Explaining a 51% Attack - What it means and how to protect yourself

Ethereum Classic is currently making news of being 51% attacked. But what does this mean and how can I you make sure that your holdings are safe?

I will try my best to explain the 51% attack, what this means, who's affected and its overall effects. Please let me know if you have any followup questions as I'm happy to go in further detail if needed.

Basics

Let's start with the basics. Blockchain. It's that thing that is being passed around as a catch phrase and a means to get instant funding for any project that seems to even mention it. Basically Blockchain is this public available ledger that keeps track of every transaction that has every occured on the entire network. This kind of attack that I'm trying to break down here is not targeting any cryptographic aspect of a crypto currency, it's targeting this exact ledger - the bookkeeper - the Blockchain.

I've seen a lot of misconception about what a 51% attack can do, how it works and how it affects a blockchain. So let's get that out of the way right now:

An 51% attacker or „double spend attack“ does exactly what its name implies. It allows an attacker to spend their coins multiple times. It's not possible for an attacker to spend coins which he doesn't own nor create new coins out of thin air. All he can do is spend those coins he already owns - multiple times. So your funds should be safe, right? Well yes, at least for the most part. I'll come back to that later.

How does he manage to spend his coins multiple times? Well the idea is the following. An attacker might send his coins to an exchange, cash them in or trade them for other coins. After he withdrew his money he's able to reverse the transaction to the exchange and keep both the money he earned from the trade and his original coins to begin with. Basically it's like paying for something, receiving the product you bought and find a way to get back your money.

The basic principle behind the blockchain is to make sure that this doesn't happen. So the blockchain stores every single transaction that has ever been processed on the network in a hierarchic order. The newest transaction at the top of the chain, the oldest at the bottom. That way anyone can publicly verify that the coins you want to send to someone haven't already been spent. That's the purpose of the Blockchain.

Getting a bit more technical. So if you want to send Alice some Bitcoin, you create a transaction that must include previous coins you received, the destination address and the amount you want to transfer. You then proceed to sign it with your private key and broadcast it to all other Bitcoin nodes. Every client is then individually checking whether those coins you mentioned in your transaction have not appeared in any other transaction on the network in the past. If not, you are in fact the owner of these coins and haven't already spent them before. So this transaction will get included in a block by a miner and added to the Blockchain on top. Now everyone can verify that Alice received coins from you which leaves you with no more coins to spend and allows Alice to spend heirs. Newer blocks are build on top of that one further confirming your transaction. Each block that builds on top of that one is strengthening the validity of your transaction as well as everyone else´s to make sure that they are not reversible.

So.. How does a 51% attack reverse this?
51% refers to the amount of hashing power someone owns in regard to the entire network. If you own 51% of all hash power you approximately create 51% of all blocks that are produced on the network. So you are competing against only 49%, the entire rest of the network, in finding new blocks which leaves you in a majority.
By having 51% of the hash power you can see how you can mine more blocks in the same time as the entire rest of the network combined.

What an attacker can do now is the following:

1. Send a transaction of his coins to f.E an exchange and broadcast it to everyone. Miners will include it in a block and therefore the transaction is valid and his coins are spent.
2. He secretly starts creating his own block that's similar to everyone else´s but without the transaction where he spent his coins. He then mines only on top of his own chain that he's witholding from the entire network. Since he owns more hash power than everyone else his secret chain grows faster than the public one.
3. The attacker can spend the coins he transferred to the exchange. Cash it in for some $ or other coins and quickly withdraw his money from said exchange.
4. If his secret chain contains more blocks than the public one he broadcasts his secret chain to the public. Now the following is crucial to understand. The fundamental code of the network is to always follow the longest chain with the most work put into it. This rule guarantees the security of the network. So now that the network sees his chain with more blocks (more work) than the other one, it decides to drop the shorter chain and follow the longer attacker chain. New blocks are now built by 100% of the network on his chain while every transaction from the old chain that isn't included in the attacker chain basically „never happened“. The attacker managed to alter the history of the chain and therefore still owns the coins he originally sentd to the exchange with the ability to spend them again. Leaving the loss at the exchange since he already withdrawn the money before anyone took notice.

Now you see why an attacker can't create new coins out of thin air nor spend coins he didn't own. He can't bypass cryptography with this attack, he can alter history, at least to a certain extent. Mining a block is hard and requires a lot of computational work so it gets's increasingly harder to reverse older blocks than newer ones.

Two chains, so it's a fork?
No. You see the attacker hasn't violated any fundamental consensus rules. The „new“ chain is perfectly valid in the eyes of 100% of the network. Therefore the chain is not split and every client on the network agrees on the new chain.

Couldn't an attacker include a transaction that spends coins from someone else?
No. Well technically sure, he could. But doing so is completely pointless and a waste of money. As soon as he would broadcast his own chain with consensus violations (like forging a signature for coins he doesnt own) no other node on the network would switch to this chain. This would result in a fork with a chain whos only user is the attacker and a second chain that is being used by everyone else. Including exchanges, which probably are the main target of an attacker trying a double spend attack. The attacker just wasted a lot of money for an invalid chain.

Are my funds safe?
Your funds are fine as long as you haven't stored them on the exchange that has been 51% attacked. Since the attacker withdrew his coins from there the exchange finds itself now missing this exact amount of coins. A huge 51% attack could mean its users are only able to get back a certain percentage of the coins they held there. It's basically up to the exchange how they handle this and distribute the remaining coins to their users. Or if they pay for the missing amount out of their own pocket.

How can I protect myself?

1. The basic rule of thumb for crypto in general: Simply do not store your coins on an exchange. Store them in a wallet where you are in possession of the keys.
2. Be cautious of exchanges with little to no confirmation time. An 51% attack gets increasingly harder the more new blocks get mined by the network. It's „easy“ and „inexpensive“ to reverse 6 blocks but very hard and much much more expensive to reverse 600. Any exchange that waits only a few blocks before they confirm your deposit are the prime targets of an 51% attacker so you should be carefull when dealing with those.

Why are some exchanges then only requiring 1-2 blocks for confirmation?
It's basically a speed and security tradeoff. Lower block confirmations mean you can sell your coins faster on said exchange. But increasing the probability of an successfull 51% attack.

I hope I could clear a few things up and answer a couple of your questions. If you still find yourself confused about it - that's ok, it's a complex topic. I'll try and answer any questions that came up, just leave a comment and I'll give it a shot.