The short version:
- 51% attacks can occur when a single group or entity controls the majority of the hashrate i.e. mining power behind a blockchain.
- This enables the attacker to manipulate new blockchain data, allowing them to double-spend their cryptocurrency.
- Bitcoin Cash and Ethereum Classic have been hit by 51% attacks, and technically speaking most proof-of-work cryptos are vulnerable
- Low-cap, low hashrate blockchains are the most vulnerable. You can protect yourself by trading on exchanges with deposit insurance.
What is a 51% attack?
A 51% attack starts when a crypto miner or group of miners controls more than half of the mining hashrate of a single proof-of-work (PoW) blockchain.
Then, should they choose, they can abuse their majority share and effectively “hijack” the blockchain. This would enable them to block or reverse transactions, double spend crypto, and otherwise manipulate the records within for their own financial gain.
Now, there’s a lot to unpack there, so let’s start at the beginning.
More: How to explain blockchain in under 30 seconds
What is a proof-of-work blockchain?
A blockchain is a huge online ledger — not unlike a giant Google Doc that the entire world shares.
Data can only be added to the blockchain if the majority of the mining computers powering the blockchain agree that the transaction is valid. This process-heavy validation method is called “proof-of-work.”
Now, the immense complexity of PoW is what keeps the blockchain secure. You can’t just go into the blockchain and give yourself 1,000 bitcoins. In order to do that, the majority of mining computers would have to “agree” with your edit before legitimizing it.
Ergo, things get messy when a single entity controls the majority of a blockchain’s power i.e. hashrate.
What is hashrate?
Hashrate refers to the total amount of computing power required to maintain a blockchain. For example, the Ethereum blockchain currently requires 996.82 terahashes per second (Th/s) to maintain.
For reference, a top-of-the-line Nvidia RTX 3080Ti graphics card has a hashrate of 121.90Mh/s. So you’d need roughly 8.24 million of them to power the entire Ethereum blockchain.
It might help to think of hashes like votes. The Ethereum blockchain is essentially soliciting billions of “votes” per second to validate transactions, which makes it extremely difficult to fool or manipulate.
However, if you can find a way to supply the majority of the votes, you now control the blockchain, and get to decide which crypto transactions get blocked, added, reversed, etc.
Which leads us to a 51% attack.
More: 8 best metaverse stocks to invest in today
51% attacks: quick summary
So, to recap:
- A PoW blockchain validates and adds transactions through decentralized consensus, i.e. “votes” from mining computers around the world.
- The hashrate is like the total number of “votes” powering the blockchain.
- If you can amass enough power to control 51% of the “votes,” you control the blockchain and get to determine which transactions get added, blocked, and reversed for personal financial gain.
- This allows you to create a “shadow chain” that overwrites the “honest chain.”
That, in essence, is what a 51% attack is. Control the votes, control the data.
Sounds simple in concept, but hard to execute. Has anyone pulled it off?
Examples of 51% attacks
51% attacks are rare, but they do happen. Here are two of the most infamous examples:
Bitcoin gold in 2018 and 2020
Bitcoin Gold (BTG) launched in October, 2017 under the slogan “make Bitcoin decentralized again.” The idea behind the offshoot crypto was to make mining easier for small-time miners since the hashrate for Bitcoin had gotten way, way too demanding.
However, the low hashrate also made BTG uniquely attractive to 51% attackers since they wouldn’t need nearly as much computer power to hijack it.
Sure enough, BTG was hit by its first 51% attack in 2018 leading to an $18 million loss. Then, despite improved security measures, BTG was hit twice in January 2020. Attackers collectively removed 29 “honest blocks” and added 29 of their own, leading to a roughly $70,000 loss.
In these cases, the 51% attackers were removing records of their own BTG expenditures, allowing them to spend their BTG twice — a common form of theft called double-spending.
Ethereum classic in 2019 and 2020
Ethereum Classic (ETC) was born in 2016 when the original Ethereum was compromised due to a flaw in one of its smart contracts known as The DAO (it was a Decentralized Autonomous Organization).
A more secure version of Ethereum branched off which adopted the Ethereum name (ETH) while the original Ethereum soldiers on as Ethereum Classic (ETC).
