When studying how bitcoin works, and what could possibly go wrong with the network, we often hear people talk about the infamous 51% attack. However, when I started looking at this issue in more detail, I quickly realized that this topic is very often misunderstood, and most importantly, that the destructive potential of the 51% attack is usually overestimated.
What is a 51% attack? This is a situation where a malicious miner of the bitcoin network (or a group of complicit malicious miners) controls more than half of the total computing power of the bitcoin network. It is then theoretically possible in such circumstances to attack the immutability of the bitcoin blockchain, i.e. to modify certain bitcoin transactions from the past.
For example, the malicious miner could send bitcoins to a merchant to buy, say, a car. Once the merchant has received the bitcoins (i.e., the transaction was confirmed by at least one miner in a valid bitcoin block), the miner controlling at least 51% of the bitcoin network would be able to “cancel” that transaction by creating a new valid block starting from the previous transaction block but without including the aforementioned transaction (i.e. the payment to the merchant). Since the malicious miner possesses more than 51% of the total computing power of the bitcoin network, said miner has a good chance of catching up and eventually overtaking the original bitcoin blockchain (specifically, the version of the bitcoin blockchain in which the relevant transaction (i.e. the payment to the merchant) was confirmed). Once the amended version of the bitcoin blockchain from the malicious miner has overtaken (by some number of blocks) the original bitcoin blockchain, the entire bitcoin network will in principle decide to switch over from the shorter original version of the bitcoin blockchain to the new longer version of the bitcoin blockchain (in which the relevant transaction was omitted and thus never took place). Thus, in this way, the malicious miner can manage to partially rewrite the bitcoin history. Indeed, according to the new version of the bitcoin blockchain, the merchant was never paid, even though in reality, the merchant who thought he had received the payment has already delivered the car…
Such a 51% attack is logically a source of fear and fascination in the minds of many people since such an attack would strike at the foundation of the bitcoin blockchain, specifically its immutability.
However, such an attack is extremely difficult to carry out in practice. Moreover, the success of such attack is not guaranteed even if a (group of) miner(s) possesses more than 51% of the total computing power of the bitcoin network. In addition, the practical impact of such 51% attack is in principle also always limited in the sense that through such attack it is not possible to go too far back into the past (the older the transaction block one wants to modify, the smaller the chance of a successful 51% attack). Let us analyze the possibility of 51% attack and its potential consequences in more detail below.
1. What is a 51% attack?
Once a malicious miner (or a group of cooperating malicious miners) possesses more than 51% of the total computing power (also referred to as the hashrate) of the bitcoin network, it can attempt to perform a so-called 51% attack on the bitcoin network. In essence, said (group of) miner(s) can modify some recent already approved transaction blocks of the bitcoin blockchain and impose these modifications upon the entire bitcoin network, without violating the rules of the bitcoin protocol stricto sensu.
1.1. How does a 51% attack work?
Suppose the bitcoin blockchain is located at the level of block 687,500. The attacker wishes to modify block 687,497, for example to remove (and thus undo) a specific transaction included in block 687,497.
In order to succeed in this, the malicious miner will first and foremost have to go back to block 687,496 and create a new alternative block 687,497 building upon the aforementioned block 687,496. This means that the attacker will compose a new block 687,497 (e.g. the original block 687,497 from which the malicious miner omitted the transaction it wants to cancel) and then search for a correct block header hash of this new alternative block (see in this context our article on how bitcoin mining works exactly by clicking on this link).
Once the attacker manages to find a block header hash for its alternative block 687,497 matching the difficulty requirement of the bitcoin network, this alternative block is considered valid according to the rules of the bitcoin protocol. Indeed, all transactions included in this alternative block are still valid in themselves and the header hash found satisfies the bitcoin network’s imposed mining difficulty.
But this in itself is insufficient to make the alternative block accepted by the rest of the bitcoin network. Indeed, one of the basic rules of the bitcoin protocol is that if there are two competing versions of the bitcoin blockchain, the blockchain that contains the most number of blocks, in other words the blockchain that has accumulated the most computation (i.e. Proof Of Work), will be considered by the bitcoin network (i.e. the full nodes of the network) as the correct version of the bitcoin blockchain. Thus, the attacker must then succeed in making its alternative version of the bitcoin blockchain longer (i.e. containing more valid bitcoin blocks) than the original version of the bitcoin blockchain. In other words, the attacker must ensure that its alternative version of the bitcoin blockchain will outpace the original bitcoin blockchain in number of blocks. Only when the alternative blockchain begins to contain more blocks than the original bitcoin blockchain will the full nodes of the bitcoin network consider the alternative bitcoin blockchain to be the correct version and thus effectively switch to the latter bitcoin blockchain. At that point, the relevant transaction will have been effectively cancelled, as this transaction is not part of the alternative version of the bitcoin blockchain that is henceforth considered by the bitcoin network the correct version of the bitcoin blockchain.
