When it comes to the security of Bitcoin, the first thing proponents of the digital cash system will point to is the large amount of specialized computing power that is pointed at the network. They do this because it becomes more difficult for one single entity to attack the network for their own gain as more computing power is pointed at Bitcoin.
Bitcoin’s competitors do not have anywhere near the same level of security, which is why some of them actually piggy back on top of the Bitcoin blockchain in order to improve their own security. In fact, this security piggybacking now makes up 20% of the daily activity on the Bitcoin blockchain (read more about this here).
Although the security issues around newly-created altcoins were mostly theoretical in the past, these problems are now gaining more notoriety as real-world examples of these attacks come to fruition.
What is a 51% Attack?
Bitcoin miners are tasked with the job of ordering transactions on the global ledger known as the blockchain (they’re basically bookkeepers), and the permissionless nature of the network means anyone is able to participate in this process and no single party is in control of things.
However, if more than 50% of the Bitcoin network’s computing power is controlled by a single entity, then that entity is able to pull off a variety of attacks on the network such as censoring certain types of transactions, effectively rewriting the history of transactions, or completely halting activity on the network.
This issue is known as a 51% attack.
These Attacks are Not Theoretical
Over the past year, a variety of somewhat noteworthy altcoins have been targeted with 51% attacks.
According to Bleeping Computer, the Bitcoin Gold network suffered from a double-spend attack on the order of $18 million last May. Bitcoin Gold is an altcoin that spun off from the Bitcoin network in late 2017. Ironically, the key selling point of Bitcoin Gold was supposed to be the restoration of mining decentralization.
According to The Block, Vertcoin also suffered from a 51% attack last year. Similar to Bitcoin Gold, Vertcoin is touted as an ASIC-resistant cryptocurrency aimed at preventing the centralization of mining on its network.
More recently, crypto asset exchanges Coinbase and Gate.io have reported that the Ethereum Classic network has been hit with double spends related to a 51% attack.
The full list of altcoins that are unsecure is much longer than this. Crypto51 tracks the costs associated with attacking various crypto asset networks, and some of the longtail networks would only take a few dollars to take over for an hour, even though the networks are supposedly worth millions of dollars.
Attackers do not even need to buy their own equipment to gain more than 50% of a network’s hashrate in some cases. Websites like Nicehash allow users to buy and sell computing power on the open market, which means an attacker just needs to rent someone else’s mining setup for as long as they wish to wreak havoc on a particular crypto token.
“If the hashrate for a coin — for example let’s say 100 megahash is the total network hashrate of the coin — and you can rent that much hashrate on Nicehash, then someone can effectively just pay however much it is (a few thousand dollars) to rent that hashrate and 51% attack your coin,” Litecoin creator Charlie Lee explained on a recent episode of Laura Shin’s Unconfirmed podcast. “They don’t have to buy ASICs; they don’t have to buy GPUs. They can just do a one-time rental of that hashrate and attack the coin.”
Coins that are susceptible to this sort of rental attack are said to be “Nicehashable.” At the time of this writing, 73% of the necessary computing power needed to attack Ethereum Classic is available to rent on Nicehash and 40% of the necessary computing power needed to attack Dash is available, according to Crypto51. Combined, these networks are currently worth nearly $1 billion.
For many smaller tokens, more than 100% of the hashrate needed for a 51% attack is available for rent on Nicehash.
And No One Seems to Care
The weird part about the 51% attacks that have happened in the real world is no one seems to care about them. Ethereum Classic is still worth nearly $500 million after last week’s 51% attack, and Bitcoin Gold’s market cap is still over $200 million after the $18 million double-spend attack on its network.
“It’s been days,” said Lee during his recent conversation with Shin. “The whole [Ethereum Classic] network is frozen. Well, the network is not frozen, but like all the exchanges have stopped withdrawals and deposits. You can’t really do much with ETC, so what’s the whole point of the coin if it’s not secure? If I had any ETC, I would have sold it. I’m surprised the price hasn’t crashed.”
