The 51% Attack: Crypto’s Double-Spending Achilles Heel

Once written onto the blockchain, a cryptocurrency transaction is immutable — it cannot be changed, canceled or reversed.

That is the core value proposition of all cryptocurrencies. And it’s true. Except for one aspect.

The giant asterisk next to “immutable” in any discussion of cryptocurrencies — particularly as a secure payment method — is the 51% attack.

It is the Achilles heel in bitcoin creator Satoshi Nakamoto’s solution to the double-spending problem that bedevils any internet-based payment system. It’s not possible to prove that two or more people haven’t spent the same digital currency twice without the use of a trusted third party such as a bank or credit card issuer.

On the surface, it’s pretty simple. If a group of miners controls more than 50% of a blockchain’s hash rate — the computing power validating new transactions — they control the blockchain to the point where they can stop those transaction from being added to that blockchain. This means they can reverse transactions, prevent valid transactions from being added to the blockchain, and falsify new ones made while they are in control of the blockchain, double-spending those coins.

Even with control, it’s virtually impossible for the attackers to change transactions already written onto a blockchain or create new coins.

It’s not a theoretical problem. In August 2020, the Ethereum Classic blockchain suffered successful 51% attacks three times, with the hackers stealing about $9 million, according to an analysis by cryptocurrency exchange Coinbase. At the time, the market capitalization of Ethereum Classic’s ETC token was about $770 million. It is now the No. 41 largest cryptocurrency, with a market cap of more than $4.6 billion.

How It Works

Let’s start by defining “hashrate.”

In a proof-of-work (PoW) blockchain network like bitcoin (and Ethereum Classic), new blocks are added to the blockchain by miners. They win the right to validate transactions, organize them on a new block and add that block to the blockchain in exchange for transaction fees and newly created bitcoins by winning a race to solve a mathematical problem.

Bitcoin is designed to add a new block every 10 minutes, so the difficulty of the problem changes depending on how much competition there is.

That competition is measured in hashrate, the number of calculations performed per second.

The bitcoin blockchain currently has about 175 terahashes, or 175 trillion calculations per second. (This is why bitcoin is so polluting — the amount of electricity needed to power the banks of specialized mining computers performing those calculations is staggering.)

Bitcoin’s hashrate makes it effectively immune to 51% attacks, as the attackers would have to find sufficient computing power to provide half of that. The same applies to Ethereum.

Smaller blockchains with far lower hashrates are susceptible, however, largely because there are companies with blocks of mining computers that rent out hashing power. As a fork of the Ethereum blockchain, Ethereum Classic’s problem is that the same miners designed specifically to work on Ethereum also work on it (it has since introduced changes to prevent this). This means that when the price of ETH is low, there’s a lot of power available to rent, so the Ethereum miners can be turned on ETC.

The Bitcoin Gold and Bitcoin SV blockchains have suffered similar attacks.

Forking Versus Attacking

Obviously, the immediate danger from a 51% attack is the double-spend and loss of crypto.

The bigger picture, however, is that a 51% attack could create doubt in the safety of both an individual blockchain and with the broader blockchain technology. Somewhat surprisingly, the three Ethereum Classic attacks did not have much effect on the price of ETC.

Still, it’s a concern. After all, solving the double-spend problem of internet-based peer-to-peer (P2P) payment systems without a trusted intermediary is the core of the blockchain value proposition. As its creator, the pseudonymous Satoshi Nakamoto explained in the first paragraph of the bitcoin whitepaper:

“We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers.”

That chain length is core to how blockchains work. The entire record of the blocks on the blockchain is kept on each of the privately controlled servers that make up the blockchain’s decentralized network. The way these nodes know they are using the correct blockchain is that it is the longest — it has the most blocks.

A fork of the blockchain — like Ethereum Classic from Ethereum — happens when a small group of node operators decide to follow a different block of transactions splitting off from the main blockchain, or a large group does it to update the blockchain’s code.

Somewhat ironically, ETC was created after another major but different type of theft — the June 2016 DAO Hack, in which attackers took advantage of a bug to steal $60 million from the DAO, a decentralized venture capital project. To return the stolen funds, the Ethereum blockchain was deliberately forked, with a new block created back before the attack and accepted as correct long enough for it to become the longest chain, as it had the most hashing power.

A small majority of purists disagreed with the decision, which effectively kept the original, attacked chain going. Thus, Ethereum Classic was born.