A website has been created that estimates the cost of a 51% attack on different cryptocurrencies, allowing attackers to maliciously double spend, meaning to spend the same balance twice. The site developer who goes by /u/xur17 on Reddit spoke to CCN about their motivation for creating the site:
“There was an attack against Bitcoin Gold a few days ago, which made me curious what the cost of an attack would be with rented hashing power. I did the math and was honestly kind of shocked – someone could attack a cryptocurrencies worth close to a billion dollar for < $10k an hour and even less than that if you include the block rewards.
This got me to calculate the same figures for other coins, and again it was cheaper than I thought it should be. The goal of the site is to drive more attention to what I see as a pretty glaring problem with these smaller coins. Hashing power is easily retargetable, so not only can people rent hashing power, the larger mining pools can redirect hashing power at smaller coins for a few hours to attack them.”
The picture below is taken from the crypto51 website which was posted on the cryptocurrency subreddit of Reddit yesterday. While other websites have much higher estimates for the cost of a 51% attack, they did not factor in the possibility of renting the mining equipment instead of buying it.
Cryptocurrency mining rigs are very expensive, and the hardware required to execute an attack on even a small coin with few mining nodes to compete with would be astronomical, requiring server farms full of top-tier rigs and the electricity required on top of that. The hardware required to attack the Bitcoin network would cost over $1 billion, and hourly electricity costs over $500,000. However, it’s also possible to simply rent the hashing power from the NiceHash service which already has the hardware required to bring many different altcoins to their knees, according to xur17 of Crypto51.app.
The far right column which indicates that NiceHash only has 2% of the hardware required to attempt an attack on the Bitcoin network shows that the service could successfully be used to attack smaller networks like Bitcoin Gold, Bitcoin Private, MonaCoin, Bytecoin, and many others.
In fact, both Verge and Bitcoin Gold suffered a successful 51% attack just a week ago, with Bitcoin Gold losing $18 million to double spending. The attack made headlines, and it was assumed by many that a huge operation was behind the crypto-heist. However, it appears that NiceHash could be used to commandeer the BTG hash rate for under $4,000. The Crypto51.app site claims that NiceHash could be used to take over the hash rate of the Bytecoin networkworth over $1 billion for an entire hour for under $600, with other coins vulnerable to multi-million dollar attacks for equally minuscule costs.
Charlie Lee of Litecoin is among the many people taking the numbers on the website seriously:
A 51% attack enables attackers to control the “hash rate” of a currency and spend the same funds twice and fork the blockchain into two, creating different records. Double spending was always a problem with the notion of digital currency, and Bitcoin was invented with a solution in mind: blockchain and the Proof of Work system.
The blockchain ledger keeps a supposedly immutable record, and the PoW system requires mining computers to guess numbers and solve algorithms in order to verify transactions and add new blocks of data to the blockchain: the method used to guess the numbers is called “hashing”, and the “hash rate” is the number of guesses per second.
A blockchain is stored on computers called nodes. Large networks have many nodes making them very expensive to attack due to the processing power required. However, networks with fewer nodes can be hijacked with less processing power. Anyone in control of 51% of the hash rate could, for example, send funds to an exchange and trade them for other coins, then use their hashing power to erase the transaction they just made, leaving them with the funds they sent and the funds they received.
A 51% attack is theoretically possible on Proof of Stake systems as well, but the attackers would need to buy approximately half of the coin supply (an action that would cause the price to steadily increase as they bought up more coins), making it very expensive and also very difficult to estimate the true spending power required.
If the figures on the website are accurate the implications are huge, and a great many altcoins need to reconsider their security with the possibility of a 51% attack in mind. The use of the NiceHash service to cut costs makes it staggeringly easy for anyone in the know to attack a crypto-network, making the smaller Proof of Work coins extremely vulnerable, raising the question of why 51% attacks don’t happen more often, or indeed, whether they do and we just don’t know about it.
Featured image from Shutterstock.