Crypto's Achilles Heel 51% Double-Spending Attack Possible on Some Blockchains, Like BTG
Proof-of-Work (PoW) is supposed to be very hard to attack, requiring a lot of hardware and electricity to power a double-spending attack. That might be the case for some cryptocurrencies, but it's not the case for all of them.
A new website called Crypto51 has done some calculations to show the theoretical cost for pulling of a 51% double-spending attack. The site creator goes by /u/xur17 on Reddit, and showed that the attack is more feasible if you take into account renting the hardware from NiceHash (a Slovenian cryptocurrency cloud mining marketplace) for example, rather than buying it.
PoW 51% Attack Cost
Source
"There was an attack against Bitcoin Gold a few days ago, which made me curious what the cost of an attack would be with rented hashing power. I did the math and was honestly kind of shocked – someone could attack a cryptocurrencies worth close to a billion dollar for < $10k an hour and even less than that if you include the block rewards.
This got me to calculate the same figures for other coins, and again it was cheaper than I thought it should be. The goal of the site is to drive more attention to what I see as a pretty glaring problem with these smaller coins. Hashing power is easily retargetable, so not only can people rent hashing power, the larger mining pools can redirect hashing power at smaller coins for a few hours to attack them."
To attack the Bitcoin network, it would require $1 billion worth of hardware to pull off, and $500,000 for electricity per hour. The juice NiceHash rents out only covers 2% of the required computing power to attack bitcoin. Bitcoin is pretty safe at this point, but other coins aren't so safe according to these calculations.
Bitcoin Gold was recently attacked and double-spending was made to the sum of $18,000,000. NiceHash alone can pull this off and it would cost less than $4,000 per hour. Bytecoin has nearly a $1 billion market cap, and they could be attacked with NiceHash for the little cost of $600/hour. It's possible double-spending has been happening elsewhere and people don't know about it, as NiceHash cuts the cost and makes it easy for those in the know to pull it off with smaller Proof-of-Work networks.
Double Spending 51% Attacks
If you don't know what a 51% attack or double spending is, it's being able to control the hash rate of a currency and spend the same funds twice. Double-spending has been an issue and preventing digital currencies from becoming a reality, until Bitcoin came around with the PoW system and cryptographic calculations to "mine" coins. If you are fast enough to guess numbers and solve algorithms to verify transaction, then you get to be the one to add a new block to the immutable ledger. The hash rate is the number of guesses per second.
Bitcoin didn't used to be such a large network,but now it is. The amount of nodes in the network make it expensive to attack because you need a lot of processing power to beat everyone else trying to win and be the next block producer. But smaller networks have fewer nodes and require less power to win. If you can control 51% of the hash rate in the network, then you can send funds to an exchange, trade it for another currency, then erase your transaction. This means you spent the coins when you traded them, but then erased that record so the coins are still received in your wallet, and you successfully double spent them.
PoS Attacks Cost More
Proof-of-Stake (PoS) systems like Steem are also vulnerable. In PoS, you can pull off the attack if you buy half the coin supply. This would cost you a lot though, usually more than it would cost for hardware in a PoW system, but it's still possible. Also, as one would start to buy coins, this would push up the price and cost more and more to acquire more coins to reach 51% of the supply.
In light of these calculations done with the NiceHash service to cut costs for PoW attacks, there are security implications for many of the cryptocurrencies out there that are vulnerable to be attacked successfully. If someone combined NiceHash with other services or their own top-tier hardware rigs, they could attack larger cryptos like Ethereum Classic that already has 89% of an attack satisfied by NiceHash. Dash has 27% covered by NiceHash. It would be harder to pull off, but not impossible.
References:
- How Much Does it Cost to Attack Bitcoin, Ethereum and Other Coins
- Website Outlines The Cost of 51% Attack on Altcoins: It’s Lower Than You Think
Thank you for your time and attention. Peace.
If you appreciate and value the content, please consider: Upvoting, Sharing or Reblogging below.
me for more content to come!
My goal is to share knowledge, truth and moral understanding in order to help change the world for the better. If you appreciate and value what I do, please consider supporting me as a Steem Witness by voting for me at the bottom of the Witness page.
The craziest thing about this is that it's not happening more often. I interpret this as a testament to the hacker community. There are only a relative handful of people in the world with the technical knowledge to pull off these attacks, but the vast majority of them choose not to.
People with that kind of technical knowledge know just how important this revolution is and allow it to flourish unhindered. The black hats are much more likely to engage in "legitimate" cryptojacking attacks to use other people's computers to mine the currency without attacking it.
Maybe someone should attack these coins to drive value back to btc And eth.
Why not drop an anchor in eth btc and bch just to make it 3x harder to bust
Doesnt 50 pct of hash power just means you are likely to get two blocks in a row? In practice you need about 6 confirmations so thats only 3 pct of the time that would get six in a row.
This could be wrong i am legitimately asking.
I think it all just depends on the protocol of the given coin. I'm not confident of the technicalities either... but if you have 51% of the hash power I think you can deny someone else's claim to a valid block.
51% hash power allows you to author every block in a row with a certainty of 1. 40% hash power gives you 0.5 certainty of mining 6 blocks in a row. There is a calculator online somewhere, can't find it now. This is why mining pools are such a disaster for PoW security.
Yeah, one attacks the crypto, the other just profits by exploiting the people ;)
It's funny though because cryptojacking is like a gentleman's hack. It's totally like Office Space. Steal a few pennies from millions of people.
Wow did know at point of time!
Thanks keep it up!
Very good information - and nicely presented to summarize it. This post is a keeper for future discussions for sure.
We always new proof-of-stake related systems would be letter in the long run than proof-of-work (unfortunate situation, but very true)
Yeah, harder to pull off, but still able on PoS, but cost you a lot more and not very enticing lol. It hasn't been done yet, while it has been done to PoW ;)
Wow. As someone being new to the whole cryptocurrency exchange, I was unaware that such attacks could take place. Now I know some new terms and can apply them and do more research as I am learning! This is very informative and insightful. I can now have something meaningful to talk about with my friend who is always trying to teach my about these things. Thank you for this!
You're welcome ;) Glad to help ;)
The costs of those attacks are very low when taking into account the potential benefit.
I didn't know bitcoin gold suffered that attack.
What all of this proves is that crypto in general is still vulnerable and any entity with enough resources can "easily" destroy a blockchain.
Yup, still vulnerable, not mature enough yet for many to want to get into :/
PoS is the future. When attackers have something to lose, attackers will fear that. I am desperately waiting for Casper and Plasma to go live.
What do you mean? Attackers will fear what when people have something to lose?
Why are casper and plasma so good?
In pos you have to stake coins to be able to vote on a transaction. If you intentionally try to harm system by voting malicious transactions, you risk losing some or all your stake. Plus it doesn't require mining hardware. If you have coins, you can run a node from your phone.
Updated previous comment to be more clear
Wouldnt dash’s masternodes offer some protection? I guess proof of stake better at preventing double spend and proof of work better at preventing forks
Well forks are majority determined too? Who ever has the stake or hash power in the majority to approve a fork and will that to pass, no?
This definitely is a little bit concerning! Doing this seems like it would require a great amount of technical knowledge. I was reading a Bitcoin paper recently that talked how a 51% attack could happen! I would imagine as cryptos grow in popularity, they will be under increasing attacks such as this!
I think the more popular they get, the more complex it gets for certain PoW like Bitcoin. To attack bitcoin is harder and harder as the having makes the hashing more complex.
Yeah in order to get 51% of the hashing power, more servers will be needed making it harder to attain that threshold!
And Bitcoin proves why its still the king.
Coins mentioned in post: