Explained: 51% Attacks on a Blockchain

Avatar

A 51% attack on a blockchain takes place when malicious actors try to take control of more than 50% of the network’s computing power. Whenever a transaction is performed on a blockchain, it is usually put in a pool of pending transactions. People can select transactions from there to form a block. As its name reveals it, a blockchain is a chain of data blocks that record all completed transactions during a certain period. For a transaction to be allowed in a blockchain, a miner needs to find the correct answer to a crypto-graphical challenge. Participants find solutions to the proposed puzzles by using computational power. The higher the computing power is, the bigger the probability is for the correct answer to be delivered and thus a block will be added to the blockchain.

The right answer to the presented challenge must be announced to other participants and can only be accepted if all transactions in one block are valid – for this the existing blockchain record needs to be consulted. Malicious actors, however, don’t broadcast the answers to the rest of the mining network. That way two versions of a blockchain are being formed: the original blockchain followed by non-threatening actors and a second one used entirely by corrupt actors not sharing the answers of the mathematical challenges to the rest of the original network. The malicious miners continue to work on this new and corrupt version of the blockchain, now isolated from the main blockchain network. Simultaneously, the malicious actors will spend their cryptocurrency on the first and initially valid version of the blockchain.

51% attacks: the inicial stage

The logic behind the technology of blockchain is to always place preference on the longest chain, considered as the one that is being the legitimate. The miners who have the most computing power are likely to add blocks to a chain much faster. Whenever a corrupted chain of transactions reaches the level of being considered the longest in the pool, the malicious actors would broadcast it to the network. This is the initial stage of a 51% attack.

The rest of the participants in the network having newly discovered a longer chain of transactions will stop using the original legitimate blockchain. All transactions that are not included in a “valid” blockchain will not be confirmed and so the attackers will receive a refund on all their cryptocurrency spent on the blockchain, previously considered as the truthful one.

Performing a 51% attack, the attackers would enable the refund of all crypto coins used to pay for the transaction. The result is that the malicious actors will not only receive the item they initially paid for but also the cryptocurrency that was used to buy the product in the first place.

This vulnerability, known as double-spending, is the reason why blockchain was created – the objective was to eliminate every possibility for counterfeit deals taking place.

51% attacks: good news

The good news is that 51% attacks are rarely seen. The attackers need computing power higher than millions of miners from all over the world. It is extremely costly to plan such an attack since the malicious actors need to invest in vast amounts of electricity and mining hardware capable to supersede the rest of the network. Unfortunately, there are other ways for the initiation of this type of attacks, e.g. a bug in the code of a blockchain could in some cases open the door for a miner to produce new blocks at a much faster rate.

A 51% attack is probably the worst thing that can target platforms based on blockchain: the immutability of the transaction blocks is no longer guaranteed and thus any trust placed in the technology will be irrevocably lost. The website Crypto51 provides details on the hypothetical cost of a 51% attack for the most popular cryptocurrencies nowadays.

2019, the year of 51% attacks

Furthermore, two articles predict 2019 to be the year of the 51% attacks:

 

Contact A2SECURE and discover all we can do for your company.

__

Autor: Mila Gerova

Leave a Comment

Huawei conspiracyOWASP