Rent to Pwn the Blockchain - 51% Attacks Made Easy
Blog Article Published: 11/20/2020
By Kurt Seifried
This article is not legal or investment advice. This article covers some aspects of 51% attacks (and 34% attacks and some other variations) in DeFi, and some potential solutions to prevent these attacks from succeeding. So where I say “51% Attack” I mean “all attacks where you get enough capacity/votes/whatever to hijack the consensus mechanism.”
Let’s get the ugly truth out of the way first: 51% attacks against real world Blockchains and DLTs, especially in the crypto currency space, are not a hypothetical or a “someday maybe” attack, they are a here and now attack. For example in August of 2020 we had the headline “Ethereum Classic Hit by Third 51% Attack in a Month” with total losses in the millions and at least one exchange made public comments about delisting Ethereum Classic.
Let’s split the 51% attack into two main problems.
- The first one is the 51% attack against a Blockchain/DLT that doesn’t have sufficient network mining capacity and diversity to be resistant.
- The second is the 51% attack against a real Blockchain/DLT with lots of network mining capacity spread across a diverse group of miners, such as Bitcoin or Ethereum.
Gaining 51% (or more) of a Blockahin or DLT can be easy if you’re willing to target a smaller network.
Much like lions and cheetahs will cut an injured gazelle out of the herd, attackers can pick and choose their targets. Below are some graphs (courtesy of https://coinmetrics.io/charts/), that in classical fashion is both hard to read, and has incomplete data, but please bear with me (hashrate-lastyear.png)
If you zoom in you’ll note some things:
- This is a graph of hashrates for various crypto currencies over the last 12 months (as of Sept 2020) for a variety of crypto currencies.
- The scale is logarithmic, in other words the difference between the highest (XMR at the top) and the lowest hashrates (e.g. ETC, ZEC) is massive, on the order of millions to hundred of millions.
- The hash rates are pretty consistent, but you’ll notice that XMR (Monero) has a big bump in 2019 due to the implementation of an ASIC resistant work function, something they do semi regularly to keep the protocol decentralized (more on this later).
- There are clearly some big healthy networks, and some smaller, sickly networks, which we know to be true thanks to publicly confirmed 51% attacks on them such as Ethereum Classic (ETC), if you check the market value they generally correlate to the hash rate (more hashing means more valuable).
Given this, one obvious strategy for attackers is to attack weaker crypto currencies.
For example in April of 2020 the Bitcoin Cash (BCH) experienced a hash rate drop of 80% (because the mining reward was reduced), which means a 51% attack is now significantly easier. The long and short of it is for approximately $10,000 (USD), you could rent enough hashing power to conduct an attack. Whether or not the attacker could then conduct an attack that gains them more than $10,000 (USD) and actually launder the cash is another question.
A second strategy inline with attacking weak networks is to conduct an attack that helps weaken the network.
If an attacker can knock a major mining pool(s) offline for example, that would reduce network capacity, consequently making the attack more likely to succeed. This can be done through network routing attacks for example such as BGP hijacking of network routes, or DNS related attacks (in theory movie style plots such as killing power to a mining facility is possible, but highly unlikely). The good news here is that most crypto currencies have market forces that encourage miners to have reasonably reliable systems with low latency access to the crypto network in order to be more successful at mining blocks and earning rewards. As such these market forces generally encourage robust networks that are not easily attacked and knocked offline.
Some statistics on 51% Attacks
The following explanation is grossly simplified but generally applies to most blockchains using a Proof-of-Work (PoW) consensus system (most current crypto currencies fall into this category). The way most crypto currency blockchains work is simple: data is sent to a mempool, this data is pulled by miners who create blocks, add a nonce and then hash the block to get a specific result so it is a valid block, and repeat as needed until they get the result they need, or someone else mines a valid block and broadcasts it to prove that they won. Even if a valid block has been mined it is possible for someone to broadcast a longer set of blocks and “win," most networks take the longest chain of blocks as being the valid ones (of course many exceptions exist here, but this is broadly true).
The problem with generating this longer chain of blocks is simple: it requires a LOT of computing power to create a list of blocks longer than the current “real” set. In other words the attacker has to be able to mine blocks much faster than the network to stand a chance. The bad news (for attackers) is that there are generally no shortcuts. Most chains use strong hashing algorithms and select for outputs that require brute force mining, even with the ability to select what goes into blocks miners are stuck generating random nonces, trying them out and repeating until they find one that works. Rainbow tables and other kinds of pre-compute attacks do not generally work unless the crypto currency hashing system uses a weak hash.
Also generating a longer chain isn’t enough, simply having the longer chain and hijacking consensus won’t necessarily result in your attack succeeding. You still need to conduct a double spending or related attack, and move the crypto currency somewhere else, otherwise the attacker runs the risk of the network agreeing to hard fork the blockchain and essentially just ignore the attack, which has happened (the Ethereum DAO attack for example). So in general we’re talking several dozen blocks at a minimum in order to convince external parties that things are ok and the transfer of crypto assets was finalized correctly.
There’s some simple facts about 51% attacks that people need to keep in mind: they are not theoretically possible, they are provably real and have happened. This is complicated by the fact however that the most successful crypto currency blockchains
have a huge amount of hashing power and would be impossible to attack, right? Well the challenge is that mining is a profitable activity, and massive mining begets efficiency which makes it more efficient and more likely to generate returns. In fact we have already seen this happen several times, for example Nicehash rents out hash power and has grown enough that by simply renting hashing power from Nicehash attackers were able to 51% attack BTG (Bitcoin Gold), spending approximately $1,200 on rental fees in order to double spend approximately $72,000, a 5900% rate of return (minus the effort and expertise needed, but still, a significant rate of return). Will attackers go after the big game like Bitcoin and Ethereum? No. Will they hunt down and double spend on the smaller networks? Yes, they have, and they will continue to do so.