The security is one of the points that seems to put the crypto community in agreement in any debate related to the scalability of the blockchain networks. To preserve or improve the security through a technical update of the network’s protocol, it is necessary to revise even the hypothetical possibilities that are often disregarded.
One example of these hypothetical possibilities is the 51% attack, which has recently been characterized as rentable, because the execution of this type of attack in the Ethereum Classic network would cost only 70 million dollars on average.
A 51% attack occurs when a group or entity of malicious miners takes control of 51% of the processing power in a blockchain network. This way they manage to impulse a version of distributed ledger that suits them, as well as a cryptographic protocol that results convenient for them.
One definition of the 51% attack says the following: “In theory, it is an informatic attack that could be perpetrated by an entity or a mining groups that owns the majority of the transaction processing power of the blockchain network (51% or more) and thus prevents the confirmation of new transactions.”
The wielded argument to show that it is highly unlikely that a blockchain network suffers a 51% attack is that it would require an enormous investments in mining equipment that should be sufficiently powerful to take control of the network. Even if a mining entity possesses such processing power, it would result inconvenient in commercial terms to keep mining without harming the blockchain network.
Husam Abboud, a blockchain enthusiast, published a realistic case in which he explains that both Ethereum and Ethereum Classic share the same mining algorithm called ETHASH and that if a mining entity possesses 2.5% of the processing power of the Ethereum blockchain network, it could switch to mining in the Ethereum Classic blockchain network and concentrate the processing power necessary to control 51% of the Ethereum Classic blockchain network. This way the cost of perpetrate a 51% attack on the Ethereum Classic blockchain network has the same cost as the daily rent obtained by the miner that controls 2.5% of the processing power of the Ethereum blockchain network. In other words, this miner would earn 525 ethers on a daily basis, which are equal to around 309,000 dollars at the moment. Such amount represents the daily cost of maintaining 51% of the processing power of the Ethereum Classic blockchain network.
Abboud says: “The consensus attack cost is what it would cost to control 51% of the total hashing power of a cryptocurrency network, doing so would make it possible to 1) Prevent transactions from being confirmed, 2) Reverse recent transactions that have been sent, ‘double-spending’ your coins 3) Execute some sort of denial-of-service attacks against specific addresses like exchanges, or other miners or pools.
Any of this would collectively erode confidence in network, and, with a very high probability, cause a significant price decline.”
Now, in response to the opinion that it is not better to continue mining in the network which a miner is entering, Abboud points out that the strategy to perform an even more rentable attack is to massively exchange Ethereum Classic for other cryptocurrencies when the prices are low. This would allow the malicious mining entity to win the game by earning from 3 times to 100 times from the ETC price decline. This is how Abboud explains this way of perpetrating a 51% attack: “The Barrier of Entry: Have we forgotten that many PoW blockchains share the same hashing algorithm, — particularly the forks —
Ethereum Classic uses ETHASH (the same algorithm as Ethereum’s) I mean you don’t need to setup or buy anything at all, If you’re already mining Ethereum, and your pool contributes with small percentage of only 2.5% of Ethereum Nethash, Switch to mine Ethereum Classic and you’re now +51% of hashing power of Ethereum Classic network. First, there is no barrier of entry for you, and second, your cost of 51% attack on ETC is your ETH mining profit per day, for a miner mining 2.5% of ETH Nethash the gain is about 525 ETH per day which is ~$380k USD, which is pretty much the cost of 51% on ETC per day, and please let’s not forget that the Ethereum Classic network has a ~2 billion market-cap.
The ‘Better off mining coins than attacking’: No you’re not, with that 7000 GH/s mining power you have which is about 2.5% of ETH Nethash you’re making currently 525 ETH or ~380k USD per day. However, by attacking ETC, while short-selling ETC with n margin on the open market would make you 3x to 100x that profit from the ETC price decline — We will discuss this in details in a bit..
This alternative leasing model of a 51% attack (calling Rindex v2.0 Model) works by leasing hashing power practically available for coins using the same hash algorithm. (BTC n BCH, ETH n ETC, ZEC n BTG.. etc)”
Abboud continues by saying this strategy is executed with the precision of the trading margin provided by this modality of performing mining operating on large cryptocurrency exchange platforms such as Poloniex, GDAX, Kraken, Bitfinex, as well as the futures markets such as CME, the derivative markets such as WhaleClub, BitMex and the predictive markets such as Gnosis and Augur. Abbud comments that the markets are becoming more and more liquid and use more and more tools to reduce the losses during the periods when the prices of cryptocurrencies are dropping.
The success of this type of attack includes other complementary strategies that would give meaning to similar investment of money in order to harm the blockchain network. To achieve the centralization of the transaction processing in the hands of a malicious mining entity and allow it to get the most out of it, all the transactions that have already been sent would need to be rejected in order to create double cost and the malicious mining entity could also perpetrate DoS attacks against other miners and even cryptocurrency exchange platforms.
