51% For Nothing

October 16, 2018 / by Ronald Tichenor

The potential for 51% attacks has plagued cryptocurrencies since Bitcoin’s founding in 2009. There are plenty of different possible ways to attack a blockchain or cryptocurrency. The famed 51% attack is perhaps the best known. When a consortium of miners control more than 50% of a network’s mining hashrate, this opens the possibility to print their own blocks and essentially approve the double spending of coins. Using their majority of computing power, they can rig the network in their favor. The obvious defense to this attack is to prevent anyone from having 51% of mining power. Decentralization of the network has been the accepted structural deterrent, but that is not enough to stop a determined transgressor.

This past weekend, a white hat hacker named GeoCold announced that he would attempt a 51% attack on Einsteinium (EMC2) and livestream it to demonstrate how easy it is to pull off. Just before the attack was planned to take place, the Einsteinium team banded together to hike up the hashrate, making an attack much more expensive. It staved off the attack on Einsteinium but wasn’t entirely unexpected. But the hacker had a backup victim.

He turned his sights toward Bitcoin Private (BTCP). With inexpensive hashpower rented on NiceHash (a cloud mining platform), he began his attack. It was livestreamed on Twitch until the stream was shut down. He continued the broadcast on a different streaming platform before having that stream shutdown as well, all the while continuing his attack and gaining mining power on the network. The Bitcoin Private team found ways to combat the attack, but it was eventually successful in that the hacker was able to gain a majority of hashing power on the Bitcoin Private network.

This is not the first time this sort of thing has been carried out for (relatively) ethical purposes, and there have been many more such attacks with bad intentions. In this case, there was no damage done, other than to prove the vulnerability of low-market cap Proof-of-Work cryptocurrencies.

Aside from passively hoping that no one mining group gains a majority or waiting until the last moment to try to defensively increase the hashrate, there have been few substantial improvements to the defenses against a 51% attack. Recently, the Horizen (ZEN) team (formerly Zencash) wrote a white paper, outlining a potential fix for the 51% attack problem. It wouldn’t solve the problem completely but would increase the cost of a potential attack exponentially, making it far less likely to be carried out. In addition, it would be a simple code upgrade for Bitcoin, Litecoin, and many other major cryptocurrencies.

The whole crypto ecosystem is still a technological experiment, and we are watching it play out in real time. Literally. With hackers (with good intentions or bad) able to livestream their assaults on cryptocurrency infrastructure, we can see how attacks can happen and the defensive measures that can be taken to thwart them. Attacks will continue and the responses to them will evolve as this technology matures.