1.2. Why must an attacker have at least 51% of the bitcoin network’s computing power in order to be successful?
Managing to overtake the original bitcoin blockchain (in number of blocks) is easier said than done because simultaneously with the 51% attack, the other miners in the bitcoin network are continuing to build upon the original bitcoin blockchain which is therefore getting longer and longer in the meantime. Thus, in our example, the original bitcoin blockchain has not stopped to produce new blocks at block 687,500 while the malicious is attempting its 51% attack. It is therefore possible and likely that, while the attacker has successfully created its alternate block 687,497, another miner in the meantime finds block 687,501 on the original bitcoin blockchain. In other words, there is a race going on between, on the one hand, the malicious miners who are embarking on the 51% attack and trying to outpace the original bitcoin blockchain, and, on the other hand, the remaining miners of the bitcoin network who continue to build upon the original bitcoin blockchain and who want to prevent their version of the bitcoin blockchain from being overtaken and outrun by the alternative version of the attacker(s) at all costs.
This arms race is therefore the reason that an attacker must have at least 51% of the total computing power of the bitcoin network if such attack is to be successful. If the malicious miner has less than 51% of the total computing power of the bitcoin network it can in principle never catch up and overtake the original bitcoin blockchain that keeps getting longer as time goes by (although this is a matter of probability and therefore not strictly impossible in the short term). This also means that having 51% of the total computing power of the bitcoin network is merely the strict minimum for an attacker to be successful. The greater the percentage an attacker has at its disposal the greater the likelihood that the attacker will eventually succeed in catching up and overtaking the original bitcoin blockchain within a realistic/desired timeframe. Note that even if an attacker has more than 51% of the total computing power of the bitcoin network this is no guarantee of success. Finding valid header hashes, which in each case is a validity requirement for a miner to be allowed to add a new bitcoin block to the blockchain, remains a matter of probability and is therefore unpredictable (in the short term). So if the attacker is unlucky, it will struggle to find valid header hashes (and thus add new blocks to its alternative version of the bitcoin blockchain) even if the attacker has a large percentage of the total computing power of the bitcoin network, which in such case will delay the progress of its attack and possibly cause the 51% attack to fail (depending on how long the attacker is able to sustain the 51% attack).
1.3. How far back can a 51% attacker make changes to the bitcoin blockchain?
As discussed above, the older the block (i.e., the deeper the block in the blockchain) that an attacker wishes to modify, the longer it will take and thus the more difficult it will be to catch up and overtake the original bitcoin blockchain.
Even though it is theoretically possible to modify the bitcoin blockchain as far back as one wants through a 51% attack, however, the reality is that the deeper the block is in the bitcoin blockchain the exponentially more difficult it becomes to successfully execute this attack. This therefore means that in practice only relatively recent bitcoin blocks could possibly be modified should a (group of) malicious miner(s) manage to gather more than 51% of the total computing power of the bitcoin network.
The expected impact on the immutability of the bitcoin blockchain is rather small in that respect, but of course a successful 51% attack would undermine the foundation of the bitcoin blockchain and its credibility.
1.4. Why is it best to wait a few confirmations before spending a newly received bitcoin?
As we explained above, the probability of a possible successful 51% attack with respect to a given bitcoin block (and thus the transactions included in it) shrinks as the relevant block sinks deeper into the bitcoin blockchain. This means that a transaction with, say, 2 confirmations (i.e., a transaction included in the second to last block of the bitcoin blockchain) has less security than a transaction with 10 confirmations (i.e., a transaction included in a block that was validly created 10 blocks earlier relative to the most recent block of the bitcoin blockchain).
Therefore, multiple confirmations are typically required by bitcoin network participants before they consider a received bitcoin to be irreversibly acquired. The deeper the block in which the relevant transaction is included, the greater one is protected against the risk of a so-called “double spend”, whereby the original bitcoin transaction is reversed through a 51% attack and the same bitcoins are subsequently used to make another payment; i.e. the same bitcoins are effectively used for making 2 or more different payments.
The number of confirmations required on behalf of the recipient of a bitcoin transaction will usually depend on the size of the amount of the relevant bitcoin transaction. In this regard, one will typically be inclined to request only a low number of confirmations for small bitcoin transactions (e.g. a small purchase in a store), while one will typically be stricter (i.e. request a higher number of confirmations) for large payments (e.g. purchase of a house). In this regard, we refer to to this article written by two French mathematicians who argue that a single confirmation can in principle be sufficient for everyday (read – small) bitcoin transactions.
Most online platforms for buying and selling cryptocurrencies require 6 confirmations before deposited crypto currency can be used. I.e. suppose you deposit bitcoin on an online platform, once your transaction is included in a bitcoin block, you will then have to wait until 5 additional bitcoin blocks are added to the bitcoin blockchain before you can effectively use the deposited bitcoins.
2. What types of 51% attacks can be undertaken against the bitcoin network?
In addition to modifying one or more past transactions, there are other attacks that can be carried out provided a malicious miner has at least 51% of the total computing power of the bitcoin network at its disposal. We discuss these in more detail below.
