Bitcoin — What is a 51% Attack?
A 51% attack describes a situation where any party (or parties who are working together) has majority control of the overall network hashpower, allowing them to manipulate the network in a number of ways for personal benefit.
With majority control, an attacker can exclude and modify transactions occurring on the network. In other words, a third party with malicious intent who controls the majority share of the network would be able to send Bitcoin to one address (for example an exchange), then overwrite the blockchain’s history in order to spend that same Bitcoin. This is what is referred to as the “double spending problem”.
We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU proof-of-worker. As long as a majority of CPU proof-of-worker is controlled by nodes that are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers. The network itself requires minimal structure. — Satoshi Nakamoto, The Bitcoin Whitepaper
For example, let us pretend that I have achieved majority control of the Bitcoin network hash rate and currently own 1 BTC. From my wallet, I would be able to send my 1 BTC to an exchange then go and “fork” the network, rewriting the new chain as if the original transaction (on the old chain) to the exchange never took place going forward.
I can now sell the 1 BTC (old chain) that was deposited on the exchange for cash and withdraw to my bank account while still retaining ownership of my 1 BTC (new chain) in my wallet by overwriting the transaction history. I can repeat this process as long as it is possible for me to do so and reap a large profit.
Because exchanges are the primary target for this type of attack, they typically require high amounts of network confirmations before funds are available for trading. This ensures that any funds deposited have a lower chance of being subject to a double spend attack. The more confirmations required — increasing the length of the chain — the more expensive it will be to overwrite the chain and continue their attack on the network. The industry standard for the most secure settlement assurance is 6 confirmations (the transaction has been recorded in 6 subsequent blocks).
The reason we do not see these types of attacks on a regular basis is simple; it’s typically really expensive to successfully carry out, regardless of consensus method. This is due to the Proof of Work (PoW) design of the Bitcoin protocol. In short, you have to dedicate computational resources and electricity (which both cost $$) in order to mine Bitcoin (I plan on writing another piece to go into this topic and Bitcoin mining in general in more detail soon).
Not only would it require an astronomical upfront investment in computer equipment to achieve a high enough hash rate to successfully attack a network such as Bitcoin’s, but by doing so you potentially make aware the other network participants of your intentions. This could result in the market “selling the news”, resulting in drastic price drops — therefore making the hackers attempts less profitable by the minute — and a tainted network reputation in the future.
As Bitcoin’s hash power exponentially increases, overall security rises, creating a positive feedback loop that secures the network as more participants opt into the system.
In short, any attempts to attack the Bitcoin network is a zero-sum game.