Sadly, ETC could never shake its reputation as “insecure Ethereum,” leading to a limited pool of miners and thus a low, vulnerable hashrate.
Sure enough, ETC was hit by a 51% attack in January 2019 with $1.1 million worth of double-spending occurring. It was hit again thrice in August 2020, with hackers reorganizing nearly 8,000 blocks allowing them to double-spend over $9 million this time.
Massive oof. So what was the fallout? How did these 51% attacks affect the values of the afflicted cryptos and the market as a whole?
How does a 51% attack affect cryptocurrency?
Surprisingly, 51% attacks don’t seem to have much of an impact on the market.
Heck, they hardly even impact the values of the victimized cryptos.
BTG took a small, 5% dip after the January 2020 attack made headlines, but one could easily write that off to regular market volatility:
Similarly, ETC took a ~20% dip in Q3 2020 but quickly recovered to pre-attack levels by Q4.
Why don’t 51% attacks affect prices?
Since crypto prices are 100% speculative, we have to dive into the mind of a trader for the answer.
Why wouldn’t BTG and ETC traders abandon their positions after a 51% attack?
It’s likely due to a combination of factors, including but not limited to:
- 51% attacks target small-cap coins which have more dedicated communities
- HODL/YOLO mindset
- Faith that the developers will improve security
- Hacks generate publicity, and there’s no such thing as bad publicity
- Exchanges typically freeze trading in the short term, which indirectly prevents a panic sell
- Stolen funds are insured by the exchanges
That last bullet is why many say that the exchanges are the true victims of a 51% attack. After the 51% attack on ETC in August 2020, OKX’s deposit insurance meant they had to pay investors back $5.6 million.
That sucks for the exchange, sure. But if investors were OK and prices were OK, does that mean you have nothing to worry about?
How do 51% attacks affect investors?
Even with deposit insurance and stable values, investors can still be victimized by a 51% attack.
As mentioned, exchanges typically respond to an attack by freezing all trading on that blockchain and putting the developers on notice for an immediate fix.
If the developers don’t respond, the exchanges threaten to delist the afflicted cryptos to hedge their losses from insurance payouts.
For a small community of investors trading a low-cap coin, a trading freeze followed by a delisting could be inconvenient at best, a death sentence at worst. It didn’t happen to either BTG or ETC, but it could.
As a crypto investor, how concerned should I be of a 51% attack?
It depends which cryptos you dabble in.
Most popular coins these days (BTC, ETH, LTC) have an extremely high hashrate, which means it’s pretty much impossible for any single entity to amass 51% of the power necessary to attack it.
For example, to conduct a successful Bitcoin 51% attack, you’d need to consume more electricity per second than the entire country of Singapore.
Plus, even if someone did amass that much computing power, the blockchain gives them more motivation to mine it than to hack it. Case in point, Coin Telegraph calculated that the BTG hacker “would’ve recouped around the same value in block rewards.”
That all being said, proof-of-work cryptos with a small market cap (<$1 billion) and a low hashrate (<100 GH/s) are still highly vulnerable. It’s not impossible for hackers to rent just enough computing power to amass an attack and overwrite some blocks.
More: How to spot a crypto scam
What can I do to protect myself from a 51% attack?
Here are a few ways crypto investors can protect themselves from the negative fallout of a 51% attack:
- Invest in proof-of-stake cryptos which can’t be targeted
- Focus on cryptos with active, passionate dev teams who are likely to respond quickly in the event of an attack – or better yet, work hard to prevent one in the first place
- Only trade vulnerable, low-hashrate cryptos on exchanges with deposit insurance
The bottom line
51% attacks occur when a single group or entity takes control of the majority of the mining power behind a particular blockchain. This “voting majority” enables them to manipulate data, double-spend, and otherwise cause havoc.
Thankfully, your average crypto investor doesn’t have to worry about them on a daily basis. The hashrate for major cryptos are so high these days that it’s become virtually impossible to hack them through brute force. It's highly unlikely that an individual (or even a group) could pull off a Bitcoin 51% attack or an Ethereum 51% attack today.
But if you dabble in low-cap, low hashrate altcoins, it doesn’t hurt to have protections in place.