Updated: Jan 4
51 % Attack or Double-Spend Attack refers to the hacking of a Blockchain Ledger allowing the hacker to gain control of the consensus mechanism of the Ledger. In this article we will look at how this is carried out and some prime examples of such attacks.
Store of Value
Any currency works on the principle of supply and demand. Whenever the circulation supply is increased, the value of the currency goes down. In case of a Virtual Currency, absence of any centralized agency means that the value of the currency can fluctuate in a manner that can be detrimental to the holders of that currency.
To overcome this problem, the currencies based on Blockchain technology release their coin only in a limited number to miners.
The miners compete to solve a hash. A hash is a cryptographic algorithm which requires complex computing calculations to solve. Solving a hash is an expensive process, it requires a lot of computing power and electricity and in the end only one miner or a group of miners can solve it. This ensures that the supply is done slowly and the value is maintained.
For instance, I buy a car and pay for it through any digital method. After the purchase, the amount spent by me is credited back to my account or wallet enabling me to use it again. In essence, the seller did not get any money for the value provided while I got away with it.
This is called double spending. Counterfeiting of any currency leads to double spending. Bank notes contain unique numbers to prevent counterfeiting. When two notes of the same number exist, other symbols are matched to find the real one.
This method of checking is replicated in the Virtual Currencies by Consensus Mechanism. The distributed nature of the DL requires the participants in the network (‘nodes’) to reach a consensus regarding the validity of new data entries by following a set of rules. This is achieved through a consensus mechanism that is specified in the algorithmic design of the DL and can vary depending on its nature, purpose, and underlying asset. In a DL, in general any one of the nodes can propose an addition of a new transaction to the ledger, however there are implementations which propose specialized roles for nodes where only some nodes can propose an addition. A consensus mechanism is necessary to establish whether a particular transaction is legitimate or not, using a predefined specific cryptographic validation method designated for this DL. The consensus mechanism is also important to handle conflicts between multiple simultaneous competing entries - for example, different transactions on same asset are proposed by different nodes. This mechanism ensures correct sequencing of transactions and prevents take-over by bad actors (in the case of a permissionless DL). The consensus mechanism and sequencing protect against the aforementioned double-spend problem.
The 51% Attack
CoinDesk defines it as: “An attack on a blockchain by a group of miners controlling over 50% of a network’s mining hashrate – the sum of all computing power dedicated to mining and processing transactions is called a 51% attack.”
For a transaction to be added into a blockchain, a miner must find a correct answer to a puzzle, ergo solve the hash. A correct answer to a puzzle has to be broadcasted’ to other miners and can only be accepted if all transactions in a block are valid according to the existing record on a blockchain. Corrupt miners, on the other hand, don’t broadcast solutions to the rest of the network.
When the solutions are broadcasted to the other miners, it is called the Shared Truth. It is one of the innovative features of the Distributed Ledger technology. Because the transactions are shared on all ledgers, there is no need to have a central authority for record keeping and the system can remain decentralized. DLT offers the potential for significant cost reductions due to removing the need for reconciliation as DLT-based systems by definition contain the “shared truth” and hence there is no need to reconcile one version of “truth” with that of one’s counterparties. According to some estimates, distributed ledger technology could save the financial industry alone around $15-20 billion per year.
When this truth is prevented from being shared due to any reason, two versions of the ledger appear. One contains the original records and the other contain the transactions done by the “bad actor/hacker”.
Democratic Governance and Transaction Reversal
The longest chain of the Blockchain is considered as the legitimate one. As soon as the bad actor add more blocks to their chain, which can be done through a lot of hashing power, they will broadcast it as the longest chain. The rest of the network on detecting the newly corrupted blockchain will cease using the original legitimate blockchain and switch to the new one.
As soon as the corrupted blockchain is considered as the truthful chain, protocol dictates that all transactions not included in it be reversed. In this case, an attacker would end up getting a refund on all the coin spent on the previous blockchain that is now considered illegitimate.