A double cost consists of a fraudulent operation that executes a payment with the same cryptocurrencies using two different outputs, which means, two times and thus taking advantage of the confirmation speeds of the transactions. This is what Abboud says about this strategy: “As we found out, the traditional methodology of calculating the cost of a 51% attack -from the cost of mining equipment acquisition- might be completely-off for networks with a total hashrate significantly smaller than others that use the same hashing algorithm, and you can perform that attack at a fraction of the cost.
Now it’s true that you as Byzantine miner (w/ +51% of network hashrate) can benefit with ‘double-spending’, by sending $10mm of ETC to one exchange then re-minting the blocks and sending it again to another one. However, the compelling true financial benefit you might be pursuing is through preventing transactions from being confirmed on the network + executing DoS on exchanges and other pool addresses, this makes it clear that the network is under 51% attack and erodes confidence in this cryptocurrency which would eventually cause a significant price decline. Nakamoto-consensus was designed with the assumption that rational miners working in their best financial interest, wouldn’t perform such attack as they can’t benefit from price decline.
Today 9 years later clearly these assumptions are very outdated, We do have major exchanges with a lot of liquidity which allow you to short-sell with a trading margin from 2.2x to up to 100x (to benefit from price declines significantly) like Poloniex, BitFinex, Kraken and GDAX — Futures market like CME and Exante(and many others lining up) we have derivatives markets like, BitMex, WhaleClub and CFDs like AVAtrade, and Plus500, Options like LedgerX and the decentralized prediction markets like Augur, and Gnosis — which have been becoming popular. You see where I’m going with this.. it’s just becoming easier everyday and the market is more liquid for opportunities where you can benefit from price decline.”
Other cryptocurrency that could also be affected by these malicious methods is Bitcoin Cash, according to Abboud. With only around two million dollars invested in mining operations, a malicious entity could gain the sufficient processing power to control 51% of the Bitcoin Cash blockchain network.
On May 21st, 2018, the crypto community was informed about a 51% attack performed on the blockchain network of Bitcoin Gold. According to the reports, one address involved in the attack managed to receive 388,201 Bitcoin Gold coins from cryptocurrency exchanges, which is an amount equal to approximately 18.5 million dollars. During the period of the attack, the attackers had made deposits on the cryptocurrency exchanges, while in the meantime, they had 51% of the processing power of the BTG blockchain network in their hands and they had reverted these transactions and realized other transactions towards an independent external wallet. This way they managed to confuse the cryptocurrency exchanges.
Crypto51, a web portal dedicated to the crypto world, created a list of blockchain networks that use the Proof-of-Work (PoW) consensus protocol according to the cost it would require to perform a 51% attack. The blockchain network of Bitcoin requires the highest amount of money to perform such attack.
Abboud concludes with the following: “We demonstrated how you can profitably attack a $2 billions cryptocurrency network like Ethereum Classic, with as little as $1.5 million, and how you can ‘bankrupt it’ with $55 million netting +$1B in profit.
Now, a growing number of institutional investors are watching crypto-currencies, ruthless intimidating wizards and trolls, standing on the tips of their toes aiming to exploit opportunities for quick and big profits, they aren’t the type of ‘dudes’ you’re used to, the ones that care about the community, the ecosystem and the future of decentralization.
The intention of this article is to raise the awareness of this attack vector so that we can take appropriate measures to increase our networks’ robustness before it gets exploited
How can we fix and increase the robustness of networks?
Upgrade to PoS, check out Casper FFG, PoS in general is much safer and 51% practically infeasible, but by just adding Finality the Capser FFG style you will significantly increase robustness.
Upgrade your hashing algorithm (In a way you’re not using the same hash algorithm like other chains that have significantly more hashing power)
Increase required confirmation (A LOT More) a byzantine miner can send an ETC equivalent of $100mm swap it for BTC, while mining his own in-shadow chain disconnected from ETC, and when he liquidates his $100mm he propagates his in-shadow blocks. As it has more hashing power behind it, and because it is the longer chain, it would replace the current one and the miner would now be ‘double spending’.
Emergency preparedness, stay one step ahead with a miner, exchange and developers coordinated action plan.”
The overcoming of the 51% attack problem might present the next scalability challenge for many blockchain projects, since it seems wrong to suppose the malicious miners do not possess sufficient incentives and means to perform this type of attacks. It is not only about the difficulty of the mining imposed by the networks to function, but also about presenting new mechanisms that regulate the participation of large mining entities in the mining operations of different blockchain networks. These new mechanisms should be designed in a way to allow the intentions of such large mining groups to be validated as positive and in line with the goals of the specific network and the cryptocurrency market in general.
The main goal of a blockchain network and the cryptocurrency market is to grow. This way the competence between diverse cryptocurrencies and their potentials is fomented. However, the transparency should be promoted on other levels as well, since the qualities of the blockchain technology allows the transparency on technical levels, but if we know that the users are the ones that give meaning to these blockchain networks, the transparency between them is algo very important.
It is important to know that the miners form only one part of the participants in the blockchain ecosystem. The ecosystem is also formed of the base users, the developers and the traders and each of these groups has its own interests that are not necessarily opposed to each other, but there could be malicious or damaging intentions during their interaction.
