New Website Highlights Cryptocurrencies at Risk of 51 Percent Attack
A new website claims to estimate the cost and feasibility of running a 51 percent attack on various proof-of-work (PoW) cryptocurrencies. 51Crypto provides detailed network statistics and whether the necessary hashpower to perform a successful attack is available on the NiceHash mining pool. However, the site was created for the goal of preventing such hacks, not enabling them.
51Crypto’s Data Shows Risks to Vulnerable Coins
With the recent string of 51 percent attacks against PoW altcoins such as Verge, Bitcoin Gold, Electroneum and Monacoin, it appears someone decided to sound the alarm to prevent future hacks of vulnerable coins. The site, whose creators are anonymous, lists dozens of coins from industry leaders such as Bitcoin, Ethereum, and Litecoin to the most obscure altcoins. Though it might seem like the information presented would make it easier for would-be hackers to choose a target, the site explicitly says its purpose is to prevent attacks:
“This website is intended to bring light to the risk of 51% attacks on smaller cryptocurrencies. It is not intended to encourage or help in completing an attack, but instead to get people talking about the problem and potential solutions.”
According to 51Crypto, Bitcoin, with its network performing 33,633 petahashes per second, would cost $564,909 USD per hour to attack, making it the most expensive target. Ethereum would cost $377,922 per hour, while Bitcoin Cash would be $68,267. Litecoin rounds out the top four PoW blockchains by market cap, with an hourly cost of $65,272.
The site also lists how much available hashing power could be rented from NiceHash for each coin. For example, there is only two percent of the hash power necessary to 51 percent attack Bitcoin available on NiceHash. For Monero, its 13 percent. Attacking those coins would require the hackers to buy and operate their own mining hardware. But for smaller coins, there is plenty of pool capacity at hand. With Bytecoin, for example, there is more than double the necessary hash power available, or 219 percent, for use by potential attackers on NiceHash. Similarly, NiceHash has 319 percent of the necessary power available to attack Bitcoin Gold.
When 51 Percent?
A 51 percent attack happens when miners with greater than 51 percent of the network’s hash power create a forked copy of the blockchain that they are mining with more hash power than the main chain. This forked chain is hidden from the rest of the network, and the attackers send funds to both the main chain and the hidden forked copy. Later, they release the forked chain, and because it is has more transactions, it will be accepted by the other nodes as valid. The transactions previously sent on the main chain will be overwritten by the forked chain, causing a “double-spend” attack.
PoW coins with a relatively small amount of hashing power are vulnerable to these attacks, as malicious miners can bring online new nodes that they can rent from mining pools like NiceHash. Once they have enough hashing power on the target network, they overpower it and execute the double-spend.
However, a 51 percent attack is only profitable if the stolen coins can be offloaded via an exchange. Thus prime targets for a 51 percent attack are coins which are listed on exchanges but have a relatively few number of miners securing them.
Many Altcoins Not Worth the Trouble
However, many of the cryptocurrencies listed on 51crypto are so small they aren’t listed on any exchanges, meaning they aren’t worth the cost of doing an attack.
Dogecoin founder Jackson Palmer, who was one of the first to comment on 51Crypto, proposed a reason for why the many vulnerable smallcap altcoins haven’t been hacked yet:
Perhaps because the only incentive is malice? I’m not sure if you can effectively short some of these smaller currencies, and they’re on hardly any exchanges so double spending to turn a profit seems minimal. I guess you’d have to go a level deeper and calculate ROI on attack.
— Jackson Palmer (@ummjackson) May 28, 2018
Palmer noted that Bitcoin Private, with its hourly cost of around $1,000 per hour and fairly wide listing on exchanges, is particularly vulnerable.
It would cost just $915 to 51% attack Bitcoin Private right now. Ticking time bomb. pic.twitter.com/2DsAoD1CSu
— Jackson Palmer (@ummjackson) May 28, 2018
Elizabeth Stark of Lightning Labs jumped into the thread as well:
$452M “market cap,” $915 to attack. Seems legit. ??
— elizabeth stark (@starkness) May 28, 2018
Palmer would likely have been pleased to see that Dogecoin would cost $79,383 per hour to attack, and that only 6 percent of the necessary hash power is available on NiceHash.
Assuming the data is correct, 51Crypto has highlighted a serious security flaw that many smaller PoW altcoins have. The site is a reminder that while it’s relatively easy to fork an existing coin and create a new blockchain, doing the necessary maintenance and follow-up work necessary to keep it secure is another matter.
What’s your take? Do you think 51 percent attacks are going to increase in prevalence in the years ahead? Sound off in the comments below.
Images via 51Crypto, SBS