51% Attack: the Danger of Majority Rule

In the past couple of months, the market has witnessed several attempts to manipulate protocol rules, during which one of the core values of cryptocurrency is repeatedly tested. Ethereum Classic, the original Ethereum blockchain maintained by traders who refused to switch over to the new fork that aimed to rectify The DAO Hack in 2016, suffered not one, not two, but three 51% attacks since the start of August 2020. The third attack happened, ironically, one week after ETC Labs announced its strategy on protecting the network from additional attacks. It saw the reorganization of over 7,000 blocks, a figure greater than the previous two attacks combined. Though the total loss of the third attack is yet to be determined, the first two incidents led to the loss of around $9 million worth of ETC, leaving the community wondering if the ETC network has the proficiency to fence off additional attacks. 

What is a 51% attack?

A 51% attack is, as the name suggests, a breach of blockchain’s security by a majority of miners with malicious intent. These miners dominate more than half of the network’s hash power—the bedrock of blockchain’s tamper-free, decentralized legitimacy. Once purely theoretical, the emergence of the 51% attack in real-life put to rest the notion that hash power in blockchain networks would remain sufficiently decentralized. 

“The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes…. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains. To modify a past block, an attacker would have to redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the honest nodes.” 

Satoshi Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System” 

The reality is less ideal than what makes sense on paper. In these ETC incidents, malicious miners gathered a majority of hash power to mine a private chain while initiating multiple transactions to victims. Once the transactions gained enough confirmations, the attackers then converted ETC to other cryptocurrencies before moving funds off the platform. The attackers then reorganized the blockchain to erase the history of transactions, leaving them with access to both the original ETC and the stolen assets. 

To be fair, susceptibility to a 51% attack is inherent to all cryptocurrencies based on blockchains that employ proof-of-work as protocol for verifying transactions. However, smaller mining pools with less hash power tend to fall prey easily to these attacks. According to Crypto51, ETC’s hashrate is 2 TH/s, and the cost of 51% attack is estimated at $4,860 per hour. In comparison, these figures are dwarfed by those of Ethereum, its twin brother before the fallout in 2016. ETH boasted a hashrate of 202 TH/s and a cost of around $474,600 per hour to initiate a 51% attack. 

Similar security breaches 

This is not the first instance of ETC being attacked. Ethereum Classic suffered a $1.1 million attack in January 2019, which at the time, did not seem to raise enough concerns to ETC Labs. Now, ETC Labs is being forced to confront the prospect of being delisted from major exchanges. 

Apart from ETC, there are other instances of attempted attacks on various blockchain networks based on PoW protocols in 2020 alone. Attackers assumed a majority of hashrate to reorganize the Bitcoin Gold (BTG) blockchain in a short span of two days. On July 2, the BTG team alerted exchanges and mining pools of an attempted attack on the network. Developers then set up a checkpoint at block 640,650 that successfully prevented the attacker’s chain from taking over the main chain. However, not every attack can be nipped in the bud. Back in January, malicious crypto miners took control of Bitcoin Gold’s blockchain to double-spend $72,000 worth of BTG.

The primary victims of 51% attacks are, of course, exchanges, especially spot exchanges that list vulnerable PoW coins, despite repeated security breaches. In 2016, Bittrex chose to delist Bitcoin Gold after attackers successfully double-spent $18 million worth of BTG in a similar fashion. 

If one attack could wreak such havoc on multiple exchanges, are there tell-tale signs that warn of an imminent 51% attack? Research suggests that future attacks can be predicted by closely monitoring vital signs of the network, such as mining production, irregularities in the derivatives markets, large deposits on exchanges, and the P2P networking layer. So far, the on-chain hashrates for both BTC and ETH are experiencing steady growth despite the return of volatility. When the hashrate remains high, the cost incurred to take over the majority would become astronomical. That is to say, 51% attacks don’t pose significant risks to the crypto market’s largest networks. 

Bybit’s Commitment to Security 

The security of our customers’ assets is of paramount importance to Bybit. Our commitment to security is reflected in our well-above-industry-standard security/IT investments. Although security investment doesn’t necessarily translate into a foolproof trading environment, it does provide a good benchmark indicator of the value of security investments. 

Bybit is highly selective when it comes to listing trading pairs on the platform. Currently, Bybit only lists mainstream trading pairs that have withstood the test of time, a trade-off necessary to guarantee good trading experience and assuage the fears of 51% attacks on vulnerable tokens. Bybit also deploys a state-of-the-art cold wallet system with an in-built solution hierarchy. The asset consolidation and withdrawal are executed entirely offline, and thus, cannot be exploited by breaching the private keys. Any changes in crypto storage in future will go through rigorous safety tests to ensure it meets our security requirements. 

Given the significant investment in security and rigorous risk management protocols, Bybit is confident that traders using the exchange will not face threats from the likes of 51% attacks.