Prima facie it sounds like a hostile takeover of a company. Let’s look at how it is carried out and in what ways can it be prevented or remedied through the help of some real-life examples:-
The Ethereum Classic:
In April 2016, members of the Ethereum community – the team behind German start-up “Slock.it” - announced the inception of the Decentralized Autonomous Organization (DAO), an organization with decentralized control, governed by smart contracts. It was designed to operate like a venture capital fund for the cryptocurrency and decentralized space.
The DAO built smart contracts on the Ethereum blockchain, which allowed people to make funding proposals, and if enough DAO investors voted for the proposal, the funding was released after 28 days.
The initiative successfully crowdfunded approximately 150 million USD from over 11,000 investors, one of the largest crowdfunding successes in history.
The DAO also had a “split function” that allowed investors to leave the organization in case they saw damaging proposals being accepted. However, in mid-June the DAO creators announced that they had found a “bug” in the software, and the programmers were beginning to fix the code while over 50 project proposals were still pending for the DAO vote. At this time, a hacker began to exploit the smart contract vulnerability and drain the DAO of ether (Ethereum’s cryptocurrency). By June 18th, the hacker had amassed over $50 million dollars in ether but, due to the funding window, the funds were unavailable for withdrawal for 28 days, as stipulated in the DAO’s smart contracts.
Ultimately, the Ethereum community decided to do a Hard Fork and split the ledger into 2 parts to remedy the hack. Interestingly, while the Ethereum community was debating how to resolve this issue, the “hacker” threatened them with legal actions if the smart contract is changed in any way!
A fork of the Bitcoin Cash, which itself forked from Bitcoin in 2017, it suffered a number of 51% attacks in 2021 with one being becoming successful at reorganizing the chain.
"This latest attack did, as reported, create three malicious forks containing substantial double-spend attempts, the first two have been successfully repelled by honest miners choosing to reject fraudulent double spends in accordance with the bitcoin whitepaper," Steve Shadders, nChain chief technology officer, said in emailed comments.
The successful malicious chain was reversed by honest miners of the community after Bitcoin Association took to twitter to urge the node operators should mark fraudulent chains as “invalid” to lock out attackers.
The reasons cited for this attack is the alleged centralization of the ledger. This made it vulnerable to attacks and manipulations.
This fork of Bitcoin was created in an attempt to prevent centralization of the ledger. To achieve its goals of democratizing the distribution of BTG, Bitcoin Gold switched from Bitcoin's SHA256 mining algorithm to Equihash instead, which allows users to mine BTG using their graphics processing units (GPUs).
In May 2018, around 388,000 BTG were stolen by an unknown hacker. This 51% attack forced the Bitcoin Gold development team to implement an update to its mining algorithm in June 2018, switching from Equihash based on parameter set <200,9> to a modified version of Equihash termed "Equihash-BTG"—instead based on parameter set <144,5>. Bitcoin Gold published a full overview of the rationale behind the change on its blog.
To conclude, the 51% attacks exploit the vulnerabilities of the blockchain and takes control of the network so that either the value of the existing coins fall down or it is double spent. The possible reasons for such attacks are:
1. Centralized Ledger- Any particular group can change the algorithms and manipulate the currency.
2. Small Supply Volume – Although the words small and big are relative terms, it is much difficult to acquire 51% of the coins if the volume is huge.
These two factors are interlinked. If the majority control is acquired by one person or one group then they can manipulate the whole network.And it is through the collective actions of the community that such attacks are prevented or remedied.
In the next post we will take a look at such community actions.
Santander Innovative Ventures:http://santanderinnoventures.com/wp-content/uploads/2015/06/The-Fintech-2-0-Paper.pdf
ABOUT THE AUTHOR
Shubham Wali Ganju is a practicing advocate with practice areas including Civil and Commercial litigation with a specialization in TMT. He is an International Arbitrator with accreditation from various organisations including CIArb and APD. He has served as the Partner (Disputes Resolution) of GL Pareek Chambers of Law since February 2021.
He is the Managing Consultant at Blockchain in-focus.
DISCLAIMER: All opinions expressed in this article are of the author only and do not reflect the opinions of Blockchain in-focus in any way.