“The 51% attack”. A well-known and confusing cryptocurrency fear. Many people have heard about it, but don’t really understand it. Will it mean the end of Bitcoin? What does it stand for exactly? What are the chances of such an attack to occur?
What is a 51% attack?
A 51% attack is the possibility for a single organisation which controls more than half of the mining power (hashrate) of a cryptocurrency to cancel transactions that occurred in the last few hours, and generate new transactions from addresses owned by this specific organisation.
To understand how it works, you need to understand mining: computers are in competition in order to be the first to find a valid hash for a block. The first to find the hash for a new Bitcoin block confirms all the pending transactions on the network and is rewarded with 12.5 bitcoins. The probability to be the first to find a hash strongly depends on the computing power of each participant.
Let’s suppose that an attacker has huge computing power, larger than all the other competitors’ power, so at least 51% of the total. He would be able to perform the following attack:
- Send an important bitcoin amount to somebody, in order to get a service or a product in return
- The transaction goes into a blockchain’s block via some miner’s work
- Simultaneously, this attacker uses his mining power to generate new blocks, but without publishing them. The attacker’s blocks are exactly the same than those written on the blockchain, but without the above transaction
- The other party, believing that the transaction is confirmed, sends the product or offers the service
- As soon as he receives the product or service, the attacker publishes the blocks he secretly mined onto the blockchain. Because he has created more blocks than all the other actors, his blockchain version is considered the right one.
- In his version, the above transaction related to the product or service doesn’t exist. The attacker gets his bitcoins back, but the other party can’t get his product or service back
Bitmain is the entity possessing the most importante hashrate today
So evaluating the impact such an actor could have on the Bitcoin network security is necessary. One can also wonder to what extent users can have confidence, knowing this company is acquiring more and more computing power.
Bitmain owns the mining pools Antpool and BTC.COM, and is the majority shareholder of ViaBTC. ViaBTC concentrates the biggest part of the computing power used to secure the Bitcoin network. At some times, this combined power was so important that it represented close to 51% of the total hashrate. Here is the hashrate distribution as it was on June 23, 2018:
It is not the first time we face such a situation on the Bitcoin network. But each time this happened, the Bitcoin community strongly reacted
In 2014, Ghash reached 55% of the Bitcoin hashrate, despite announcing publicly they would not exceed 40%. Immediately, miners left the pool and DDos attacks targeted their website. Today, Ghash no longer exists, which underscores how much the Bitcoin community shows self-regulation and discipline.
Today, it is difficult to guess if the community is about to show similar resilience against Bitmain. But the fact is the hashrate of the Bitmain’s pools has now significantly decreased to stabilise around 32%, compared to 42% two months ago:
Bitmain has no interest in launching a 51% attack
As discussed, a 51% attack requires huge computing power. In order for this attack to be successful, computers have to mine offline in order to hide the new blocks from the other parties.
So Bitmain would need to remove most if not all of its computing power from the Bitcoin network, on three different platforms, and to continue to secretly mine until the attack occurs. It would be very obvious something nefarious was being prepared and the community would suspect an imminent attack. And if the attack did succeed, the consequences on Bitmain’s reputation would be dramatic. The company’s future would definitely be jeopardized.
Furthermore, Bitmain doesn’t actually control the full amount of the computing power on its networks. People and companies use Bitmain to mine by connecting to Bitmain’s platform. Those people would quickly move to another platform in case of suspicions that an attack was about to occur, using their computing resources. We don’t know how much power Bitmain and its pools own per se, but it’s far from 51%. And we can guess that if Bitmain’s computing power disappeared suddenly, a lot of members of the pools would move to another platform, making the attack very difficult if not impossible to succeed.
Moreover, it would not make sense for Bitmain, which reached a 2.5$ billion turnover in 2017 and already more than 10$ billion in 2018, and which invested heavily in hardware , would attack the network that generates all of its business. Keep in mind this simple fact: the higher the price of Bitcoin is, the more profitable mining becomes
Currently, with a 0.06 USD/kWh price in China, mining using Antminer S9 machines, the most powerful ASICs available today, is profitable as long as the price of Bitcoin stays above USD$3600. This fact is well demonstrated by the continuing increase of the hashrate of Bitcoin, despite a bearish market:
Launching a successful attack on the network would negatively impact Bitcoin’s value and would be a business-killer.
Furthermore, if Bitmain provides more than 50% of the hashrate and suddenly decides to use that hashrate in secret to prepare an attack, the Bitcoin network total hashrate would decrease significantly and it would be an easy to detect sign, contrary to other PoW blockchains where important hashrate variations often occur, such as Bitcoin Gold.
Not only a 51% attack would have a limited impact on the Bitcoin network, but it would be much more detectable than an attack on any altcoin network. And the attacker would irremediably tarnish his reputation, a business-killer in this industry where new alternatives appear almost every day.
Keep in mind that Blockchain and cryptoassets are part of a new industry, in constant motion. Vitalik Buterin emphasizes a possible solution to mitigate the 51% attack risk, described by Leslie Lamport, which would require 99% of the network computing power to be feasible.