs to be depends on how many confirmations a transaction requires.
The attack comes in other flavours too, depending on the architecture of the coin being attacked. A recent spate of similar attacks on the Verge (XVG) coin may have been even easier, because the attackers didn't even need the full 51%.
The 51% attacks that hit Electroneum on April Fools' Day were probably also relatively easy, because the coin simply copied Monero's mining algorithm. This means gear which can mine Monero can also mine Electroneum.
Monacoin was also struck a week ago, at about the same time at BTG. 51% attacks, which have been a kind of semi-mythical beast for so long, are now common. Odds are this is just the beginning.
Why it's only going to get worse
The crux of the problem is that many proof of work coins are at immediate risk and there's nothing they can do about it. Hashing power can be rented, stolen and switched between coins fairly quickly when an opportunity presents itself.
BTG uses the Equihash algorithm. Any other coin which uses it, and has the same or less hashpower than BTG is also at risk. The same goes for Monacoin's Lyra2REv2 and almost any other proof of work coin. And naturally any other coin bravely operating on the same SHA-256 algorithm as bitcoin could be snuffed by the giant hashrate that's stomping around these days.
The nature of mining chips means anti-ASIC forks don't actually work as a realistic solution -- it's easier to create new cards than endless forks -- and for obvious reasons the majority of mining power is consolidated in the hands of chip manufacturers themselves. Such as Halong Mining, which only sold off a small handful of the miners it uses to maintain majority control of Decred and by extension any other Blake256 coin.
The real question isn't whether 51% attacks are a realistic possibility, because they obviously are. It's why they're only becoming more common now and whether there's any real way of stopping them.
Why so many now?
The main reason is probably because 2017 was a very big year for crypto and blockchain as a whole. It saw just about all companies in the space land absurd amounts of money, and a huge amount of interest. For ASIC miner manufacturers this meant scaling up operations to manufacture new chips, sell off the obsolete ones and generally pump millions of new machines into the world faster than ever.
It takes about 5 to 12 months to design, manufacture and hook up a new type of crypto miner, depending on who you are and what exactly you're making.
Guess what happened 5 to 12 months ago?
Total cryptocurrency market cap
The hashing power and sheer number of coins in crypto right now is unlike anything that's ever been seen before.
For the increasing number of groups with enough hashing power and technical expertise to launch a 51% attack, a list of coins and their mining algorithms is starting to look like a buffet menu.
51% attacks are the economically cool thing to do
One of the main arguments against 51% attacks is that actually launching one is against a miner's best interests. If they have so much hashing power, after all, they can make a relatively safe and easy fortune by just mining away rather than going to the trouble of a 51% attack. Plus, in a 51% attack you can only manipulate the coin itself. The theory is that by attacking it you risk sounding the alarm and killing the value of the coin, as well as the value of your mining gear.
This clearly isn't holding up. Firstly there's usually no shortage of coins that use the same algorithm, and the gear has a limited lifespan anyway. At certain points, launching a 51% attack will, if possible, be the most economically rational option.
Secondly, immediate profit isn't the only reason to launch an attack. Some might want to take down a rival coin or do it out of sheer spite. It might be a big fish using some random junkcoin as a guinea pig or someone might do it just because they can.
Thirdly, these attacks don't actually move prices and no one actually cares. With this becoming increasingly apparent, there might be a 51% attack gold rush of sorts on the horizon.
Don't bother handling with care
Monacoin and Electroneum prices did not respond to their attacks in any discernible way, and if Bitcoin Gold did it was mostly indistinguishable from the market as a whole. Verge prices did respond, but that response was to skyrocket.
The only members of the public with any personal stake in a 51% attack are the coin holders and developers themselves. They're typically unable to stop the attack, so the most sensible thing to do is simply ignore it rather than spark a panic which might actually start impacting prices.
It helps that the majority of mineable proof of work coins are digital detritus, forked to make a quick buck and without any actual long-term prospect. The obvious limitations of the most widely used traditional PoW systems, including but not limited to being at the mercy of 51% attacks, means serious developers are increasingly likely to look for alternatives. The field of 51% vulnerable coins is naturally skewed towards soft targets, less-reputable developers and inexperienced buyers.
As an added bonus, it will often be extremely difficult to make transactions on a network that's under attack, which makes it rather hard to panic sell and can help mitigate any immediate crash caused by a 51% attack. Miners might care, but mostly because attacks have them pulling up more empty blocks and losing pay. This means a lot of them then switch over to other coins with the same algorithm, which just makes it even cheaper and easier for the attacker to retain control.
A golden age for someone
Cryptocurrency has entered the golden age of 51% attacks. This is a window where:
- Hashing power is abundant
- There's a vast array of vulnerable coins to choose from
- The immature state of the market means you can launch 51% attacks without tanking prices
51% attacks have been possible on many coins for a long time now, but the relative scarcity of mining gear and fear of tanking prices tilted economic rationale towards simply mining away.
Now a tipping point may have been reached, with plenty of hashing power to break over plenty of coins, and growing evidence that you can thoroughly mangle a coin without anyone noticing or caring.
The extraordinarily quick and high rewards -- the BTG attack netted $18 million in just a couple of days -- mean it's well worth getting in while the window is open.
Is there any solution?
The high cost of useful miners and the benefits of economy of scale mean crypto mining was always going to consolidate and centralise over time. Also, anti-ASIC forks don't work. Even if they did, a coin that eternally needs to fork every few months probably isn't a great long term prospect.
Some of the more exotic PoW coins can remain ASIC-immune in other ways, while the largest such as bitcoin might get away, but most are probably going to die out as an evolutionary dead end.
This extinction might be sped along by blacklisting from exchanges. They're the ones who just lost $18 million to Bitcoin Gold's inadequate hashing power after all.
Once a coin gets a reputation for vulnerability it's going to be hard to shake. But as Verge prices show, that reputation is surprisingly hard to acquire. Either way, attackers are probably going to make hay while the sun shines.
Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VEN, XLM, BTC, NANO