These cryptocurrencies are vulnerable to a 51% attack right now
Dead coins walking. A new tool highlights how cheap and easy 51% attacks are these days.
A 51% attack on cryptocurrency is when a single group controls more than 50% of the network's mining power. This lets them manipulate the coin in different ways. For example, a recent 51% attack on Bitcoin Gold (BTG) managed to net $18 million for the attackers by combining a 51% vulnerability with a double spend attack.
Essentially, the attackers sold a lot of BTG to exchanges, then used their 51% capabilities to yank it back again. That particular attack was just one in a long line of recent 51% attacks, and there will be many more.
Some coins are much more easily and profitably attacked than others though. In fact, just about any smaller proof-of-work coin is a target waiting to be exploited.
The weakest coins
Someone created a handy chart to highlight some of the most vulnerable coins. As you can see, basically all proof-of-work coins except the very largest are vulnerable to a 51% attack right now.
The chart looks something like this.
Name, symbol and market cap are self-explanatory. The other columns are the important parts.
- Algorithm. The mining algorithm used by the coin. Different coins with the same mining algorithm can be mined with the same gear. The amount of mining gear turned towards each coin is indicated by the hash rate. Bitcoin and many others use an algorithm called SHA-256, but it's just one algorithm among many.
- Hash Rate. This is how much computing power is tuned in to that specific coin. If one party gets at least 51% of the hash rate, the coin's in trouble. Bitcoin's hash rate was an enormous 32,798 petahashes per second (PH/s) at the time the chart was put together, which is much higher than any other coin.
- 1h Attack Cost. This is how much it would cost to rent 51% of the required hashing power per hour on NiceHash, the world's largest crypto mining power marketplace. If it was available, it would cost over half a million dollars an hour to rent more than 50% of the bitcoin hashing power.
- NiceHash-able. The proportion of the required 51% of hashing power available for rent on NiceHash. This shows that only 2% of the current bitcoin hashing power is available for rent, so someone can't just rent an attack whenever they want.
Overall, the enormous amount of hashing power dedicated to bitcoin makes it relatively secure against outside attack. By contrast, here's the recently attacked and fantastically vulnerable Bitcoin Gold.
- Algorithm. BTG uses the widely used Equihash algorithm.
- Hash Rate. BTG has a miniscule 34 megahashes per second (MH/s) hash rate. This might be running unusually low right now as a side effect of the recent attacks though.
- 1h Attack Cost. For less than $4,000, you can rent an hour of attack power on NiceHash. The recent BTG attack netted the attackers about $18 million in a couple of days, so that's a top notch return on investment.
- NiceHash-able. NiceHash has plenty of Equihash mining power for rent. In fact, it has more than three times the amount needed for a 51% attack.
Because it's extraordinarily vulnerable, and quite valuable, BTG was a perfect victim.
Why aren't there more attacks?
It's likely that the majority of attacks go unnoticed. Plus, it's not quite as simple as just picking up the majority of hashing power. Attackers actually need to maintain it for a while and do something with it. If the attack fails, the attackers lose money, so it's worth treading carefully.
However, the ease and low cost of renting enough hashing power for an attack means there are plenty of opportunities for people to conduct cheap experimental or recreational 51% attacks on garbage coins before setting their sights higher and taking down bigger projects for profit.
For example, someone could practice a 51% attack the Scrypt-powered Mooncoin for $6 an hour. Too rich for your tastes? Not to worry because anyone can have a go at dominating DigitalPrice for $1 an hour, or SmartCoin for just a few cents. Because those coins are quite worthless, there's probably little benefit to manipulating the networks, so attackers might favour holding it ransom or just mucking around for fun instead.
It's also worth noting that this chart isn't a complete list of vulnerable coins. There are plenty of even more valuable coins that already have more than 50% of their hashing power in the hands of one entity.
What's the solution?
Proof of work (PoW) refers to this family of mining algorithms, and the type of coin that's mined by application of sheer hashing power rather than other means. 51% attacks are increasingly just a fact of life for these coins.
Coins can change their mining algorithm by forking, but this is just a delaying action rather than a real solution and means committing to an arms race without any end in sight.
The hard truth is that proof of work is an evolutionary dead end for all coins except bitcoin and maybe one or two others. Although the grotesque inefficiency of proof-of-work mining means that bitcoin's exception to this is also up for debate. There's a reason serious projects don't just fork into existing PoW algorithms these days.
The spotlight on 51% attacks, and the prevalence of new tools which highlight just how cheap and easy it is, means most PoW tokens are dead coins walking. Fortunately, most of them are just thinly-veiled cash grabs anyway. They won't be missed and can at least go down in an entertaining and educational blaze of glory.
Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VEN, XLM, BTC and XRB.