One of the primary selling points of cryptocurrencies and tokens and blockchains is the level of difficulty an attacker must overcome to get access to the blockchain. Difficult, yes, but not impossible.
Using a method called a 51% attack, hackers stole nearly $560,000 in zencash digital currency earlier this month. That’s at least the fifth reported 51% attack against the hundreds of digital currencies and tokens on the market. Other cryptocurrencies that have been attacked include monacoin, bitcoin gold, verge, and litecoin cash.
According to Coindesk.com, the attack against verge cost the currency an estimated $2.7 million, the bitcoin gold attack cost the company $1.86 million in stolen currency, and the monacoin attack resulted in the theft of $90,000.
Perhaps the most appalling thing about 51% attacks is how cheap they are to stage. Coindesk estimates that the cost to the thieves in the bitcoin gold attack was less than $4,000.
The attacks depend on a feature of the blockchain that is supposed to prevent an account holder from “double” spending the same money two or three or any number of times. Banks prevent this from happening by trusting one another, a third-party solution eschewed by cryptocurrency issuers that depend instead on miners who verify transactions in exchange for payment.
In proof of work (PoW) cryptocurrencies, network nodes typically are set up to recognize the blockchain with the most blocks (and therefore the most hashing power) as the correct version of history. Once miners accumulate more than half (51%) of a network’s hashing power, they can send funds to an address on the main chain and at the same time send the same funds to another address on a copy of the blockchain they control and that they are mining with more hashing power.
A 51% attack is so named because the attacker uses rented computing power and, in some cases, inexpensive software easily available on the web, to amass more than half (51%) of a crypto-network’s hashing power. Hashing is the term for protecting data with a random string of numbers that act as a key to the data being protected. Making frequent changes to the key makes breaking into the data significantly more difficult.
Because the bitcoin gold attacker was able to accumulate more than half of the network’s hashing power, the attacker was able to double spend and transfer $1.86 million to an account he or she controlled.
Website Crypto51.app has prepared a table of the cost of mounting a 51% attack against various coins. A one-hour attack against Bitcoin would cost an attacker about $674,000 to put together enough hashing power to be successful. Attacks against other coins drop as low as $50 for an hour-long attack.
The solution to 51% attacks, at least for now, is size. Larger coins like bitcoin and ethereum are susceptible to attack but at a very high cost. The attacks against bitcoin gold stopped when the proof of work requirement was raised from 5 confirmations to 50. How long that will last is unclear.