2.1. Douple Spend
As we discussed earlier in this article, a 51% attack allows for double spending. This would allow a malicious miner to spend the same bitcoin multiple times and thus profit from it.
2.2. Randomly filtering bitcoin transactions
If a malicious miner of the bitcoin network (or a group of complicit malicious miners) controls more than 51% of the total computing power of the bitcoin network, then it will in principle be responsible for producing the majority of newly created bitcoin blocks.
What this means in practice is that the malicious miner can randomly filter (i.e. refuse to include the transaction in a new bitcoin block) certain transactions of its choice with a certain efficiency: if the miner refuses to include your transaction in a block, you have no choice but to wait patiently until another (minority) miner manages to find a valid block, and hope that it is then willing to include your transaction in its block.
2.3. Paralyzing the bitcoin network
A malicious miner of the bitcoin network (or a group of complicit malicious miners) controlling more than 51% of the total computing power of the bitcoin network could also cripple the bitcoin network, by, for example, only creating empty blocks, i.e., blocks that contain no transactions. Indeed, since the malicious miner controls more than 51% of the total computing power of the bitcoin network, most of the newly mined blocks will in principle be created by said malicious miner and will therefore be completely empty, creating a bottleneck with respect to the approval of transactions on the bitcoin network.
2.4. Imposing arbitrary rules upon the bitcoin network
Since in the event of a successful 51% attack, the bitcoin network’s malicious miner (or a group of complicit malicious miners) controls more than 51% of the bitcoin network’s total computing power, its version of the bitcoin blockchain will in principle always constitute the longest blockchain and thus be considered the correct blockchain by the full nodes the bitcoin network. This would allow the attacker(s) to potentially impose arbitrary additional rules on the bitcoin network, i.e. rules that are not part of the original bitcoin protocol.
For example, the majority attacker could decide to include in its blocks only transactions that pay at least $1 in fees, and furthermore to reject any block from a minority miner if such block contains transactions that pay less than $1 in fees.
This de facto forces the rest of the bitcoin network to abide by these additional imposed rules. If the minority miners do not do so, then sooner or later they will end up on an incompatible version of the bitcoin blockchain that is smaller (contains less computing power) than the version followed by the majority miner/attacker.
In this context, for example, it could be contemplated that a nation-state would attempt to launch a 51% attack to enforce certain additional rules, e.g. only government-approved transactions should be included in a bitcoin block.
3. Conclusions
As we explained above, a malicious miner who is able to control at least 51% of the total computing power of the bitcoin network has multiple ways to either profit from or harm the bitcoin network.
In practice however, if a 51% attack were to occur it can be generally expected that such attack would not be motivated by profit. Indeed, the computational power of the bitcoin network is currently of such a gigantic magnitude that it would be enormously expensive (in materials and electricity) and organizationally extremely difficult to carry out a successful attack. In addition, a successful 51% attack would at best only result in one or more successful double spends for the attacker, meaning the enormous risks and costs of launching a 51% attack will generally far outweigh the potential benefits. In addition, a successful 51% attack would affect the very foundation of the bitcoin blockchain, specifically its immutability, thereby completely undermining the public’s confidence in the bitcoin blockchain, which in all likelihood will result in a lower market price. Thus, the profit that an attacker would reap thanks to a double spend would, in all likelihood, be completely wiped out by a drop in the bitcoin price.
A more realistic motivation for a potential 51% attack would be the desire of a nation-state or group of nation-states to cripple the bitcoin network in order to maintain their own fiat currency. While not impossible, this potential danger is also, in my opinion, more of a theoretical nature. The difficulty in terms of practical implementation of such an attack we have already discussed above and applies here as well. But in addition, other important factors come into play. The bitcoin network is an apolitical open borderless decentralized monetary network with a defined monetary policy that nation-states cannot simply ignore. If a (group of) nation-state(s) chooses to ignore or even boycott the bitcoin network, they run the real risk of ending up empty handed in the event that other competing nation-states embrace bitcoin (this is already the case in South America where e.g. El Salvador has accepted bitcoin as legal tender). In a world that runs on fiat currency with arbitrary monetary policies, the loss of confidence in fiat currency on the part of the general public that has access to bitcoin is a real risk. In other words, on a geopolitical level, nation-states have a strategic interest in recognizing bitcoin as a legal tender as soon as possible and to start accumulating bitcoin for their reserves, even though most nation-states have not yet come to this obvious realization.
Written by author Fanis Michalakis
Attention! Do you store your cryptocurrencies on an online platform? Please note, in that case you are not the actual owner of your cryptocurrencies!
In particular, you run the risk of losing all your cryptocurrencies, without any recourse, in the event that the online platform or your personal account falls victim to hacking or in the event of an unexpected closure (e.g. insolvency) of the online platform.
Protect yourself against hacking and take real ownership of your cryptocurrencies by storing your cryptocurrencies offline on your very own Trezor hardware wallet. Don’t wait before it’s too late and take immediate action now!
Click on the ‘Buy Now’ button below to buy a Trezor wallet from the official Trezor website.
