The technology underpinning decentralized cryptocurrencies is complex, and a common question for newcomers to the space is whether a blockchain can be hacked?
The answer to this question varies depending on the specific blockchain protocol. Still, most decentralized blockchains that run on proof-of-work consensus algorithms like that of Bitcoin can theoretically fall victim to what is known as a 51 percent attack.
Before we tackle the technicalities of a hypothetical 51 percent attack on the Bitcoin blockchain, let’s refresh our understanding of how the preeminent cryptocurrency is maintained by what we call mining.
An overview of Bitcoin mining
Bitcoin is perhaps the best-known proof-of-work based blockchain, and we will hone in on it specifically to unpack mining and the process of a potential 51 percent attack.
The Bitcoin blockchain is essentially a decentralized electronic accounting ledger that keeps a record of every transaction made by storing them in blocks. Miners using powerful processing hardware are responsible for confirming transactions in the network and bundling them up into these blocks.
For a miner to add the latest block to the blockchain, they have to solve a time and energy-consuming cryptographic puzzle. This is the basis of a proof-of-work consensus protocol, a process that requires computing power to find a specific cryptographic hash or a digital signature that confirms that the transactions and the block are valid.
The latest block is then broadcasted to the network of miners and nodes, who in turn add the block to their respective versions of the ledger. Nodes in a proof-of-work system accept the longest chain of blocks as the correct version of the blockchain – given that the most computational work will have gone into creating that version.
Miners are rewarded for adding a new block to the chain with freshly minted bitcoin (BTC) along with transaction fees paid by users.
Mining plays a critical role in maintaining the Bitcoin blockchain as well as making it robust against attackers. Bitcoin’s pseudonymous creator, Satoshi Nakamoto, highlighted double-spending as a major threat to any electronic payment system. As Phemex explains in its double-spending overview, malicious users may try and spend their BTC more than once.
The rules governing mining are essential in stopping a potential double-spend. Considering the lucrative block rewards and fees, miners are highly incentivized to maintain the network. This attracts more miners and adds more hashing power to the pool, creating fierce competition to solve the next block in the chain.
Ironically, while the use of a proof-of-work algorithm is integral in maintaining the security of the network, it also introduces the risk of a potential 51 percent attack, which would allow a nefarious user to carry out double-spends or tamper with transactions.
How A 51 percent Attack Works?
To carry out a 51 percent attack on a blockchain, an attacker would have to take control of more than half of the computing power that makes up that specific blockchain’s mining ecosystem.
If a user managed to do this, they would be able to mine a separate chain of blocks in tandem with the true blockchain that is verified by the network. This private chain’s creation will enable the attackers to carry out double-spend attacks and prevent transactions from being confirmed.
With a controlling share of the hashrate secured, the attacker can send bitcoin to an address on the main chain, before sending the same amount to a different address on their forked, private version of the blockchain. Because the honest miners’ network is working off what it sees as the main chain, the first transaction is verified.
Once the attacker has mined enough blocks to get ahead of the main chain, it can broadcast its ‘forked’ chain to the network. This new chain will be accepted as the main chain because it is the longest. In other words, the original transaction sent by the attacker will no longer be valid. The second ‘double-spend’ transaction is then validated instead through the acceptance of the attacker’s forked chain.
Given that the attacker has been mining a separate chain of blocks from a certain block height, they also have the power to select which transactions are included in their chain. Transactions that were verified in the original chain are likely to have not been included by the attacker in their forked chain – further impacting the validity of the blockchain following the 51 percent attack.
The attacker also has control over which blocks are added to the chain while they have the majority of the hashpower, which effectively stops other miners from being able to add blocks and collect rewards and fees.
A 51 percent attack can also theoretically allow someone to go back further in the blockchain and manipulate previous blocks and transactions. However, Bitcoin’s proof-of-work consensus mechanism operates in such a way that an attacker would have to re-do the work that went into solving the cryptographic hash of each specific previous block. This renders this process virtually unfeasible.
It is also worth noting that a 51 percent attack does not make the attacker omnipotent. Having the majority of the hashpower does not allow an attacker to reverse other users’ transactions, send Bitcoin that isn’t theirs, mint new coins, or change the block reward.
Can A 51 Attack Happen On Bitcoin?
As explained, a 51 percent attack requires enormous resources to execute, and blockchains that are as decentralized as Bitcoin’s are incredibly secure from these types of attacks.
That in no way means that 51 percent attacks are not possible – Ethereum Classic is the best example of a major cryptocurrency and its blockchain falling victim to this type of attack. Other blockchains have also been hacked in this manner, including Bitcoin Gold and Litecoin Cash.
As the blockchain and cryptocurrency industry matures, many cloud mining services have launched. These give people the ability to rent hashing power to mine different proof-of-work cryptocurrencies.
This means that if an attacker has enough money, they can rent the required hash power to launch an attack on a blockchain with a fairly small number of miners on the network. This is what happened to Ethereum Classic in January 2019 and is the most feasible way of carrying out a 51 percent attack.
Smaller cryptocurrencies that use proof-of-work consensus are potentially at risk of these kinds of attacks. Nevertheless, the Bitcoin blockchain is highly unlikely to suffer a 51 percent attack based on the simple fact that an attacker would have to deploy or buy an almost unimaginable amount of hashing power in order to do this.