What Is a 51% Attack?
A 51% attack is an attack on a cryptocurrency blockchain by a group of miners who control more than 50% of the network's mining hash rate. Owning 51% of the nodes on the network gives the controlling parties the power to alter the blockchain.
The attackers would be able to prevent new transactions from gaining confirmations, allowing them to halt payments between some or all users. They would also be able to reverse transactions that were completed while they were in control. Reversing transactions could allow them to double-spend coins, one of the issues consensus mechanisms like proof-of-work were created to prevent.
- Blockchains are distributed ledgers that record every transaction made on a cryptocurrency's network.
- A 51% attack is an attack on a blockchain by a group of miners who control more than 50% of the network's mining hash rate.
- Attackers with majority network control can interrupt the recording of new blocks by preventing other miners from completing blocks.
- Changing historical blocks is impossible due to the chain of information stored in Bitcoin's blockchain.
- Although a successful attack on Bitcoin or Ethereum is unlikely, smaller networks are frequent targets for 51% attacks.
Understanding a 51% Attack
A blockchain is a distributed ledger—essentially a database—that records transactions and information about them and then encrypts the data. The blockchain's network reaches a majority consensus about transactions through a validation process, and the blocks where the information is stored are sealed. The blocks are linked together via cryptographic techniques where previous block information is recorded in each block. This makes the blocks nearly impossible to alter once they are confirmed enough times.
The 51% attack is an attack on the blockchain, where a group controls more than 50% of the hashing power—the computing that solves the cryptographic puzzle— of the network. This group then introduces an altered blockchain to the network at a very specific point in the blockchain, which is theoretically accepted by the network because the attackers would own most of it.
Changing historical blocks—transactions locked in before the start of the attack—would be extremely difficult even in the event of a 51% attack. The further back the transactions are, the more difficult it is to change them. It would be impossible to change transactions before a checkpoint, where transactions become permanent in Bitcoin's blockchain.
Attacks Are Prohibitively Expensive
A 51% attack is a very difficult and challenging task on a cryptocurrency with a large participation rate. In most cases, the group of attackers would need to be able to control the necessary 51% and have created an alternate blockchain that can be inserted at the right time. Then, they would need to out-hash the main network. The cost of doing this is one of the most significant factors that prevent a 51% attack.
For example, the most advanced application-specific integrated circuit (ASIC) miner is the Bitmain S19 XP Hydro. It costs more than $19,800 and has a hash rate of 255 terahashes per second (TH/s).
The top three mining pools by hashrate are:
- FoundryUSA, at 54.42 exahashes per second (EH/s); 23.75% of the total Bitcoin network hashrate
- AntPool, at 41.49 EH/s; 18.12% of the total Bitcoin network hashrate
- Binance Pool, at 34.48 EH/s; 15.06% of the total network hashrate
Hashing power rental services provide attackers with lower costs, as they only need to rent as much hashing power as they need for the duration of the attack.
Combined, these three pools make up 56.93% of the network hashrate, a whopping 130.4 EH/s (1.304 million TH/s). To equal that hashrate, the attackers would need more than 511,373 S19 XP Hydros—which would put fixed costs close to $10.13 billion, plus a building to host the equipment, maintenance staff, electricity, and cooling.
Major cryptocurrencies, such as Bitcoin, are unlikely to suffer from 51% attacks due to the prohibitive cost of acquiring that much hashing power. For that reason, 51% attacks are generally limited to cryptocurrencies with less participation and hashing power.
After Ethereum's transition to proof-of-stake, a 51% attack on the Ethereum blockchain became even more expensive. To conduct this attack, a user or group would need to own 51% of the staked ETH on the network. It is possible for someone to own that much ETH, but it's unlikely; according to Beaconchain, more than 13.8 million ETH were staked at the end of September 2022. An entity would need to own more than 6.9 million ETH (more than $9 billion worth) to attempt an attack.
Once the attack started, the consensus mechanism would likely recognize it and immediately slash the staked ETH, costing the attacker an extraordinary amount of money. Additionally, the community can vote to restore the "honest" chain, so an attacker would lose all of their ETH just to see the damage repaired.
In addition to the costs, a group that attempts to attack the network using a 51% attack must not only control 51% of the network but must also introduce the altered blockchain at a very precise time. Even if they own 51% of the network hashing rate, they still might not be able to keep up with the block creation rate or get their chain inserted before valid new blocks are created by the 'honest' blockchain network.
Again, this is possible on smaller cryptocurrency networks because there is less participation and lower hash rates. Large networks make it nearly impossible to introduce an altered blockchain.
Despite the name, it is not necessary to have 51% of a network's mining power to launch a 51% attack. However, such an attack would have a much lower chance of success.
Outcome of a Successful Attack
In the event of a successful attack, the attackers could block other users' transactions or reverse them and spend the same cryptocurrency again. This vulnerability, known as double-spending, is the digital equivalent of a perfect counterfeit. It is also the basic cryptographic hurdle blockchain consensus mechanisms were designed to overcome.
Successful 51% attackers may also implement a Denial-of-Service (DoS) attack, where they block the addresses of other miners for the period they control the network. This keeps the "honest" miners from reacquiring control of the network before the dishonest chain becomes permanent.
Who Is at Risk of 51% Attack?
The type of mining equipment is also a factor, as ASIC-secured mining networks are less vulnerable than those that can be mined with GPUs; they are much faster. Cloud services such as NiceHash—which considers itself a "hash-power broker"—theoretically make it possible to launch a 51% attack using only rented hash power, especially against smaller, GPU-only networks.
Bitcoin Gold has been a common target for attackers because it is a smaller cryptocurrency by hashrate. Since June 2019, the Michigan Institute for Technology's Digital Currency Initiative has detected, observed, or been notified of more than 40 51% attacks—also called chain reorganizations, or reorgs—on Bitcoin Gold, Litecoin, and other smaller cryptocurrencies.
What Is a 51% Attack?
A 51% attack is a blockchain restructuring by malicious actors who own more than 51% of a cryptocurrency's total hashing or validating power.
Is a 51% Attack on Bitcoin Possible?
The Bitcoin blockchain could suffer a 51% attack by a very well-funded attacker, but the cost of acquiring enough hashing power to do so generally prevents it from happening.
How Much Bitcoin Is a 51% Attack?
A 51% attack depends on control of mining, not how many bitcoins are held. Attackers would need to control 115 EH/s of hashing power to attack the Bitcoin blockchain as of Sep. 22, 2022. This is more than 511,111 of the most powerful ASIC miners, which have a hashrate per unit of 255 TH/s and cost more than $10 billion in equipment only.