51% Attacks And The Future Of PoW
Proof-of-Work consensus operates on the premise that attacking the network is too expensive and it’s more profitable to work with other nodes towards the same ends. But a recent slew of 51% attacks suggests we might need to rethink the place of PoW in the crypto ecosystem.
There have been several 51% attacks on proof-of-work blockchains in recent weeks, including Verge and GameCredits, but the most noteworthy has been the attack that saw hackers make off with up to $18 million after a successful double spend was executed on the Bitcoin Gold network.
Proof-of-work cryptocurrencies are maintained by networks of computers carrying out simple but repetitive and computationally-expensive tasks (‘work’). The problem is that if one node possesses more computational power than the rest of the network put together, it can rewrite the blockchain record — allowing the attacker to profit in the process: ‘The attacker made deposits at cryptocurrency exchanges, traded the coins for BTC or another coin, and then withdrew the funds. Next, the attacker used their dominant computing power to force the rest of the network to accept falsified blocks that reversed their initial deposits and caused these funds to vanish from exchange-controlled wallets.’
The Nakamoto Consensus — the proof-of-work system that enables bitcoin to serve as a peer-to-peer value transfer network — was absolutely ground-breaking when it was first proposed and implemented in 2008 and 2009. Bitcoin has never been compromised: hashrate, or the total computational power of all the computers in the network, is so high that it would be astronomically expensive to attempt a 51% attack. In the years since the Bitcoin protocol was released, many other proof-of-work coins have also been launched. None have the hashrate that secures Bitcoin, but many nevertheless have vast networks of computers that collectively secure them.
And herein, ironically, lies the problem. Because the strength of those networks represents a vulnerability to other, smaller networks.
Miners’ sunk costs mean opportunities for hackers
Bitcoin hashrate is vast, over 35 million TH/s (35,000,000,000,000,000,000 H/s), and is rising constantly with greater adoption and better hardware. However, there are many, many coins with networks supported by orders of magnitude lower hashrate. That’s also the case with other blockchains that use different consensus algorithms. Bitcoin Gold, for example, uses Equihash — and so do several other large coins. That made BTG a small and vulnerable fish in a big pool.
Proof-of-work is successful in securing a network when the costs outweigh the benefits. But having a large network means there are a lot of miners with sunk costs: people who have already bought hardware in order to profit from block rewards, but which can just as easily be deployed elsewhere if it looks more profitable. That’s what happened with Bitcoin Gold. The attacker simply needed to switch their hashrate from one blockchain, where they were mining honestly, to a blockchain that was weak enough to attack for profit.
The series of 51% attacks and double-spends we’ve recently seen will therefore likely continue and accelerate. There is, quite simply, no reason for them not to. The hashrate is there, and if it is more profitable to mine dishonestly than honestly, that’s exactly what miners will do. In some cases — as has already happened with very low-hashrate chains — miners will attack the network just for fun.
Solutions
There are a number of solutions to this problem, which could otherwise threaten every new blockchain that uses the same PoW algorithm as an existing, large network.
The first is Proof-of-Stake (PoS), which already has advantages of energy efficiency and throughput — as demonstrated by Waves-NG, which supports many hundreds of transactions per second. Proof-of-stake is already growing in popularity because it does not require expensive hardware, and therefore does not need to provide block rewards to compensate miners — meaning static-supply tokens can be created (which is what most ICO investors want).
A second option is launching tokens on a blockchain with established security, whether that is PoS or PoW. Ethereum (currently PoW) has proven popular for this reason, as well as its large developer and investor community. Waves, similarly, is a popular option for launching tokens without the overhead of maintaining a network.
The third option, taken by GameCredits after the network was attacked, is to ‘notarise’ the blockchain periodically on a stronger blockchain — in this instance. This has been carried out via the Komodo protocol. Komodo operates a Notary-as-a-Service function that stores hashes of its own blockchain on the Bitcoin blockchain, providing an immutable record that can be checked in the event of anything untoward occurring.
Thus one unintended and welcome consequence of these attacks will likely be the greater interoperability of different blockchains, as more projects launch tokens on established chains and more networks use each other to validate the integrity of their own blockchains.
Join Waves Community
Read Waves News channel
Follow Waves Twitter
Subscribe to Waves Facebook
Great information - Can you tell me where I find a list of the crytpo's that are POW and a list of crypto's that are DPOS? Takk!
There are hundreds of PoW coins. On CoinMarketCap, almost everything that's not marked with an asterisk as a Not Mineable coin uses a proof-of-work blockchain.
DPOS coins are: BitShares, Steem, Decent, EOS, Lisk and Ark.
Thankyou for clarifying that 😊 i now have to see what will be removed from my portfolio! The 51% attacks have in my eyes made all pow cryptos not worth investing in as much. I have lisk but hope to get money for more. Eos and steem i got (obviously!) I will check out Ark.. bitshares i have no clue about but it dosnt sound like one id be interedred in!
BitShares deserves more fame than it gets. I'm partly guilty, should have tried it out ages ago, but so far haven't. They have a decentralized marketplace built into the protocol, as well as tokens tracking fiat currencies. (SteemIt is built on the same framework, and it has one such token - the SBD)
I was just checking it out on coinmarketcap, but was sadend to see that its not on ny exchange that I have an account for.... But i can get it on blocktrades! something which I still havent explored yet but i should!
Bitshares seems quite cool, and very cheap concidering the max supply.
On blocktrades , we use steem connect to log in? and have wallets on blocktrades?
I believe that should work.
No. I believe you provide them with a payout address, and then they return "money in a different flavor" as soon as you send money to the deposit address.
I think binance has it
For the record: although it hasn't happened yet, PoS coins can also be 51% attacked by buying the majority of the coins. And then the attacker can keep double-spending.
Yes thanks thats why i asked about Dpos,because 51% attacks are not possible,am i correct in this?
It's unlikely, but witnesses could collude to get a majority. That happened with Lisk, which has a different design than Steem: 101 active witnesses who receive 'forging rewards' and cooperate in pools. I don't think the majority pool did anything malicious, though.
Yes that's what I was thinking it would only be possible with a dpos if people plotted in a big group.
hey.... I just saw that this reply wasnt even sent, i have a bad internet here in NORWAY, boasting one of the best internets in the world. Theres no way saterlites are even real!
I came back here to ask you if Tokens (I have more value in tokens than coins) are possible to do a 51% on? at a quick think they shouldn't be as the represent shares in a company?
OK, tokens are as safe as the blockchain they're registered on. In theory, there could be a problem if the tokens are worth more than the underlying coin.
In practice, the greatest risk is errors in the contract code for Ethereum tokens. That's why I prefer standardized Waves tokens.
This post has received a 52.83 % upvote from @boomerang.
You got a 25.30% upvote from @upme thanks to @wavesplatform! Send at least 3 SBD or 3 STEEM to get upvote for next round. Delegate STEEM POWER and start earning 100% daily payouts ( no commission ).